CN106452845B - A kind of implementation method unlocked online and device - Google Patents

A kind of implementation method unlocked online and device Download PDF

Info

Publication number
CN106452845B
CN106452845B CN201610833664.5A CN201610833664A CN106452845B CN 106452845 B CN106452845 B CN 106452845B CN 201610833664 A CN201610833664 A CN 201610833664A CN 106452845 B CN106452845 B CN 106452845B
Authority
CN
China
Prior art keywords
cipher key
key equipment
intelligent cipher
sequence number
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610833664.5A
Other languages
Chinese (zh)
Other versions
CN106452845A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201610833664.5A priority Critical patent/CN106452845B/en
Publication of CN106452845A publication Critical patent/CN106452845A/en
Application granted granted Critical
Publication of CN106452845B publication Critical patent/CN106452845B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention discloses a kind of implementation method unlocked online and device, this method comprises: judge whether user information is correct when receiving the user information of user's input, as incorrect, terminates;The sequence number of intelligent cipher key equipment is obtained if correct, and judges whether the sequence number of intelligent cipher key equipment matches with user information, is terminated if mismatching, corresponding administrator's password is obtained according to the sequence number of intelligent cipher key equipment if matching;Operation is unlocked to intelligent cipher key equipment using administrator's password.When the intelligent cipher key equipment that method in the present embodiment is suitable for user is locked or forgets personal identification number, data is submitted when user accesses website, insertion needs the intelligent cipher key equipment unlocked, device obtains the sequence number of intelligent cipher key equipment from intelligent cipher key equipment, according to sequence number management of computing person's password of intelligent cipher key equipment, then it is unlocked using administrator's password, safe ready.

Description

A kind of implementation method unlocked online and device
Technical field
The present invention relates to electronics fields, more particularly to a kind of implementation method unlocked online and device.
Background technique
Intelligent cipher key equipment is a kind of small hardware device with processor and memory, it can pass through the number of computer It is connect according to communication interface with computer.Intelligent cipher key equipment completes the generation of key by built-in single-chip microcontroller or intelligent card chip And the secure storage of key, wherein can preset Encryption Algorithm function, and operation relevant to key is set in intelligent key completely Standby internal operation, so that intelligent cipher key equipment has the characteristic of attack resistance, safety is high.
In the prior art, the PIN code that intelligent cipher key equipment (USB Key) is inputted generally by verification user (personal identification number, personal identification number) correctness verifies whether the identity of the user closes Method.Specific checking procedure includes: that intelligent cipher key equipment is connected with computer, and user is defeated to intelligent cipher key equipment by computer Enter PIN code, the correctness of the intelligent cipher key equipment automatic Verification PIN code.When the PIN code verification of user's input is correct, allow The user's operation intelligent cipher key equipment;When the PIN code check errors of user's input and the number of mistake has reached preset When maximum value, intelligent cipher key equipment locks the PIN code of the user, and user will be unable to reuse the intelligent cipher key equipment, user It needs the intelligent cipher key equipment giving administrator and PIN code is unlocked.In the prior art, administrator solves PIN code For lock generally by being manually entered sopin (administrator's password) Lai Shixian, workload is too big;And the sopin used is decoded every time All identical, there are security risks.
Summary of the invention
The purpose of the invention is to overcome the deficiencies of the prior art and provide the implementation method and dress that one kind unlocks online It sets.
The present invention provides the implementation methods that one kind unlocks online, comprising:
Step S1: when device receives the user information of user's input, judge whether the user information is correct, be then Step S2 is executed, is otherwise terminated;
Step S2: described device obtains the sequence number of intelligent cipher key equipment, and judges the sequence of the intelligent cipher key equipment Number whether matched with the user information, is to then follow the steps S3, otherwise terminates;
Step S3: described device obtains corresponding administrator's password according to the sequence number of the intelligent cipher key equipment;
Step S4: described device is unlocked operation to the intelligent cipher key equipment using the administrator's password.
Wherein, the step S1 includes: to judge the user when described device receives the user information of user's input Whether information matches with the user information of preservation, is to then follow the steps S2, otherwise terminates.
Wherein, described device obtains the sequence number of intelligent cipher key equipment is with the sequence number of the intelligent cipher key equipment is judged No includes: that described device judges whether to get the sequence number of the intelligent cipher key equipment between user information matching, It is to continue, otherwise terminates.
Wherein, described device obtains the sequence number of intelligent cipher key equipment, specifically: described device is obtained by first interface The sequence number of the intelligent cipher key equipment.
Wherein, described device judges whether to get the sequence number of the intelligent cipher key equipment, specifically: described device is sentenced Whether the return value of the first interface of breaking is preset value, is the sequence number for getting the intelligent cipher key equipment, otherwise not Get the sequence number of the intelligent cipher key equipment.
It wherein, include: when device receives unlock trigger information before the step S1, the pop-up unlock page simultaneously waits User inputs user information, executes step S1.
Wherein, in the step S4 if unlocking successfully further include: reset personal identification number and notify user.
Wherein, the step S4 includes: that described device is carried out the administrator's password as parameter calling second interface Verifying calls third interface to reset the personal identification number of the intelligent cipher key equipment, and described in judgement if being proved to be successful Whether third interface returns to true value, is, unlocks success, otherwise unlock failure, terminates, failure is unlocked if authentication failed, ties Beam.
Wherein, described device includes client-side program and background server, and the step S3 includes: the client-side program Corresponding administrator's password is obtained from background server according to the sequence number of the intelligent cipher key equipment.
Wherein, described device is client-side program, and the step S3 includes: that the client-side program is close according to the intelligence Administrator's password is calculated in the sequence number of key equipment.
Wherein, described device includes client-side program and background server, and the step S3 includes:
Step S3-1: the client-side program is obtained from background server according to the sequence number of the intelligent cipher key equipment Encrypted random number;
Step S3-2: the client-side program is decrypted to obtain using client private key to the encrypted random number Random number splices the sequence number of the intelligent cipher key equipment and the random number, carries out Hash operation to splicing result Obtain administrator's password.
It wherein, include: that the client-side program obtains random train from the intelligent cipher key equipment before the step S4;
The step S4 includes: that the client-side program encrypts the random train using the administrator's password, It calls second interface to verify for encrypted result as parameter, if being proved to be successful, third interface is called to reset the intelligence The personal identification number of energy key devices, and judge whether the third interface returns to true value, it is to unlock success, otherwise unlock is lost It loses, terminates, failure is unlocked if authentication failed, terminate.
Wherein, the step S3-1 specifically: the client-side program sends the sequence number of the intelligent cipher key equipment To the background server;The background server obtains corresponding random number according to the sequence number of the intelligent cipher key equipment, Encrypted to obtain the encrypted random number to the random number using client public key and will be described encrypted random Number is sent to the client-side program.
Wherein, as unlocked successfully in the step S4 further include:
Step A1: the client-side program spells the sequence number of the intelligent cipher key equipment and the administrator's password It connects, Hash operation is carried out to splicing result and obtains new random number;
Step A2: the client-side program splices the sequence number and the new random number, to splicing result into Row Hash operation obtains new administrator's password;
Step A3: the client-side program according to the new administrator's password modify administrator's password operate, and Judge whether success, is then to send modification administrator's password operation successful information to background server, terminates, otherwise terminate.
Wherein, after receiving modification administrator's password operation successful information the method also includes: the background server, The sequence number of the intelligent cipher key equipment and the random number of preservation are spliced, and Hash operation is done to splicing result and is obtained To the first cryptographic Hash, spliced splicing result is carried out to sequence number and first cryptographic Hash of the intelligent cipher key equipment and is done Hash operation obtains the second cryptographic Hash, and the random number saved with second cryptographic Hash replacement.
Wherein, the client-side program is sent to the background server before modifying administrator's password operation successful information Include: that the client-side program generates the first data and encrypted with background server public key to first data, will add Close result is sent to the background server;The background server uses background server private key after receiving the encrypted result The encrypted result is decrypted, the random number saved if successful decryption with decrypted result replacement, such as decryption failure Decryption failure information is returned to the client-side program, is terminated.
Invention further provides the realization devices that one kind unlocks online, comprising:
Receiving module, for receiving the user information of user's input;
First judgment module, for judging whether the user information that the receiving module receives is correct, and for sentencing Disconnected result is that triggering obtains judgment module when being;
The acquisition judgment module for obtaining the sequence number of intelligent cipher key equipment, and judges the intelligent cipher key equipment Sequence number whether matched with the user information, and for judging result be when triggering first obtain module;
Described first obtains module, close for obtaining corresponding administrator according to the sequence number of the intelligent cipher key equipment Code;
Unlocked state, for being unlocked operation to the intelligent cipher key equipment using the administrator's password.
Wherein, the first judgment module be specifically used for judge the user information whether the user information with preservation Match, and is triggering acquisition judgment module when being for judging result.
Wherein, described device further includes the second judgment module, for judging whether the acquisition judgment module gets institute State the sequence number of intelligent cipher key equipment.
Wherein, the acquisition judgment module specifically includes:
First acquisition unit, for obtaining the sequence number of the intelligent cipher key equipment by first interface;
First judging unit, for judging whether the sequence number of the intelligent cipher key equipment matches with the user information, It and is to trigger described first when being to obtain module for judging result.
Wherein, second judgment module is specifically used for judging whether the return value of the first interface is preset value, is The sequence number of the intelligent cipher key equipment is then got, the sequence number of the intelligent cipher key equipment otherwise has not been obtained.
Wherein, the receiving module is also used to receive unlock trigger information, and when receiving the unlock trigger information The pop-up unlock page simultaneously waits user to input user information.
Wherein, described device further include: setup module, for resetting after the unlocked state unlocks successfully Personal identification number simultaneously notifies user.
Wherein, the unlocked state is specifically used for calling second interface to test for the administrator's password as parameter Card, if being proved to be successful, calls third interface to reset the personal identification number of the intelligent cipher key equipment, and judges described the Whether three interfaces return to true value, are, unlock success, and otherwise unlock failure, unlocks failure if authentication failed.
Wherein, described device includes client-side program and background server, and the client-side program includes the reception mould Block, first judgment module obtain judgment module, first obtain module and unlocked state, the background server for store with The one-to-one administrator's password of intelligent cipher key equipment;
Described first, which obtains module, is specifically used for according to the sequence number of the intelligent cipher key equipment from the background server It is middle to obtain corresponding administrator's password.
Wherein, described device is client-side program, and the first acquisition module is specifically used for being set according to the intelligent key Administrator's password is calculated in standby sequence number.
Wherein, described device includes client-side program and background server, and the client-side program includes the reception mould Block, first judgment module obtain judgment module, the first acquisition module and unlocked state, the background server is used for random Number is encrypted to obtain encrypted random number;
Described first, which obtains module, includes:
Second acquisition unit obtains from the background server for the sequence number according to the intelligent cipher key equipment and adds Random number after close;
Concatenation unit is decrypted, it is random for being decrypted to obtain to the encrypted random number using client private key Number, the sequence number of the intelligent cipher key equipment and the random number are spliced, and are carried out Hash operation to splicing result and are obtained Administrator's password.
Wherein, the client-side program further include: second obtain module, for from the intelligent cipher key equipment obtain with Machine string;
The unlocked state includes:
Encryption unit, for being encrypted to obtain encrypted result to the random train using the administrator's password;
Authentication unit, if being proved to be successful, is called for calling second interface to verify for encrypted result as parameter Third interface resets the personal identification number of the intelligent cipher key equipment, and judges whether the third interface returns to true value, It is to unlock success, otherwise unlock failure, unlocks failure if authentication failed.
Wherein, the second acquisition unit is specifically used for the sequence number of the intelligent cipher key equipment being sent to the backstage Server;
The background server is specifically used for obtaining corresponding random number according to the sequence number of the intelligent cipher key equipment, makes Encrypted to obtain the encrypted random number to the random number with client public key and by the encrypted random number It is sent to the client-side program.
Wherein, the client-side program further include:
First splicing hash module, for spelling the sequence number of the intelligent cipher key equipment and the administrator's password It connects, Hash operation is carried out to splicing result and obtains new random number;
Second splicing hash module, for the sequence number and the new random number to be spliced, to splicing result into Row Hash operation obtains new administrator's password;
Judgment module is modified, for being modified administrator's password operation according to the new administrator's password, and is judged Whether succeed, and is to send modification administrator's password to the background server when being and operate successfully to believe for judging result Breath;
The background server is also used to receive the modification administrator's password that the modification judgment module is sent and operates successfully Information.
Wherein, the background server is also used to after receiving modification administrator's password operation successful information, will be described The sequence number of intelligent cipher key equipment and the random number of preservation are spliced, and are done Hash operation to splicing result and obtained first Cryptographic Hash, sequence number and first cryptographic Hash to the intelligent cipher key equipment carry out spliced splicing result and do Hash fortune Calculation obtains the second cryptographic Hash, and the random number saved with second cryptographic Hash replacement.
Wherein, the client-side program further include: encrypting module is generated, for generating the first data and using background server Public key is encrypted to obtain encrypted result to first data, and the encrypted result is sent to the background server;Institute It states background server and is also used to receive the encrypted result, and the encrypted result is solved using background server private key The random number that is close, being saved if successful decryption with decrypted result replacement, such as decryption unsuccessfully return to decryption to described device and lose Lose information.
Compared with prior art, the present invention having the advantage that
The intelligent cipher key equipment that method of the invention is suitable for user is locked or is forgotten the situation of personal identification number, when User accesses website and submits data, and insertion needs the intelligent cipher key equipment unlocked, and device obtains intelligence from intelligent cipher key equipment Then the sequence number of key devices reuses administrator's password according to sequence number management of computing person's password of intelligent cipher key equipment It is unlocked, safe ready.
Detailed description of the invention
Fig. 1 is the implementation method flow chart that one kind that the embodiment of the present invention one provides unlocks online;
Fig. 2 is the implementation method flow chart that one kind provided by Embodiment 2 of the present invention unlocks online;
Fig. 3 is the implementation method flow chart that one kind that the embodiment of the present invention three provides unlocks online;
Fig. 4 is the implementation method flow chart that one kind that the embodiment of the present invention four provides unlocks online;
Fig. 5 is the realization device block diagram that one kind that the embodiment of the present invention five provides unlocks online.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those skilled in the art's every other implementation obtained without making creative work Example, shall fall within the protection scope of the present invention.
Embodiment one
The embodiment of the present invention one provides a kind of implementation method unlocked online, as shown in Figure 1, comprising:
Step S1: when device receives the user information of user's input, judge whether user information is correct, is, executes Step S2, otherwise terminates;
It in the present embodiment, include: when device receives unlock trigger information before step S1, the pop-up unlock page is simultaneously It waits user to input user information, executes step S1;
Specifically, judging whether user information correct, comprising: judge user information whether the user information with preservation Match, is to then follow the steps S2, otherwise terminates;
Step S2: device obtain intelligent cipher key equipment sequence number, and judge intelligent cipher key equipment sequence number whether with User information matching, is to then follow the steps S3, otherwise terminates;
Specifically, in the present embodiment, device obtains the sequence number of intelligent cipher key equipment and judges intelligent cipher key equipment Whether sequence number includes: that device judges whether to get the sequence number of intelligent cipher key equipment between matching with user information, is then Judge whether the sequence number of intelligent cipher key equipment matches with user information, otherwise terminates;
In the present embodiment, device obtains the sequence number of intelligent cipher key equipment, judges whether to get intelligent cipher key equipment Sequence number, specifically: device obtains the sequence number of intelligent cipher key equipment by first interface, and judges returning for first interface It returns whether value is preset value, is the sequence number for getting intelligent cipher key equipment, the sequence of intelligent cipher key equipment otherwise has not been obtained Row number;
Step S3: device obtains corresponding administrator's password according to the sequence number of intelligent cipher key equipment;
In the present embodiment, device can be client-side program, can also include background server, then there are many step S3 Implementation, the embodiment of the present invention are described in detail with following several ways;
(1) device includes client-side program and background server, and client-side program is according to the sequence number of intelligent cipher key equipment Corresponding administrator's password is obtained from background server;
(2) device is client-side program, and administrator is calculated according to the sequence number of intelligent cipher key equipment in client-side program Password;
(3) device includes client-side program and background server, and client-side program is according to the sequence number of intelligent cipher key equipment Encrypted random number is obtained from background server;Using client private key to encrypted random number be decrypted to obtain with Machine number splices the sequence number of intelligent cipher key equipment with random number, carries out Hash operation to splicing result and obtains administrator Password;
Client-side program obtains encrypted random number according to the sequence number of intelligent cipher key equipment from background server, tool Body are as follows: the sequence number of intelligent cipher key equipment is sent to background server by client-side program;Background server is according to intelligent key The sequence number of equipment obtains corresponding random number, is encrypted to obtain encrypted random number to random number using client public key And encrypted random number is sent to client-side program;
Step S4: device is unlocked operation to intelligent cipher key equipment using administrator's password.
In the present embodiment, the result for unlocking operation, which unlocks, successfully to fail with unlock, the present embodiment if unlocking successfully Method further include: device resets personal identification number and notifies user, terminates if unlocking failure;
Preferably, step S4 includes: that described device is tested the administrator's password as parameter calling second interface Card, if being proved to be successful, calls third interface to reset the personal identification number of the intelligent cipher key equipment, and judges described the Whether three interfaces return to true value, are, unlock success, otherwise unlock failure, terminate, failure is unlocked if authentication failed, terminate.
It before step S 4 include: that device obtains random train from intelligent cipher key equipment for the safety for improving unlock;Step Rapid S4 includes: that device encrypts random train using administrator's password, using encrypted result as parameter calling second interface into Row verifying, if being proved to be successful, calls third interface to reset the personal identification number of intelligent cipher key equipment, and judge that third connects Whether mouth returns to true value, is to unlock success, otherwise unlock failure, terminates, failure is unlocked if authentication failed, terminates.
In the present embodiment, in step s 4 if unlocking successfully further include:
Step A1: client-side program splices the sequence number of intelligent cipher key equipment and administrator's password, ties to splicing Fruit carries out Hash operation and obtains new random number;
Step A2: client-side program splices sequence number and new random number, carries out Hash operation to splicing result and obtains To new administrator's password;
Step A3: client-side program is operated according to new administrator's password administrator's password of modifying, and is judged whether Success is then to send modification administrator's password operation successful information to background server, terminates, otherwise terminate.
Background server can carry out more the random number of preservation after receiving modification administrator's password operation successful information Newly, it can be realized by following two method;
(1) after background server receives modification administrator's password operation successful information, by the sequence of intelligent cipher key equipment Number spliced with the random number saved, and Hash operation is done to splicing result and obtains the first cryptographic Hash, to intelligent cipher key equipment Sequence number and the first cryptographic Hash carry out spliced splicing result and do Hash operation obtaining the second cryptographic Hash, and with the second Hash The random number that value replacement saves.
It (two) include: that device generates the before device sends modification administrator's password operation successful information to background server One data simultaneously encrypt the first data with background server public key, and encrypted result is sent to background server;Backstage takes Business device is decrypted after receiving encrypted result with background server private key pair encryption result, and decrypted result is used if successful decryption The random number saved is replaced, such as decryption unsuccessfully returns to decryption failure information to device, terminates.
Embodiment two
Second embodiment of the present invention provides the implementation method that one kind unlocks online, the device in the present embodiment includes client journey Sequence and background server, as shown in Fig. 2, this method comprises:
Step 101: when client-side program receives unlock trigger information, the pop-up unlock page simultaneously waits user to input use Family information;
In the present embodiment, user information includes username and password;For example, user name is zhangsan, password is Abcd1234;
Step 102: when client-side program receives the user information of user's input, judge whether user information is correct, It is to then follow the steps 103, otherwise terminates;
Specifically, step 102 include: the user information that receives of client-side program judgement whether the user information with preservation Matching, is to then follow the steps 103, otherwise terminates;
For example, the user information saved in the present embodiment are as follows: user name zhangsan, password ABCD1234, then step 102 In be judged as and otherwise terminate;Such as the user information of preservation are as follows: zhangsan, password are Abcd1234, then are judged as in step 102 It is to then follow the steps 103;
Step 103: the sequence number of client-side program acquisition intelligent cipher key equipment;
Specifically, in the present embodiment, client-side program is by calling P11 (PKCS11, cipher token interface standard) First interface (C_GetTokenInfo) obtains the sequence number of the intelligent cipher key equipment of insertion;
For example, in the present embodiment, the Serial No. for the intelligent cipher key equipment that client-side program is got 0653114714150A13, corresponding user information are as follows: user name zhangsan, password ABCD1234;
Step 104: client-side program judges whether to get the sequence number of intelligent cipher key equipment, is to then follow the steps 105, Otherwise terminate;
In the present embodiment, client-side program judges whether the return value of the first interface of P11 is true value (true), is then The sequence number of intelligent cipher key equipment is got, the sequence number of intelligent cipher key equipment otherwise has not been obtained;
For example, getting the Serial No. 0653114714150A13 of intelligent cipher key equipment in the present embodiment;
Step 105: whether the sequence number that client-side program judgement gets intelligent cipher key equipment is believed with the user received Breath matching, is to then follow the steps 106, otherwise terminates;
For example, the Serial No. 0653114714150A13 of intelligent cipher key equipment in the present embodiment, corresponding user Information are as follows: user name zhangsan, password ABCD1234, step 105, which is judged as YES, thens follow the steps 106;
Step 106: client-side program obtains corresponding pipe according to the sequence number of intelligent cipher key equipment from background server Reason person's password;
For example, administrator's password corresponding to the sequence number 0653114714150A13 of intelligent cipher key equipment in the present embodiment For f048842c72383783;
Step 107: client-side program is unlocked operation to intelligent cipher key equipment using administrator's password, and judges to unlock Whether succeed, be, unlock success, reset personal identification number and notify user, otherwise unlock failure, terminates;
In the present embodiment, step 107 includes: second of client-side program using administrator's password as parameter calling P11 Interface (C_Login) is verified, and if being proved to be successful, calls the third interface (C_InitPIN) of p11 to reset intelligence close The pin code of key equipment, and judge whether the third interface of p11 returns to true, it is to unlock success, resets personal identification number And notify user, otherwise unlock failure, unlocks failure if authentication failed, terminates;
For example, in the present embodiment, the personal identification number reset is 06d49632, and can pass through mail or short message Mode notify user to reset after personal identification number;
Step 107 can also include: client-side program pop-up dialog box when being judged as YES, and user is prompted to re-enter individual Identification code.
Embodiment three
The embodiment of the present invention three provides a kind of implementation method unlocked online, and the device in the present embodiment is client journey Sequence, as shown in Figure 3, comprising:
Step 201: when device receives unlock trigger information, the pop-up unlock page simultaneously waits user to input user's letter Breath;
In the present embodiment, user information includes username and password;For example, user name is zhangsan, password is Abcd1234;
Step 202: when device receives the user information of user's input, judging whether user information is correct, is, holds Row step 203, otherwise terminates;
Specifically, step 202 includes: that device judges whether the user information received matches with the user information of preservation, It is to then follow the steps 203, otherwise terminates;
For example, the user information saved in the present embodiment are as follows: user name zhangsan, password ABCD1234, then step 202 In be judged as and otherwise terminate;Such as the user information of preservation are as follows: zhangsan, password are Abcd1234, then are judged as in step 202 It is to then follow the steps 203;
Step 203: the sequence number of device acquisition intelligent cipher key equipment;
Specifically, in the present embodiment, device is by calling the first interface (C_GetTokenInfo) of P11 to obtain insertion The sequence number of intelligent cipher key equipment on device;
For example, getting the Serial No. 0653114714150A13 of intelligent cipher key equipment, corresponding use in the present embodiment Family information are as follows: user name is zhangsan, and password is Abcd1234;
Step 204: device judges whether to get the sequence number of intelligent cipher key equipment, is to then follow the steps 205, otherwise ties Beam;
In the present embodiment, device judges whether the return value of the first interface of P11 is true, be get intelligence it is close Otherwise the sequence number of intelligent cipher key equipment has not been obtained in the sequence number of key equipment;
Step 205: whether the sequence number that device judgement gets intelligent cipher key equipment matches with the user information received, It is to then follow the steps 206, otherwise terminates;
For example, the Serial No. 0653114714150A13 of intelligent cipher key equipment in the present embodiment, corresponding user Information are as follows: user name zhangsan, password ABCD1234, step 205, which is judged as YES, thens follow the steps 206;
Step 206: device is according to sequence number management of computing person's password of intelligent cipher key equipment;
For example, in the present embodiment, the Serial No. 653114714150A13 of intelligent cipher key equipment carries out Hash to it The administrator's password that operation obtains is de476c4349720330;
Step 207: device is unlocked operation to intelligent cipher key equipment using administrator's password, and judge unlock whether at Function is to unlock success, resets personal identification number and notifies user, otherwise unlock failure, is terminated;
In the present embodiment, step 207 includes: the second interface (C_ that device calls P11 using administrator's password as parameter Login it) is verified, if being proved to be successful, the third interface (C_InitPIN) of p11 is called to reset intelligent cipher key equipment Pin code, and judge whether the third interface of p11 returns to true, it is to unlock success, resets personal identification number and notify to use Family, otherwise unlock failure, terminates, failure is unlocked if authentication failed, terminates;
For example, in the present embodiment, the personal identification number reset is 06d49632, and can pass through mail or short message Mode notify user to reset after personal identification number;
Step 207 can also include: device pop-up dialog box when being judged as YES, and user is prompted to re-enter personal identification Code.
Example IV
The embodiment of the present invention four provides a kind of implementation method unlocked online, and the device in the present embodiment includes client journey Sequence and background server, as shown in figure 4, this method comprises:
Step 301: when client-side program receives unlock trigger information, the pop-up unlock page simultaneously waits user to input use Family information;
In the present embodiment, user information includes username and password;For example, user name is zhangsan, password is Abcd1234;
Step 302: when client-side program receives the user information of user's input, judge whether user information is correct, It is to then follow the steps 303, otherwise terminates;
Specifically, step 302 include: the user information that receives of client-side program judgement whether the user information with preservation Matching, is to then follow the steps 303, otherwise terminates;
For example, the user information saved in the present embodiment are as follows: user name zhangsan, password ABCD1234, then step 302 In be judged as and otherwise terminate;Such as the user information of preservation are as follows: zhangsan, password are Abcd1234, then are judged as in step 302 It is to then follow the steps 303;
Step 303: the sequence number of client-side program acquisition intelligent cipher key equipment;
Specifically, in the present embodiment, client-side program is by calling the first interface (C_GetTokenInfo) of P11 to obtain Take the sequence number of insertion intelligent cipher key equipment;
Step 304: client-side program judges whether to get the sequence number of intelligent cipher key equipment, is to then follow the steps 305, Otherwise terminate;
In the present embodiment, client-side program judges whether the return value of the first interface of P11 is true, is to get Otherwise the sequence number of intelligent cipher key equipment has not been obtained in the sequence number of intelligent cipher key equipment;
For example, getting the Serial No. 0653114714150A13 of intelligent cipher key equipment in the present embodiment;
Step 305: whether the sequence number that client-side program judgement gets intelligent cipher key equipment is believed with the user received Breath matching, is to then follow the steps 306, otherwise terminates;
Step 306: client-side program obtains from background server encrypted according to the sequence number of intelligent cipher key equipment Random number;
Specifically, in the present embodiment, step 306 includes: that client-side program sends the sequence number of intelligent cipher key equipment To background server;Background server obtains corresponding random number according to the sequence number of intelligent cipher key equipment, uses client public affairs Key encrypts the random number of acquisition to obtain encrypted random number, and the encrypted random number is sent to client journey Sequence;
For example, the random number that background server is got is 986DE47418B778F8, after the encryption encrypted Random number are as follows: 27 1C CE D4 F0 of E5 06 20 67 37 B4 F1 of 8D D1 B6,70 A7 6A CD E3,88 AF 89 1E C5 35 DD 7B BC DE 2A 73 73 B5 2C 5D 33 78 20 22 10 AE 07 6E DD 93 C5 55 58 76 5D 6C E7 2E 46 E8 33 0A 0B 6B F0 9E 68 0D CB 61 4C C8 29 7A 9C 8A 3D 35 69 08 CE C6 81 6B 52 8C AB 3B C8 57 F3 5C 82 AA EC 1E B0 30 35 CC BE 61 84 CF E3 49 29 41 43 46 67 AF 2E FF 00 33 10 DF DB B3 97 8B 10 45 FE CE 55 39 61 65 1F 35;
Step 307: client-side program is decrypted encrypted random number using client private key to obtain random number, will The sequence number of intelligent cipher key equipment is spliced with random number, is carried out Hash operation to splicing result and is obtained administrator's password;
For example, in the present embodiment, the random number decrypted are as follows: 986DE47418B778F8, sequence number and random number Splicing result are as follows: 0653114714150A13986DE47418B778F8 carries out Hash operation to the splicing result and obtains Administrator's password is 7018600ef3548af4;
Step 308: client-side program is unlocked operation to intelligent cipher key equipment using administrator's password, and judges to unlock Whether succeed, is to then follow the steps 309, otherwise terminates;
In the present embodiment, step 308 includes: the second interface that client-side program calls P11 using sopin as parameter (C_Login) it is verified, if being proved to be successful, the third interface (C_InitPIN) of p11 is called to reset personal identification number, And judge whether the third interface of p11 returns to true, it is to then follow the steps 309, otherwise terminates, terminate if authentication failed;
For example, in the present embodiment, the personal identification number reset are as follows: 06d49632;
Step 308 can also include: client-side program pop-up dialog box when being judged as YES, and user is prompted to re-enter individual Identification code;
Step 309: client-side program splices the sequence number of intelligent cipher key equipment and administrator's password, ties to splicing Fruit carries out Hash operation and obtains new random number;
For example, in the present embodiment, the splicing result of sequence number and administrator's password is 0653114714150A137018 600ef3548af4;The splicing result is carried out Hash operation to obtain new random number being fa5f055e350bd4ac;
Step 310: client-side program splices sequence number and new random number, carries out Hash operation to splicing result and obtains To new administrator's password;
For example, in the present embodiment, the splicing result of sequence number and new random number is 0653114714150A13fa5f05 5e350bd4ac;The splicing result is carried out Hash operation to obtain new administrator's password being f3a6321f486b5bfe;
Step 311: client-side program is operated according to new administrator's password administrator's password of modifying, and is judged whether Success, is to then follow the steps 312, otherwise terminates;
In the present embodiment, step 311 specifically: new administrator's password is called P11 by client-side program The 4th interface (C_SetPIN) modify administrator's password, operate success if interface returns to true, otherwise operation failure;
Step 312: client-side program sends modification administrator's password to background server and operates successful information, terminates;
Specifically, in the present embodiment, after background server receives modification administrator's password operation successful information, backstage Server splices the random number of the sequence number of intelligent cipher key equipment and preservation, and does Hash operation to splicing result and obtain First cryptographic Hash, sequence number and the spliced splicing result of the first cryptographic Hash progress to intelligent cipher key equipment do Hash operation and obtain To the second cryptographic Hash, and the random number saved with the replacement of the second cryptographic Hash.
In the present embodiment, client-side program is sent to background server before modifying administrator's password operation successful information It can also include: that client-side program generates the first data and being encrypted with background server public key to first data and added It is close as a result, encrypted result is then sent to background server;Background server uses background server after receiving encrypted result It is decrypted in private key, and the random number saved if successful decryption with decrypted result replacement, such as decryption unsuccessfully give client journey Sequence returns to decryption failure information, terminates;
Preferably, in the present embodiment, after step 312 further include: client-side program identifies the user reset Code is sent to user by mail or short message mode.
When the intelligent cipher key equipment that method in the present embodiment is suitable for user is locked or forgotten pin code, work as user It accesses website and submits data, insertion needs the intelligent cipher key equipment unlocked on device, and client-side program is from background server The sequence number for obtaining intelligent cipher key equipment, according to sequence number management of computing person's password of intelligent cipher key equipment, then using management Member's password is unlocked, safe ready.
Embodiment five
The embodiment of the present invention five provides a kind of realization device unlocked online, as shown in Figure 5, comprising:
Receiving module 401, pop-up unlock page when for receiving unlock trigger information, and receive unlock trigger information And user is waited to input user information;It is also used to receive the user information that user inputs from the unlock page;
In the present embodiment, user information includes username and password;For example, user name is zhangsan, password is Abcd1234;
First judgment module 402 is that triggering obtains when being for judging whether user information is correct, and for judging result Take judgment module 403;
In the present embodiment, first judgment module 402 be specifically used for judge user information whether the user information with preservation Matching, and be triggering acquisition judgment module 403 when being for judging result;
Judgment module 403 is obtained, for obtaining the sequence number of intelligent cipher key equipment, and judges the sequence of intelligent cipher key equipment Number whether matched with user information, and for judging result is that triggering first obtains module 404 when being;
Specifically, in the present embodiment, obtaining judgment module 403 and specifically including:
First acquisition unit obtains the sequence number of intelligent cipher key equipment for the first interface by P11;
First judging unit for judging whether the sequence number of intelligent cipher key equipment matches with user information, and is used for Judging result is that triggering first obtains module when being;
First obtains module 404, for obtaining corresponding administrator's password according to the sequence number of intelligent cipher key equipment;
Unlocked state 405, for being unlocked operation to intelligent cipher key equipment using administrator's password;
Device in the present embodiment can also include setup module, for being set after unlocked state 405 unlocks successfully again It sets personal identification number and notifies user.
In the present embodiment, unlocked state 405 is specifically used for calling the second interface of P11 using administrator's password as parameter It is verified, if being proved to be successful, calls the third interface of p11 to reset the pin code of intelligent cipher key equipment, and judge p11's Whether third interface returns to true, is, unlocks success, and otherwise unlock failure, unlocks failure if authentication failed.
Device in the present embodiment further includes the second judgment module, obtains whether judgment module gets intelligence for judging The sequence number of key devices;Second judgment module is specifically used for judging whether the return value of the first interface of P11 is preset value, is The sequence number of intelligent cipher key equipment is then got, the sequence number of intelligent cipher key equipment otherwise has not been obtained.
Device in the present embodiment further includes third judgment module, for judge intelligent cipher key equipment sequence number whether with User information matching, and be the first acquisition of triggering module 404 when being for judging result.
In the present embodiment, it includes a variety of implementations that the first acquisition module 404, which obtains administrator's password, in the present embodiment Device can be client-side program, can also include server.It is only said in following three kinds of modes as an example in the present embodiment It is bright, but it is not limited only to these implementations.
(1) device of the present embodiment includes client-side program and background server, client-side program include receiving module, First judgment module obtains judgment module, the first acquisition module and unlocked state, and background server is for storage and intelligent key The one-to-one administrator's password of equipment;First, which obtains module 404, is specifically used for according to the sequence number of intelligent cipher key equipment from rear Corresponding administrator's password is obtained in platform server.
(2) device of the present embodiment is client-side program, and the first acquisition module 404 is specifically used for being set according to intelligent key Administrator's password is calculated in standby sequence number.
(3) device of the present embodiment includes client-side program and background server, client-side program include receiving module, First judgment module obtains judgment module, the first acquisition module and unlocked state, and background server is for adding random number It is close to obtain encrypted random number;
First, which obtains module 404, includes:
Second acquisition unit, for the sequence number according to intelligent cipher key equipment obtained from background server it is encrypted with Machine number;
In the present embodiment, second acquisition unit is specifically used for the sequence number of intelligent cipher key equipment being sent to background service Device;Background server is specifically used for obtaining corresponding random number according to the sequence number of intelligent cipher key equipment, uses client public key Random number is encrypted to obtain encrypted random number and the encrypted random number is sent to client-side program.
Concatenation unit is decrypted, obtains random number for encrypted random number to be decrypted using client private key, it will The sequence number of intelligent cipher key equipment is spliced with random number, is carried out Hash operation to splicing result and is obtained administrator's password.
To keep unlocking process safer, the present embodiment client-side program can also include: the second acquisition module, for from Random train is obtained in intelligent cipher key equipment;
Unlocked state includes encryption unit and authentication unit:
Encryption unit obtains encrypted result for being encrypted using administrator's password to random train;
Authentication unit, if being proved to be successful, is called for calling second interface to verify for encrypted result as parameter Third interface resets the personal identification number of intelligent cipher key equipment, and judges whether third interface returns to true value, is, unlocks Success, otherwise unlock failure, unlocks failure if authentication failed.
The client-side program of the third implementation further include:
First splicing hash module, for splicing the sequence number of intelligent cipher key equipment and administrator's password, to spelling Binding fruit carries out Hash operation and obtains new random number;
Second splicing hash module carries out Hash fortune to splicing result for splicing sequence number and new random number Calculation obtains new administrator's password;
Judgment module is modified, for being modified administrator's password operation according to new administrator's password, and is judged whether Success, and be to send modification administrator's password to background server when being to operate successful information for judging result.Backstage takes Business device is also used to receive modification administrator's password operation successful information, is receiving modification administrator's password operation successful information Afterwards, the random number of the sequence number of intelligent cipher key equipment and preservation is spliced, and Hash operation is done to splicing result and obtains One cryptographic Hash, sequence number and the spliced splicing result of the first cryptographic Hash progress to intelligent cipher key equipment do Hash operation and obtain Second cryptographic Hash, and the random number saved with the replacement of the second cryptographic Hash.
The client-side program of the third implementation of the present embodiment may also include that generation encrypting module, for generating first Data simultaneously are encrypted to obtain encrypted result with background server public key to the first data, and encrypted result is sent to background service Device;Background server is also used to receive encrypted result, and is decrypted using background server private key pair encryption result, such as decrypts Successful then random number with decrypted result replacement preservation, such as decryption unsuccessfully give device to return to decryption failure information.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto, Anyone skilled in the art is in technical scope disclosed by the invention, and any changes or substitutions that can be easily thought of, It should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with scope of protection of the claims Subject to.

Claims (30)

1. the implementation method that one kind unlocks online characterized by comprising
Step S1: when device receives the user information of user's input, judge whether the user information is correct, is, executes Step S2, otherwise terminates;
Step S2: described device obtains the sequence number of intelligent cipher key equipment, and judges that the sequence number of the intelligent cipher key equipment is It is no to be matched with the user information, it is to then follow the steps S3, otherwise terminates;
Step S3: described device obtains corresponding administrator's password according to the sequence number of the intelligent cipher key equipment;
Step S4: described device is unlocked operation to the intelligent cipher key equipment using the administrator's password;
Described device includes client-side program and background server, and the step S3 includes:
Step S3-1: the client-side program obtains encryption according to the sequence number of the intelligent cipher key equipment from background server Random number afterwards;
Step S3-2: the client-side program is decrypted to obtain random using client private key to the encrypted random number Number, the sequence number of the intelligent cipher key equipment and the random number are spliced, and are carried out Hash operation to splicing result and are obtained Administrator's password.
2. the method as described in claim 1, which is characterized in that the step S1 includes: when to receive user defeated for described device When the user information entered, judge whether the user information matches with the user information of preservation, is to then follow the steps S2, otherwise ties Beam.
3. the method as described in claim 1, which is characterized in that described device obtains sequence number and the judgement of intelligent cipher key equipment Whether the sequence number of the intelligent cipher key equipment includes: that described device judges whether to get between matching with the user information The sequence number of the intelligent cipher key equipment is to continue, otherwise terminates.
4. method as claimed in claim 3, which is characterized in that described device obtains the sequence number of intelligent cipher key equipment, specifically Are as follows: described device obtains the sequence number of the intelligent cipher key equipment by first interface.
5. method as claimed in claim 4, which is characterized in that described device judges whether to get the intelligent cipher key equipment Sequence number, specifically: described device judges whether the return value of the first interface is preset value, is to get the intelligence The sequence number of energy key devices, otherwise has not been obtained the sequence number of the intelligent cipher key equipment.
6. the method as described in claim 1, which is characterized in that include: when device receives unlock touching before the step S1 When photos and sending messages, the pop-up unlock page simultaneously waits user to input user information, executes step S1.
7. the method as described in claim 1, which is characterized in that in the step S4 if unlocking successfully further include: set again It sets personal identification number and notifies user.
8. the method as described in claim 1, which is characterized in that the step S4 includes: that described device is close by the administrator Code calls second interface to be verified as parameter, if being proved to be successful, calls third interface to reset the intelligent key and sets Standby personal identification number, and judge whether the third interface returns to true value, it is to unlock success, otherwise unlock failure terminates, Failure is unlocked if authentication failed, is terminated.
9. the method as described in claim 1, which is characterized in that described device includes client-side program and background server, institute Stating step S3 includes: that the client-side program obtains correspondence according to the sequence number of the intelligent cipher key equipment from background server Administrator's password.
10. the method as described in claim 1, which is characterized in that described device is client-side program, and the step S3 includes: Administrator's password is calculated according to the sequence number of the intelligent cipher key equipment in the client-side program.
11. the method as described in claim 1,9-10 any one, which is characterized in that include: described before the step S4 Client-side program obtains random train from the intelligent cipher key equipment;
The step S4 includes: that the client-side program encrypts the random train using the administrator's password, will be added Close result calls second interface to be verified as parameter, if being proved to be successful, calls third interface to reset the intelligence close The personal identification number of key equipment, and judge whether the third interface returns to true value, it is to unlock success, otherwise unlock failure, Terminate, failure is unlocked if authentication failed, terminates.
12. method as claimed in claim 10, which is characterized in that the step S3-1 specifically: the client-side program will The sequence number of the intelligent cipher key equipment is sent to the background server;The background server is set according to the intelligent key Standby sequence number obtains corresponding random number, is encrypted to obtain to the random number using client public key described encrypted The encrypted random number is simultaneously sent to the client-side program by random number.
13. method as claimed in claim 12, which is characterized in that as unlocked successfully in the step S4 further include:
Step A1: the client-side program splices the sequence number of the intelligent cipher key equipment and the administrator's password, Hash operation is carried out to splicing result and obtains new random number;
Step A2: the client-side program splices the sequence number and the new random number, breathes out to splicing result Uncommon operation obtains new administrator's password;
Step A3: the client-side program is operated according to new administrator's password administrator's password of modifying, and is judged Whether succeed, is then to send modification administrator's password operation successful information to background server, terminates, otherwise terminate.
14. method as claimed in claim 13, which is characterized in that further include: the background server receives modification management After member's Password Operations successful information, the sequence number of the intelligent cipher key equipment and the random number of preservation are spliced, and Hash operation is done to splicing result and obtains the first cryptographic Hash, sequence number and first cryptographic Hash to the intelligent cipher key equipment It carries out spliced splicing result and does Hash operation to obtain the second cryptographic Hash, and saved with second cryptographic Hash replacement described Random number.
15. method as claimed in claim 13, which is characterized in that the client-side program is repaired to background server transmission It include: that the client-side program generates the first data and with background server public key before changing administrator's password operation successful information First data are encrypted, encrypted result is sent to the background server;The background server receives institute The encrypted result is decrypted with background server private key after stating encrypted result, is replaced if successful decryption with decrypted result The random number saved, such as decryption unsuccessfully return to decryption failure information to the client-side program, terminate.
16. the realization device that unlocks online of one kind, which is characterized in that described device includes client-side program and background server, The client-side program includes receiving module, first judgment module, obtains judgment module, the first acquisition module and unlocked state,
The receiving module, for receiving the user information of user's input;
The first judgment module, for judging whether the user information that the receiving module receives is correct, and for sentencing Disconnected result is that triggering obtains judgment module when being;
The acquisition judgment module for obtaining the sequence number of intelligent cipher key equipment, and judges the sequence of the intelligent cipher key equipment Whether row number matches with the user information, and is the first acquisition of triggering module when being for judging result;
Described first obtains module, for obtaining corresponding administrator's password according to the sequence number of the intelligent cipher key equipment;
The unlocked state, for being unlocked operation to the intelligent cipher key equipment using the administrator's password;
The background server is for encrypting random number to obtain encrypted random number;
Described first, which obtains module, includes:
Second acquisition unit, for the sequence number according to the intelligent cipher key equipment after obtaining encryption in the background server Random number;
Concatenation unit is decrypted, it, will for being decrypted to obtain random number to the encrypted random number using client private key The sequence number of the intelligent cipher key equipment is spliced with the random number, is carried out Hash operation to splicing result and is obtained administrator Password.
17. device as claimed in claim 16, which is characterized in that the first judgment module is specifically used for judging the user Whether information matches with the user information of preservation, and is triggering acquisition judgment module when being for judging result.
18. device as claimed in claim 16, which is characterized in that the client-side program further includes the second judgment module, is used In judging whether the acquisition judgment module gets the sequence number of the intelligent cipher key equipment.
19. device as claimed in claim 18, which is characterized in that the acquisition judgment module specifically includes:
First acquisition unit, for obtaining the sequence number of the intelligent cipher key equipment by first interface;
First judging unit, for judging whether the sequence number of the intelligent cipher key equipment matches with the user information, and It is to trigger described first when being to obtain module for judging result.
20. device as claimed in claim 19, which is characterized in that second judgment module is specifically used for judging described first Whether the return value of interface is preset value, is the sequence number for getting the intelligent cipher key equipment, otherwise has not been obtained described The sequence number of intelligent cipher key equipment.
21. device as claimed in claim 16, which is characterized in that
The receiving module is also used to receive unlock trigger information, and pop-up unlock when receiving the unlock trigger information The page simultaneously waits user to input user information.
22. device as claimed in claim 16, which is characterized in that the client-side program further include: setup module is used for After the unlocked state unlocks successfully, resets personal identification number and notify user.
23. device as claimed in claim 16, which is characterized in that the unlocked state is specifically used for the administrator's password It calls second interface to be verified as parameter, if being proved to be successful, third interface is called to reset the intelligent cipher key equipment Personal identification number, and judge whether the third interface returns to true value, be to unlock success, otherwise unlock failure, such as verify Failure then unlocks failure.
24. device as claimed in claim 16, which is characterized in that the background server is also used to store and set with intelligent key Standby one-to-one administrator's password;
The first acquisition module is specifically used for being obtained from the background server according to the sequence number of the intelligent cipher key equipment Take corresponding administrator's password.
25. device as claimed in claim 16, which is characterized in that described first, which obtains module, is specifically used for according to the intelligence Administrator's password is calculated in the sequence number of key devices.
26. the device as described in any one of claim 16,24-25 claim, which is characterized in that the client-side program is also It include: the second acquisition module, for obtaining random train from the intelligent cipher key equipment;
The unlocked state includes:
Encryption unit, for being encrypted to obtain encrypted result to the random train using the administrator's password;
Authentication unit, if being proved to be successful, calls third for calling second interface to verify for encrypted result as parameter Interface resets the personal identification number of the intelligent cipher key equipment, and judges whether the third interface returns to true value, is then It unlocks successfully, otherwise unlock failure, unlocks failure if authentication failed.
27. device as claimed in claim 16, which is characterized in that the second acquisition unit is specifically used for the intelligence is close The sequence number of key equipment is sent to the background server;
The background server is specifically used for obtaining corresponding random number according to the sequence number of the intelligent cipher key equipment, uses visitor Family end public key is encrypted to obtain the encrypted random number and is sent the encrypted random number to the random number To the client-side program.
28. device as claimed in claim 27, which is characterized in that the client-side program further include:
First splicing hash module, for the sequence number of the intelligent cipher key equipment and the administrator's password to be spliced, Hash operation is carried out to splicing result and obtains new random number;
Second splicing hash module breathes out splicing result for splicing the sequence number and the new random number Uncommon operation obtains new administrator's password;
Judgment module is modified, for being modified administrator's password operation according to the new administrator's password, and is judged whether Success, and be to send modification administrator's password to the background server when being to operate successful information for judging result;
The background server is also used to receive the modification administrator's password operation successful information that the modification judgment module is sent.
29. device as claimed in claim 28, which is characterized in that the background server is also used to receiving modification management After member's Password Operations successful information, the sequence number of the intelligent cipher key equipment and the random number of preservation are spliced, and Hash operation is done to splicing result and obtains the first cryptographic Hash, sequence number and first cryptographic Hash to the intelligent cipher key equipment It carries out spliced splicing result and does Hash operation to obtain the second cryptographic Hash, and saved with second cryptographic Hash replacement described Random number.
30. device as claimed in claim 28, which is characterized in that the client-side program further include: generate encrypting module, use In generating the first data and being encrypted to obtain encrypted result to first data with background server public key, by the encryption As a result it is sent to the background server;The background server is also used to receive the encrypted result, and uses background service The encrypted result is decrypted in device private key, and the random number saved if successful decryption with decrypted result replacement such as solves It is close unsuccessfully to return to decryption failure information to described device.
CN201610833664.5A 2016-09-20 2016-09-20 A kind of implementation method unlocked online and device Active CN106452845B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610833664.5A CN106452845B (en) 2016-09-20 2016-09-20 A kind of implementation method unlocked online and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610833664.5A CN106452845B (en) 2016-09-20 2016-09-20 A kind of implementation method unlocked online and device

Publications (2)

Publication Number Publication Date
CN106452845A CN106452845A (en) 2017-02-22
CN106452845B true CN106452845B (en) 2019-03-29

Family

ID=58165941

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610833664.5A Active CN106452845B (en) 2016-09-20 2016-09-20 A kind of implementation method unlocked online and device

Country Status (1)

Country Link
CN (1) CN106452845B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3079343B1 (en) * 2018-03-22 2021-07-09 Schneider Electric Ind Sas METHOD OF CONSIGNING A FUNCTION OF AN ELECTRICAL APPARATUS AND ELECTRICAL APPARATUS IMPLEMENTING THIS PROCESS
CN111325545B (en) * 2018-12-13 2023-05-02 北京沃东天骏信息技术有限公司 Key management method, device and equipment based on blockchain
JP2022184539A (en) * 2021-06-01 2022-12-13 青島海爾洗衣机有限公司 washing machine

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1901443A (en) * 2006-07-12 2007-01-24 北京飞天诚信科技有限公司 Remote de-locking method of information safety device
CN101166085A (en) * 2007-09-24 2008-04-23 北京飞天诚信科技有限公司 Remote unlocking method and system
CN101645124B (en) * 2009-09-03 2012-04-18 飞天诚信科技股份有限公司 Method for unlocking PIN code and intelligent secret key device
CN102571802A (en) * 2012-01-18 2012-07-11 深圳市文鼎创数据科技有限公司 Long-distance unlocking method of information safety equipment and server, equipment as well as server
CN103607281A (en) * 2013-11-12 2014-02-26 飞天诚信科技股份有限公司 Safety device unlocking method and system
CN104486085A (en) * 2014-12-24 2015-04-01 北京深思数盾科技有限公司 System and method for managing intelligent key device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1901443A (en) * 2006-07-12 2007-01-24 北京飞天诚信科技有限公司 Remote de-locking method of information safety device
CN101166085A (en) * 2007-09-24 2008-04-23 北京飞天诚信科技有限公司 Remote unlocking method and system
CN101645124B (en) * 2009-09-03 2012-04-18 飞天诚信科技股份有限公司 Method for unlocking PIN code and intelligent secret key device
CN102571802A (en) * 2012-01-18 2012-07-11 深圳市文鼎创数据科技有限公司 Long-distance unlocking method of information safety equipment and server, equipment as well as server
CN103607281A (en) * 2013-11-12 2014-02-26 飞天诚信科技股份有限公司 Safety device unlocking method and system
CN104486085A (en) * 2014-12-24 2015-04-01 北京深思数盾科技有限公司 System and method for managing intelligent key device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
公钥密码算法在USBKey中关键技术的研究;宫立圆;《中国优秀硕士学位论文全文数据库》;20100930(第9期);I136-76

Also Published As

Publication number Publication date
CN106452845A (en) 2017-02-22

Similar Documents

Publication Publication Date Title
CN105516195B (en) A kind of security certification system and its authentication method based on application platform login
CN105162785B (en) A kind of method and apparatus registered based on authenticating device
CN105187450B (en) A kind of method and apparatus authenticated based on authenticating device
CN106161032B (en) A kind of identity authentication method and device
CN106034123B (en) Authentication method, application system server and client
CN104243458B (en) A kind of safe online game login method and system
CN105847247A (en) Authentication system and working method thereof
CN109150541A (en) A kind of Verification System and its working method
CN108881310A (en) A kind of Accreditation System and its working method
CN102281138B (en) Method and system for improving safety of verification code
CN105405185B (en) Safe verification method and device
KR20210091155A (en) Biocrypt Digital Wallet
CN104113411B (en) A kind of IC-card off line PIN verification methods and IC-card certified offline system
CN106452845B (en) A kind of implementation method unlocked online and device
CN106921663A (en) Identity based on intelligent terminal software/intelligent terminal continues Verification System and method
CN108965222A (en) Identity identifying method, system and computer readable storage medium
CN109285256A (en) Computer room based on block chain authentication enter permission give method
CN109981626A (en) A kind of account authentication method and device
US20190238346A1 (en) Computer system employing challenge/response protocol with detection of non-unique incorrect responses
CN106130864A (en) A kind of privately owned cloud access method and apparatus based on VPN
CN103532979A (en) Method for generating and verifying multi-conversation verification codes under CGI (common gateway interface) for web
CN105243305A (en) Biological identification feature based access control method and system
CN110084031B (en) Method for security authentication of information system account with customizable authentication logic
CN110717177A (en) Method for safely unlocking computer in real time by using mobile terminal
CN115455379A (en) Method for authorizing software use of personal computer

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant