CN105515777B - A kind of double authentication system and method for USBKEY equipment - Google Patents

A kind of double authentication system and method for USBKEY equipment Download PDF

Info

Publication number
CN105515777B
CN105515777B CN201510961872.9A CN201510961872A CN105515777B CN 105515777 B CN105515777 B CN 105515777B CN 201510961872 A CN201510961872 A CN 201510961872A CN 105515777 B CN105515777 B CN 105515777B
Authority
CN
China
Prior art keywords
user
spacing
display
client
label
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510961872.9A
Other languages
Chinese (zh)
Other versions
CN105515777A (en
Inventor
董晓琳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengbao Co Ltd
Original Assignee
Hengbao Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengbao Co Ltd filed Critical Hengbao Co Ltd
Priority to CN201510961872.9A priority Critical patent/CN105515777B/en
Publication of CN105515777A publication Critical patent/CN105515777A/en
Application granted granted Critical
Publication of CN105515777B publication Critical patent/CN105515777B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Abstract

The application provides a kind of double authentication system and method for USBKEY equipment.The system comprises clients and USBKEY equipment, and wherein the display of USBKEY equipment includes half-reflection and half-transmission layer, and the images for user for reflecting user while showing character is checked.The client is used to indicate user and carries out the first authentication again, successfully out-of-date label spacing corresponding to the user is searched when authenticating, the display shows the label of left and right two for being separated by the label spacing, positional relationship between oneself eye image of the user based on the label of the left and right shown on display two and display reflection judges the appropriate location of oneself, and the iris image of the iris camera acquisition user when user is in appropriate location above the display, client or USBKEY equipment judge whether with the biometric information prestored through the second authentication again according to the iris image of acquisition.This programme can increase the safety when certification of USBKEY equipment identities, and improve the efficiency of iris authentication, and the user experience is improved.

Description

A kind of double authentication system and method for USBKEY equipment
Technical field
This application involves the double authentication systems and side of field of information security technology more particularly to a kind of USBKEY equipment Method.
Background technique
USBKEY equipment is a kind of equipment for having universal system bus (USB) interface and being used for user identity authentication.It should Equipment internal processor chip and certain memory space can store the private key or number card of user in the memory space Book, and certification of the Secret key arithmetic realization to user identity is executed by processor chips.It is described in authentication procedures USBKEY equipment can realize the certification to user identity with client communication data, and with the development of USBKEY equipment, It provides thereon a variety of for authenticating the device of user identity, fingerprint identification device, iris identification device etc..Client can The biometric information of the user from USBKEY equipment is received, and executes the matching process with biological characteristic is prestored to judge to use Family whether can be authorized.In field of biological recognition, the highly-safe of iris, anti-counterfeit capability are strong, in USBKEY equipment, one As use be all fixed-focus iris camera, need user adjust position so that iris camera can clearly collect user Iris image.In general, when iris camera is installed on the client, user can be presented by the screen of client Image assist determining oneself position, but for two generation USBKEY equipment, LED screen thereon can not be shown Image, and when user faces the iris camera in USBKEY equipment, the LED screen is not just available as reference, in this way, Client iris positioning is just relatively difficult.In addition, USBKEY equipment only exists a kind of safety certification measure at present, in identification Safety can not be guaranteed.
Summary of the invention
In view of this, the application provides a kind of double authentication system and method for USBKEY equipment, it is intended to improve identity and recognize Safety during card, while guaranteeing that user can be readily determined the location of head in iris authentication.
Present invention firstly provides a kind of double authentication system of USBKEY equipment, the system comprises client and USBKEY equipment, the USBKEY equipment are connected by USB interface with the client, and the USBKEY equipment includes display And the iris camera above display, the display have half-reflection and half-transmission layer, in which: the client is for mentioning Show that user carries out the first authentication again;The client or USBKEY equipment are for obtaining user for the first authentication again Response, extract the authentication information in the response, be compared with the authentication information prestored, if compared successfully, then it is assumed that use Family obtains corresponding label spacing by the first authentication again, according to the mark of user;The display is for showing black Background and two labels for being separated by the label spacing between prospect display, wherein described two labels are across described half Anti- semi-permeable layer is checked for user, and the half-reflection and half-transmission layer provides the image of reflection;The iris camera is for acquiring user Iris image, wherein user can according to it is described two label with half-reflection and half-transmission layer reflection eyes of user image opposite positions Set the position to adjust oneself;The client or the USBKEY equipment are also used to judge the iris image acquired and deposit in advance Whether the biological characteristic of storage matches, if it does, thinking that user has passed through the second authentication again.
According to an aspect of the present invention, the display includes LED backlight plate, liquid crystal display and is covered on liquid crystal display The outer half-reflection and half-transmission layer or the display include LED backlight plate, liquid crystal display and in liquid crystal display and LED backlight The half-reflection and half-transmission layer between plate.
According to an aspect of the present invention, the display of the client or the display of USBKEY equipment are used for prompting Family inputs password to carry out first time authentication, and USBKEY equipment has memory and a computing chip, in the memory It is stored with and prestores password, when the computing chip is used to judge that the password match inputted as user prestores password, it is believed that Yong Hutong The first authentication again is crossed.
According to an aspect of the present invention, in the USBKEY equipment have fingerprint capturer, the display of client or The display of USBKEY equipment is for prompting user to input the fingerprint of oneself by fingerprint capturer to carry out first gravidity part and recognize Card, the USBKEY equipment have memory and computing chip, are stored with pre-stored fingerprint, the meter of USBKEY equipment in the memory Calculate whether the fingerprint that chip is used to that fingerprint capturer to be examined to acquire matches pre-stored fingerprint.
According to an aspect of the present invention, in the client or USBKEY equipment, it is also previously stored with user information, it should User information includes user identifier and label spacing corresponding with the user identifier.
According to an aspect of the present invention, the client has acquisition camera, distance-measuring equipment, processor and storage Device, be stored in advance in the memory of the client actual size of object, the object of acquisition image size and object Corresponding relationship between body and the spacing of camera;Image of the acquisition camera for the shooting user when user's registration, The distance-measuring equipment is used for the figure from the user of shooting for measuring the distance between acquisition camera and user, the processor The spacing of simple eye or eyes two sides in the picture is identified using face recognition algorithms as in, according to the simple eye or eyes identified The actual size of the distance between spacing, acquisition camera and the user of two sides in the picture and pre-stored object is adopted Corresponding relationship between the size and object of the image of the object of collection and the spacing of camera show that user is simple eye or eyes two The true spacing of side.
According to an aspect of the present invention, the client is also stored with simple eye or eyes two sides true spacing and label Relationship between spacing, the client are used to be based on the relationship, according to the user of acquisition is simple eye or eyes two sides it is true Spacing obtains corresponding label spacing, and stores in association with user identifier, to form the user information.
According to an aspect of the present invention, the brightness for the label that the display is shown is provided so that user can see It observes the label and does not influence the reflecting effect of half-reflection and half-transmission layer.
According to an aspect of the present invention, the user can be according to the user of described two labels and the reflection of half-reflection and half-transmission layer The relative position of the image of eyes is come to adjust oneself position include: that will be used for iris authentication after user sees the label That eye or eyes are aligned towards the label, the position on appropriate adjustment oneself head, at left and right sides of simple eye or eyes just When with two label alignments in left and right, user has been adjusted to position appropriate.
The invention also provides a kind of double authentication method of USBKEY equipment, the first step is connect with USBKEY equipment Client-Prompt user carries out the first authentication again;Second step, the client or USBKEY equipment obtain user for the The response of one authentication again, extracts the authentication information in the response, is compared with the authentication information prestored, if compare at Function, then it is assumed that user obtains corresponding label spacing by the first authentication again, according to the mark of user;Third step, The display display black background of USBKEY equipment and two labels for being separated by the label spacing between prospect display, Wherein half-reflection and half-transmission layer of described two labels in the USBKEY device display is checked for user, and described half anti-half Permeable layers provide the image of reflection;4th step, the iris camera of USBKEY equipment is used to acquire the iris image of user, wherein using Family can adjust the position of oneself according to the relative position of described two labels and the image of the eyes of user of half-reflection and half-transmission layer reflection It sets;5th step, the client or the USBKEY equipment judge that the iris image of acquisition is with pre-stored biological characteristic No matching, if it does, thinking that user has passed through the second authentication again.
According to an aspect of the present invention, the first step include: the client indicate the client display or The display prompts user of USBKEY equipment inputs password to carry out first time authentication;And second step includes: USBKEY The computing chip of equipment is used to judge to prestore password when what is stored in the memory of the password match USBKEY equipment of user's input When, it is believed that user has passed through the first authentication again.
According to an aspect of the present invention, the first step includes: the display or USBKEY of the client instruction client The display prompts user of equipment inputs the fingerprint of oneself by the fingerprint capturer in USBKEY equipment to carry out the first gravidity Part certification;Second step includes: that the computing chip of USBKEY equipment is used to examine whether the fingerprint of fingerprint capturer acquisition matches The pre-stored fingerprint stored in the memory of USBKEY equipment.
According to an aspect of the present invention, in the client or USBKEY equipment, it is also previously stored with user information, it should User information includes user identifier and label spacing corresponding with the user identifier, the mark according to user in the second step It includes that label spacing accordingly is extracted from user information that knowledge, which obtains corresponding label spacing,.
According to an aspect of the present invention, the client has acquisition camera, distance-measuring equipment, processor and storage Device, be stored in advance in the memory of the client actual size of object, the object of acquisition image size and object Corresponding relationship between body and the spacing of camera;Before the first step, when user's registration, the acquisition camera is clapped The image of user is taken the photograph, the distance-measuring equipment measures the distance between acquisition camera and user, use of the processor from shooting The spacing of simple eye or eyes two sides in the picture is identified using face recognition algorithms in the image at family, it is simple eye according to what is identified Or the distance between spacing, acquisition camera and the user of eyes two sides in the picture and pre-stored object is true big Corresponding relationship between the size and object and the spacing of camera of the image of small, acquisition object show that user is simple eye or double The true spacing of eye two sides.
According to an aspect of the present invention, the client is also stored with simple eye or eyes two sides true spacing and label Relationship between spacing, the client are based on the relationship, according to the user of acquisition is simple eye or the true spacing of eyes two sides Corresponding label spacing is obtained, and is stored in association with user identifier, to form the user information.
According to an aspect of the present invention, the brightness for the label that the display is shown is provided so that user can see It observes the label and does not influence the reflecting effect of half-reflection and half-transmission layer.
According to an aspect of the present invention, the user can be according to the user of described two labels and the reflection of half-reflection and half-transmission layer The relative position of the image of eyes is come to adjust oneself position include: that will be used for iris authentication after user sees the label That eye or eyes are aligned towards the label, the position on appropriate adjustment oneself head, at left and right sides of simple eye or eyes just When with two label alignments in left and right, user has been adjusted to position appropriate.
By above technical scheme as it can be seen that the application introduces double authentication mode, in the feelings that the first re-authentication mode passes through Under condition, the label pitch information for matching the user is found from system, and the label with the label spacing is provided On the screen of USBKEY equipment, and use the half-reflection and half-transmission skill improved to the display of USBKEY equipment being put forward for the first time Art uses the screen in blank screen Shi Kezuo mirror surface, and the label is cooperated to allow users to easily judge oneself together Whether head position is suitable, to carry out the iris authentication of following second weight.It can be seen that double authentication itself improves In addition to this safety of system additionally uses " dynamically labeled " technology, i.e., have recorded and the matched label of user in system Spacing, according to the spacing, user can quickly determine oneself using the screen of USBKEY equipment in the second heavy iris authentication Position, improve authentication efficiency, and the user experience is improved.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this The some embodiments recorded in application can also be obtained according to these attached drawings other for those of ordinary skill in the art Attached drawing.
Fig. 1 is the general structure schematic diagram according to the double authentication system of the application one embodiment;
Fig. 2 is the structural schematic diagram according to the USBKEY equipment of the application one embodiment;
Fig. 3 is the structural schematic diagram according to the USBKEY device display of the application one embodiment;
Fig. 4 is the structural schematic diagram according to the USBKEY device display of the application another embodiment;
Fig. 5 is the flow chart according to the double authentication method of the application one embodiment;
Fig. 6 is the status diagram of USBKEY equipment when being directed at oneself position according to the user of the application one embodiment.
Specific embodiment
In order to make those skilled in the art more fully understand the technical solution in the application, below in conjunction with the embodiment of the present application In attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only It is only some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, ordinary skill Personnel's every other embodiment obtained, shall fall within the protection scope of the present application.
Further illustrate that the application implements below with reference to illustrations.
As shown in Figure 1, the double authentication system includes client 1 and USBKEY equipment 2.Wherein, client and USBKEY equipment is connected by USB interface.The client can have for PC, tablet computer, mobile phone, server etc. to calculate and deposits Store up function equipment, therefore the client generally all have memory and processor, certainly also have for peripheral hardware phase All kinds of interfaces even, including mentioned-above USB interface.The USBKEY equipment is also a kind of small-sized computing terminal, in Portion not only has computing chip, also has storage chip, certainly in the present invention, which further includes display, rainbow Other components such as film camera, this will be described in detail in Fig. 2.
The USBKEY equipment and the client have been formed together the double authentication system and have completed to user identity The double authentication process authenticated.
With reference to Fig. 2, the USBKEY equipment includes display 201, as described above, such as in two generation USBKEY equipment The display can not show image, and can only show basic text information.The USBKEY equipment further includes Square iris camera 202 over the display, the iris camera are used to acquire the iris information of user.In addition, according to one A alternative embodiment, the USBKEY equipment further includes the infrared light compensating lamp 204 for assisting iris camera, according to another Optional embodiment, the USBKEY equipment further include fingerprint capturer 203.Wherein 206 indicate the USB connecting with client Interface.Shown in Fig. 2 is only the schematic construction of its USBKEY equipment, its packet can be set as needed in those skilled in the art The position of each component contained and size.
Below with reference to Fig. 3 and Fig. 4, the display device structure of USBKEY equipment is described.In the present invention, the display Device not only has display function, will also reflect the function that user images are checked for user.
As shown in figure 3, the display include LED backlight plate 301, liquid crystal display 302 and be covered on outside liquid crystal display half Anti- semi-permeable layer 303.The half-reflection and half-transmission layer is made of half-reflection and half-transmission material, when display background most or all be Black or it is darker when, the half-reflection and half-transmission layer can reflected image, at this moment display can be used as " mirror " use, and when display just Often when display, the half-reflection and half-transmission layer allows the character shown to pass through, thus shown by not influencing in user's viewing display Content.The present invention by be used below be exactly display this performance, i.e., show over the display seldom character (left and right Two labels), at this moment since display background is black or darker, then at this moment display can also be used as mirror, use Family can be determined jointly according to both face-images of oneself reflected in the label and display oneself head position whether Properly.This will be described in more detail later.
As shown in figure 4, propose another implementation, the display include LED backlight plate 301, liquid crystal display 302, And the half-reflection and half-transmission layer 303 between liquid crystal display and LED backlight plate.Identical with Fig. 3, the half-reflection and half-transmission layer is by half Anti- semi-permeable material is made, and when the background of display, most or all is black or is darker, the half-reflection and half-transmission layer can be anti- Image is penetrated, at this moment display can be used as " mirror " use, and when display is normally shown, the half-reflection and half-transmission layer allows to show Character pass through, so that not influencing user watches content shown in display.
Fig. 3 and Fig. 4 is only the example of display basic structure, and actually display is also possible to have other layers, such as For Fig. 3, can also have a protective layer outside half-reflection and half-transmission layer to protect the half-reflection and half-transmission layer not scratched (for figure For 4 embodiment, due to half-reflection and half-transmission layer between LED backlight plate and liquid crystal display without this half-reflection and half-transmission layer with The thickness for reducing display reduces the size of USBKEY, improves portability), or further, touch-sensitive layer etc. is provided, with It is interacted with user.Certainly, those skilled in the art, which can according to need, increases or decreases these layers, here no longer It repeats.In addition, the half-reflection and half-transmission layer can be half-reflection and half-transmission electroplated layer or half-reflection and half-transmission filter, since half-reflection and half-transmission layer is made Material and technique be the prior art, therefore, also repeat no more here.
In the following, the double authentication method is described by Fig. 5.
Step 501, Client-Prompt user carries out the first authentication again;
Step 502, client or USBKEY equipment obtain user for the response of the first authentication again, extract the response In authentication information, be compared with the authentication information prestored, if compared successfully, then it is assumed that user is recognized by first gravidity part Card obtains corresponding label spacing according to the mark of user and prompts subscriber authentication to fail and tie if comparison is unsuccessful Line journey;
Step 503, on the display of the USBKEY equipment, the prospect of display is shown is separated by the label each other Two labels of spacing, the display background of display are black, at this moment, half-reflection and half-transmission layer of described two labels across display It is checked for user, and the half-reflection and half-transmission layer provides the image of reflection;
Step 504, the iris image of the iris camera acquisition user of the USBKEY equipment, wherein user is according to described Two mark with the relative position of the image of the eyes of user of half-reflection and half-transmission layer reflection the position for adjusting oneself;
Step 505, the client or the iris image and pre-stored biology of USBKEY equipment judgement acquisition Whether feature matches, if it does, thinking that user has passed through authentication, if mismatched, prompts user identity authentication failure And terminate process.
In step 501, as user using USBKEY equipment to carry out certain business when, can by USBKEY equipment be inserted into visitor In the USB interface at family end, when business starts, the client, which issues, to be allowed user to input password or carries out the identity of other forms The instruction of certification is to carry out the first authentication again in step 502.
In step 502, a kind of mode of the described first authentication again is authenticated using modification logging, i.e., in visitor It prompts user to input password on the display of family end or USBKEY equipment, when the password match of user's input prestores password, says Bright user has passed through the first authentication again.According to one embodiment, the password storage that prestores is in the storage of USBKEY equipment In device, user inputs the password in the dialog box of Client-Prompt, and the password of input is sent to USBKEY equipment, by The computing chip of USBKEY equipment examines whether password matches.
The another way of described first authentication again is to carry out finger print identifying using fingerprint capturer.Such as institute above It states, there is fingerprint capturer in the USBKEY equipment, prompt user to pass through on the display of client or USBKEY equipment The fingerprint that oneself is inputted on fingerprint capturer illustrates that user has passed through the first weight when the fingerprint that the fingerprint matching of input prestores Authentication.According to one embodiment, the pre-stored fingerprint is stored in the memory of USBKEY equipment, and user sets in USBKEY After inputting the fingerprint of oneself on standby fingerprint capturer, the finger of fingerprint capturer acquisition is examined by the computing chip of USBKEY equipment Whether line matches.
In the client or USBKEY equipment, it is also previously stored with user information, which includes user's mark Furthermore knowledge and label spacing corresponding with the user identifier may also include the number such as corresponding eye information, age of user, gender According to.In step 502, it after user passes through the first authentication again, can be mentioned from pre-stored user according to user identifier Take out corresponding label spacing.
The label spacing indicates to correspond to the spacing between the label of eyes of user information.As described above, USBKEY The iris camera of equipment be cameras with fixed focus, the eyes of user should could be obtained within the scope of a certain distance clearly at Picture.In the present invention, the display of USBKEY equipment, which can serve as " mirror " in the case where background is black and use, (also becomes " reflection " Technology), when user faces the display, wanted if imaging position of the eyes in the display used as mirror meets It asks, then being assured that the eyes of the user have been positioned at correct position, iris camera can collect the eyes of the user Clear image.Such as setting marks over the display, when according to one embodiment, user observes the eye for iris authentication Eyeball be in setting two label between and eyes the left and right sides respectively with left and right two label alignments, then it is assumed that user is in Appropriate position;Or according to another embodiment, when user observes that the eyes for iris authentication are in two marks of setting Between note and left eye on the left of and right eye on the right side of respectively with control two label alignments, then it is assumed that user is in appropriate position.So And since the eyes of different user are of different sizes or the spacing of eyes is different, it is assumed that user A and user B has different eyes Eyeball data, if that the label set on display is fixed, then identical in label and left and right in order to reach The effect of two sides and label alignment, user A and the distance between user B and display should be different, for example, relative to Family B eyes are larger or the biggish user A of eyes spacing, he can be remote relative to user B at a distance from display.In this way, The distance between user A and user B and iris camera are also different, then between the two the iris of at least one people at As being not clearly.
In order to solve this problem, present invention employs " dynamically labeled " technologies.That is, it is directed to different users, Different labels is shown over the display.It therefore, in step 502, be according to the first user identifier that authentication obtains again Obtain the label spacing for being suitable for the user.
Label spacing in the pre-stored user information can pass through manual or automatic form in user's registration It generates.
Artificially generated is exactly that user is simple eye or the spacing of eyes two sides by manually measuring, and the system is manually entered In, by the system according to user is simple eye or the spacing of eyes two sides calculates the spacing that label should have automatically, as with this The corresponding label spacing of user stores.
It automatically generates more humanized.Client or other equipment for user's registration have image capture device, example Such as acquisition camera, and including infrared or supersonic sounding equipment.Object has been stored in advance in the client or other equipment Actual size, acquisition object image size and object and the spacing of camera between corresponding relationship, such as standard Two o'clock in gauged distance between face and acquisition camera and the facial image that acquisition camera acquires under gauged distance Between normal pitch, and it is pre-recorded far from or close to acquisition camera when distance variation and acquired image in two Relationship between the variation of the distance between point.In this way, acquisition camera shoots the image of user, infrared when user's registration Or the distance between supersonic sounding device measuring acquisition camera and user, recognition of face is used from the image of the user of shooting Algorithm identifies the spacing of simple eye or eyes two sides in the picture, according to the simple eye or eyes two sides identified in the picture between Actual size, the image of the object of acquisition away from the distance between, acquisition camera and user and pre-stored object Corresponding relationship between size and the spacing of object and camera show that user is simple eye or the true spacing of eyes two sides.Thus As it can be seen that this mode automatically generated is more convenient and quick, user experience can be promoted well.
In addition, the client or other equipment be also stored with simple eye or eyes two sides true spacing and label spacing it Between relationship, when true spacing such as at left and right sides of eyes is 17cm, label spacing is 3.2cm etc..In this way, working as from movable property It has given birth to after user is simple eye or the true spacing of eyes two sides, label spacing corresponding with the true spacing is stored in the user name Under, i.e., it is accordingly stored with user identifier.
In step 502 finally, obtaining label spacing corresponding with user identifier.
Then, in step 503, display of two label displays in USBKEY equipment of the label spacing will be separated by On.At this moment, in order to reflect the image of user, the display shows the state for the label that background is black, prospect is display (as shown in Fig. 2, wherein 205 instructions be label positioned at right side), certainly, which should not be too strong, can be seen with user It observes the label and does not influence subject to the reflecting effect of half-reflection and half-transmission layer.It note that for ease of description, Fig. 2 is just shown Backlight and the shown state out of liquid crystal display in display, after considering half-reflection and half-transmission layer, the state in step 503 is such as Shown in Fig. 6.As shown in fig. 6, the half-reflection and half-transmission layer of the display can not only make the label through checking for user, it can also be anti- Penetrate the eye image of user.
In step 504, after user sees the label, so that it may that eye or the eyes court of iris authentication will be used for Be aligned to the label, the position on appropriate adjustment oneself head, at left and right sides of simple eye or eyes just with the label pair of left and right two Qi Shi, user can slightly stop the eye image so that iris camera acquisition user.As shown in fig. 6, using eyes two In the case where the spacing of side, if the two sides of eyes just respectively with left and right label alignment when, it is appropriate for being considered as the position of user.
In step 505, the pre-stored biological characteristic, the i.e. iris feature of user are stored in USBKEY equipment Or in client, the computing chip of the client or the USBKEY equipment executes matching process to judge the iris of acquisition Whether image matches with pre-stored biological characteristic, if it does, then thinking that user has passed through authentication.
According to the description above with reference to Fig. 5 to dual-identity authentication process, it can be seen that the first authentication and second again Authentication not only increases the safety of system again, and the two is combined closely, second again authentication dependent on the One subscriber identity information that authentication obtains again, i.e. the label spacing according to needed for the information acquisition, with use set forth herein " dynamically labeled " and " reflection " technology determine the suitable distance of user jointly, to acquire user's clearly iris image, from And solves the distance between the iris camera in the bad control of the user mentioned in the prior art and USBKEY equipment together The problem of.
Meanwhile those skilled in the art can see, the double authentication system that Fig. 1 to 4 is proposed is Fig. 5 and described above The operation platform of double authentication process, each step of above-mentioned double authentication process are all by each equipment in double authentication system Each component cooperation realize, certainly, can be used software, hardware or firmware any one or a few mode realize it In step, those skilled in the art can select as needed, and which is not described herein again.
It will be understood by those skilled in the art that embodiments herein can provide as method, apparatus (equipment) or computer Program product.Therefore, in terms of the application can be used complete hardware embodiment, complete software embodiment or combine software and hardware Embodiment form.Moreover, it wherein includes the meter of computer usable program code that the application, which can be used in one or more, The computer journey implemented in calculation machine usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of sequence product.
The application is flow chart of the reference according to method, apparatus (equipment) and computer program product of the embodiment of the present application And/or block diagram describes.It should be understood that each process in flowchart and/or the block diagram can be realized by computer program instructions And/or the combination of the process and/or box in box and flowchart and/or the block diagram.It can provide these computer programs to refer to Enable the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to generate One machine so that by the instruction that the processor of computer or other programmable data processing devices executes generate for realizing The device for the function of being specified in one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
Although the preferred embodiment of the application has been described, it is created once a person skilled in the art knows basic Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as It selects embodiment and falls into all change and modification of the application range.Obviously, those skilled in the art can be to the application Various modification and variations are carried out without departing from spirit and scope.If in this way, these modifications and variations of the application Belong within the scope of the claim of this application and its equivalent technologies, then the application is also intended to encompass these modification and variations and exists It is interior.

Claims (17)

1. a kind of double authentication system of USBKEY equipment, it is characterised in that:
The system comprises client and USBKEY equipment, the USBKEY equipment is connected by USB interface with the client, The USBKEY equipment includes display and the iris camera above display, the display include backlight, Liquid crystal display and the half-reflection and half-transmission layer being covered on outside liquid crystal display, in which:
The client is for prompting user to carry out the first authentication again;
The client or USBKEY equipment are used to obtain user for the response of the first authentication again, extract in the response Authentication information is compared with the authentication information prestored, if compared successfully, then it is assumed that and user passes through the first authentication again, Corresponding label spacing is obtained according to the mark of user;The label spacing is and user is simple eye or the true spacing of eyes two sides Corresponding label spacing;The label spacing is generated in user's registration by manual or automatic form;The label spacing To be dynamically labeled, for different users, different labels is shown over the display;
The display is marked for showing black background and being separated by two for marking spacing between prospect display, Wherein described two labels are checked across the half-reflection and half-transmission layer for user, and the half-reflection and half-transmission layer provides the image of reflection, When the background of display is largely or entirely black or is darker, half-reflection and half-transmission layer reflected image;
The iris camera is used to acquire the iris image of user, and wherein user can be according to described two labels and half-reflection and half-transmission The relative position of the image of the eyes of user of layer reflection adjusts oneself position;
The client or the USBKEY equipment are also used to judge that the iris image of acquisition is with pre-stored biological characteristic No matching, if it does, thinking that user has passed through the second authentication again.
2. double authentication system according to claim 1, it is characterised in that:
The display includes LED backlight plate, liquid crystal display and the half-reflection and half-transmission layer or described being covered on outside liquid crystal display Display includes LED backlight plate, liquid crystal display and the half-reflection and half-transmission layer between liquid crystal display and LED backlight plate.
3. double authentication system according to claim 1, it is characterised in that:
The display of the client or the display of USBKEY equipment are for prompting user to input password to carry out first time body Part certification, and USBKEY equipment has memory and computing chip, is stored in the memory and prestores password, the calculating core When piece is used to judge that the password match inputted as user prestores password, it is believed that user has passed through the first authentication again.
4. double authentication system according to claim 1, it is characterised in that:
There is fingerprint capturer, the display of client or the display of USBKEY equipment are for prompting in the USBKEY equipment User inputs the fingerprint of oneself by fingerprint capturer to carry out the first authentication again, and the USBKEY equipment has memory And computing chip, pre-stored fingerprint is stored in the memory, the computing chip of USBKEY equipment is for examining fingerprint capturer to adopt Whether the fingerprint of collection matches pre-stored fingerprint.
5. double authentication system according to claim 1, it is characterised in that:
In the client or USBKEY equipment, be also previously stored with user information, the user information include user identifier and Label spacing corresponding with the user identifier.
6. double authentication system according to claim 5, it is characterised in that:
The client has acquisition camera, distance-measuring equipment, processor and memory, pre- in the memory of the client First store the actual size of object, the object of acquisition image size and object and the spacing of camera between it is corresponding Relationship;
The acquisition camera is for shooting the image of user when user's registration, and the distance-measuring equipment is for measuring acquisition camera shooting The distance between head and user, the processor is for identifying list using face recognition algorithms from the image of the user of shooting Eye or eyes two sides spacing in the picture are imaged according to the simple eye or eyes two sides identified spacing in the picture, acquisition Actual size, the size and object of the image of the object of acquisition of the distance between head and user and pre-stored object Corresponding relationship between the spacing of camera show that user is simple eye or the true spacing of eyes two sides.
7. double authentication system according to claim 6, it is characterised in that:
The client is also stored with simple eye or eyes two sides true spacing and marks the relationship between spacing, the client For being based on the relationship, according to the user of acquisition is simple eye or the true spacing of eyes two sides obtains corresponding label spacing, and It is stored in association with user identifier, to form the user information.
8. double authentication system according to claim 1, it is characterised in that:
The brightness for the label that the display is shown is provided so that user is able to observe that the label and does not influence half anti-half The reflecting effect of permeable layers.
9. double authentication system according to claim 7, it is characterised in that:
The user can adjust according to the relative position of described two images for marking the eyes of user reflected with half-reflection and half-transmission layer Oneself whole position includes: after user sees the label, by that eye or eyes for being used for iris authentication towards the label Alignment, the position on appropriate adjustment oneself head, at left and right sides of simple eye or eyes just with two label alignments in left and right when, user It has adjusted to position appropriate.
10. a kind of double authentication method of USBKEY equipment, it is characterised in that:
The first step, the Client-Prompt user connecting with USBKEY equipment carry out the first authentication again;
Second step, the client or USBKEY equipment obtain user for the response of the first authentication again, extract the response In authentication information, be compared with the authentication information prestored, if compared successfully, then it is assumed that user is recognized by first gravidity part Card obtains corresponding label spacing according to the mark of user;The label spacing be with user is simple eye or eyes two sides it is true The corresponding label spacing of spacing;The label spacing is generated in user's registration by manual or automatic form;The label Spacing be it is dynamically labeled, for different users, show different labels over the display;
Third step, the display of USBKEY equipment include backlight, liquid crystal display and the half-reflection and half-transmission layer being covered on outside liquid crystal display, Display shows black background and is separated by two labels of the label spacing between prospect display, wherein described two The half-reflection and half-transmission layer in the USBKEY device display is marked to check for user, and the half-reflection and half-transmission layer provides reflection Image, when the background of display is largely or entirely black or is darker, half-reflection and half-transmission layer reflected image;
4th step, the iris camera of USBKEY equipment are used to acquire the iris image of user, and wherein user can be according to described two It is a to mark with the relative position of the image of the eyes of user of half-reflection and half-transmission layer reflection the position for adjusting oneself;
5th step, the client or the USBKEY equipment judge that the iris image of acquisition is with pre-stored biological characteristic No matching, if it does, thinking that user has passed through the second authentication again.
11. double authentication method according to claim 10, it is characterised in that:
The first step include: the client indicate the client display or USBKEY equipment display prompts user it is defeated Enter password to carry out first time authentication;And
Second step includes: depositing for the password match USBKEY equipment that the computing chip of USBKEY equipment is used to judge to work as user's input Stored in reservoir when prestoring password, it is believed that user has passed through the first authentication again.
12. double authentication method according to claim 10, it is characterised in that:
The first step includes: that the display of the client instruction client or the display prompts user of USBKEY equipment pass through Fingerprint capturer in USBKEY equipment inputs the fingerprint of oneself to carry out the first authentication again;
Second step includes: that the computing chip of USBKEY equipment is used to examine whether the fingerprint of fingerprint capturer acquisition matches USBKEY The pre-stored fingerprint stored in the memory of equipment.
13. double authentication method according to claim 10, it is characterised in that:
In the client or USBKEY equipment, be also previously stored with user information, the user information include user identifier and Label spacing corresponding with the user identifier, corresponding label spacing obtained according to the mark of user include in the second step Corresponding label spacing is extracted from user information.
14. double authentication method according to claim 13, it is characterised in that:
The client has acquisition camera, distance-measuring equipment, processor and memory, pre- in the memory of the client First store the actual size of object, the object of acquisition image size and object and the spacing of camera between it is corresponding Relationship;
Before the first step, when user's registration, the image of the acquisition camera shooting user, the distance-measuring equipment are surveyed The distance between acquisition camera and user are measured, the processor is known from the image of the user of shooting using face recognition algorithms Not Chu the spacing of simple eye or eyes two sides in the picture, according to the simple eye or eyes two sides identified spacing in the picture, adopt Collect actual size, the size of the image of the object of acquisition of the distance between camera and user and pre-stored object with And the corresponding relationship between object and the spacing of camera show that user is simple eye or the true spacing of eyes two sides.
15. double authentication method according to claim 14, it is characterised in that:
The client is also stored with simple eye or eyes two sides true spacing and marks the relationship between spacing, the client Based on the relationship, according to the user of acquisition is simple eye or the true spacing of eyes two sides obtains corresponding label spacing, and with Family mark stores in association, to form the user information.
16. double authentication method according to claim 10, it is characterised in that:
The brightness for the label that the display is shown is provided so that user is able to observe that the label and does not influence half anti-half The reflecting effect of permeable layers.
17. double authentication method according to claim 15, it is characterised in that:
The user can adjust according to the relative position of described two images for marking the eyes of user reflected with half-reflection and half-transmission layer Oneself whole position includes: after user sees the label, by that eye or eyes for being used for iris authentication towards the label Alignment, the position on appropriate adjustment oneself head, at left and right sides of simple eye or eyes just with two label alignments in left and right when, user It has adjusted to position appropriate.
CN201510961872.9A 2015-12-18 2015-12-18 A kind of double authentication system and method for USBKEY equipment Active CN105515777B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510961872.9A CN105515777B (en) 2015-12-18 2015-12-18 A kind of double authentication system and method for USBKEY equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510961872.9A CN105515777B (en) 2015-12-18 2015-12-18 A kind of double authentication system and method for USBKEY equipment

Publications (2)

Publication Number Publication Date
CN105515777A CN105515777A (en) 2016-04-20
CN105515777B true CN105515777B (en) 2019-05-10

Family

ID=55723449

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510961872.9A Active CN105515777B (en) 2015-12-18 2015-12-18 A kind of double authentication system and method for USBKEY equipment

Country Status (1)

Country Link
CN (1) CN105515777B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105897747B (en) * 2016-05-27 2020-04-03 北京中金国信科技有限公司 Data storage method and device based on digital biological signature and intelligent equipment
US10339318B2 (en) * 2016-11-07 2019-07-02 SK Hynix Inc. Semiconductor memory system and operating method thereof
CN108280390A (en) * 2017-01-06 2018-07-13 望墨科技(武汉)有限公司 A kind of method and system of iris recognition
US11899778B2 (en) 2017-09-30 2024-02-13 Huawei Technologies Co., Ltd. Password verification method, password setting method, and mobile terminal
CN107733643A (en) * 2017-10-16 2018-02-23 中国银行股份有限公司 A kind of method and terminal of password generation
CN108809982B (en) * 2018-06-12 2020-10-27 飞天诚信科技股份有限公司 Secret-free authentication method and system based on trusted execution environment
CN112560539A (en) * 2019-09-10 2021-03-26 中国电子技术标准化研究院 Resolution testing method, device and system for iris acquisition equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103927658A (en) * 2014-04-08 2014-07-16 深圳市中兴移动通信有限公司 Mobile payment method and terminal
CN104036586A (en) * 2014-06-09 2014-09-10 京东方科技集团股份有限公司 Eye-controlled display device and display method thereof and ATM (Automatic Teller Machine) machine system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102053753A (en) * 2010-12-23 2011-05-11 深圳市领华卫通数码科技有限公司 Semitransparent touch screen
KR102237479B1 (en) * 2014-06-03 2021-04-07 (주)아이리스아이디 Apparutus for scanning the iris and method thereof

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103927658A (en) * 2014-04-08 2014-07-16 深圳市中兴移动通信有限公司 Mobile payment method and terminal
CN104036586A (en) * 2014-06-09 2014-09-10 京东方科技集团股份有限公司 Eye-controlled display device and display method thereof and ATM (Automatic Teller Machine) machine system

Also Published As

Publication number Publication date
CN105515777A (en) 2016-04-20

Similar Documents

Publication Publication Date Title
CN105515777B (en) A kind of double authentication system and method for USBKEY equipment
US10205883B2 (en) Display control method, terminal device, and storage medium
CN107665426B (en) Method and electronic device for payment using biometric authentication
US10043089B2 (en) Personal identification method and apparatus for biometrical identification
US10572638B2 (en) Mobile terminal for capturing biometric data
US8752145B1 (en) Biometric authentication with smart mobile device
WO2019114376A1 (en) Document verification method, device, electronic device, and storage medium
EP2560123B1 (en) Method and system for liveness detection by conducting a host-directed illumination during biometric authentication
US8264325B2 (en) Biometric authentication apparatus and biometric data registration apparatus
US20160026862A1 (en) Eye reflected content for verification of user liveliness
US9336438B2 (en) Iris cameras
KR101675728B1 (en) Method and apparatus for processing user authentification using information processing device
KR20160144419A (en) Method and system for verifying identities
JP2007135149A (en) Mobile portable terminal
KR20170126444A (en) Face detection
KR102079952B1 (en) Method of managing access using face recognition and apparatus using the same
KR101534808B1 (en) Method and System for managing Electronic Album using the Facial Recognition
KR102308805B1 (en) Electronic identification card, system and method for proving authenticity of the electronic identification card
US11348370B2 (en) Iris authentication device, iris authentication method, and recording medium
US20150143538A1 (en) Portable Eye-Controlled Device, Verification Device and Method, Computer Readable Recording Medium and Computer Program Product
JP7428242B2 (en) Authentication device, authentication system, authentication method and authentication program
KR101334744B1 (en) Loaning method using kiosk system
JP2013190934A (en) Counter authentication system, counter authentication server, program and counter authentication method
US20230126114A1 (en) Authentication control device, information processing device, authentication system, authentication control method and non-transitory computer readable medium
KR101813534B1 (en) An automated teller machine and a method for operating it

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20160420

Assignee: BEIJING HUADA ZHIBAO ELECTRONIC SYSTEM Co.,Ltd.

Assignor: HENGBAO Corp.

Contract record no.: X2020990000514

Denomination of invention: A double authentication system and method for USBKEY equipment

Granted publication date: 20190510

License type: Common License

Record date: 20200923

EE01 Entry into force of recordation of patent licensing contract