CN108337235B - Method and system for executing security operation by using security device - Google Patents

Method and system for executing security operation by using security device Download PDF

Info

Publication number
CN108337235B
CN108337235B CN201711462960.XA CN201711462960A CN108337235B CN 108337235 B CN108337235 B CN 108337235B CN 201711462960 A CN201711462960 A CN 201711462960A CN 108337235 B CN108337235 B CN 108337235B
Authority
CN
China
Prior art keywords
information
card
login
security
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711462960.XA
Other languages
Chinese (zh)
Other versions
CN108337235A (en
Inventor
李东声
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Corp
Original Assignee
Tendyron Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tendyron Corp filed Critical Tendyron Corp
Priority to CN201711462960.XA priority Critical patent/CN108337235B/en
Publication of CN108337235A publication Critical patent/CN108337235A/en
Application granted granted Critical
Publication of CN108337235B publication Critical patent/CN108337235B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time

Abstract

The invention provides a method and a system for executing security operation by using security equipment, wherein the method comprises the following steps: the method comprises the steps that a security chip of security equipment acquires login information and interacts with a smart card to acquire check information, the check information is sent to a server, the server executes login operation after the login information and the check information are verified, after login is successful, the security chip sends an image acquisition instruction to a camera device, receives first acquisition information sent by the camera device, judges whether the first acquisition information contains face information, acquires a user face picture associated with a user account if the first acquisition information contains the face information, judges whether the face information is consistent with the user face picture, and executes security operation or sends a security operation request to the server if the face information is inconsistent with the user face picture; if not, judging whether at least one of the conditions for executing the safe operation is met, and if so, executing the safe operation or sending a safe operation request to the server. The invention can protect the business confidentiality of the employee logged in by using the security device.

Description

Method and system for executing security operation by using security device
Technical Field
The present invention relates to the field of electronic technologies, and in particular, to a method and a system for executing a security operation using a security device.
Background
It has been recognized that the benefits of computer virtualization are a significant increase in the computational efficiency and flexibility of computing hardware platforms. For example, computer virtualization allows multiple virtual computing devices (computing machines) to run on a common computing hardware platform.
Server-based computing allows networked client systems (remotely located with respect to the server) to access computing resources on the server. For example, a client may remotely access a desktop and communicate user input (such as keyboard or mouse input) to the remote system using a remote desktop protocol (such as RDP or VNC). Moreover, the user must remain connected to the network to be able to access the user's desktop stored on the server. As an alternative to server-based computing, client computing allows users to be away from an enterprise network and in an offline manner, i.e., without connecting to a network or the internet.
An enterprise employee may log into the enterprise server through a client. After the enterprise employee logs in the server, how to monitor the working condition of the employee, for example, whether the employee leaves the workstation for a while in a login state, and the like, if not, some business information is leaked after exiting the system in time, so that the information security of the enterprise is attacked, and the like, are problems to be solved by those skilled in the art.
In addition, at present, a PC is generally connected through a keyboard, a remote server is logged in through a client on the PC, but the remote server is operated by means of the PC, and the remote server cannot be operated without the PC.
Disclosure of Invention
The present invention aims to solve one of the problems.
The main object of the present invention is to provide a method for performing a security operation using a security device.
It is another object of the present invention to provide a system for performing secure operations using a secure device.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
one aspect of the present invention provides a method of performing a security operation using a security device, the security device including: the system comprises a security chip, a card reader, a display screen, a communication interface and a camera device; characterized in that the method comprises: the safety equipment acquires a trigger instruction; the safety chip controls the card reader to send a card searching instruction outwards after the safety device obtains the trigger instruction; the smart card receives the card searching command and sends a card searching response to the card reader; the security chip controls the card reader to send a card reading instruction to the smart card after the card reader receives the card searching response; the intelligent card receives the card reading instruction and acquires login information, wherein the login information at least comprises: a user account and a password; the smart card sends the login information to the card reader; the safety chip generates a login request according to the login information after the card reader receives the login information, and calls a communication interface to send the login request to a server; the server receives the login request, acquires the login information according to the login request and generates a check factor; the server sends the check factor to the safety equipment; the security chip receives the check factor through the communication interface and controls the card reader to send the check factor to the smart card; the intelligent card receives the check factor and at least carries out check operation on the check factor to obtain a check value; the smart card sends verification information to the card reader, wherein the verification information at least comprises: the check value; the safety chip calls the communication interface to send the verification information to the server after the card reader receives the verification information; the server receives the verification information, acquires the user account and the password according to the login information, verifies the user account and the password, acquires the verification value according to the verification information, verifies the verification value, executes login operation after the user account and the password are verified and the verification value is verified, and returns a response of successful login to the safety equipment; after receiving the response of successful login through the communication interface, the security chip sends the image acquisition instruction to the camera device at intervals of preset time; the camera device receives the image acquisition instruction and sends acquired first acquisition information to the security chip; the security chip receives the first acquisition information returned by the camera device; the security chip judges whether the first acquisition information contains face information, acquires a user face picture associated with the user account under the condition that the first acquisition information contains the face information, judges whether the face information is consistent with the user face picture, and calls the communication interface to send a security operation request to the server or execute security operation if the face information is inconsistent with the user face picture; under the condition that the face information is not contained, judging whether at least one forbidden condition is met, if so, calling the communication interface to send the safety operation request to the server or executing the safety operation; wherein the disabling condition includes: the method comprises the steps that the frequency of first acquisition information which is continuously received by the safety chip and does not contain face information reaches a preset frequency, or the accumulated duration of the first acquisition information which is received by the safety chip in a first preset time and does not contain face information exceeds a second preset time, wherein the second preset time is less than or equal to the first preset time.
Optionally, the obtaining of the user face picture associated with the user account includes: and acquiring the user face picture from the verification information or the login information, or inquiring the associated user face picture from a database of the server according to the user account.
Optionally, after the server performs the login operation, the method further includes: the security chip controls the card reader to send a polling signal; the intelligent card receives the polling signal and returns a polling response; and when monitoring that the card reader does not receive the polling response within the preset time, the security chip executes the security operation, or calls the communication interface to send the security operation request to the server.
Optionally, after receiving the security operation request, the server executes a security operation and sends a security operation response to the security device; and the safety chip receives the safety operation response through the communication interface and calls a display screen of the safety equipment to display prompt information of safety operation.
Optionally, the smart card includes an identification card.
Another aspect of the present invention provides a system for performing a security operation using a security device, including: smart card, security device and server, the security device includes: the system comprises a security chip, a card reader, a display screen, a communication interface and a camera device; the security chip is used for controlling the card reader to send a card searching command to the outside after the security device obtains the trigger command, and controlling the card reader to send a card reading command to the smart card after the card reader receives a card searching response; after the card reader receives login information, a login request is generated according to the login information, and a communication interface is called to send the login request to a server, wherein the login information comprises: a user account and a password; the intelligent card reader is also used for receiving a check factor through the communication interface and controlling the card reader to send the check factor to the intelligent card; after the card reader receives the verification information, calling the communication interface to send the verification information to the server; the camera device is also used for sending the image acquisition command to the camera device at preset time intervals after receiving a response of successful login through the communication interface; the camera device is also used for receiving first acquisition information returned by the camera device; the first acquisition information is also used for judging whether the first acquisition information contains face information or not, acquiring a user face picture associated with the user account under the condition that the first acquisition information contains the face information, judging whether the face information is consistent with the user face picture or not, and if not, calling the communication interface to send a safety operation request to the server or executing safety operation; under the condition that the face information is not contained, judging whether at least one forbidden condition is met, if so, calling the communication interface to send the safety operation request to the server or executing the safety operation; wherein the disabling condition includes: the frequency of continuously receiving first acquisition information which does not contain face information by the security chip reaches a preset frequency, or the accumulated duration of the first acquisition information which does not contain face information and is received by the security chip within a first preset time exceeds a second preset time, wherein the second preset time is less than or equal to the first preset time; the card reader is used for receiving the card searching response and sending the card reading instruction to the intelligent card under the control of the security chip; the security chip is also used for receiving the login information and transmitting the login information to the security chip; receiving the verification information and transmitting the verification information to the security chip; the camera device is used for receiving the image acquisition instruction and sending acquired first acquisition information to the security chip; the display screen is used for displaying prompt information of safety operation; the smart card is used for receiving the card searching instruction and sending the card searching response to the card reader; the card reader is also used for receiving the card reading instruction, acquiring the login information and sending the login information to the card reader; the card reader is further configured to receive the verification factor, perform a verification operation on the verification factor at least to obtain the verification value, and send the verification information to the card reader, where the verification information at least includes: the check value; the server is used for receiving the login request, acquiring the login information according to the login request, generating a check factor and sending the check factor to the safety equipment; receiving the verification information, acquiring the user account and the password according to the login information, verifying the user account and the password, acquiring the verification value according to the verification information, verifying the verification value, executing login operation after the user account and the password are verified and the verification value is verified, and returning a response of successful login to the safety equipment.
Optionally, the user face picture associated with the user account is obtained in the following manner: and acquiring the user face picture from the verification information or the login information, or inquiring the associated user face picture from a database of the server according to the user account.
Optionally, the security chip is further configured to control the card reader to send a polling signal after receiving the response of successful login through the communication interface; the card reader is also used for sending the polling signal to the smart card; the intelligent card is also used for receiving the polling signal and returning a polling response; and the security chip is further used for calling the communication interface to send a security operation request to the server or executing the security operation when monitoring that the card reader does not receive the polling response within the preset time.
The server is further used for executing the security operation after receiving the security operation request and returning a security operation response to the security chip; the safety chip is also used for receiving a safety operation response through the communication interface and calling a display screen of the safety equipment to display prompt information of the safety operation.
Optionally, the smart card includes an identification card.
According to the technical scheme provided by the invention, firstly, a user holding the smart card can safely log in a server by using the safety equipment in a card swiping mode, so that the user can quickly log in the system and the safety of a user account is ensured; secondly, image information can be collected through a camera device of the safety equipment, whether the employee using the current safety equipment is the originally logged employee or whether the current working state is abnormal is determined through face information in the image information, so that the safety operation is executed when the use of other employees or the employee does not use the safety equipment within a period of time is monitored, the business confidentiality of the employee using the safety equipment for logging is protected, and the effect that irrelevant personnel use the safety equipment to execute corresponding operation is avoided.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a system for performing a security operation by using a security device according to embodiment 1 of the present invention;
FIG. 2 is a schematic structural diagram of a security device provided in the present invention;
fig. 3 is a flowchart of login using a security device according to embodiment 1 of the present invention;
fig. 4 is a flowchart illustrating a security operation executed by a security device after login according to embodiment 1 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
The invention is based on a system for performing secure operations using a security device, which system comprises a security device 10, a smart card 20, a server 30, as shown in fig. 1. The security device 10 may communicate with the smart card 20, perform data interaction with the smart card 20, the security device 10 may also communicate with the server 30, and the security device 10 may directly perform data interaction with the server 30, or may perform data interaction with the server 30 through a client host (a PC terminal or other terminals) connected to the security device 10. The intelligent card and login information of an employee can only be used for the employee to use and login, once a certain employee uses a certain security device to log in a server, the employee is bound with the security device during login, namely, during the login of the employee, the security device cannot be used by other employees, once the use of other employees or the absence of the use of the security device by the employee within a period of time is monitored, a security protection program is entered, security operation is executed, such as automatic log-out or screen locking and the like, so that the business confidentiality of the login employee is ensured, and the fact that irrelevant personnel execute corresponding operation on the security device is avoided. The security device 10 is a multifunctional device, such as an ipad computer, a notebook computer, a mobile phone, and the like.
As shown in fig. 2, the security device 10 includes: a secure chip 101, a card reader 102, a communication interface 103, a camera device 104 and a display screen 105. The secure chip 101 may be disposed inside the secure device 10, or may be connected to the secure device 10 through an interface (a wired interface or a wireless interface). The secure chip 101 is used as a main control chip of the secure device to control operations of other modules in the secure device 10. The card reader 102 integrated on the security device 10 may be a contact card reader or a contactless card reader (such as RF, NFC, etc.), and may communicate with the smart card 20 through RF, NFC, etc. to perform data interaction with the smart card 20. When the card reader 102 is a contactless card reader, the smart card 20 may connect to and communicate with the card reader 102 of the security device once it comes within communication range of the card reader 102 of the security device. The security device 10 may also integrate existing keyboard functionality, i.e. the security device 10 may also be a security keyboard that may be used as an input device to interface with a PC or other device for data entry, and may be used by a user to perform key entry operations. The security device 10 may further control the camera device 104 to capture an image, and further process the captured information to determine whether the captured information includes face information and whether the captured information satisfies a security operation condition, so that when it is monitored that another employee uses the security device or the employee does not use the security device within a certain period of time, the security device enters a security protection program to perform a security operation, for example, a login request is sent to a server or the security device performs a screen locking, and the like. The display screen 105 of the secure device 10 can display corresponding contents according to the call of the secure chip 101, thereby timely reminding the user.
The smart card 20 is a card with a chip and capable of performing key operation (encryption, signature), personal identification information such as an identification ID, a photo, a fingerprint, etc. is stored in the smart card 20, and a private key corresponding to the user identity is also stored in the smart card 20, so that the identity of the user can be identified through the information stored in the smart card, that is, the information is associated with the user account, so that the user can obtain the personal identification information of the user by means of the smart card and log in a system of a server. As an alternative, the smart card may be an identification card. The card reader may be a card reader with a SAM module to read information within the identification card. The smart card 20 may be made in a conventional card shape, may be made in a small portable device shape such as a usb disk, and may be an electronic signature device in a card shape, which is convenient to carry.
The server in the system is generally positioned at the background, and the server can be directly connected to the safety equipment through a network interface (a wired interface or a wireless interface) for data interaction, and can also carry out data interaction with the safety equipment through a client host (a PC (personal computer) end or other terminals) at the side of the safety equipment. In some cases, the server may be located on the secure device side, for example, the server is provided in a client host (PC side or other terminal) on the secure device side.
Example 1
The present embodiment provides a method for performing a security operation using a security device, which employs the system architecture mentioned above. The method specifically comprises the steps of logging in by using the security device (S101-113) and the steps of controlling and executing the security operation by using the security device after logging in (S114-S123).
Specifically, as shown in fig. 3, the steps of login using the security device provided in this embodiment are as follows (steps S101 to S113):
step S101, the safety equipment acquires a trigger instruction; and after the safety device acquires the trigger instruction, the safety chip controls the card reader to send a card searching instruction outwards.
Specifically, the security chip (for example, Z8D64U (national secret lot number SSX43) and Z32 (national secret lot number SSX20) of national technical stock limited company) has an independent processor and storage unit inside, and can store PKI digital certificates and keys and other characteristic data, perform key operations (encryption, decryption, signature, and the like) on the data, provide data encryption and identity security authentication services for users, and protect business privacy and data security.
The safety equipment can receive physical trigger or software trigger, and a user can trigger to send a trigger instruction to the safety equipment through a key or a button arranged on the safety equipment; the safety equipment can also receive a trigger instruction sent by the server; the safety device may also be a setting detection device to detect whether triggering is needed, so as to generate a triggering instruction, for example, a camera, an infrared detection device, or the like may be disposed on the safety device, and once a human body is detected, the triggering instruction is generated. The triggering instruction is used for triggering the safety equipment to start the card searching operation.
Specifically, the security chip is used as a main control chip of the security device, and after the security device obtains the trigger instruction, the card reader needs to be controlled to start a card searching process, and a card searching instruction is sent by broadcasting to the outside, where the card searching instruction may be an NFC card searching instruction.
And S102, the intelligent card receives the card searching command and sends a card searching response to the card reader.
Specifically, when the smart card enters the communication range of the card reader, the card searching command sent by the card reader can be received, and a corresponding card searching response is sent to the card reader according to the card searching command.
And step S103, the security chip controls the card reader to send a card reading instruction to the smart card after the card reader receives the card searching response.
Specifically, the card search response may include identification information of the smart card, and after receiving the card search response, the security chip acquires information of the smart card included in the card search response, so as to establish a communication connection with the smart card indicated by the identification information, and send a card reading instruction to the smart card. The card reading instruction is used for instructing the smart card to send information required by login.
Step S104, the smart card receives the card reading instruction and obtains login information, wherein the login information at least comprises: a user account number and a password.
Specifically, through the authorization of the user, the smart card may pre-store information required for the user to log in, which at least includes information such as a user account and a password, where the password may be in the form of a character or a biometric password, such as a fingerprint. In addition, the login information may also include a user face picture, so that the subsequent server acquires the user face picture from the login information provided by the smart card and stores the user face picture in the database or compares the user face picture with the acquired face information. The smart card may also obtain the login information by means of user input, that is, the user inputs the login information into the smart card through an input device of the smart card, for example, the user inputs a user account and a password through a screen button or a physical button of the smart card, or inputs biometric password information through a biometric identification board of the smart card.
Step S105, the smart card sends login information to the card reader.
The intelligent card can encrypt the login information to be sent, and the login information is transmitted in a ciphertext mode, so that the safety of data transmission can be guaranteed.
And step S106, the security chip generates a login request according to the login information after the card reader receives the login information, and calls the communication interface to send the login request to the server.
Specifically, the security chip may send the login request to the server through the client, or may directly send the login request to the server. For the former, the communication interface connected with the client may be a wired communication interface, such as a USB interface, a serial port, a wired network interface, or a wireless communication interface, such as wifi, bluetooth, NFC, a wireless network interface, so that the security device may be connected to the login terminal through the wired communication interface or the wireless communication interface. For example, the security device may be connected to a PC through an interface such as a USB or bluetooth, and the PC sends a login request to a login terminal on the server through a network to perform communication. In the latter case, the communication interface may be a wireless network interface, and the security device may send a login request to a remote server via the wireless network interface.
The login request may include, in addition to the login information transmitted from the smart card, other information for identifying the smart card or the secure device, for example, ID information for identifying the smart card or ID information for identifying the secure device. The login request may further include indication information indicating that the server performs the next processing, for example, indicating that the server generates a check factor according to the login information. In addition, if the secure chip receives encrypted login information, decryption using a corresponding key is required. When sending the login request, the security device may encrypt the login request and send the encrypted login request to the server, so as to ensure the security of data transmission.
And step S107, the server receives the login request, acquires login information according to the login request and generates a verification factor.
Specifically, the server acquires the login information included in the login request after receiving the login request. Of course, if the login request is encrypted information, it is also necessary to decrypt the encrypted information first and then obtain the plaintext of the login information. And after receiving the login request, the server executes the step of generating the check factor according to the instruction of the login request. The check factor may be generated according to a random number or other character strings, or may be generated according to part of information in the login information, so that the server may perform verification according to a check value returned by other devices to check authenticity of the other devices. The check factor can also be sent after being encrypted so as to ensure the safety of data transmission.
Step S108, the server sends the check factor to the safety equipment.
In step S106, the server may also send the verification factor to the security device through the client on the security device side, or directly communicate with the security device, and send the verification factor to the security device through the wireless network.
Specifically, after receiving the verification factor, if the verification factor is an encrypted verification factor, the server decrypts the verification factor by using the matched key, and sends the decrypted verification factor to the security device. If the data transmission between the server and the security device needs to be encrypted for transmission, the server can also encrypt the check factor again by using the key matched with the security device and then send the encrypted check factor to the security device.
And step S109, the security chip receives the check factor through the communication interface and controls the card reader to send the check factor to the smart card.
And the safety equipment receives the check factor through the communication interface, and then the safety chip of the safety equipment acquires the check factor. After receiving the verification factor, the security chip needs to control the card reader to send the verification factor to an intelligent card. At this time, the card reader needs to judge whether the smart card is kept connected with the card reader, and if the card reader is connected with the smart card, the card reader directly sends the check factor to the connected smart card. If the card reader is not connected to a smart card at this time, the card reader needs to establish a connection with a smart card first.
And step S110, the smart card receives the check factor and at least carries out check operation on the check factor to obtain a check value.
Specifically, as an optional implementation manner, the manner in which the smart card performs at least the check operation on the check factor to obtain the check value may include at least the following:
the method comprises the steps that the smart card obtains a private key stored by the smart card, at least hash operation is conducted on a verification factor to obtain first summary information, and the private key of the smart card is used for encrypting the summary information to obtain signature information serving as a verification value. Certainly, the smart card may further store personal information such as a user account, a password, a user's photo, a fingerprint, and the like, and when signing, the smart card may not only sign the verification factor, but also sign at least one of the verification factor and the personal information to obtain the verification value.
And in the second mode, the intelligent card can obtain a symmetric key, and at least MAC operation is carried out on the check factor to obtain an MAC value as a check value.
And in the third mode, the intelligent card can at least calculate the check factor by adopting a parity check algorithm to obtain a check value.
And in the fourth mode, the smart card can at least calculate the check factor by adopting a CRC (cyclic redundancy check) algorithm to obtain a check value.
The four ways described above are only some ways of obtaining the check value provided in this embodiment, but are not limited to the 4 ways described above, as long as the check value for verifying the authenticity of the device can be calculated.
Step S111, the smart card sends verification information to the card reader, and the verification information comprises: and checking the value.
Specifically, when the smart card sends the verification information, the verification information can be encrypted for transmission in order to ensure the security of transmission. In addition, when the smart card sends the verification information, the smart card can also contain a certificate or a public key corresponding to a private key of the smart card, and the smart card can directly send the public key to the server to ensure that the server can verify the verification value by using the public key after receiving the verification value; the certificate containing the public key can also be sent, so that the server can verify the check value by using the public key after receiving the check value, and the server can verify the authenticity of the public key. The verification information may further include a symmetric key used to calculate the verification value, or an identification of the symmetric key and an identification of the algorithm used, so that the server may verify the verification value using the same symmetric key and algorithm.
In addition, the verification information may further include personal information of the user, such as a face picture of the user, so as to facilitate subsequent comparison with the collected face information to identify whether the person currently using the security device is the same as the holder of the smart card (i.e., the person logged in using the security device).
And step S112, the safety chip calls the communication interface to send the verification information to the server after the card reader receives the verification information.
The specific sending method and the method of sending the login request to the server in step S106 refer to the description of step S106, which is not described herein again.
And S113, the server receives the verification information, acquires the user account and the password according to the login information, verifies the user account and the password, acquires the verification value according to the verification information, verifies the verification value, executes login operation after the user account and the password are verified and the verification value is verified, and returns a response of successful login to the safety equipment.
After receiving the verification information, the server needs to verify the correctness of the login information, that is, the server acquires the user account and password information according to the previously received login information, performs length and correctness verification on the user account and the password, and stores the verification result of the user account and the password.
In addition, the server can also adopt a corresponding mode to check the check value corresponding to 4 modes of at least carrying out check operation on the check factor to obtain the check value by the intelligent card. For example, the server verifying the check value includes: the server acquires a certificate of the smart card corresponding to the user account, acquires a public key of the smart card according to the certificate of the smart card, decrypts the verification value by using the public key of the smart card to obtain first summary information, performs hash operation on at least a verification factor to obtain second summary information, compares the first summary information with the second summary information, and passes verification if the comparison is consistent. And when the user account and the password pass the verification and the verification operation passes, the server starts to execute the login operation. For another example, the server verifying the check value includes: and the server calculates a check comparison value for the check factor by adopting an MAC algorithm, compares the check value with the check comparison value, if the check value is consistent with the check comparison value, the check is passed, and the server starts to execute login operation. Corresponding to other check values, corresponding methods and algorithms may also be adopted to perform calculation, and the obtained check comparison value is compared with the received check value, which is not described herein again.
It should be noted that the server may verify the user account and the password before verifying the verification operation, may verify the verification operation before verifying the user account and the password, or may verify the user account and the password at the same time, in short, whether the user account and the password are verified before or after verifying the verification operation is a replacement of the protection method of the present invention, and both of them belong to the protection scope of the present invention.
And ending the step of reading the card and logging in by using the security equipment. After the card is read by the security device for login, the embodiment also provides a step of controlling and executing security operation by the security device after login. Specifically, as shown in fig. 4, the steps of performing the security operation by using the security device after login provided in this embodiment are as follows (S114 to S123):
and step S114, the security chip receives a response of successful login through the communication interface and sends an image acquisition command to the camera device at preset time intervals.
The manner in which the security chip receives the response of successful login through the communication interface may also refer to the description of step S108, which is not described herein again. After receiving the response of successful login, the security chip starts face monitoring and acquires image information through the camera device at preset time intervals. Wherein the predetermined time interval is set empirically by the technician, e.g., every 3 minutes or every 20 seconds. Therefore, the security device provided with the camera device can monitor that no login staff uses the security device, and timely execute security operation, for example, a server is requested to execute login operation, the security device is refused to access an office system, and for example, the security device executes security operation such as screen locking and the like, and a user is prohibited from executing corresponding operation by using the security device, so that the service confidentiality of the login staff is protected, and irrelevant staff are prevented from executing corresponding operation by using the security device.
And step S115, the camera device receives an image acquisition instruction and sends acquired first acquisition information to the security chip.
The camera device starts image acquisition of this time after receiving an image acquisition instruction, and the acquired first acquisition information refers to the image information acquired by the camera device of this time. The image information acquired by the camera device may be image information acquired within a predetermined time, for example, image information continuously acquired within 10 seconds; or the image information collected by the camera of the camera device from the initial position to the position of 180 degrees. There are many ways for the camera device to acquire the image information, and this embodiment is only illustrated by way of example and will not be described herein again. The image information (i.e., the first acquisition information) may be a plurality of pictures, a video stream, or the like.
And step S116, the security chip receives the first acquisition information returned by the camera device.
Optionally, the security chip may store the first acquisition information returned by the camera device in the cache of the security device according to the order of acquisition.
Step 117, the security chip judges whether the first collected information contains face information, and if so, executes step 118; in the case where the face information is not contained, step S119 is executed.
First, whether the first collected information includes face information is judged, and the first collected information can be identified according to the biological features of the face. If the face information is included, at least it indicates that there is an employee using the current security device, it needs to further determine whether the employee using the current security device is the same person as the employee who originally used the current security device to complete the login, i.e., step S118 is executed. However, if the first collected information does not include a human face, it is necessary to determine whether the safe operation condition is satisfied according to the policy in step S119.
Step S118, the security chip acquires a user face picture associated with the user account, judges whether the face information is consistent with the user face picture, and executes security operation or sends a security operation request to a server if the face information is inconsistent with the user face picture;
the security device may perform the security operation by itself, for example, the security device controls a display screen thereof to lock the screen, so as to prohibit a user from performing the corresponding operation by using the security device. The security device may also send a security operation request to the server, for example, the security device may also send a logout request to the server, and the server performs a logout operation to deny the user access to the office system. The effect of prohibiting the user from executing corresponding operation by using the security device to protect the business confidentiality of the logged-in employee and avoid the irrelevant personnel from executing corresponding operation by using the security device can be achieved.
As an optional implementation manner, acquiring a user face picture associated with a user account includes: and acquiring a user face picture from the verification information, or inquiring a related user face picture from a database of the server according to the user account. In this embodiment, the server may query a pre-stored user face picture associated with the user account from the database thereof, or may obtain the user face picture stored in the smart card if the user face picture associated with the user account is not stored in the database, where the user face picture stored in the smart card is also associated with the user account. The user face picture stored in the smart card can be obtained by carrying the user face picture through verification information sent by the smart card, or the server initiates an obtaining request to obtain the user face picture of the login user from the smart card through a login end and a card reader of the safety device.
The specific image information comparison and image analysis are prior art, and are not described in detail in this embodiment. Comparing whether the face information contained in the first acquisition information is consistent with the face picture of the user, if so, indicating that the employee using the current safety equipment is the employee using the safety equipment for logging in; if not, it indicates that the employee using the current security device is not the employee who logged in using the security device. Therefore, under the condition of containing the face information, the server firstly judges whether the employee logged in by using the safety equipment works according to the face information, and if the employee does not work, the server executes safety operation so as to protect the business confidentiality of the employee and avoid that irrelevant personnel execute corresponding operation by using the safety equipment.
Step S119, the security chip judges whether at least one of the conditions for executing the security operation is satisfied, and if so, executes the security operation or sends a security operation request to the server.
The specific manner of performing the security operation or sending the security operation request to the server may be as described in step S118.
Wherein executing the safe operating condition comprises: the frequency of the first acquisition information which does not contain the face information and is continuously received by the security chip reaches a preset frequency, or the accumulated duration of the first acquisition information which does not contain the face information and is received by the security chip in the first preset duration exceeds a second preset duration, wherein the second preset duration is less than or equal to the first preset duration.
For example, no first collected information received for 5 consecutive times contains face information, at least indicating that the employee has not been using the security device for a period of time. For example, if the image video received by the security chip within the first preset time (for example, within 10 minutes) does not contain face information beyond the second preset time (for example, within 7 minutes), the working state of the employee is considered to be abnormal, and the execution of the security operation condition is satisfied.
In addition, as an optional implementation manner, after the secure chip calls the communication interface to send the secure operation request to the server, after the server performs a secure operation, the server further performs the following operations:
step S120, after receiving the safety operation request, the server executes the safety operation and sends a safety operation response to the safety equipment; for example, the server receives the logout request, performs a logout operation, and returns a logout response to the security device.
And step S121, the safety chip of the safety equipment receives the safety operation response through the communication interface and calls a display screen of the safety equipment to display prompt information of the safety operation.
Therefore, the state of the safety operation of the staff can be timely notified, once the staff sees the prompt message of the safety operation, the staff can know that the safety operation is executed, such as the staff logs out, and further the login operation can be executed again when the safety equipment is required to be continuously used.
And ending the step of executing the safety operation by using the safety equipment after login.
According to the method for executing the safety operation by using the safety equipment, firstly, a user with the smart card can safely log in the server by using the safety equipment in a card swiping mode, so that the system can be quickly logged in, and the safety of a user account is also ensured; secondly, image information can be collected through a camera device of the safety equipment, whether the employee using the current safety equipment is the originally logged employee or whether the current working state is abnormal is determined through face information in the image information, so that the safety operation is executed when the use of other employees or the employee does not use the safety equipment within a period of time is monitored, the business confidentiality of the employee using the safety equipment for logging is protected, and the effect that irrelevant personnel use the safety equipment to execute corresponding operation is avoided.
In this embodiment, as an optional implementation manner, it may also be monitored whether the employee is still using the security device through a polling response between the card reader of the security device and the smart card. Generally, when using the security device, an employee places his/her smart card on a card reader of the security device, and if the smart card receives a polling signal from the card reader, a polling response is returned to the card reader. If the security device is not used, the smart card is taken away after the security operation is performed, and the polling signal returned by the smart card is not received after the card reader sends the polling signal. Therefore, when monitoring that other employees use the security device or the employee does not use the security device within a period of time, the security chip controls to enter a security protection program and execute security operations, such as requesting a server to execute log-out operations or requesting the security device to execute screen locking and the like, so that the business confidentiality of the employee logged in by using the security device is protected, and irrelevant personnel are prevented from executing corresponding operations by using the security device. Specifically, after the server performs the login operation in step S113, the method provided in this embodiment further includes the following steps (SC1-SC 7):
step SC1, the security chip of the security device controls the card reader to send a polling signal;
step SC2, the smart card receives the polling signal and returns a polling response;
step SC3, when the security chip monitors that the card reader does not receive the polling response within the preset time, the security chip calls the display screen of the security device to execute the screen locking operation, or calls the communication interface to send a security operation request to the server;
if the polling response is not received within the preset time, the fact that the smart card leaves the communication coverage range of the card reader is indicated, the fact that the employee leaves the security device is defaulted, and the employee forgets to perform security operation, such as screen locking operation. Therefore, the security chip can control to enter a security protection program and perform security operations, such as requesting a server to perform a logout operation or a security device to perform a screen locking, so as to protect the business secrets of the employees logged in by using the security device and prevent irrelevant personnel from performing corresponding operations by using the security device.
Step SC4, after the server receives the safety operation request, the server executes the safety operation and sends a safety operation response to the login end; for example, the server performs a logout operation and sends a logout response.
And step SC5, the security chip of the security device receives the response of the security operation through the communication interface and calls the display screen of the security device to display the prompt message of the security operation.
Through the optional implementation mode, whether the employee still uses the security device can be monitored through a polling response between the card reader of the security device and the smart card, after the employee is monitored to leave the security device, the security device controls to enter a security protection program and perform security operations, such as logout or screen locking, so as to protect the business confidentiality of the employee logged in by using the security device and avoid that irrelevant personnel perform corresponding operations by using the security device.
Example 2
The embodiment also provides a system for executing the safety operation by utilizing the safety device. The method for performing security operation using the security device of embodiment 1 is specifically configured as shown in fig. 1 and 2. The function of the specific device can be seen in the detailed description in embodiment 1. This embodiment will be described only briefly.
As shown in fig. 1 and 2, the system for performing a security operation using a security device includes: secure device 10, smart card 20, server 30, the secure device 10 comprising: the system comprises a security chip 101, a card reader 102, a communication interface 103, a camera device 104 and a display screen 105; wherein:
the security chip 101 is configured to control the card reader 102 to send a card searching command to the outside after the security device 10 obtains the trigger command, and control the card reader 102 to send a card reading command to the smart card 20 after the card reader 102 receives a card searching response; after receiving the login information, the card reader 20 generates a login request according to the login information, and calls the communication interface 103 to send the login request to the server 30, where the login information includes: a user account and a password; the smart card reader is also used for receiving the verification factor through the communication interface 103 and controlling the card reader 102 to send the verification factor to the smart card 20; after the card reader 102 receives the verification information, the communication interface 103 is called to send the verification information to the server 30; the system is also used for sending an image acquisition instruction to the camera device 104 at preset time intervals after receiving a response of successful login through the communication interface 103; the system is also used for receiving first acquisition information returned by the camera device 104; the first acquisition information is used for acquiring a user face picture associated with a user account under the condition that the first acquisition information contains face information, judging whether the face information is consistent with the user face picture, and if not, calling a communication interface to send a safety operation request to a server or executing safety operation; under the condition that the face information is not contained, judging whether at least one of forbidden conditions is met, if so, calling a communication interface to send a safety operation request to a server or executing safety operation; wherein the disabling conditions include: the method comprises the steps that the frequency of first acquisition information which is continuously received by a safety chip and does not contain face information reaches a preset frequency, or the accumulated duration of the first acquisition information which is received by the safety chip in a first preset time and does not contain face information exceeds a second preset time, wherein the second preset time is less than or equal to the first preset time;
the card reader 102 is used for receiving a card searching response and sending a card reading instruction to the smart card 20 under the control of the security chip 101; the security chip is also used for receiving login information and transmitting the login information to the security chip 101; receiving the verification information and transmitting the verification information to the security chip 101;
the camera device 104 is used for receiving an image acquisition instruction and sending acquired first acquisition information to the security chip 101;
a display screen 105 for displaying prompt information for security operation;
the smart card 20 is used for receiving a card searching command and sending a card searching response to the card reader 102; the card reader is also used for receiving a card reading instruction, acquiring login information and sending the login information to the card reader 102; the card reader is further configured to receive the verification factor, perform a verification operation on the verification factor at least to obtain a verification value, and send verification information to the card reader 102, where the verification information at least includes: checking a value;
the server 30 is configured to receive the login request, obtain login information according to the login request, generate a verification factor, and send the verification factor to the security device 10; receiving the verification information, acquiring the user account and the password according to the login information, verifying the user account and the password, acquiring the verification value according to the verification information, verifying the verification value, executing the login operation after the user account and the password are verified and the verification value is verified, and returning a response of successful login to the security device 10.
As an optional implementation manner in this embodiment, the server 30 or the secure chip 101 may obtain a user face picture associated with the user account by: and acquiring the user face picture from the verification information or the login information, or inquiring the associated user face picture from a database of the server according to the user account.
As an optional implementation manner in this embodiment, the secure chip 101 is further configured to control the card reader 102 to send a polling signal after receiving a response of successful login through the communication interface 103; the card reader 102 is also used for sending a polling signal to the smart card 20; the intelligent card 20 is also used for receiving the polling signal and returning a polling response; the secure chip 101 is further configured to, when it is monitored that the card reader 102 does not receive the polling response within the preset time, call the communication interface 103 to send a security operation request to the server 30 or perform a security operation, for example, call the display 105 of the secure device 10 to perform a screen locking operation.
As an optional implementation manner in this embodiment, the server 30 is further configured to execute a security operation after receiving the security operation request, and return a security operation response to the security chip 101; the security chip 101 is further configured to receive a security operation response through the communication interface 103, and call the display screen 105 of the security device to display prompt information of the security operation; and a display screen 105 for performing a screen locking operation.
As an optional implementation manner in this embodiment, the smart card includes an identification card.
According to the system for executing the safety operation by using the safety equipment, firstly, a user with the smart card can safely log in the server by using the safety equipment in a card swiping mode, so that the system can be quickly logged in, and the safety of a user account is also ensured; secondly, image information can be collected through a camera device of the safety equipment, whether the employee using the current safety equipment is the originally logged employee or whether the current working state is abnormal is determined through face information in the image information, so that the safety operation is executed when the use of other employees or the employee does not use the safety equipment within a period of time is monitored, the business confidentiality of the employee using the safety equipment for logging is protected, and the effect that irrelevant personnel use the safety equipment to execute corresponding operation is avoided.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (6)

1. A method of performing a security operation with a security device, the security device comprising: the system comprises a security chip, a card reader, a display screen, a communication interface and a camera device; characterized in that the method comprises:
the camera device detects the occurrence of a human body and generates a trigger instruction, and the safety equipment acquires the trigger instruction;
the safety chip controls the card reader to send a card searching instruction outwards after the safety device obtains the trigger instruction;
the smart card receives the card searching command and sends a card searching response to the card reader;
the security chip controls the card reader to send a card reading instruction to the smart card after the card reader receives the card searching response;
the intelligent card receives the card reading instruction and acquires login information, wherein the login information at least comprises: a user account number and password;
the smart card sends the login information to the card reader;
after the card reader receives the login information, the security chip encrypts the login information to generate encrypted login information, generates a login request according to the encrypted login information, and calls a communication interface to send the login request to a server, wherein the login request comprises indication information indicating that the server generates a check factor according to the login information;
the server receives the login request, acquires the encrypted login information according to the login request, decrypts the encrypted login information, acquires a plaintext of the login information, and generates a verification factor according to the indication information;
the server sends the check factor to the safety equipment;
the security chip receives the check factor through the communication interface and judges whether the card reader is connected with the smart card or not, if yes, the card reader is controlled to send the check factor to the smart card, and if not, the card reader is controlled to establish connection with the smart card;
the intelligent card receives the check factor and at least carries out check operation on the check factor to obtain a check value;
the smart card sends verification information to the card reader, wherein the verification information at least comprises: the check value;
the safety chip calls the communication interface to send the verification information to the server after the card reader receives the verification information;
the server receives the verification information, acquires the user account and the password according to the login information, verifies the user account and the password, acquires the verification value according to the verification information, verifies the verification value, executes login operation after the user account and the password are verified and the verification value is verified, and returns a response of successful login to the safety equipment;
after the server executes login operation, the security chip controls the card reader to send a polling signal;
the intelligent card receives the polling signal and returns a polling response;
when the safety chip monitors that the card reader does not receive the polling response within preset time, the safety chip executes the safety operation or calls the communication interface to send the safety operation request to the server;
after receiving the safety operation request, the server executes the safety operation and sends a safety operation response to the safety equipment;
the safety chip receives the safety operation response through the communication interface and calls a display screen of the safety equipment to display prompt information of safety operation;
after receiving the response of successful login through the communication interface, the security chip sends an image acquisition instruction to the camera device at intervals of preset time;
the camera device receives the image acquisition instruction and sends acquired first acquisition information to the security chip;
the security chip receives the first acquisition information returned by the camera device;
the security chip judges whether the first acquisition information contains face information, acquires a user face picture associated with the user account under the condition that the first acquisition information contains the face information, judges whether the face information is consistent with the user face picture, and calls the communication interface to send a security operation request to the server or execute security operation if the face information is inconsistent with the user face picture; under the condition that the face information is not contained, judging whether at least one forbidden condition is met, if so, calling the communication interface to send the safety operation request to the server or executing the safety operation; wherein the disabling condition includes: the method comprises the steps that the frequency of first acquisition information which is continuously received by the safety chip and does not contain face information reaches a preset frequency, or the accumulated duration of the first acquisition information which is received by the safety chip in a first preset time and does not contain face information exceeds a second preset time, wherein the second preset time is less than or equal to the first preset time.
2. The method of claim 1, wherein:
the acquiring of the user face picture associated with the user account includes:
and acquiring the user face picture from the verification information or the login information, or inquiring the associated user face picture from a database of the server according to the user account.
3. The method of claim 1 or 2, wherein:
the smart card includes an identification card.
4. A system for performing a security operation using a security device, the system comprising: smart card, security device and server, the security device includes: the system comprises a security chip, a card reader, a display screen, a communication interface and a camera device;
the safety chip is used for generating a trigger instruction when the camera device detects that a human body appears, controlling the card reader to send a card searching instruction to the outside after the safety device obtains the trigger instruction, and controlling the card reader to send a card reading instruction to the intelligent card after the card reader receives a card searching response; after the card reader receives login information, encrypting the login information to generate encrypted login information, generating a login request according to the encrypted login information, and calling a communication interface to send the login request to a server, wherein the login request comprises indication information for indicating the server to generate a check factor according to the login information, and the login information comprises: a user account number and password; the communication interface is used for receiving a verification factor, judging whether the card reader is connected with the intelligent card or not, and if so, controlling the card reader to send the verification factor to the intelligent card; after the card reader receives the verification information, calling the communication interface to send the verification information to the server, and if the verification information is not sent, controlling the card reader to be connected with the intelligent card; the communication interface is used for receiving a response of successful login and then sending an image acquisition instruction to the camera device at intervals of preset time; the camera device is also used for receiving first acquisition information returned by the camera device; the first acquisition information is used for acquiring a user face picture associated with the user account, judging whether the face information is consistent with the user face picture, and if not, calling the communication interface to send a safety operation request to the server or execute safety operation; under the condition that the face information is not contained, judging whether at least one forbidden condition is met, if so, calling the communication interface to send the safety operation request to the server or executing the safety operation; wherein the disabling condition includes: the frequency of continuously receiving first acquisition information which does not contain face information by the security chip reaches a preset frequency, or the accumulated duration of the first acquisition information which does not contain face information and is received by the security chip within a first preset time exceeds a second preset time, wherein the second preset time is less than or equal to the first preset time;
the card reader is used for receiving the card searching response and sending the card reading instruction to the intelligent card under the control of the security chip; the security chip is also used for receiving the login information and transmitting the login information to the security chip; receiving the verification information and transmitting the verification information to the security chip;
the camera device is used for receiving the image acquisition instruction and sending acquired first acquisition information to the security chip;
the display screen is used for displaying prompt information of safety operation;
the smart card is used for receiving the card searching instruction and sending the card searching response to the card reader; the card reader is also used for receiving the card reading instruction, acquiring the login information and sending the login information to the card reader; the card reader is further configured to receive the verification factor, perform a verification operation on the verification factor at least to obtain a verification value, and send the verification information to the card reader, where the verification information at least includes: the check value;
the server is used for receiving an encrypted login request, acquiring login information according to the encrypted login request, decrypting the encrypted login information, acquiring a plaintext of the login information, generating a check factor according to the indication information, and sending the check factor to the safety equipment; receiving the verification information, acquiring the user account and the password according to the login information, verifying the user account and the password, acquiring the verification value according to the verification information, verifying the verification value, executing login operation after the user account and the password are verified and the verification value is verified, and returning a response of successful login to the safety equipment;
the security chip is further configured to control the card reader to send a polling signal after receiving the response of successful login through the communication interface;
the card reader is also used for sending the polling signal to the smart card;
the intelligent card is also used for receiving the polling signal and returning a polling response;
the security chip is further configured to call the communication interface to send the security operation request to the server or execute the security operation when monitoring that the card reader does not receive the polling response within a preset time;
the server is further used for executing the security operation after receiving the security operation request and returning a security operation response to the security chip;
the safety chip is also used for receiving a safety operation response through the communication interface and calling a display screen of the safety equipment to display prompt information of the safety operation.
5. The system of claim 4, wherein:
acquiring a user face picture associated with the user account in the following way:
and acquiring the user face picture from the verification information or the login information, or inquiring the associated user face picture from a database of the server according to the user account.
6. The system of claim 4 or 5, wherein:
the smart card includes an identification card.
CN201711462960.XA 2017-12-28 2017-12-28 Method and system for executing security operation by using security device Active CN108337235B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711462960.XA CN108337235B (en) 2017-12-28 2017-12-28 Method and system for executing security operation by using security device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711462960.XA CN108337235B (en) 2017-12-28 2017-12-28 Method and system for executing security operation by using security device

Publications (2)

Publication Number Publication Date
CN108337235A CN108337235A (en) 2018-07-27
CN108337235B true CN108337235B (en) 2020-12-15

Family

ID=62924651

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711462960.XA Active CN108337235B (en) 2017-12-28 2017-12-28 Method and system for executing security operation by using security device

Country Status (1)

Country Link
CN (1) CN108337235B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102605461B1 (en) 2018-09-20 2023-11-23 삼성전자주식회사 Electronic device for providing service using secure element and operating method thereof
CN111966981A (en) * 2019-05-20 2020-11-20 北京奇安信科技有限公司 Monitoring method and system of terminal equipment, computer equipment and storage medium
CN111431845B (en) * 2019-05-30 2022-11-04 杭州海康威视数字技术股份有限公司 Method, device and system for recording access log
CN112149082A (en) * 2019-06-26 2020-12-29 天地融科技股份有限公司 Office system safety control method, device and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082669A (en) * 2010-12-23 2011-06-01 深圳市文鼎创数据科技有限公司 Security certification method and device
CN102737311A (en) * 2012-05-11 2012-10-17 福建联迪商用设备有限公司 Internet bank security authentication method and system
CN102867366A (en) * 2012-09-19 2013-01-09 中国工商银行股份有限公司 Portable bank card data processing device, system and method

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7461399B2 (en) * 2004-07-30 2008-12-02 Rsa Security Inc. PIN recovery in a smart card
CN101034423A (en) * 2006-03-09 2007-09-12 福建省普集网络科技有限公司 Method for unicity, accurate and quick locating logon web page on internet
US20130185567A1 (en) * 2012-01-13 2013-07-18 Greg Salyards Method or process for securing computers or mobile computer devices with a contact or dual-interface smart card
CN103346888B (en) * 2013-07-02 2016-08-10 山东科技大学 A kind of remote identity authentication method based on password, smart card and biological characteristic
CN105141615A (en) * 2015-09-07 2015-12-09 天地融科技股份有限公司 Method and system for opening account remotely, authentication method and system
CN106330919A (en) * 2016-08-26 2017-01-11 国家电网公司 Operation and maintenance safety auditing method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082669A (en) * 2010-12-23 2011-06-01 深圳市文鼎创数据科技有限公司 Security certification method and device
CN102737311A (en) * 2012-05-11 2012-10-17 福建联迪商用设备有限公司 Internet bank security authentication method and system
CN102867366A (en) * 2012-09-19 2013-01-09 中国工商银行股份有限公司 Portable bank card data processing device, system and method

Also Published As

Publication number Publication date
CN108337235A (en) 2018-07-27

Similar Documents

Publication Publication Date Title
CN108322507B (en) Method and system for executing security operation by using security device
CN108200037B (en) Method and system for executing security operation by using security device
JP7152466B2 (en) Secure communication method and smart lock system based thereon
CN108322310B (en) Card reading login method and security login system by using security equipment
EP1360568B1 (en) Method and system for securing a computer network and personal identification device used therein for controlling access to network components
KR102144528B1 (en) An authentication apparatus with a bluetooth interface
CN108337235B (en) Method and system for executing security operation by using security device
US9628478B2 (en) Technologies for secure storage and use of biometric authentication information
CN109903433B (en) Access control system and access control method based on face recognition
US8955069B1 (en) Event-based biometric authentication using mobile device
US8595810B1 (en) Method for automatically updating application access security
EP2579220A1 (en) Entrance guard control method and system thereof
US20130237190A1 (en) Method and apparatus for remote portable wireless device authentication
AU2002226231A1 (en) Method and system for securing a computer network and personal identification device used therein for controlling access to network components
CN103890768A (en) Communication secured between a medical device and its remote device
CN107135205B (en) Network access method and system
GB2516939A (en) Access authorisation system and secure data communications system
CN109145628B (en) Data acquisition method and system based on trusted execution environment
CN105325021B (en) Method and apparatus for remote portable wireless device authentication
CN112184952A (en) Intelligent lock control system, method and storage medium
CN108322440B (en) Card reading login method and security login system by using security equipment
CN108322508B (en) Method and system for executing security operation by using security device
CN109522708B (en) Method and device for safely controlling running environment of application program
CN107026737B (en) System for managing passwords through wearable equipment
EP2738996A1 (en) Method, device and system for accessing a server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant