A kind of wearable device without password authentication method
Technical field
The present invention relates to Internet of Things field wearable device (refer to and directly wear, or be incorporated into user clothes or
A kind of portable set of accessory, it can be connected as smart mobile phone, Intelligent bracelet, intelligent watch etc. by wireless network or bluetooth
Connect the equipment for carrying Android system of internet) identity identifying method, especially wearable device is without password authentication method.
Background technology
Intelligent campus project of new generation integrates a variety of answer based on Internet of Things, cloud computing and wearable device technology
With service, the universal information service ring towards scientific research and innovation, education and study, management service and rear service demand is built
Border.Representative of the intelligent watch as wearable device, it is obvious calculating, having in terms of storage, physiologic sensor and network service
Advantage, have become the preferred option of structure Intelligent campus.
Although wearable device has the characteristics of portability and ease for use, in security of system, authentication and privacy
Protection etc. also faces a variety of security threats.These security threats are essentially from four aspects:Operating system, application software,
Network service and data storage.In order to improve the flexibility of system and opening, wearable device uses open operation system mostly
System and third-party application software, cause wearable device easily by illegal invasion, security breaches are also held very much existing for simultaneity factor
Easily utilized by malicious code.Wearable device takes communication mostly, is easily ravesdropping or distorts in communication process.Can
Wearable device is often used for accessing, handle, transmit and storing user profile, but the storage to sensitive data lacks necessary visit
Ask controlling mechanism.
In view of the deficiency of wearable device inherently safe ability, in order to ensure the overall security of Intelligent campus system, is needed
Strengthen the authentication to wearable device.However, traditional authentication mode based on Password Input be not particularly suited for it is wearable
Equipment because most of wearable devices lack suitable input equipment support the quick, reliable of text or numerical data and
The input of safety, sophisticated keypads or keyboard needed for safe, high entropy password are not shown.
The identity identifying technology of wearable device mainly includes 3 classes at present:Password authentication, token authentication and biological identification.
(1) identity identifying method based on account or password:
Password is conventional as one kind and effectively identification authentication mode, user are needed on specific interface, input one
The combination of group numeral and letter, is then sent to server, server again returns to authentication result, realizes certification by network.
Its main advantage is invisible nature, easily access property and the characteristic that can easily issue, change, share or abolish.It is however, big
Quantity research person confirms that the ability that the mode of password authentication tackles observation attack is relatively weak.
However, traditional authentication mode based on password entry is not particularly suited for wearable device, simple password is transmitting
During be easily ravesdropping and crack.
(2) identity identifying method based on token:
Physical key is most ancient token access form, and their major limitations need those privately owned positions of effective key
Access.Although their Floor layer Technologies may be very complicated but are still popular.It is currently based on the authentication of physical token
Research mainly uses wearable device as third party's token.
Identity identifying method Floor layer Technology based on token is relative complex, and amount of calculation is relatively large, unsuitable work
For the identity identifying method of wearable device in itself.
(3) it is based on biometric identity authentication method:
At present, the identity identifying method based on biological characteristic mainly has two classes, and one kind is the body based on user's physiological characteristic
Part certification, another kind of is the authentication based on user behavior feature.In identity identifying method based on user's physiological characteristic often
Identification technology mainly has fingerprint recognition, personal recognition, recognition of face and iris recognition etc..These identification technologies need it
The equipment of his correlation, and with the risk of leakage user privacy information.Therefore, the authentication side based on user's physiological characteristic
Method is not particularly suited for current internet environment.And the identity identifying method based on user behavior feature utilizes human-computer interaction device
User behavior data is acquired, it may not be necessary to extras.It is currently based on grinding for the authentication of user behavior feature
Study carefully more and there is good accuracy rate.But the authentication method data collection cycle based on user behavior feature is long, need
Enough data are wanted just to can ensure that high-accuracy.
By inquiring about the patent delivered both at home and abroad and disclosed document, it is related to without disclosed document with patent for thing
Wearable device under networked environment, realize and can wear by the method combined with backstage cloud service and formulation relevant communication protocol
Wear method of the equipment without password authentication.
The content of the invention
The technical problem to be solved in the present invention is to provide a kind of wearable device without password authentication method, it is based on fixed
Procotol processed realizes, in security protection intensity and simple operation etc., better than the conventional authentication based on account number or password
Method, it is better than the identity identifying method based on token in simple operation, is significantly less than on hardware cost special based on biology
The identity identifying method of sign, and NS software and secure communication protection can be provided for wearable device.
The technical scheme is that:
Android system Booting sequence is improved to wearable device, increases authentication information table and device authentication mould in Android system
Block.Device authentication module is read and renewal authentication information table, sends an authentication request to service end, the mandate that analysis service end returns
Object information, generate confirmation.Authentication module and database are installed, authentication module receives from wearable device in service end
Certification request, certification request is parsed to obtain user account and certification request is sent to what is logged in using this user account
Authentication Client;Device authorization app is installed, device authorization app includes login module and authorization module, stepped on Authentication Client
The login of module authentication client is recorded, authorization module monitors the state of wearable device in real time, and handle that service end sends recognizes
Card request, generate Certificate Authority result and be sent to service end, service end receives Authorization result information, immediately by Authorization result
Information is pushed to wearable device.The device authentication module of wearable device receives and parses through the Authorization result letter of service end transmission
Breath, generate confirmation and will confirm that information is sent to service end.Server side authentication module will confirm that information is pushed to certification visitor
Family end.Authentication Client authorization module receives confirmation, and shows.
The present invention specifically comprises the following steps:
The first step, no password authentication system is built, no password authentication system is by n platforms wearable device, certification
Client and service end composition, n is positive integer.N platforms wearable device is connected by internet with service end, and service end passes through mutual
Networking is connected with n platforms wearable device, Authentication Client.
It is mounted on improving the Android system of Booting sequence on n platform wearable devices.Booting sequence is improved to refer to
Android system application layer replaces original starting up's module using device authentication module, and in local data base increase certification letter
Cease table.Device authentication module is connected with service end by internet, when device authentication module during service end network outage with being responsible for
With service end reconnection, and when being connected with server to service end send certification request;Device authentication module receives from service end
Authorization result information, Authorization result information is parsed, the authentication state code in Authorization result information is obtained, by authentication information
Store in authentication information table, will confirm that information is sent to service end.The certification request includes user account, wearable device
ID, authentication state code, user account refers to the user account with wearable device binding, namely Authentication Client login module is defeated
The user account number entered;Wearable device ID refers to the unique ID of wearable device;Authentication state code digit synbol current authentication shape
Three kinds of the code name character string of state, including request certification, certification success and authentification failure.The Authorization result information and certification request
Structure is identical, and only authentication state code is that S or F corresponds to certification success and failure respectively.The confirmation refers in certification
Increase acknowledgement state code Y, Y expression on the basis of request to confirm successfully.The authentication information table is the data of authentication storage information
Structure, it is made up of 3 user account, wearable device ID, the last authenticated time domains, user account, wearable device ID
Implication it is identical with the user account in certification request, wearable device ID implications;The last authenticated time refers to the last time
Complete the time point of certification.Authentication information table only has a list item, is updated after each certification success.
Service end is any one network web server being published on internet.Authentication module is installed in service end
And database, authentication module receive certification request from wearable device, certification request is parsed to obtain user account and incited somebody to action
Certification request is sent to the Authentication Client logged in using this user account;When the Authorization result letter for receiving Authentication Client return
Parsed to obtain wearable device ID during breath to Authorization result information, and Authorization result information is pushed to currently and server
It is connected and wearable device ID parses obtained wearable device ID wearable device for this, when receives the wearable device
Confirmation is parsed during confirmation to obtain user account, and will confirm that information is pushed to Authentication Client.Certification mould
Block also receives the user account and login password of the transmission of Authentication Client certification APP login modules, and inquires about the user of database
(there is a list item in user message table with receiving with the presence or absence of identical user account and login password combination in information table
User account it is identical with login password), matching result information is then returned into Authentication Client login module.Matching
Object information includes the field of an expression success or failure, successfully points out and demonstrate,proves successfully, unsuccessfully refers to authentification failure.Database
In include user message table, user message table storage user account and login password, entry number are number of users.
Authentication Client is smart mobile phone or computer equipment, at least one.Certification app is installed in Authentication Client,
Certification app includes login module and authorization module.Authentication Client is connected with service end.Login module is connected with authorization module,
Login module judges user account number and login password from keyboard or the user account number and login password of file acquisition outside input
It is whether legal, it is legal, user account is sent to authorization module, otherwise continues from keyboard or file acquisition user account number and steps on
Record password.Authorization module is connected with login module, service end, and authorization module obtains user account number, authorization module from login module
Certification request is received from service end, the mandate for being parsed to certification request and outside input being obtained from keyboard in authorization module refers to
The authentication state code of certification request is updated authorized object information when making, and Authorization result information is returned into service
End, wait and receive confirmation from service end and parse confirmation, and will confirm that information is shown in Authentication Client.
Second step, authentication information table is initialized.Initialize the wearable device just for first time certification, method
It is that the wearable device ID of authentication information table is arranged to the affiliated wearable device ID of the authentication information table, user account number is set
For the user account of wearable device ID bindings, the last authenticated time is defaulted as the wearable device time of making the product.
3rd step, using the authentication that wearable device is completed without password authentication system, method is:
The device authentication module of 3.1n platform wearable devices is authenticated to wearable device parallel using identical method,
I-th wearable device represent with wearable device i, 1≤i≤n, and wearable device i authentication method is:
3.1.1 wearable device i, wearable device i starting device authentication modules are opened.
3.1.2 device authentication module reads the authentication information table in wearable device i, nearest in authentication information table
Authenticated time judges whether device authentication information is expired, and method is:Read wearable device i current time and certification letter
The last authenticated time in table is ceased, whether contrast exceeds the default setting time (default setting 5 days), judges if if
Phase, it is necessary to re-authentication, turns 3.1.3, not out of date if judging without departing from if, turns 3.8.
3.1.3 wearable device i device authentication module judges whether the network between wearable device i and service end leads to
Freely, if network is unobstructed, 3.1.5 is turned;If network is obstructed, turn 3.1.4.
3.1.4 the network setup information that device authentication module inputs from keyboard or file reception user, network settings success
After making network connection unobstructed, turn 3.1.5.
3.1.5 device authentication module is established with service end and communicated to connect, and sends an authentication request to service end.
3.2 server side authentication modules are authenticated to the certification request received from wearable device, and method is:
3.2.1 authentication module parsing certification request, obtains user account and wearable device ID and authentication state code.
3.2.2 Authentication Client (the certification being currently connected with server that authentication module poll is currently connected with service end
Client may be by more, and each user account is corresponding one), inquire about the reception of its login module user account number whether with
3.2.1 the user account obtained is identical, if find an Authentication Client to match (or the Authentication Client to match is only
Or there is one not have), turn 3.2.4;If the Authentication Client not matched, turns 3.2.3.
3.2.3 the Authentication Client to match is established with service end and connected, and its method is:
3.2.3.1 Authentication Client starts certification app.
3.2.3.2 certification app login module obtains the user account and login password of outside input, by user account and
Its legitimacy of password transmission server side authentication module authentication, i.e., own in server side authentication module polls database user information table
The combination of user account and login password, if combining identical group with the user account and login password inputted in the presence of one
Close, then it is legal to be judged as, turns 3.2.3.3, if illegal turn 3.2.3.2.
3.2.3.3 Authentication Client is established with service end and connected.
3.2.4 certification request is sent to the Authentication Client matched by the authentication module of service end.
3.3 Authentication Clients to match are that wearable device is authenticated authorizing, and method is:
3.3.1 the authorization module of Authentication Client receives the certification request sent from server side authentication module.
3.3.2 authorization module parsing certification request, reads authentication state code therein.
3.3.3 authorization module obtains the authorized order of outside input from keyboard, if " yes ", then allows to authorize, by certification
Authentication state code in solicited message is changed to S;If " no ", the authentication state code in certification request information is changed to F.Change and recognized
The certification request information of card conditional code turns into Authorization result information.
3.3.4 Authorization result information is sent to service end by authorization module.
The authentication module of 3.4 service ends receives Authorization result information from Authentication Client, and Authorization result information is carried out
Processing, method are:
3.4.1 authentication module reads the wearable device ID in Authorization result information.
3.4.2 the wearable device that authentication module poll is currently connected with service end, inquire about has phase with what 3.4.1 was obtained
Whether the wearable device with ID is online, if not online, turn 3.4.3, otherwise turns 3.4.4.
3.4.3 server side authentication module directly sends confirmation to Authentication Client, and only confirmation code is N, represents
Confirm failure, turn 3.7 steps.
3.4.4 server side authentication module sends Authorization result information (this Authorization result information to the online wearable device
The Authorization result information that as Authentication Client returns).
The device authentication module of the 3.5 online wearable devices receives Authorization result information, and Authorization result information is entered
Row parses and sends confirmation:
3.5.1 the device authentication module of wearable device receives Authorization result information, and Authorization result information is solved
Analysis, the authentication state code in Authorization result information is read, if authentication state code is S, turns 3.5.2, if authentication state code is F, turned
3.8。
3.5.2 the last authenticated time in authentication information table is updated to current time by device authentication module.
3.5.3 device authentication module sends confirmation to service end, and acknowledgement state code is Y.
Whether the authentication module slave unit authentication module of 3.6 service ends receives confirmation, had according to confirmation inquiry
The Authentication Client to match, it will confirm that information is sent to the Authentication Client to match.Method is:
3.6.1 authentication module reads the user account in confirmation.
Whether the Authentication Client that 3.6.2 authentication module poll is currently connected with service end, inquiry have what is obtained with 3.6.1
User account number matches the Authentication Client (user that user account number and the 3.6.1 that authentication authorization and accounting Type of Client Log-on Module obtains are obtained
Account number is identical), it if finding the Authentication Client to match, will confirm that information is sent to the Authentication Client, turn 3.7.If do not look for
To the Authentication Client to match, then will confirm that information preserve (once Authentication Client that the user account matches and service
Device is pushed to Authentication Client again when connecting), turn 3.6.2 steps.
3.7 Authentication Clients receive and parse through confirmation, and method is:
3.7.1 authorization module receives confirmation, reads acknowledgement state code.
If 3.7.2 acknowledgement state code is Y, authorization module shows the information of " certification success ";If acknowledgement state code is N, award
Power module shows the information of " authentification failure+failure cause ".
3.8 certifications terminate.
Following technique effect can be reached using the present invention:
1. using the present invention without inputting password and account at wearable device end, but pass through Authentication Client mandate
Mode carries out authentication.
2.. wearable set is realized by the way that the authentication of wearable device is acted on behalf of to Authentication Client using the present invention
Certification is asked in standby end automatically when starting, and user only needs to start shooting to wearable device, without operation bidirectional, so that it may realize wearable
The authentication of equipment, great convenience is brought to user.
3. due to the authentication of wearable device is acted on behalf of to Authentication Client, the authentication band to wearable device
Carry out great safety guarantee, it is necessary to user's login authentication client, determined according to the authentication state of oneself bound device
Whether authorize.Therefore other people can not usurp other people wearable device.
Brief description of the drawings
Fig. 1 is the wearable device identity authorization system building-block of logic of first step structure of the present invention;
Fig. 2 is overall flow figure of the present invention;
Fig. 3 is that the 3rd step of the invention uses the flow for authenticating ID that wearable device is carried out without password authentication system
Figure.
Embodiment
Fig. 1 is the wearable device identity authorization system building-block of logic of first step structure of the present invention;Recognize without password identity
Card system is made up of n platforms wearable device, Authentication Client and service end, and n is positive integer.N platform wearable devices pass through interconnection
Net is connected with service end, and service end is connected by internet with n platforms wearable device, Authentication Client.
It is mounted on improving the Android system of Booting sequence on n platform wearable devices.Booting sequence is improved to refer to
Android system application layer replaces original starting up's module using device authentication module, and in local data base increase certification letter
Cease table.Device authentication module is connected with service end by internet, when device authentication module during service end network outage with being responsible for
With service end reconnection, and when being connected with server to service end send certification request;Device authentication module receives from service end
Authorization result information, Authorization result information is parsed, the authentication state code in Authorization result information is obtained, by authentication information
Store in authentication information table, will confirm that information is sent to service end.
Service end is any one network web server being published on internet.Authentication module is installed in service end
And database, authentication module receive certification request from wearable device, certification request is parsed to obtain user account and incited somebody to action
Certification request is sent to the Authentication Client logged in using this user account;When the Authorization result letter for receiving Authentication Client return
Parsed to obtain wearable device ID during breath to Authorization result information, and Authorization result information is pushed to currently and server
It is connected and wearable device ID parses obtained wearable device ID wearable device for this, when receives the wearable device
Confirmation is parsed during confirmation to obtain user account, and will confirm that information is pushed to Authentication Client.Certification mould
Block also receives the user account and login password of the transmission of Authentication Client certification APP login modules, and inquires about the user of database
(there is a list item in user message table with receiving with the presence or absence of identical user account and login password combination in information table
User account it is identical with login password), matching result information is then returned into Authentication Client login module.Data
User message table is included in storehouse, user message table storage user account and login password, entry number are number of users.
Authentication Client is smart mobile phone or computer equipment, at least one.Certification app is installed in Authentication Client,
Certification app includes login module and authorization module.Authentication Client is connected with service end.Login module is connected with authorization module,
Login module judges user account number and login password from keyboard or the user account number and login password of file acquisition outside input
It is whether legal, it is legal, user account is sent to authorization module, otherwise continues from keyboard or file acquisition user account number and steps on
Record password.Authorization module is connected with login module, service end, and authorization module obtains user account number, authorization module from login module
Certification request is received from service end, the mandate for being parsed to certification request and outside input being obtained from keyboard in authorization module refers to
The authentication state code of certification request is updated authorized object information when making, and Authorization result information is returned into service
End, wait and receive confirmation from service end and parse confirmation, and will confirm that information is shown in Authentication Client.
Fig. 2 is overall flow figure of the present invention;The present invention comprises the following steps:
The first step, build no password authentication system as shown in Figure 1.
Second step, authentication information table is initialized.Initialize the wearable device just for first time certification, method
It is that the wearable device ID of authentication information table is arranged to the affiliated wearable device ID of the authentication information table, user account number is set
For the user account of wearable device ID bindings, the last authenticated time is defaulted as the wearable device time of making the product.
3rd step, using the authentication that wearable device is completed without password authentication system, as shown in figure 3, method
It is:
The device authentication module of 3.1n platform wearable devices is authenticated to wearable device parallel using identical method,
I-th wearable device represent with wearable device i, 1≤i≤n, and wearable device i authentication method is:
3.1.1 wearable device i, wearable device i starting device authentication modules are opened.
3.1.2 device authentication module reads the authentication information table in wearable device i, nearest in authentication information table
Authenticated time judges whether device authentication information is expired, and method is:Read wearable device i current time and certification letter
The last authenticated time in table is ceased, whether contrast exceeds the default setting time (default setting 5 days), judges if if
Phase, it is necessary to re-authentication, turns 3.1.3, not out of date if judging without departing from if, turns 3.8.
3.1.3 wearable device i device authentication module judges whether the network between wearable device i and service end leads to
Freely, if network is unobstructed, 3.1.5 is turned;If network is obstructed, turn 3.1.4.
3.1.4 the network setup information that device authentication module inputs from keyboard or file reception user, network settings success
After making network connection unobstructed, turn 3.1.5.
3.1.5 device authentication module is established with service end and communicated to connect, and sends an authentication request to service end.
3.2 server side authentication modules are authenticated to the certification request received from wearable device, and method is:
3.2.1 authentication module parsing certification request, obtains user account and wearable device ID and authentication state code.
3.2.2 Authentication Client (the certification being currently connected with server that authentication module poll is currently connected with service end
Client may be by more, and each user account is corresponding one), inquire about the reception of its login module user account number whether with
3.2.1 the user account obtained is identical, if find an Authentication Client to match (or the Authentication Client to match is only
Or there is one not have), turn 3.2.4;If the Authentication Client not matched, turns 3.2.3.
3.2.3 the Authentication Client to match is established with service end and connected, and its method is:
3.2.3.1 Authentication Client starts certification app.
3.2.3.2 certification app login module obtains the user account and login password of outside input, by user account and
Its legitimacy of password transmission server side authentication module authentication, i.e., own in server side authentication module polls database user information table
The combination of user account and login password, if combining identical group with the user account and login password inputted in the presence of one
Close, then it is legal to be judged as, turns 3.2.3.3, if illegal turn 3.2.3.2.
3.2.3.3 Authentication Client is established with service end and connected.
3.2.4 certification request is sent to the Authentication Client matched by the authentication module of service end.
3.3 Authentication Clients to match are that wearable device is authenticated authorizing, and method is:
3.3.1 the authorization module of Authentication Client receives the certification request sent from server side authentication module.
3.3.2 authorization module parsing certification request, reads authentication state code therein.
3.3.3 authorization module obtains the authorized order of outside input from keyboard, if " yes ", then allows to authorize, by certification
Authentication state code in solicited message is changed to S;If " no ", the authentication state code in certification request information is changed to F.Change and recognized
The certification request information of card conditional code turns into Authorization result information.
3.3.4 Authorization result information is sent to service end by authorization module.
The authentication module of 3.4 service ends receives Authorization result information from Authentication Client, and Authorization result information is carried out
Processing, method are:
3.4.1 authentication module reads the wearable device ID in Authorization result information.
3.4.2 the wearable device that authentication module poll is currently connected with service end, inquire about has phase with what 3.4.1 was obtained
Whether the wearable device with ID is online, if not online, turn 3.4.3, otherwise turns 3.4.4.
3.4.3 server side authentication module directly sends confirmation to Authentication Client, only confirmation code is N, is represented
Confirm failure, turn 3.7 steps.
3.4.4 server side authentication module sends Authorization result information (this Authorization result information to the online wearable device
The Authorization result information that as Authentication Client returns).
The device authentication module of the 3.5 online wearable devices receives Authorization result information, and Authorization result information is entered
Row parses and sends confirmation:
3.5.1 the device authentication module of wearable device receives Authorization result information, and Authorization result information is solved
Analysis, the authentication state code in Authorization result information is read, if authentication state code is S, turns 3.5.2, if authentication state code is F, turned
3.8。
3.5.2 the last authenticated time in authentication information table is updated to current time by device authentication module.
3.5.3 device authentication module sends confirmation to service end, and acknowledgement state code is Y.
Whether the authentication module slave unit authentication module of 3.6 service ends receives confirmation, had according to confirmation inquiry
The Authentication Client to match, it will confirm that information is sent to the Authentication Client to match.Method is:
3.6.1 authentication module reads the user account in confirmation.
Whether the Authentication Client that 3.6.2 authentication module poll is currently connected with service end, inquiry have what is obtained with 3.6.1
User account number matches the Authentication Client (user that user account number and the 3.6.1 that authentication authorization and accounting Type of Client Log-on Module obtains are obtained
Account number is identical), it if finding the Authentication Client to match, will confirm that information is sent to the Authentication Client, turn 3.7.If do not look for
To the Authentication Client to match, then will confirm that information preserve (once Authentication Client that the user account matches and service
Device is pushed to Authentication Client again when connecting), turn 3.6.2 steps.
3.7 Authentication Clients receive and parse through confirmation, and method is:
3.7.1 authorization module receives confirmation, reads acknowledgement state code.
If 3.7.2 acknowledgement state code is Y, authorization module shows the information of " certification success ";If acknowledgement state code is N, award
Power module shows the information of " authentification failure+failure cause ".
3.8 certifications terminate.