CN108989331A - Data storage device uses method for authenticating and its equipment and storage medium - Google Patents
Data storage device uses method for authenticating and its equipment and storage medium Download PDFInfo
- Publication number
- CN108989331A CN108989331A CN201810901051.XA CN201810901051A CN108989331A CN 108989331 A CN108989331 A CN 108989331A CN 201810901051 A CN201810901051 A CN 201810901051A CN 108989331 A CN108989331 A CN 108989331A
- Authority
- CN
- China
- Prior art keywords
- user
- mobile terminal
- data storage
- terminal
- storage device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013500 data storage Methods 0.000 title claims abstract description 142
- 238000000034 method Methods 0.000 title claims abstract description 77
- 230000005540 biological transmission Effects 0.000 claims abstract description 34
- 238000013475 authorization Methods 0.000 claims abstract description 31
- 238000001514 detection method Methods 0.000 claims description 34
- 238000005259 measurement Methods 0.000 claims description 13
- 238000007689 inspection Methods 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 13
- 238000012360 testing method Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention relates to the communications fields, a kind of use method for authenticating of data storage device are disclosed, this method comprises: obtaining the first biometric feature of the user acquired at data storage device;The first biometric feature is sent to mobile terminal;If receiving the first User ID of the first terminal ID of the mobile terminal of mobile terminal transmission and the user of the mobile terminal, the first device id, first terminal ID and the first User ID for identifying the data storage device are sent to server;If receiving the successful authorization message of server matches from server, the data of the first User ID of correspondence of storage in a data storage device are sent to mobile terminal.Present invention can ensure that physically request data are user, so that the situation that the related data after effectively avoiding user identity or mobile terminal stolen is stolen, improves the safety of data acquisition.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of data storage device uses method for authenticating and its equipment and deposits
Storage media.
Background technique
In traditional data transmission procedure, there is the risk being intercepted in the transmission of clear data, and separately send out
There is the risk inquired according to sender to intercept respectively in the encryption data and key sent.In order to solve this problem, Ke Yishe
Set different sending devices and send ciphertext data and key respectively, meanwhile, to receive data terminal whether have the right obtain these
Data are identified.Existing is to rely on mobile Internet unidirectionally to be authenticated mostly using authentication mode, and there are easy forgeries
The problem of address information, such as when mobile terminal is stolen, breaks through or replicates, attacker can remotely operate shifting
The terminal that dynamic terminal authenticates needs authorizes.
Can not almost it discover since the characteristic of internet causes the information in this strange land to send, to can not judge mobile whole
Whether end is confirmed whether near the terminal (execution equipment i.e. as described herein) for needing to authorize by the user by authorization
Initiate authentication application.
I.e. only by checking identity information (mobile phone SN, the phone number, in mobile terminal OS of authentication or certification promoter
The use authentication functions such as screen-lock password set) at present it has been confirmed that can forge/break through.Need in this case compared with
The occasion of high security cannot rely on these traditional identification authentication modes and method for authenticating again.
And directly authenticated by way of users' unique identifier such as biometric feature, presence must concentrate
The problem of storing user information.When related service is towards general marketplace can centrally stored a large amount of user information, especially
The user information that biometric feature etc. can not change, once leakage will cause great loss to client.That is any
The service of centrally stored user information is all high risk.The acquisition biometric feature information personal with transmission is in China and generation
Boundary various regions are all that a height is related to the sensitive behavior of safety and law.
Summary of the invention
Method for authenticating and its equipment and storage medium are used the purpose of the present invention is to provide a kind of data storage device,
Can ensure physically to request authorization to receive the user of encryption data and key, thus effectively avoid user identity or
The situation that related data after person's mobile terminal is stolen is stolen, improves the safety of data acquisition.
In order to solve the above technical problems, embodiments of the present invention disclose a kind of use authentication side of data storage device
Method, this method comprises:
Obtain the first biometric feature of the user acquired at data storage device;
The first biometric feature is sent to mobile terminal, so that mobile terminal is special by first bio-identification received
It levies and is matched with the second biometric feature for the user being stored in the mobile terminal;
If receiving the of the first terminal ID of the mobile terminal of mobile terminal transmission and the user of the mobile terminal
One User ID then sends the first device id, first terminal ID and the first User ID for identifying the data storage device to server,
So that server receives the first device id received, first terminal ID and the first User ID and server from mobile terminal
Second device id, second terminal ID and second user ID are matched respectively;
If receiving the successful authorization message of server matches from server, data are stored in mobile terminal transmission
Store the data of the first User ID of correspondence in equipment.
In a demonstration example, the data of correspondence first User ID sent to mobile terminal are encrypted data,
And
Mobile terminal is sent out after being succeeded according to the server matches received from server after receiving encrypted data
The key of the correspondence sent first User ID or second user ID, is decrypted encryption data.
In a demonstration example, party's normal direction mobile terminal is sent after the first biometric feature, further includes:
Delete the first biometric feature obtained.
In a demonstration example, if acquisition and the equipment for obtaining biometric feature are not same equipment, biology is acquired
For the acquisition equipment of identification feature after sending collected biometric feature, the bio-identification that also will be deleted acquisition is special
Sign.
In a demonstration example, this method meets at least one in following condition:
The equipment for acquiring the first biometric feature is placed or is integrated on data storage device;
Data storage device is electronic message board;
First biometric feature and the second biometric feature are fingerprint.
Embodiments of the present invention also disclose a kind of use method for authenticating of data storage device, this method comprises:
Mobile terminal receives the first biometric feature of the user acquired at data storage device;
Mobile terminal is raw by the second of the first biometric feature received and the user being stored in the mobile terminal
Object identification feature is matched;
If successful match, mobile terminal sends the mobile terminal to the detection device for sending the first biometric feature
First terminal ID and the mobile terminal user the first User ID, and
To server transmit and receive mark data storage the second device id of equipment of self-test measurement equipment, second terminal ID and
Second user ID, for server: by the second device id received, second terminal ID and second user ID and server from inspection
The first device id, first terminal ID and the first User ID that measurement equipment receives are matched respectively.
In a demonstration example, this method further include:
Mobile terminal receives the data of the first User ID of correspondence of storage in a data storage device from data storage device;
Wherein, server is by the second device id, second terminal ID and second user ID and the first device id, first terminal
After ID and the first User ID distinguish successful match, the successful authorization message of the server matches is sent to data storage device, number
It is received according to storage equipment and sends data to mobile terminal after authorization message.
In above-mentioned demonstration example, mobile terminal from the received data of data storage device be encrypted data, also, should
Method further include:
Mobile terminal receives corresponding first User ID or the key of second user ID from server, and is added based on key pair
Close data are decrypted.
In another demonstration example, this method further include:
Decrypted data are shown on the screen of the mobile terminal.
Embodiments of the present invention also disclose a kind of use method for authenticating of data storage device, this method comprises:
Server receives the second device id, second terminal ID and second user ID from mobile terminal, and connects from detection device
Receive the first device id, first terminal ID and the first User ID;
Server is to the first device id, first terminal ID and the first User ID and the second device id received, the second end
End ID and second user ID is matched respectively;
Server sends authorization message after successful match, to data storage device, so that data storage device is according to connecing
Receive the data that authorization message sends corresponding first User ID to mobile terminal;
Wherein, mobile terminal is known in the first biometric feature and the second biology for the user being stored in the mobile terminal
When other characteristic matching, the second device id, second terminal ID and second user ID are sent to server, and send the to detection device
One Termination ID and the first User ID, and
First biometric feature is collected at data storage device and is sent to mobile terminal by detection device, and first
Device id is sent to mobile terminal by detection device.
In a demonstration example, the data that data storage device is sent to mobile terminal are encrypted data, also, the party
Method further include:
Server sends corresponding first User ID or the key of second user ID after successful match, to mobile terminal, with
The data being encrypted for mobile terminal based on the key pair received are decrypted.
Embodiments of the present invention also disclose a kind of use authentication device of data storage device, which includes:
Acquiring unit, for obtaining the first biometric feature of the user acquired at data storage device;
First transmission unit, for sending the first biometric feature to mobile terminal, so that mobile terminal will receive
First biometric feature matched with the second biometric feature for the user being stored in the mobile terminal;
Second transmission unit, in first terminal ID and the movement for receiving the mobile terminal of mobile terminal transmission
When the first User ID of the user of terminal, the first device id, the first terminal for identifying the data storage device are sent to server
ID and the first User ID, so that server is by the first device id received, first terminal ID and the first User ID and server
The second device id, second terminal ID and second user ID is received from mobile terminal to be matched respectively;
Third transmission unit, for after receiving the successful authorization message of server matches from server, to it is mobile eventually
End sends the data of the first User ID of correspondence of storage in a data storage device;
Unit is deleted, for deleting the first biometric feature obtained.
Embodiments of the present invention also disclose a kind of mobile terminal, which includes:
First receiving unit, for receiving the first biometric feature of the user acquired at data storage device;
First matching unit, the first biometric feature for that will receive and the user being stored in the mobile terminal
The second biometric feature matched;
4th transmission unit, for the inspection after the first matching unit successful match, to the first biometric feature of transmission
Measurement equipment sends the first User ID of the first terminal ID of the mobile terminal and the user of the mobile terminal, and
To server transmit and receive mark data storage the second device id of equipment of self-test measurement equipment, second terminal ID and
Second user ID, for server: by the second device id received, second terminal ID and second user ID and server from inspection
The first device id, first terminal ID and the first User ID that measurement equipment receives are matched respectively, and after successful match to
The authorization message of equipment transmission successful match;
Second receiving unit, for receiving the first user of correspondence of storage in a data storage device from data storage device
The data of ID.
Embodiments of the present invention also disclose a kind of server, which includes:
Third receiving unit is used for from the second device id of mobile terminal reception, second terminal ID and second user ID, and from
Detection device receives the first device id, first terminal ID and the first User ID;
Second matching unit, for being set to the first device id, first terminal ID and the first User ID that receive with second
Standby ID, second terminal ID and second user ID are matched respectively;
5th transmission unit, for sending authorization message to data storage device, so that data storage device is according to reception
The data of corresponding first User ID are sent to authorization message to mobile terminal;
Wherein, mobile terminal is known in the first biometric feature and the second biology for the user being stored in the mobile terminal
When other characteristic matching, the second device id, second terminal ID and second user ID are sent to server, and send the to detection device
One Termination ID and the first User ID, and
First biometric feature is collected at data storage device and is sent to mobile terminal by detection device, and first
Device id is sent to mobile terminal by detection device.
Embodiments of the present invention also disclose a kind of equipment, which includes being stored with depositing for computer executable instructions
Reservoir and processor, processor are configured as executing instruction to implement the use of data storage device disclosed in above embodiment
Method for authenticating.
Embodiments of the present invention also disclose a kind of non-volatile computer storage Jie using computer program code
Matter, wherein computer program includes instruction, when instruction is executed by more than one computer, is instructed so that more than one
Data storage device disclosed in computer execution above embodiment uses method for authenticating.
Compared with prior art, the main distinction and its effect are embodiment of the present invention:
The bi-directional authentification of biometric feature based on user, it can be ensured that the physically user of request data
For I, so that the situation that related data after effectively avoiding user identity or mobile terminal stolen is stolen, improves number
According to the safety of acquisition.
Further, encryption data is stored in local and key saves beyond the clouds, so that encryption data is without passing through net
Network is propagated, and the risk that encryption data is intercepted is reduced, meanwhile, data itself counter can not be released after key loss, further
Improve the safety of data acquisition.
Further, the biometric feature for not storing user sends biometric feature without long-range, is guaranteeing to award
Weigh the leakage that user biological identification feature is avoided while safety.
Detailed description of the invention
Fig. 1 is the flow diagram using method for authenticating of the data storage device of first embodiment according to the present invention;
Fig. 2 is the flow diagram using method for authenticating of the data storage device of second embodiment according to the present invention;
Fig. 3 is the flow diagram using method for authenticating of the data storage device of third embodiment according to the present invention;
Fig. 4 is the flow diagram using method for authenticating of the data storage device of the 4th embodiment according to the present invention;
Fig. 5 is the structural schematic diagram using authentication device of the data storage device of the 5th embodiment according to the present invention;
Fig. 6 is the structural schematic diagram of the mobile terminal of sixth embodiment according to the present invention;
Fig. 7 is the structural schematic diagram of the server of the 7th embodiment according to the present invention.
Specific embodiment
In the following description, in order to make the reader understand this application better, many technical details are proposed.But this
The those of ordinary skill in field is appreciated that even if without these technical details and many variations based on the following respective embodiments
And modification, each claim of the application technical solution claimed can also be realized.
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to implementation of the invention
Mode is described in further detail.
It is appreciated that in the present invention, biometric feature refers to the biometric feature of unique identification user, such as refer to
Line, iris, facial characteristics, sound etc..
Furthermore, it is to be understood that in the present invention, mobile terminal includes but is not limited to smart phone, tablet computer etc..Service
Device can be remote server or cloud server.Device id refers to the information of unique identification data storage equipment, for example
The identification code perhaps IP address of identifier or data storage device, MAC Address etc. of data storage device setting.It is mobile whole
The Termination ID at end also refers to the information for capableing of unique identification mobile terminal, such as MAC Address or the mark being specially arranged for terminal
Symbol.User ID refers to the identification information for uniquely showing user identity, such as the machine code (SN code) of the mobile phone of user, cell-phone number
Code, user name etc..It is worth noting that, the ID different to transmission source is carried out using by the way of the preceding plus first or second herein
It distinguishes, for example, first terminal ID and second terminal ID are the ID for identifying mobile terminal, the equipment only directly transmitted is different,
So being distinguished.
Furthermore, it is to be understood that data storage device mentioned by the present invention can be can be accessed by multiple user authentication
Common storage device, for example, the mobile memory medium etc. of electronic message board, self-contained battery.
First embodiment of the invention is related to a kind of use method for authenticating of data storage device.Fig. 1 is data storage
The flow diagram using method for authenticating of equipment.
Specifically, as shown in Figure 1, the data storage device using method for authenticating the following steps are included:
In a step 101, the first biometric feature of the user acquired at data storage device is obtained.
Hereafter, 102 are entered step.
In a step 102, send the first biometric feature to mobile terminal, for mobile terminal by receive this
One biometric feature is matched with the second biometric feature for the user being stored in the mobile terminal.
Hereafter, 103 are entered step.
In step 103, judge the mobile terminal that mobile terminal transmission whether is received within the first predetermined time
The first User ID of the user of first terminal ID and the mobile terminal.I.e. mobile terminal by the first biometric feature and storage
In the mobile terminal after the second biometric feature successful match, first terminal ID and the movement of the mobile terminal can be sent
The first User ID of the user of terminal.
If it is judged that be it is yes, then enter step 104;Otherwise, terminate this process.
At step 104, it is sent to server and identifies the first device id of the data storage device, first terminal ID and the
One User ID, for server by the first device id received, first terminal ID and the first User ID and server from movement
Terminal receives the second device id, second terminal ID and second user ID and is matched respectively.Wherein, the first device id is mark
The device id of data storage device, the second device id are when sending the first biometric feature to mobile terminal or to send it
It is sent to the device id of the mark data storage equipment of mobile terminal afterwards.
Hereafter, 105 are entered step.
In step 105, judge whether the authorization for receiving the successful match of server transmission within second scheduled time
Information.
If it is judged that be it is yes, then enter step 106;Otherwise, terminate this process.
In step 106, the data of the first User ID of correspondence of storage in a data storage device are sent to mobile terminal.
Hereafter, terminate this process.
Preferably, in order to which the safety for further enhancing data acquisition is sent in above-mentioned steps 106 to mobile terminal
Data be encrypted data, and key corresponding with the encryption data is stored in server, when server matches will
First device id, first terminal ID and the first User ID match respectively with the second device id, second terminal ID and second user ID
After success, corresponding first User ID is sent to mobile terminal or the key of second user ID, mobile terminal are close according to this is received
The encrypted data received from data storage device are decrypted in key, and, it is preferable that on the screen of the mobile terminal
Show the data of decryption.In this way, encryption data is stored in local and key saves beyond the clouds, so that encryption data is without passing through
Internet communication reduces the risk that encryption data is intercepted, meanwhile, anti-data itself can not be released after key loss, into one
Step improves the safety of data acquisition.
The leakage of user biological identification feature in order to prevent, it is preferable that in a demonstration example, after above-mentioned steps 102,
This method further include:
Delete the first biometric feature obtained.Wherein, if acquisition and the equipment for obtaining biometric feature are not
Same equipment then acquires the acquisition equipment of biometric feature after sending collected biometric feature, can also delete
Except the biometric feature of acquisition.In this way, not storing the biometric feature of user, bio-identification spy is sent without long-range
Sign, avoids the leakage of user biological identification feature while guaranteeing authorizing secure.
In a demonstration example, the equipment of the first biometric feature of acquisition is placed or is integrated in data storage device
On.For example, the acquisition equipment of the first biometric feature is installed or is arranged on the acquisition of information button of electronic message board.
In addition, the acquisition equipment of the biometric feature is also possible to external device in other demonstration examples of the invention,
Collected biometric feature information is transmitted by wireless or wired connection and data storage device.
In a demonstration example, the first biometric feature and the second biometric feature are fingerprint.
The bi-directional authentification of biometric feature based on user, it can be ensured that the physically user of request data
For I, so that the situation that related data after effectively avoiding user identity or mobile terminal stolen is stolen, improves number
According to the safety of acquisition.
Second embodiment of the present invention is related to a kind of use method for authenticating of data storage device.Fig. 2 is that the data are deposited
Store up the flow diagram using method for authenticating of equipment.
Specifically, as shown in Fig. 2, the data storage device using method for authenticating the following steps are included:
In step 201, mobile terminal receives the first biometric feature of the user acquired at data storage device.
Hereafter, 202 are entered step.
In step 202, mobile terminal by the first biometric feature received and is stored in the mobile terminal
The second biometric feature of user matches.
If successful match enters step 203;Otherwise, terminate this process.
In step 203, mobile terminal sends the mobile terminal to the detection device for sending the first biometric feature
The first User ID of the user of first terminal ID and the mobile terminal, and
To server transmit and receive mark data storage the second device id of equipment of self-test measurement equipment, second terminal ID and
Second user ID, for server: by the second device id received, second terminal ID and second user ID and server from inspection
The first device id, first terminal ID and the first User ID that measurement equipment receives are matched respectively.
It is appreciated that server is to the second device id, second terminal ID and second user ID and the first device id, first
After Termination ID and the first User ID are matched, if successful match, authorization message can be sent to data storage device, data are deposited
After storage equipment receives authorization message, the data of the first User ID of correspondence of storage in a data storage device can be sent to shifting
Dynamic terminal.It preferably, can be by the data of storage in a data storage device in order to further increase the safety of data transmission
Encryption, and by the key storage of corresponding encryption data in server, in this way, server is after above-mentioned successful match, to movement
Terminal sends the key of corresponding first User ID and second user ID, after mobile terminal receives the key, uses the key pair
It is decrypted from the received encryption data of data storage device, and it is possible to show the number of decryption on the screen of the mobile terminal
According to.
Hereafter, terminate this process.
In a demonstration example, above-mentioned detection device includes in a data storage device.
In another demonstration example, above-mentioned first biometric feature and the second biometric feature are fingerprint.
It is appreciated that in each embodiment of the present invention, detection device, which can be, to be placed or is integrated in data storage and set
Standby upper, a part as data storage device.For example, together with physical characteristics collecting integration of equipments.It is also possible to external
Equipment is communicated with data storage device by wired connection or wireless communication technique.
The bi-directional authentification of biometric feature based on user, it can be ensured that the physically user of request data
For I, so that the situation that related data after effectively avoiding user identity or mobile terminal stolen is stolen, improves number
According to the safety of acquisition.
Third embodiment of the invention is related to a kind of use method for authenticating of data storage device.Fig. 3 is data storage
The flow diagram using method for authenticating of equipment.
Specifically, as shown in figure 3, the data storage device using method for authenticating the following steps are included:
In step 301, server receives the second device id, second terminal ID and second user ID from mobile terminal, and
The first device id, first terminal ID and the first User ID are received from detection device.
Hereafter, 302 are entered step.
In step 302, server sets the first device id, first terminal ID and the first User ID that receive with second
Standby ID, second terminal ID and second user ID are matched respectively.
If successful match enters step 303;Otherwise, terminate this process.
In step 303, server to the data storage device send authorization message, for data storage device according to
The authorization message received sends the data of corresponding first User ID to mobile terminal.
It is appreciated that second life of the mobile terminal in the first biometric feature and the user being stored in the mobile terminal
When object identification feature matches, second device id, second terminal ID and second user ID are sent to server, and set to detection
Preparation send first terminal ID and the first User ID, and the first biometric feature is collected and by examining at data storage device
Measurement equipment is sent to mobile terminal, and the first device id is sent to mobile terminal by detection device.
Hereafter, terminate this process.
It preferably, can be by the number of storage in a data storage device in order to further increase the safety of data transmission
According to encryption, and by the key storage of corresponding encryption data in server, in this way, server is after above-mentioned successful match, Xiang Yi
Dynamic terminal sends the key of corresponding first User ID and second user ID, after mobile terminal receives the key, uses the key
It is decrypted to from the received encryption data of data storage device.
The bi-directional authentification of biometric feature based on user, it can be ensured that the physically user of request data
For I, so that the situation that related data after effectively avoiding user identity or mobile terminal stolen is stolen, improves number
According to the safety of acquisition.
Four embodiment of the invention is related to a kind of use method for authenticating of data storage device.Fig. 4 is data storage
The flow diagram using method for authenticating of equipment.
Specifically, as shown in figure 4, the data storage device using method for authenticating the following steps are included:
In step 401, detection device obtains and is sent in the user's acquired at data storage device to mobile terminal
Second device id of the first biometric feature and mark data storage equipment.
Hereafter, 402 are entered step.
In step 402, mobile terminal by first biometric feature received and is stored in the mobile terminal
The second biometric feature of user match.
If it does, then entering step 403;Otherwise, terminate this process.
In step 403, mobile terminal sends the first terminal ID for identifying the mobile terminal to detection device and mark should
The first User ID of the user of mobile terminal, and to server send the second device id, identify the second terminal of the mobile terminal
The second user ID of the user of ID and the mark mobile terminal.
Hereafter, 404 are entered step.
In step 404, detection device sends the first device id of mark data storage equipment to server and receives
The first terminal ID arrived and the first User ID.
Hereafter, 405 are entered step.
In step 405, server is to the first device id, first terminal ID and the first User ID and the second equipment received
ID, second terminal ID and second user ID are matched respectively.
If successful match enters step 406;Otherwise, terminate this process.
In a step 406, server sends authorization message to data storage device and sends corresponding first to mobile terminal
The key of User ID or second user ID.
Hereafter, 407 are entered step.
In step 407, data storage device according to the authorization message received from server to mobile terminal send pair
Answer the encryption data of the first User ID.
Then into step 408.
In a step 408, mobile terminal stores received encryption number from data storage device using the key pair received
According to being decrypted.
Hereafter, terminate this process.
The bi-directional authentification of biometric feature based on user, it can be ensured that the physically user of request data
For I, so that the situation that related data after effectively avoiding user identity or mobile terminal stolen is stolen, improves number
According to the safety of acquisition.
5th embodiment of the invention is related to a kind of use authentication device of data storage device.Fig. 5 is use mirror
Weigh the structural schematic diagram of device.
Specifically, as shown in figure 5, this includes: using authentication device
Acquiring unit, for obtaining the first biometric feature of the user acquired at data storage device;
First transmission unit, for sending the first biometric feature to mobile terminal, so that mobile terminal will receive
First biometric feature matched with the second biometric feature for the user being stored in the mobile terminal;
Second transmission unit, in first terminal ID and the movement for receiving the mobile terminal of mobile terminal transmission
When the first User ID of the user of terminal, the first device id, the first terminal for identifying the data storage device are sent to server
ID and the first User ID, so that server is by the first device id received, first terminal ID and the first User ID and server
The second device id, second terminal ID and second user ID is received from mobile terminal to be matched respectively;
Third transmission unit, for after receiving the successful authorization message of server matches from server, to it is mobile eventually
End sends the data of the first User ID of correspondence of storage in a data storage device;
Unit is deleted, for deleting first biometric feature obtained.
First and the 4th embodiment be method implementation corresponding with present embodiment, present embodiment can be with
One or the 4th embodiment is worked in coordination implementation.First and the 4th the relevant technical details mentioned in embodiment in this embodiment party
In formula still effectively, in order to reduce repetition, which is not described herein again.Correspondingly, the relevant technical details mentioned in present embodiment
It is also applicable in first embodiment or the 4th embodiment.
Sixth embodiment of the invention discloses a kind of mobile terminal.Fig. 6 is the structural schematic diagram of the mobile terminal.
Specifically, as shown in fig. 6, the mobile terminal includes:
First receiving unit, for receiving the first biometric feature of the user acquired at data storage device;
First matching unit, the first biometric feature for that will receive and the user being stored in the mobile terminal
The second biometric feature matched;
4th transmission unit, for the inspection after the first matching unit successful match, to the first biometric feature of transmission
Measurement equipment sends the first User ID of the first terminal ID of the mobile terminal and the user of the mobile terminal, and
To server transmit and receive mark data storage the second device id of equipment of self-test measurement equipment, second terminal ID and
Second user ID, for server: by the second device id received, second terminal ID and second user ID and server from inspection
The first device id, first terminal ID and the first User ID that measurement equipment receives are matched respectively;
Second receiving unit, for receiving the first user of correspondence of storage in a data storage device from data storage device
The data of ID.
In a demonstration example, the received data of the second receiving unit are encrypted data, also, the second receiving unit is also
Corresponding first User ID or the key of second user ID are received from server.
The mobile terminal further include:
Decryption unit, for being decrypted based on receiving the encrypted data of key pair;
Display unit, for showing decrypted data on the screen of the mobile terminal.
Second and the 4th embodiment be method implementation corresponding with present embodiment, present embodiment can be with
Two or the 4th embodiment is worked in coordination implementation.Second and the 4th the relevant technical details mentioned in embodiment in this embodiment party
In formula still effectively, in order to reduce repetition, which is not described herein again.Correspondingly, the relevant technical details mentioned in present embodiment
It is also applicable in second embodiment or the 4th embodiment.
7th embodiment of the invention discloses a kind of server.Fig. 7 is the structural schematic diagram of the server.
Specifically, as shown in fig. 7, the server includes:
Third receiving unit is used for from the second device id of mobile terminal reception, second terminal ID and second user ID, and from
Detection device receives the first device id, first terminal ID and the first User ID;
Second matching unit, for being set to the first device id, first terminal ID and the first User ID that receive with second
Standby ID, second terminal ID and second user ID are matched respectively;
5th transmission unit, for sending authorization message to data storage device, so that data storage device is according to reception
The data of corresponding first User ID are sent to authorization message to mobile terminal.
It is appreciated that second life of the mobile terminal in the first biometric feature and the user being stored in the mobile terminal
When object identification feature matches, the second device id, second terminal ID and second user ID are sent to server, and send out to detection device
First terminal ID and the first User ID are sent, and the first biometric feature is collected at data storage device and is set by detection
Preparation gives mobile terminal, and the first device id is sent to mobile terminal by detection device.
Third and fourth embodiment is method implementation corresponding with present embodiment, and present embodiment can be with
Three or the 4th embodiment is worked in coordination implementation.The relevant technical details mentioned in third and fourth embodiment are in this embodiment party
In formula still effectively, in order to reduce repetition, which is not described herein again.Correspondingly, the relevant technical details mentioned in present embodiment
It is also applicable in third embodiment or the 4th embodiment.
8th embodiment of the invention discloses a kind of equipment.The equipment includes being stored with computer executable instructions
Memory and processor, processor are configured as executing instruction to implement data storage disclosed in first to fourth embodiment and set
Standby uses method for authenticating.
9th embodiment of the invention discloses a kind of to be set using the non-volatile data storage of computer program code
Standby storage medium, wherein computer program includes instruction, when instruction is executed by more than one computer, is instructed so that one
A above computer is executed to implement the use method for authenticating of data storage device disclosed in first to fourth embodiment.
Each method embodiment of the invention can be realized in a manner of software, hardware, firmware etc..Regardless of the present invention be with
Software, hardware or firmware mode realize that it is addressable that instruction code may be stored in any kind of data storage device
In memory (such as permanent perhaps revisable volatibility is perhaps non-volatile solid or non-solid, Gu
Fixed or replaceable medium etc.).Equally, memory may, for example, be programmable logic array (Programmable
Array Logic, referred to as " PAL "), random access memory (Random Access Memory, referred to as " RAM "), programmable
Read-only memory (Programmable Read Only Memory, referred to as " PROM "), read-only memory (Read-Only
Memory, referred to as " ROM "), electrically erasable programmable read-only memory (Electrically Erasable Programmable
ROM, referred to as " EEPROM "), disk, CD, digital versatile disc (Digital Versatile Disc, referred to as " DVD ") etc.
Deng.
It should be noted that each unit/the module mentioned in each equipment embodiment of the present invention is all logic unit/mould
Block, physically, a logic unit can be a physical unit, are also possible to a part of a physical unit, may be used also
With with the combination of multiple physical units realization, the Physical realization of these logic units itself be not it is most important, these
The combination for the function that logic unit is realized is only the key for solving technical problem proposed by the invention.In addition, for protrusion
Innovative part of the invention, the above-mentioned each equipment embodiment of the present invention is not by the technical problem proposed by the invention with solution
The less close unit of relationship introduces, this does not indicate above equipment embodiment and there is no other units.
It should be noted that in the claim and specification of this patent, such as first and second or the like relationship
Term is only used to distinguish one entity or operation from another entity or operation, without necessarily requiring or implying
There are any actual relationship or orders between these entities or operation.Moreover, the terms "include", "comprise" or its
Any other variant is intended to non-exclusive inclusion so that include the process, methods of a series of elements, article or
Equipment not only includes those elements, but also including other elements that are not explicitly listed, or further include for this process,
Method, article or the intrinsic element of equipment.In the absence of more restrictions, being wanted by what sentence " including one " limited
Element, it is not excluded that there is also other identical elements in the process, method, article or apparatus that includes the element.
Although being shown and described to the present invention by referring to some of the preferred embodiment of the invention,
It will be understood by those skilled in the art that can to it, various changes can be made in the form and details, without departing from this hair
Bright spirit and scope.
Claims (15)
1. a kind of data storage device uses method for authenticating characterized by comprising
Obtain the first biometric feature of the user acquired at the data storage device;
First biometric feature is sent to mobile terminal, so that the mobile terminal knows first biology received
Other feature is matched with the second biometric feature for the user being stored in the mobile terminal;
If receiving the of the first terminal ID for the mobile terminal that the mobile terminal is sent and the user of the mobile terminal
One User ID then sends to server and identifies the first device id of the data storage device, the first terminal ID and described the
One User ID, for the server by first device id, first terminal ID and the first User ID that receive with it is described
Server receives the second device id, second terminal ID and second user ID from the mobile terminal and is matched respectively;
If receiving the successful authorization message of the server matches from the server, deposited to mobile terminal transmission
Store up the data of correspondence first User ID in the data storage device.
2. data storage device according to claim 1 uses method for authenticating, which is characterized in that the mobile terminal
The data of the correspondence of transmission first User ID are encrypted data, and
The mobile terminal is after receiving encrypted data, according to the server matches received from the server
The key of correspondence first User ID or second user ID that send after success, is decrypted the encrypted data.
3. data storage device according to claim 2 uses method for authenticating, which is characterized in that sent to mobile terminal
After first biometric feature, further includes:
Delete first biometric feature obtained.
4. data storage device according to any one of claim 1 to 3 uses method for authenticating, which is characterized in that full
At least one of in foot column condition:
The equipment for acquiring first biometric feature is placed or is integrated on the data storage device;
The data storage device is electronic message board;
First biometric feature and the second biometric feature are fingerprint.
5. a kind of data storage device uses method for authenticating characterized by comprising
Mobile terminal receives the first biometric feature of the user acquired at the data storage device;
Mobile terminal is raw by the second of first biometric feature received and the user being stored in the mobile terminal
Object identification feature is matched;
If the successful match, mobile terminal sends the movement to the detection device for sending first biometric feature
The first User ID of the user of the first terminal ID and mobile terminal of terminal, and
The second device id from the mark data storage device of the detection device, second terminal are transmitted and received to server
ID and second user ID, for the server: second device id, second terminal ID and the second user ID that will be received
First device id, first terminal ID and the first User ID received with the server from the detection device respectively into
Row matching.
6. data storage device according to claim 5 uses method for authenticating, which is characterized in that further include:
Mobile terminal receives correspondence first user being stored in the data storage device from the data storage device
The data of ID;
Wherein, the server by second device id, second terminal ID and second user ID and first device id,
After first terminal ID and the first User ID distinguish successful match, it is successful that the server matches are sent to the data storage device
Authorization message, the data storage device receive and send the data to mobile terminal after the authorization message.
7. data storage device according to claim 6 uses method for authenticating, which is characterized in that mobile terminal is from described
The received data of data storage device are encrypted data, also, this method further include:
Mobile terminal receives corresponding first User ID or the key of second user ID from the server, and based on described close
The encrypted data are decrypted in key.
8. data storage device according to claim 7 uses method for authenticating, which is characterized in that this method further include:
The decrypted data are shown on the screen of the mobile terminal.
9. a kind of data storage device uses method for authenticating characterized by comprising
Server receives the second device id, second terminal ID and second user ID from mobile terminal, and receives the from detection device
One device id, first terminal ID and the first User ID;
Server is to first device id, first terminal ID and the first User ID that receive and second device id, the
Two Termination ID and second user ID are matched respectively;
Server sends authorization message after the successful match, to the data storage device, so that the data storage is set
The standby data for sending corresponding first User ID to the mobile terminal according to the authorization message received;
Wherein, the mobile terminal is known in the first biometric feature and the second biology for the user being stored in the mobile terminal
When other characteristic matching, second device id, second terminal ID and second user ID are sent to the server, and to the inspection
Measurement equipment sends first terminal ID and the first User ID, and
First biometric feature is collected at the data storage device and is sent to by the detection device described
Mobile terminal, first device id are sent to the mobile terminal by the detection device.
10. data storage device according to claim 9 uses method for authenticating, which is characterized in that the data storage
The data that equipment is sent to the mobile terminal are encrypted data, also, this method further include:
The server sends corresponding first User ID or second user after the successful match, to the mobile terminal
The key of ID, so that the mobile terminal is decrypted based on the data being encrypted described in the key pair received.
11. a kind of data storage device uses authentication device characterized by comprising
Acquiring unit, for obtaining the first biometric feature of the user acquired at the data storage device;
First transmission unit, for sending first biometric feature to mobile terminal, so that the mobile terminal will connect
First biometric feature received is matched with the second biometric feature for the user being stored in the mobile terminal;
Second transmission unit, in first terminal ID and the movement for receiving the mobile terminal that the mobile terminal is sent
When the first User ID of the user of terminal, the first device id for identifying the data storage device, described first are sent to server
Termination ID and first User ID, so that the server is by first device id received, first terminal ID and
One User ID and the server receive the second device id, second terminal ID and second user ID from the mobile terminal and distinguish
It is matched;
Third transmission unit, for after receiving the successful authorization message of the server matches from the server, to institute
State the data that mobile terminal sends correspondence first User ID being stored in the data storage device;
Unit is deleted, for deleting first biometric feature obtained.
12. a kind of mobile terminal characterized by comprising
First receiving unit, for receiving the first biometric feature of the user acquired at the data storage device;
First matching unit, for by first biometric feature received and the user that is stored in the mobile terminal
The second biometric feature matched;
4th transmission unit is used for after the first matching unit successful match, to transmission first biometric feature
Detection device send the first User ID of the first terminal ID of the mobile terminal and the user of the mobile terminal, and
The second device id from the mark data storage device of the detection device, second terminal are transmitted and received to server
ID and second user ID, for the server: second device id, second terminal ID and the second user ID that will be received
The first device id, first terminal ID and the first User ID received with the server from the detection device carries out respectively
Match, and sends the authorization message of successful match to the data storage device after successful match;
Second receiving unit, for being received described in the correspondence being stored in the data storage device from the data storage device
The data of first User ID.
13. a kind of server characterized by comprising
Third receiving unit, for receiving the second device id, second terminal ID and second user ID from mobile terminal, and from detection
Equipment receives the first device id, first terminal ID and the first User ID;
Second matching unit, for first device id, first terminal ID and the first User ID that receive and described the
Two device ids, second terminal ID and second user ID are matched respectively;
5th transmission unit, for the data storage device send authorization message, for the data storage device according to
Receive the data that the authorization message sends corresponding first User ID to the mobile terminal;
Wherein, the mobile terminal is known in the first biometric feature and the second biology for the user being stored in the mobile terminal
When other characteristic matching, second device id, second terminal ID and second user ID are sent to the server, and to the inspection
Measurement equipment sends first terminal ID and the first User ID, and
First biometric feature is collected at the data storage device and is sent to by the detection device described
Mobile terminal, first device id are sent to the mobile terminal by the detection device.
14. a kind of equipment, which is characterized in that memory and processor including being stored with computer executable instructions, the place
Reason device is configured as executing use of the described instruction to implement the data storage device as described in any one of claims 1 to 10
Method for authenticating.
15. a kind of nonvolatile computer storage media using computer program code, which is characterized in that the computer journey
Sequence includes instruction, and when described instruction is executed by more than one computer, described instruction makes one above calculating
Data storage device of the machine execution as described in any one of claims 1 to 10 uses method for authenticating.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810901051.XA CN108989331B (en) | 2018-08-09 | 2018-08-09 | Use authentication method of data storage device, device and storage medium thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810901051.XA CN108989331B (en) | 2018-08-09 | 2018-08-09 | Use authentication method of data storage device, device and storage medium thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108989331A true CN108989331A (en) | 2018-12-11 |
CN108989331B CN108989331B (en) | 2021-03-09 |
Family
ID=64556344
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810901051.XA Active CN108989331B (en) | 2018-08-09 | 2018-08-09 | Use authentication method of data storage device, device and storage medium thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108989331B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111783065A (en) * | 2020-06-30 | 2020-10-16 | 上海闻泰电子科技有限公司 | Authorization method and device based on two-dimension code, electronic equipment and storage medium |
CN113556740A (en) * | 2020-04-07 | 2021-10-26 | 中移(成都)信息通信科技有限公司 | Identity authentication system and method |
CN113836082A (en) * | 2020-06-23 | 2021-12-24 | 南京酷派软件技术有限公司 | Data migration method and device, storage medium and server |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101330386A (en) * | 2008-05-19 | 2008-12-24 | 刘洪利 | Authentication system based on biological characteristics and identification authentication method thereof |
CN101345761A (en) * | 2008-08-20 | 2009-01-14 | 深圳市同洲电子股份有限公司 | Private data transmission method and system |
CN104753953A (en) * | 2015-04-13 | 2015-07-01 | 成都双奥阳科技有限公司 | Access control system |
CN105812140A (en) * | 2014-12-31 | 2016-07-27 | 上海庆科信息技术有限公司 | Authorization access method |
US20170214771A1 (en) * | 2012-02-01 | 2017-07-27 | Aol Advertising Inc. | Systems and methods for identifying a returning web client |
-
2018
- 2018-08-09 CN CN201810901051.XA patent/CN108989331B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101330386A (en) * | 2008-05-19 | 2008-12-24 | 刘洪利 | Authentication system based on biological characteristics and identification authentication method thereof |
CN101345761A (en) * | 2008-08-20 | 2009-01-14 | 深圳市同洲电子股份有限公司 | Private data transmission method and system |
US20170214771A1 (en) * | 2012-02-01 | 2017-07-27 | Aol Advertising Inc. | Systems and methods for identifying a returning web client |
CN105812140A (en) * | 2014-12-31 | 2016-07-27 | 上海庆科信息技术有限公司 | Authorization access method |
CN104753953A (en) * | 2015-04-13 | 2015-07-01 | 成都双奥阳科技有限公司 | Access control system |
Non-Patent Citations (2)
Title |
---|
P. GUPTA: "Efficient fingerprint-based user authentication for embedded systems", 《PROCEEDINGS. 42ND DESIGN AUTOMATION CONFERENCE, 2005》 * |
罗军舟等: "网络空间安全体系与关键技术", 《中国科学:信息科学》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113556740A (en) * | 2020-04-07 | 2021-10-26 | 中移(成都)信息通信科技有限公司 | Identity authentication system and method |
CN113556740B (en) * | 2020-04-07 | 2024-03-19 | 中移(成都)信息通信科技有限公司 | Identity authentication system and method |
CN113836082A (en) * | 2020-06-23 | 2021-12-24 | 南京酷派软件技术有限公司 | Data migration method and device, storage medium and server |
CN111783065A (en) * | 2020-06-30 | 2020-10-16 | 上海闻泰电子科技有限公司 | Authorization method and device based on two-dimension code, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN108989331B (en) | 2021-03-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210350013A1 (en) | Security systems and methods for continuous authorized access to restricted access locations | |
US8769643B1 (en) | Method for identifying a remote device | |
EP3138265B1 (en) | Enhanced security for registration of authentication devices | |
US9380058B1 (en) | Systems and methods for anonymous authentication using multiple devices | |
CN103856472B (en) | A kind of method and device of Account Logon | |
US20170085561A1 (en) | Key storage device and method for using same | |
CN107506635B (en) | Online function opening method for identity card, mobile phone, trusted terminal and verification server | |
JP2013524314A (en) | Authentication method and system using portable terminal | |
CN105164689A (en) | User authentication | |
CN109067881A (en) | Remote-authorization method and its device, equipment and storage medium | |
CN108989331A (en) | Data storage device uses method for authenticating and its equipment and storage medium | |
CN106022081A (en) | Card reading method for identity-card card-reading terminal, and terminal and system for identity-card card-reading | |
KR101603963B1 (en) | Authentication method using fingerprint information and certification number, user terminal and financial institution server | |
KR101457131B1 (en) | Digital system for user authentication, authentication system, and providing method thereof | |
KR101831381B1 (en) | Method of smart login using messenger service and device thereof | |
EP3915221B1 (en) | Offline interception-free interaction with a cryptocurrency network using a network-disabled device | |
KR101799517B1 (en) | A authentication server and method thereof | |
CN109561428A (en) | Remote authentication method and device thereof, equipment and storage medium | |
CN107306270B (en) | High-security user multiple authentication system and method | |
CN109067880A (en) | The remote de-locking method and its device of shared device, equipment and storage medium | |
JP6801146B2 (en) | Electronic approval systems, methods, and programs using biometrics | |
KR101257761B1 (en) | Image based authentication system and method therefor | |
Hastings et al. | Considerations for identity management in public safety mobile networks | |
CN109547484A (en) | Remote authentication method and device thereof, equipment and storage medium | |
KR101879842B1 (en) | User authentication method and system using one time password |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20200519 Address after: 201101 401, 39 Lane 3333, Hongxin Road, Minhang District, Shanghai Applicant after: Gu Hongchao Address before: 241000 A609, No. 35 Hengshan Road, Wuhu Economic and Technological Development Zone, Wuhu City, Anhui Province Applicant before: WUHU JIZHI INTELLIGENT TECHNOLOGY Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |