CN105515777B - A kind of double authentication system and method for USBKEY equipment - Google Patents
A kind of double authentication system and method for USBKEY equipment Download PDFInfo
- Publication number
- CN105515777B CN105515777B CN201510961872.9A CN201510961872A CN105515777B CN 105515777 B CN105515777 B CN 105515777B CN 201510961872 A CN201510961872 A CN 201510961872A CN 105515777 B CN105515777 B CN 105515777B
- Authority
- CN
- China
- Prior art keywords
- user
- spacing
- display
- client
- label
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
Abstract
The application provides a kind of double authentication system and method for USBKEY equipment.The system comprises clients and USBKEY equipment, and wherein the display of USBKEY equipment includes half-reflection and half-transmission layer, and the images for user for reflecting user while showing character is checked.The client is used to indicate user and carries out the first authentication again, successfully out-of-date label spacing corresponding to the user is searched when authenticating, the display shows the label of left and right two for being separated by the label spacing, positional relationship between oneself eye image of the user based on the label of the left and right shown on display two and display reflection judges the appropriate location of oneself, and the iris image of the iris camera acquisition user when user is in appropriate location above the display, client or USBKEY equipment judge whether with the biometric information prestored through the second authentication again according to the iris image of acquisition.This programme can increase the safety when certification of USBKEY equipment identities, and improve the efficiency of iris authentication, and the user experience is improved.
Description
Technical field
This application involves the double authentication systems and side of field of information security technology more particularly to a kind of USBKEY equipment
Method.
Background technique
USBKEY equipment is a kind of equipment for having universal system bus (USB) interface and being used for user identity authentication.It should
Equipment internal processor chip and certain memory space can store the private key or number card of user in the memory space
Book, and certification of the Secret key arithmetic realization to user identity is executed by processor chips.It is described in authentication procedures
USBKEY equipment can realize the certification to user identity with client communication data, and with the development of USBKEY equipment,
It provides thereon a variety of for authenticating the device of user identity, fingerprint identification device, iris identification device etc..Client can
The biometric information of the user from USBKEY equipment is received, and executes the matching process with biological characteristic is prestored to judge to use
Family whether can be authorized.In field of biological recognition, the highly-safe of iris, anti-counterfeit capability are strong, in USBKEY equipment, one
As use be all fixed-focus iris camera, need user adjust position so that iris camera can clearly collect user
Iris image.In general, when iris camera is installed on the client, user can be presented by the screen of client
Image assist determining oneself position, but for two generation USBKEY equipment, LED screen thereon can not be shown
Image, and when user faces the iris camera in USBKEY equipment, the LED screen is not just available as reference, in this way,
Client iris positioning is just relatively difficult.In addition, USBKEY equipment only exists a kind of safety certification measure at present, in identification
Safety can not be guaranteed.
Summary of the invention
In view of this, the application provides a kind of double authentication system and method for USBKEY equipment, it is intended to improve identity and recognize
Safety during card, while guaranteeing that user can be readily determined the location of head in iris authentication.
Present invention firstly provides a kind of double authentication system of USBKEY equipment, the system comprises client and
USBKEY equipment, the USBKEY equipment are connected by USB interface with the client, and the USBKEY equipment includes display
And the iris camera above display, the display have half-reflection and half-transmission layer, in which: the client is for mentioning
Show that user carries out the first authentication again;The client or USBKEY equipment are for obtaining user for the first authentication again
Response, extract the authentication information in the response, be compared with the authentication information prestored, if compared successfully, then it is assumed that use
Family obtains corresponding label spacing by the first authentication again, according to the mark of user;The display is for showing black
Background and two labels for being separated by the label spacing between prospect display, wherein described two labels are across described half
Anti- semi-permeable layer is checked for user, and the half-reflection and half-transmission layer provides the image of reflection;The iris camera is for acquiring user
Iris image, wherein user can according to it is described two label with half-reflection and half-transmission layer reflection eyes of user image opposite positions
Set the position to adjust oneself;The client or the USBKEY equipment are also used to judge the iris image acquired and deposit in advance
Whether the biological characteristic of storage matches, if it does, thinking that user has passed through the second authentication again.
According to an aspect of the present invention, the display includes LED backlight plate, liquid crystal display and is covered on liquid crystal display
The outer half-reflection and half-transmission layer or the display include LED backlight plate, liquid crystal display and in liquid crystal display and LED backlight
The half-reflection and half-transmission layer between plate.
According to an aspect of the present invention, the display of the client or the display of USBKEY equipment are used for prompting
Family inputs password to carry out first time authentication, and USBKEY equipment has memory and a computing chip, in the memory
It is stored with and prestores password, when the computing chip is used to judge that the password match inputted as user prestores password, it is believed that Yong Hutong
The first authentication again is crossed.
According to an aspect of the present invention, in the USBKEY equipment have fingerprint capturer, the display of client or
The display of USBKEY equipment is for prompting user to input the fingerprint of oneself by fingerprint capturer to carry out first gravidity part and recognize
Card, the USBKEY equipment have memory and computing chip, are stored with pre-stored fingerprint, the meter of USBKEY equipment in the memory
Calculate whether the fingerprint that chip is used to that fingerprint capturer to be examined to acquire matches pre-stored fingerprint.
According to an aspect of the present invention, in the client or USBKEY equipment, it is also previously stored with user information, it should
User information includes user identifier and label spacing corresponding with the user identifier.
According to an aspect of the present invention, the client has acquisition camera, distance-measuring equipment, processor and storage
Device, be stored in advance in the memory of the client actual size of object, the object of acquisition image size and object
Corresponding relationship between body and the spacing of camera;Image of the acquisition camera for the shooting user when user's registration,
The distance-measuring equipment is used for the figure from the user of shooting for measuring the distance between acquisition camera and user, the processor
The spacing of simple eye or eyes two sides in the picture is identified using face recognition algorithms as in, according to the simple eye or eyes identified
The actual size of the distance between spacing, acquisition camera and the user of two sides in the picture and pre-stored object is adopted
Corresponding relationship between the size and object of the image of the object of collection and the spacing of camera show that user is simple eye or eyes two
The true spacing of side.
According to an aspect of the present invention, the client is also stored with simple eye or eyes two sides true spacing and label
Relationship between spacing, the client are used to be based on the relationship, according to the user of acquisition is simple eye or eyes two sides it is true
Spacing obtains corresponding label spacing, and stores in association with user identifier, to form the user information.
According to an aspect of the present invention, the brightness for the label that the display is shown is provided so that user can see
It observes the label and does not influence the reflecting effect of half-reflection and half-transmission layer.
According to an aspect of the present invention, the user can be according to the user of described two labels and the reflection of half-reflection and half-transmission layer
The relative position of the image of eyes is come to adjust oneself position include: that will be used for iris authentication after user sees the label
That eye or eyes are aligned towards the label, the position on appropriate adjustment oneself head, at left and right sides of simple eye or eyes just
When with two label alignments in left and right, user has been adjusted to position appropriate.
The invention also provides a kind of double authentication method of USBKEY equipment, the first step is connect with USBKEY equipment
Client-Prompt user carries out the first authentication again;Second step, the client or USBKEY equipment obtain user for the
The response of one authentication again, extracts the authentication information in the response, is compared with the authentication information prestored, if compare at
Function, then it is assumed that user obtains corresponding label spacing by the first authentication again, according to the mark of user;Third step,
The display display black background of USBKEY equipment and two labels for being separated by the label spacing between prospect display,
Wherein half-reflection and half-transmission layer of described two labels in the USBKEY device display is checked for user, and described half anti-half
Permeable layers provide the image of reflection;4th step, the iris camera of USBKEY equipment is used to acquire the iris image of user, wherein using
Family can adjust the position of oneself according to the relative position of described two labels and the image of the eyes of user of half-reflection and half-transmission layer reflection
It sets;5th step, the client or the USBKEY equipment judge that the iris image of acquisition is with pre-stored biological characteristic
No matching, if it does, thinking that user has passed through the second authentication again.
According to an aspect of the present invention, the first step include: the client indicate the client display or
The display prompts user of USBKEY equipment inputs password to carry out first time authentication;And second step includes: USBKEY
The computing chip of equipment is used to judge to prestore password when what is stored in the memory of the password match USBKEY equipment of user's input
When, it is believed that user has passed through the first authentication again.
According to an aspect of the present invention, the first step includes: the display or USBKEY of the client instruction client
The display prompts user of equipment inputs the fingerprint of oneself by the fingerprint capturer in USBKEY equipment to carry out the first gravidity
Part certification;Second step includes: that the computing chip of USBKEY equipment is used to examine whether the fingerprint of fingerprint capturer acquisition matches
The pre-stored fingerprint stored in the memory of USBKEY equipment.
According to an aspect of the present invention, in the client or USBKEY equipment, it is also previously stored with user information, it should
User information includes user identifier and label spacing corresponding with the user identifier, the mark according to user in the second step
It includes that label spacing accordingly is extracted from user information that knowledge, which obtains corresponding label spacing,.
According to an aspect of the present invention, the client has acquisition camera, distance-measuring equipment, processor and storage
Device, be stored in advance in the memory of the client actual size of object, the object of acquisition image size and object
Corresponding relationship between body and the spacing of camera;Before the first step, when user's registration, the acquisition camera is clapped
The image of user is taken the photograph, the distance-measuring equipment measures the distance between acquisition camera and user, use of the processor from shooting
The spacing of simple eye or eyes two sides in the picture is identified using face recognition algorithms in the image at family, it is simple eye according to what is identified
Or the distance between spacing, acquisition camera and the user of eyes two sides in the picture and pre-stored object is true big
Corresponding relationship between the size and object and the spacing of camera of the image of small, acquisition object show that user is simple eye or double
The true spacing of eye two sides.
According to an aspect of the present invention, the client is also stored with simple eye or eyes two sides true spacing and label
Relationship between spacing, the client are based on the relationship, according to the user of acquisition is simple eye or the true spacing of eyes two sides
Corresponding label spacing is obtained, and is stored in association with user identifier, to form the user information.
According to an aspect of the present invention, the brightness for the label that the display is shown is provided so that user can see
It observes the label and does not influence the reflecting effect of half-reflection and half-transmission layer.
According to an aspect of the present invention, the user can be according to the user of described two labels and the reflection of half-reflection and half-transmission layer
The relative position of the image of eyes is come to adjust oneself position include: that will be used for iris authentication after user sees the label
That eye or eyes are aligned towards the label, the position on appropriate adjustment oneself head, at left and right sides of simple eye or eyes just
When with two label alignments in left and right, user has been adjusted to position appropriate.
By above technical scheme as it can be seen that the application introduces double authentication mode, in the feelings that the first re-authentication mode passes through
Under condition, the label pitch information for matching the user is found from system, and the label with the label spacing is provided
On the screen of USBKEY equipment, and use the half-reflection and half-transmission skill improved to the display of USBKEY equipment being put forward for the first time
Art uses the screen in blank screen Shi Kezuo mirror surface, and the label is cooperated to allow users to easily judge oneself together
Whether head position is suitable, to carry out the iris authentication of following second weight.It can be seen that double authentication itself improves
In addition to this safety of system additionally uses " dynamically labeled " technology, i.e., have recorded and the matched label of user in system
Spacing, according to the spacing, user can quickly determine oneself using the screen of USBKEY equipment in the second heavy iris authentication
Position, improve authentication efficiency, and the user experience is improved.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
The some embodiments recorded in application can also be obtained according to these attached drawings other for those of ordinary skill in the art
Attached drawing.
Fig. 1 is the general structure schematic diagram according to the double authentication system of the application one embodiment;
Fig. 2 is the structural schematic diagram according to the USBKEY equipment of the application one embodiment;
Fig. 3 is the structural schematic diagram according to the USBKEY device display of the application one embodiment;
Fig. 4 is the structural schematic diagram according to the USBKEY device display of the application another embodiment;
Fig. 5 is the flow chart according to the double authentication method of the application one embodiment;
Fig. 6 is the status diagram of USBKEY equipment when being directed at oneself position according to the user of the application one embodiment.
Specific embodiment
In order to make those skilled in the art more fully understand the technical solution in the application, below in conjunction with the embodiment of the present application
In attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only
It is only some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, ordinary skill
Personnel's every other embodiment obtained, shall fall within the protection scope of the present application.
Further illustrate that the application implements below with reference to illustrations.
As shown in Figure 1, the double authentication system includes client 1 and USBKEY equipment 2.Wherein, client and
USBKEY equipment is connected by USB interface.The client can have for PC, tablet computer, mobile phone, server etc. to calculate and deposits
Store up function equipment, therefore the client generally all have memory and processor, certainly also have for peripheral hardware phase
All kinds of interfaces even, including mentioned-above USB interface.The USBKEY equipment is also a kind of small-sized computing terminal, in
Portion not only has computing chip, also has storage chip, certainly in the present invention, which further includes display, rainbow
Other components such as film camera, this will be described in detail in Fig. 2.
The USBKEY equipment and the client have been formed together the double authentication system and have completed to user identity
The double authentication process authenticated.
With reference to Fig. 2, the USBKEY equipment includes display 201, as described above, such as in two generation USBKEY equipment
The display can not show image, and can only show basic text information.The USBKEY equipment further includes
Square iris camera 202 over the display, the iris camera are used to acquire the iris information of user.In addition, according to one
A alternative embodiment, the USBKEY equipment further includes the infrared light compensating lamp 204 for assisting iris camera, according to another
Optional embodiment, the USBKEY equipment further include fingerprint capturer 203.Wherein 206 indicate the USB connecting with client
Interface.Shown in Fig. 2 is only the schematic construction of its USBKEY equipment, its packet can be set as needed in those skilled in the art
The position of each component contained and size.
Below with reference to Fig. 3 and Fig. 4, the display device structure of USBKEY equipment is described.In the present invention, the display
Device not only has display function, will also reflect the function that user images are checked for user.
As shown in figure 3, the display include LED backlight plate 301, liquid crystal display 302 and be covered on outside liquid crystal display half
Anti- semi-permeable layer 303.The half-reflection and half-transmission layer is made of half-reflection and half-transmission material, when display background most or all be
Black or it is darker when, the half-reflection and half-transmission layer can reflected image, at this moment display can be used as " mirror " use, and when display just
Often when display, the half-reflection and half-transmission layer allows the character shown to pass through, thus shown by not influencing in user's viewing display
Content.The present invention by be used below be exactly display this performance, i.e., show over the display seldom character (left and right
Two labels), at this moment since display background is black or darker, then at this moment display can also be used as mirror, use
Family can be determined jointly according to both face-images of oneself reflected in the label and display oneself head position whether
Properly.This will be described in more detail later.
As shown in figure 4, propose another implementation, the display include LED backlight plate 301, liquid crystal display 302,
And the half-reflection and half-transmission layer 303 between liquid crystal display and LED backlight plate.Identical with Fig. 3, the half-reflection and half-transmission layer is by half
Anti- semi-permeable material is made, and when the background of display, most or all is black or is darker, the half-reflection and half-transmission layer can be anti-
Image is penetrated, at this moment display can be used as " mirror " use, and when display is normally shown, the half-reflection and half-transmission layer allows to show
Character pass through, so that not influencing user watches content shown in display.
Fig. 3 and Fig. 4 is only the example of display basic structure, and actually display is also possible to have other layers, such as
For Fig. 3, can also have a protective layer outside half-reflection and half-transmission layer to protect the half-reflection and half-transmission layer not scratched (for figure
For 4 embodiment, due to half-reflection and half-transmission layer between LED backlight plate and liquid crystal display without this half-reflection and half-transmission layer with
The thickness for reducing display reduces the size of USBKEY, improves portability), or further, touch-sensitive layer etc. is provided, with
It is interacted with user.Certainly, those skilled in the art, which can according to need, increases or decreases these layers, here no longer
It repeats.In addition, the half-reflection and half-transmission layer can be half-reflection and half-transmission electroplated layer or half-reflection and half-transmission filter, since half-reflection and half-transmission layer is made
Material and technique be the prior art, therefore, also repeat no more here.
In the following, the double authentication method is described by Fig. 5.
Step 501, Client-Prompt user carries out the first authentication again;
Step 502, client or USBKEY equipment obtain user for the response of the first authentication again, extract the response
In authentication information, be compared with the authentication information prestored, if compared successfully, then it is assumed that user is recognized by first gravidity part
Card obtains corresponding label spacing according to the mark of user and prompts subscriber authentication to fail and tie if comparison is unsuccessful
Line journey;
Step 503, on the display of the USBKEY equipment, the prospect of display is shown is separated by the label each other
Two labels of spacing, the display background of display are black, at this moment, half-reflection and half-transmission layer of described two labels across display
It is checked for user, and the half-reflection and half-transmission layer provides the image of reflection;
Step 504, the iris image of the iris camera acquisition user of the USBKEY equipment, wherein user is according to described
Two mark with the relative position of the image of the eyes of user of half-reflection and half-transmission layer reflection the position for adjusting oneself;
Step 505, the client or the iris image and pre-stored biology of USBKEY equipment judgement acquisition
Whether feature matches, if it does, thinking that user has passed through authentication, if mismatched, prompts user identity authentication failure
And terminate process.
In step 501, as user using USBKEY equipment to carry out certain business when, can by USBKEY equipment be inserted into visitor
In the USB interface at family end, when business starts, the client, which issues, to be allowed user to input password or carries out the identity of other forms
The instruction of certification is to carry out the first authentication again in step 502.
In step 502, a kind of mode of the described first authentication again is authenticated using modification logging, i.e., in visitor
It prompts user to input password on the display of family end or USBKEY equipment, when the password match of user's input prestores password, says
Bright user has passed through the first authentication again.According to one embodiment, the password storage that prestores is in the storage of USBKEY equipment
In device, user inputs the password in the dialog box of Client-Prompt, and the password of input is sent to USBKEY equipment, by
The computing chip of USBKEY equipment examines whether password matches.
The another way of described first authentication again is to carry out finger print identifying using fingerprint capturer.Such as institute above
It states, there is fingerprint capturer in the USBKEY equipment, prompt user to pass through on the display of client or USBKEY equipment
The fingerprint that oneself is inputted on fingerprint capturer illustrates that user has passed through the first weight when the fingerprint that the fingerprint matching of input prestores
Authentication.According to one embodiment, the pre-stored fingerprint is stored in the memory of USBKEY equipment, and user sets in USBKEY
After inputting the fingerprint of oneself on standby fingerprint capturer, the finger of fingerprint capturer acquisition is examined by the computing chip of USBKEY equipment
Whether line matches.
In the client or USBKEY equipment, it is also previously stored with user information, which includes user's mark
Furthermore knowledge and label spacing corresponding with the user identifier may also include the number such as corresponding eye information, age of user, gender
According to.In step 502, it after user passes through the first authentication again, can be mentioned from pre-stored user according to user identifier
Take out corresponding label spacing.
The label spacing indicates to correspond to the spacing between the label of eyes of user information.As described above, USBKEY
The iris camera of equipment be cameras with fixed focus, the eyes of user should could be obtained within the scope of a certain distance clearly at
Picture.In the present invention, the display of USBKEY equipment, which can serve as " mirror " in the case where background is black and use, (also becomes " reflection "
Technology), when user faces the display, wanted if imaging position of the eyes in the display used as mirror meets
It asks, then being assured that the eyes of the user have been positioned at correct position, iris camera can collect the eyes of the user
Clear image.Such as setting marks over the display, when according to one embodiment, user observes the eye for iris authentication
Eyeball be in setting two label between and eyes the left and right sides respectively with left and right two label alignments, then it is assumed that user is in
Appropriate position;Or according to another embodiment, when user observes that the eyes for iris authentication are in two marks of setting
Between note and left eye on the left of and right eye on the right side of respectively with control two label alignments, then it is assumed that user is in appropriate position.So
And since the eyes of different user are of different sizes or the spacing of eyes is different, it is assumed that user A and user B has different eyes
Eyeball data, if that the label set on display is fixed, then identical in label and left and right in order to reach
The effect of two sides and label alignment, user A and the distance between user B and display should be different, for example, relative to
Family B eyes are larger or the biggish user A of eyes spacing, he can be remote relative to user B at a distance from display.In this way,
The distance between user A and user B and iris camera are also different, then between the two the iris of at least one people at
As being not clearly.
In order to solve this problem, present invention employs " dynamically labeled " technologies.That is, it is directed to different users,
Different labels is shown over the display.It therefore, in step 502, be according to the first user identifier that authentication obtains again
Obtain the label spacing for being suitable for the user.
Label spacing in the pre-stored user information can pass through manual or automatic form in user's registration
It generates.
Artificially generated is exactly that user is simple eye or the spacing of eyes two sides by manually measuring, and the system is manually entered
In, by the system according to user is simple eye or the spacing of eyes two sides calculates the spacing that label should have automatically, as with this
The corresponding label spacing of user stores.
It automatically generates more humanized.Client or other equipment for user's registration have image capture device, example
Such as acquisition camera, and including infrared or supersonic sounding equipment.Object has been stored in advance in the client or other equipment
Actual size, acquisition object image size and object and the spacing of camera between corresponding relationship, such as standard
Two o'clock in gauged distance between face and acquisition camera and the facial image that acquisition camera acquires under gauged distance
Between normal pitch, and it is pre-recorded far from or close to acquisition camera when distance variation and acquired image in two
Relationship between the variation of the distance between point.In this way, acquisition camera shoots the image of user, infrared when user's registration
Or the distance between supersonic sounding device measuring acquisition camera and user, recognition of face is used from the image of the user of shooting
Algorithm identifies the spacing of simple eye or eyes two sides in the picture, according to the simple eye or eyes two sides identified in the picture between
Actual size, the image of the object of acquisition away from the distance between, acquisition camera and user and pre-stored object
Corresponding relationship between size and the spacing of object and camera show that user is simple eye or the true spacing of eyes two sides.Thus
As it can be seen that this mode automatically generated is more convenient and quick, user experience can be promoted well.
In addition, the client or other equipment be also stored with simple eye or eyes two sides true spacing and label spacing it
Between relationship, when true spacing such as at left and right sides of eyes is 17cm, label spacing is 3.2cm etc..In this way, working as from movable property
It has given birth to after user is simple eye or the true spacing of eyes two sides, label spacing corresponding with the true spacing is stored in the user name
Under, i.e., it is accordingly stored with user identifier.
In step 502 finally, obtaining label spacing corresponding with user identifier.
Then, in step 503, display of two label displays in USBKEY equipment of the label spacing will be separated by
On.At this moment, in order to reflect the image of user, the display shows the state for the label that background is black, prospect is display
(as shown in Fig. 2, wherein 205 instructions be label positioned at right side), certainly, which should not be too strong, can be seen with user
It observes the label and does not influence subject to the reflecting effect of half-reflection and half-transmission layer.It note that for ease of description, Fig. 2 is just shown
Backlight and the shown state out of liquid crystal display in display, after considering half-reflection and half-transmission layer, the state in step 503 is such as
Shown in Fig. 6.As shown in fig. 6, the half-reflection and half-transmission layer of the display can not only make the label through checking for user, it can also be anti-
Penetrate the eye image of user.
In step 504, after user sees the label, so that it may that eye or the eyes court of iris authentication will be used for
Be aligned to the label, the position on appropriate adjustment oneself head, at left and right sides of simple eye or eyes just with the label pair of left and right two
Qi Shi, user can slightly stop the eye image so that iris camera acquisition user.As shown in fig. 6, using eyes two
In the case where the spacing of side, if the two sides of eyes just respectively with left and right label alignment when, it is appropriate for being considered as the position of user.
In step 505, the pre-stored biological characteristic, the i.e. iris feature of user are stored in USBKEY equipment
Or in client, the computing chip of the client or the USBKEY equipment executes matching process to judge the iris of acquisition
Whether image matches with pre-stored biological characteristic, if it does, then thinking that user has passed through authentication.
According to the description above with reference to Fig. 5 to dual-identity authentication process, it can be seen that the first authentication and second again
Authentication not only increases the safety of system again, and the two is combined closely, second again authentication dependent on the
One subscriber identity information that authentication obtains again, i.e. the label spacing according to needed for the information acquisition, with use set forth herein
" dynamically labeled " and " reflection " technology determine the suitable distance of user jointly, to acquire user's clearly iris image, from
And solves the distance between the iris camera in the bad control of the user mentioned in the prior art and USBKEY equipment together
The problem of.
Meanwhile those skilled in the art can see, the double authentication system that Fig. 1 to 4 is proposed is Fig. 5 and described above
The operation platform of double authentication process, each step of above-mentioned double authentication process are all by each equipment in double authentication system
Each component cooperation realize, certainly, can be used software, hardware or firmware any one or a few mode realize it
In step, those skilled in the art can select as needed, and which is not described herein again.
It will be understood by those skilled in the art that embodiments herein can provide as method, apparatus (equipment) or computer
Program product.Therefore, in terms of the application can be used complete hardware embodiment, complete software embodiment or combine software and hardware
Embodiment form.Moreover, it wherein includes the meter of computer usable program code that the application, which can be used in one or more,
The computer journey implemented in calculation machine usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of sequence product.
The application is flow chart of the reference according to method, apparatus (equipment) and computer program product of the embodiment of the present application
And/or block diagram describes.It should be understood that each process in flowchart and/or the block diagram can be realized by computer program instructions
And/or the combination of the process and/or box in box and flowchart and/or the block diagram.It can provide these computer programs to refer to
Enable the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to generate
One machine so that by the instruction that the processor of computer or other programmable data processing devices executes generate for realizing
The device for the function of being specified in one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although the preferred embodiment of the application has been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the application range.Obviously, those skilled in the art can be to the application
Various modification and variations are carried out without departing from spirit and scope.If in this way, these modifications and variations of the application
Belong within the scope of the claim of this application and its equivalent technologies, then the application is also intended to encompass these modification and variations and exists
It is interior.
Claims (17)
1. a kind of double authentication system of USBKEY equipment, it is characterised in that:
The system comprises client and USBKEY equipment, the USBKEY equipment is connected by USB interface with the client,
The USBKEY equipment includes display and the iris camera above display, the display include backlight,
Liquid crystal display and the half-reflection and half-transmission layer being covered on outside liquid crystal display, in which:
The client is for prompting user to carry out the first authentication again;
The client or USBKEY equipment are used to obtain user for the response of the first authentication again, extract in the response
Authentication information is compared with the authentication information prestored, if compared successfully, then it is assumed that and user passes through the first authentication again,
Corresponding label spacing is obtained according to the mark of user;The label spacing is and user is simple eye or the true spacing of eyes two sides
Corresponding label spacing;The label spacing is generated in user's registration by manual or automatic form;The label spacing
To be dynamically labeled, for different users, different labels is shown over the display;
The display is marked for showing black background and being separated by two for marking spacing between prospect display,
Wherein described two labels are checked across the half-reflection and half-transmission layer for user, and the half-reflection and half-transmission layer provides the image of reflection,
When the background of display is largely or entirely black or is darker, half-reflection and half-transmission layer reflected image;
The iris camera is used to acquire the iris image of user, and wherein user can be according to described two labels and half-reflection and half-transmission
The relative position of the image of the eyes of user of layer reflection adjusts oneself position;
The client or the USBKEY equipment are also used to judge that the iris image of acquisition is with pre-stored biological characteristic
No matching, if it does, thinking that user has passed through the second authentication again.
2. double authentication system according to claim 1, it is characterised in that:
The display includes LED backlight plate, liquid crystal display and the half-reflection and half-transmission layer or described being covered on outside liquid crystal display
Display includes LED backlight plate, liquid crystal display and the half-reflection and half-transmission layer between liquid crystal display and LED backlight plate.
3. double authentication system according to claim 1, it is characterised in that:
The display of the client or the display of USBKEY equipment are for prompting user to input password to carry out first time body
Part certification, and USBKEY equipment has memory and computing chip, is stored in the memory and prestores password, the calculating core
When piece is used to judge that the password match inputted as user prestores password, it is believed that user has passed through the first authentication again.
4. double authentication system according to claim 1, it is characterised in that:
There is fingerprint capturer, the display of client or the display of USBKEY equipment are for prompting in the USBKEY equipment
User inputs the fingerprint of oneself by fingerprint capturer to carry out the first authentication again, and the USBKEY equipment has memory
And computing chip, pre-stored fingerprint is stored in the memory, the computing chip of USBKEY equipment is for examining fingerprint capturer to adopt
Whether the fingerprint of collection matches pre-stored fingerprint.
5. double authentication system according to claim 1, it is characterised in that:
In the client or USBKEY equipment, be also previously stored with user information, the user information include user identifier and
Label spacing corresponding with the user identifier.
6. double authentication system according to claim 5, it is characterised in that:
The client has acquisition camera, distance-measuring equipment, processor and memory, pre- in the memory of the client
First store the actual size of object, the object of acquisition image size and object and the spacing of camera between it is corresponding
Relationship;
The acquisition camera is for shooting the image of user when user's registration, and the distance-measuring equipment is for measuring acquisition camera shooting
The distance between head and user, the processor is for identifying list using face recognition algorithms from the image of the user of shooting
Eye or eyes two sides spacing in the picture are imaged according to the simple eye or eyes two sides identified spacing in the picture, acquisition
Actual size, the size and object of the image of the object of acquisition of the distance between head and user and pre-stored object
Corresponding relationship between the spacing of camera show that user is simple eye or the true spacing of eyes two sides.
7. double authentication system according to claim 6, it is characterised in that:
The client is also stored with simple eye or eyes two sides true spacing and marks the relationship between spacing, the client
For being based on the relationship, according to the user of acquisition is simple eye or the true spacing of eyes two sides obtains corresponding label spacing, and
It is stored in association with user identifier, to form the user information.
8. double authentication system according to claim 1, it is characterised in that:
The brightness for the label that the display is shown is provided so that user is able to observe that the label and does not influence half anti-half
The reflecting effect of permeable layers.
9. double authentication system according to claim 7, it is characterised in that:
The user can adjust according to the relative position of described two images for marking the eyes of user reflected with half-reflection and half-transmission layer
Oneself whole position includes: after user sees the label, by that eye or eyes for being used for iris authentication towards the label
Alignment, the position on appropriate adjustment oneself head, at left and right sides of simple eye or eyes just with two label alignments in left and right when, user
It has adjusted to position appropriate.
10. a kind of double authentication method of USBKEY equipment, it is characterised in that:
The first step, the Client-Prompt user connecting with USBKEY equipment carry out the first authentication again;
Second step, the client or USBKEY equipment obtain user for the response of the first authentication again, extract the response
In authentication information, be compared with the authentication information prestored, if compared successfully, then it is assumed that user is recognized by first gravidity part
Card obtains corresponding label spacing according to the mark of user;The label spacing be with user is simple eye or eyes two sides it is true
The corresponding label spacing of spacing;The label spacing is generated in user's registration by manual or automatic form;The label
Spacing be it is dynamically labeled, for different users, show different labels over the display;
Third step, the display of USBKEY equipment include backlight, liquid crystal display and the half-reflection and half-transmission layer being covered on outside liquid crystal display,
Display shows black background and is separated by two labels of the label spacing between prospect display, wherein described two
The half-reflection and half-transmission layer in the USBKEY device display is marked to check for user, and the half-reflection and half-transmission layer provides reflection
Image, when the background of display is largely or entirely black or is darker, half-reflection and half-transmission layer reflected image;
4th step, the iris camera of USBKEY equipment are used to acquire the iris image of user, and wherein user can be according to described two
It is a to mark with the relative position of the image of the eyes of user of half-reflection and half-transmission layer reflection the position for adjusting oneself;
5th step, the client or the USBKEY equipment judge that the iris image of acquisition is with pre-stored biological characteristic
No matching, if it does, thinking that user has passed through the second authentication again.
11. double authentication method according to claim 10, it is characterised in that:
The first step include: the client indicate the client display or USBKEY equipment display prompts user it is defeated
Enter password to carry out first time authentication;And
Second step includes: depositing for the password match USBKEY equipment that the computing chip of USBKEY equipment is used to judge to work as user's input
Stored in reservoir when prestoring password, it is believed that user has passed through the first authentication again.
12. double authentication method according to claim 10, it is characterised in that:
The first step includes: that the display of the client instruction client or the display prompts user of USBKEY equipment pass through
Fingerprint capturer in USBKEY equipment inputs the fingerprint of oneself to carry out the first authentication again;
Second step includes: that the computing chip of USBKEY equipment is used to examine whether the fingerprint of fingerprint capturer acquisition matches USBKEY
The pre-stored fingerprint stored in the memory of equipment.
13. double authentication method according to claim 10, it is characterised in that:
In the client or USBKEY equipment, be also previously stored with user information, the user information include user identifier and
Label spacing corresponding with the user identifier, corresponding label spacing obtained according to the mark of user include in the second step
Corresponding label spacing is extracted from user information.
14. double authentication method according to claim 13, it is characterised in that:
The client has acquisition camera, distance-measuring equipment, processor and memory, pre- in the memory of the client
First store the actual size of object, the object of acquisition image size and object and the spacing of camera between it is corresponding
Relationship;
Before the first step, when user's registration, the image of the acquisition camera shooting user, the distance-measuring equipment are surveyed
The distance between acquisition camera and user are measured, the processor is known from the image of the user of shooting using face recognition algorithms
Not Chu the spacing of simple eye or eyes two sides in the picture, according to the simple eye or eyes two sides identified spacing in the picture, adopt
Collect actual size, the size of the image of the object of acquisition of the distance between camera and user and pre-stored object with
And the corresponding relationship between object and the spacing of camera show that user is simple eye or the true spacing of eyes two sides.
15. double authentication method according to claim 14, it is characterised in that:
The client is also stored with simple eye or eyes two sides true spacing and marks the relationship between spacing, the client
Based on the relationship, according to the user of acquisition is simple eye or the true spacing of eyes two sides obtains corresponding label spacing, and with
Family mark stores in association, to form the user information.
16. double authentication method according to claim 10, it is characterised in that:
The brightness for the label that the display is shown is provided so that user is able to observe that the label and does not influence half anti-half
The reflecting effect of permeable layers.
17. double authentication method according to claim 15, it is characterised in that:
The user can adjust according to the relative position of described two images for marking the eyes of user reflected with half-reflection and half-transmission layer
Oneself whole position includes: after user sees the label, by that eye or eyes for being used for iris authentication towards the label
Alignment, the position on appropriate adjustment oneself head, at left and right sides of simple eye or eyes just with two label alignments in left and right when, user
It has adjusted to position appropriate.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510961872.9A CN105515777B (en) | 2015-12-18 | 2015-12-18 | A kind of double authentication system and method for USBKEY equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510961872.9A CN105515777B (en) | 2015-12-18 | 2015-12-18 | A kind of double authentication system and method for USBKEY equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105515777A CN105515777A (en) | 2016-04-20 |
CN105515777B true CN105515777B (en) | 2019-05-10 |
Family
ID=55723449
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510961872.9A Active CN105515777B (en) | 2015-12-18 | 2015-12-18 | A kind of double authentication system and method for USBKEY equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105515777B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105897747B (en) * | 2016-05-27 | 2020-04-03 | 北京中金国信科技有限公司 | Data storage method and device based on digital biological signature and intelligent equipment |
US10339318B2 (en) * | 2016-11-07 | 2019-07-02 | SK Hynix Inc. | Semiconductor memory system and operating method thereof |
CN108280390A (en) * | 2017-01-06 | 2018-07-13 | 望墨科技(武汉)有限公司 | A kind of method and system of iris recognition |
US11899778B2 (en) | 2017-09-30 | 2024-02-13 | Huawei Technologies Co., Ltd. | Password verification method, password setting method, and mobile terminal |
CN107733643A (en) * | 2017-10-16 | 2018-02-23 | 中国银行股份有限公司 | A kind of method and terminal of password generation |
CN108809982B (en) * | 2018-06-12 | 2020-10-27 | 飞天诚信科技股份有限公司 | Secret-free authentication method and system based on trusted execution environment |
CN112560539A (en) * | 2019-09-10 | 2021-03-26 | 中国电子技术标准化研究院 | Resolution testing method, device and system for iris acquisition equipment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103927658A (en) * | 2014-04-08 | 2014-07-16 | 深圳市中兴移动通信有限公司 | Mobile payment method and terminal |
CN104036586A (en) * | 2014-06-09 | 2014-09-10 | 京东方科技集团股份有限公司 | Eye-controlled display device and display method thereof and ATM (Automatic Teller Machine) machine system |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102053753A (en) * | 2010-12-23 | 2011-05-11 | 深圳市领华卫通数码科技有限公司 | Semitransparent touch screen |
KR102237479B1 (en) * | 2014-06-03 | 2021-04-07 | (주)아이리스아이디 | Apparutus for scanning the iris and method thereof |
-
2015
- 2015-12-18 CN CN201510961872.9A patent/CN105515777B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103927658A (en) * | 2014-04-08 | 2014-07-16 | 深圳市中兴移动通信有限公司 | Mobile payment method and terminal |
CN104036586A (en) * | 2014-06-09 | 2014-09-10 | 京东方科技集团股份有限公司 | Eye-controlled display device and display method thereof and ATM (Automatic Teller Machine) machine system |
Also Published As
Publication number | Publication date |
---|---|
CN105515777A (en) | 2016-04-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105515777B (en) | A kind of double authentication system and method for USBKEY equipment | |
US10205883B2 (en) | Display control method, terminal device, and storage medium | |
CN107665426B (en) | Method and electronic device for payment using biometric authentication | |
US10043089B2 (en) | Personal identification method and apparatus for biometrical identification | |
US10572638B2 (en) | Mobile terminal for capturing biometric data | |
US8752145B1 (en) | Biometric authentication with smart mobile device | |
WO2019114376A1 (en) | Document verification method, device, electronic device, and storage medium | |
EP2560123B1 (en) | Method and system for liveness detection by conducting a host-directed illumination during biometric authentication | |
US8264325B2 (en) | Biometric authentication apparatus and biometric data registration apparatus | |
US20160026862A1 (en) | Eye reflected content for verification of user liveliness | |
US9336438B2 (en) | Iris cameras | |
KR101675728B1 (en) | Method and apparatus for processing user authentification using information processing device | |
KR20160144419A (en) | Method and system for verifying identities | |
JP2007135149A (en) | Mobile portable terminal | |
KR20170126444A (en) | Face detection | |
KR102079952B1 (en) | Method of managing access using face recognition and apparatus using the same | |
KR101534808B1 (en) | Method and System for managing Electronic Album using the Facial Recognition | |
KR102308805B1 (en) | Electronic identification card, system and method for proving authenticity of the electronic identification card | |
US11348370B2 (en) | Iris authentication device, iris authentication method, and recording medium | |
US20150143538A1 (en) | Portable Eye-Controlled Device, Verification Device and Method, Computer Readable Recording Medium and Computer Program Product | |
JP7428242B2 (en) | Authentication device, authentication system, authentication method and authentication program | |
KR101334744B1 (en) | Loaning method using kiosk system | |
JP2013190934A (en) | Counter authentication system, counter authentication server, program and counter authentication method | |
US20230126114A1 (en) | Authentication control device, information processing device, authentication system, authentication control method and non-transitory computer readable medium | |
KR101813534B1 (en) | An automated teller machine and a method for operating it |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20160420 Assignee: BEIJING HUADA ZHIBAO ELECTRONIC SYSTEM Co.,Ltd. Assignor: HENGBAO Corp. Contract record no.: X2020990000514 Denomination of invention: A double authentication system and method for USBKEY equipment Granted publication date: 20190510 License type: Common License Record date: 20200923 |
|
EE01 | Entry into force of recordation of patent licensing contract |