CN108989331A - Data storage device uses method for authenticating and its equipment and storage medium - Google Patents

Data storage device uses method for authenticating and its equipment and storage medium Download PDF

Info

Publication number
CN108989331A
CN108989331A CN201810901051.XA CN201810901051A CN108989331A CN 108989331 A CN108989331 A CN 108989331A CN 201810901051 A CN201810901051 A CN 201810901051A CN 108989331 A CN108989331 A CN 108989331A
Authority
CN
China
Prior art keywords
user
mobile terminal
data storage
terminal
storage device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810901051.XA
Other languages
Chinese (zh)
Other versions
CN108989331B (en
Inventor
顾宏超
吴同鑫
Original Assignee
Wuhu Smart Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhu Smart Technology Co Ltd filed Critical Wuhu Smart Technology Co Ltd
Priority to CN201810901051.XA priority Critical patent/CN108989331B/en
Publication of CN108989331A publication Critical patent/CN108989331A/en
Application granted granted Critical
Publication of CN108989331B publication Critical patent/CN108989331B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Abstract

The present invention relates to the communications fields, a kind of use method for authenticating of data storage device are disclosed, this method comprises: obtaining the first biometric feature of the user acquired at data storage device;The first biometric feature is sent to mobile terminal;If receiving the first User ID of the first terminal ID of the mobile terminal of mobile terminal transmission and the user of the mobile terminal, the first device id, first terminal ID and the first User ID for identifying the data storage device are sent to server;If receiving the successful authorization message of server matches from server, the data of the first User ID of correspondence of storage in a data storage device are sent to mobile terminal.Present invention can ensure that physically request data are user, so that the situation that the related data after effectively avoiding user identity or mobile terminal stolen is stolen, improves the safety of data acquisition.

Description

Data storage device uses method for authenticating and its equipment and storage medium
Technical field
The present invention relates to the communications field, in particular to a kind of data storage device uses method for authenticating and its equipment and deposits Storage media.
Background technique
In traditional data transmission procedure, there is the risk being intercepted in the transmission of clear data, and separately send out There is the risk inquired according to sender to intercept respectively in the encryption data and key sent.In order to solve this problem, Ke Yishe Set different sending devices and send ciphertext data and key respectively, meanwhile, to receive data terminal whether have the right obtain these Data are identified.Existing is to rely on mobile Internet unidirectionally to be authenticated mostly using authentication mode, and there are easy forgeries The problem of address information, such as when mobile terminal is stolen, breaks through or replicates, attacker can remotely operate shifting The terminal that dynamic terminal authenticates needs authorizes.
Can not almost it discover since the characteristic of internet causes the information in this strange land to send, to can not judge mobile whole Whether end is confirmed whether near the terminal (execution equipment i.e. as described herein) for needing to authorize by the user by authorization Initiate authentication application.
I.e. only by checking identity information (mobile phone SN, the phone number, in mobile terminal OS of authentication or certification promoter The use authentication functions such as screen-lock password set) at present it has been confirmed that can forge/break through.Need in this case compared with The occasion of high security cannot rely on these traditional identification authentication modes and method for authenticating again.
And directly authenticated by way of users' unique identifier such as biometric feature, presence must concentrate The problem of storing user information.When related service is towards general marketplace can centrally stored a large amount of user information, especially The user information that biometric feature etc. can not change, once leakage will cause great loss to client.That is any The service of centrally stored user information is all high risk.The acquisition biometric feature information personal with transmission is in China and generation Boundary various regions are all that a height is related to the sensitive behavior of safety and law.
Summary of the invention
Method for authenticating and its equipment and storage medium are used the purpose of the present invention is to provide a kind of data storage device, Can ensure physically to request authorization to receive the user of encryption data and key, thus effectively avoid user identity or The situation that related data after person's mobile terminal is stolen is stolen, improves the safety of data acquisition.
In order to solve the above technical problems, embodiments of the present invention disclose a kind of use authentication side of data storage device Method, this method comprises:
Obtain the first biometric feature of the user acquired at data storage device;
The first biometric feature is sent to mobile terminal, so that mobile terminal is special by first bio-identification received It levies and is matched with the second biometric feature for the user being stored in the mobile terminal;
If receiving the of the first terminal ID of the mobile terminal of mobile terminal transmission and the user of the mobile terminal One User ID then sends the first device id, first terminal ID and the first User ID for identifying the data storage device to server, So that server receives the first device id received, first terminal ID and the first User ID and server from mobile terminal Second device id, second terminal ID and second user ID are matched respectively;
If receiving the successful authorization message of server matches from server, data are stored in mobile terminal transmission Store the data of the first User ID of correspondence in equipment.
In a demonstration example, the data of correspondence first User ID sent to mobile terminal are encrypted data, And
Mobile terminal is sent out after being succeeded according to the server matches received from server after receiving encrypted data The key of the correspondence sent first User ID or second user ID, is decrypted encryption data.
In a demonstration example, party's normal direction mobile terminal is sent after the first biometric feature, further includes:
Delete the first biometric feature obtained.
In a demonstration example, if acquisition and the equipment for obtaining biometric feature are not same equipment, biology is acquired For the acquisition equipment of identification feature after sending collected biometric feature, the bio-identification that also will be deleted acquisition is special Sign.
In a demonstration example, this method meets at least one in following condition:
The equipment for acquiring the first biometric feature is placed or is integrated on data storage device;
Data storage device is electronic message board;
First biometric feature and the second biometric feature are fingerprint.
Embodiments of the present invention also disclose a kind of use method for authenticating of data storage device, this method comprises:
Mobile terminal receives the first biometric feature of the user acquired at data storage device;
Mobile terminal is raw by the second of the first biometric feature received and the user being stored in the mobile terminal Object identification feature is matched;
If successful match, mobile terminal sends the mobile terminal to the detection device for sending the first biometric feature First terminal ID and the mobile terminal user the first User ID, and
To server transmit and receive mark data storage the second device id of equipment of self-test measurement equipment, second terminal ID and Second user ID, for server: by the second device id received, second terminal ID and second user ID and server from inspection The first device id, first terminal ID and the first User ID that measurement equipment receives are matched respectively.
In a demonstration example, this method further include:
Mobile terminal receives the data of the first User ID of correspondence of storage in a data storage device from data storage device;
Wherein, server is by the second device id, second terminal ID and second user ID and the first device id, first terminal After ID and the first User ID distinguish successful match, the successful authorization message of the server matches is sent to data storage device, number It is received according to storage equipment and sends data to mobile terminal after authorization message.
In above-mentioned demonstration example, mobile terminal from the received data of data storage device be encrypted data, also, should Method further include:
Mobile terminal receives corresponding first User ID or the key of second user ID from server, and is added based on key pair Close data are decrypted.
In another demonstration example, this method further include:
Decrypted data are shown on the screen of the mobile terminal.
Embodiments of the present invention also disclose a kind of use method for authenticating of data storage device, this method comprises:
Server receives the second device id, second terminal ID and second user ID from mobile terminal, and connects from detection device Receive the first device id, first terminal ID and the first User ID;
Server is to the first device id, first terminal ID and the first User ID and the second device id received, the second end End ID and second user ID is matched respectively;
Server sends authorization message after successful match, to data storage device, so that data storage device is according to connecing Receive the data that authorization message sends corresponding first User ID to mobile terminal;
Wherein, mobile terminal is known in the first biometric feature and the second biology for the user being stored in the mobile terminal When other characteristic matching, the second device id, second terminal ID and second user ID are sent to server, and send the to detection device One Termination ID and the first User ID, and
First biometric feature is collected at data storage device and is sent to mobile terminal by detection device, and first Device id is sent to mobile terminal by detection device.
In a demonstration example, the data that data storage device is sent to mobile terminal are encrypted data, also, the party Method further include:
Server sends corresponding first User ID or the key of second user ID after successful match, to mobile terminal, with The data being encrypted for mobile terminal based on the key pair received are decrypted.
Embodiments of the present invention also disclose a kind of use authentication device of data storage device, which includes:
Acquiring unit, for obtaining the first biometric feature of the user acquired at data storage device;
First transmission unit, for sending the first biometric feature to mobile terminal, so that mobile terminal will receive First biometric feature matched with the second biometric feature for the user being stored in the mobile terminal;
Second transmission unit, in first terminal ID and the movement for receiving the mobile terminal of mobile terminal transmission When the first User ID of the user of terminal, the first device id, the first terminal for identifying the data storage device are sent to server ID and the first User ID, so that server is by the first device id received, first terminal ID and the first User ID and server The second device id, second terminal ID and second user ID is received from mobile terminal to be matched respectively;
Third transmission unit, for after receiving the successful authorization message of server matches from server, to it is mobile eventually End sends the data of the first User ID of correspondence of storage in a data storage device;
Unit is deleted, for deleting the first biometric feature obtained.
Embodiments of the present invention also disclose a kind of mobile terminal, which includes:
First receiving unit, for receiving the first biometric feature of the user acquired at data storage device;
First matching unit, the first biometric feature for that will receive and the user being stored in the mobile terminal The second biometric feature matched;
4th transmission unit, for the inspection after the first matching unit successful match, to the first biometric feature of transmission Measurement equipment sends the first User ID of the first terminal ID of the mobile terminal and the user of the mobile terminal, and
To server transmit and receive mark data storage the second device id of equipment of self-test measurement equipment, second terminal ID and Second user ID, for server: by the second device id received, second terminal ID and second user ID and server from inspection The first device id, first terminal ID and the first User ID that measurement equipment receives are matched respectively, and after successful match to The authorization message of equipment transmission successful match;
Second receiving unit, for receiving the first user of correspondence of storage in a data storage device from data storage device The data of ID.
Embodiments of the present invention also disclose a kind of server, which includes:
Third receiving unit is used for from the second device id of mobile terminal reception, second terminal ID and second user ID, and from Detection device receives the first device id, first terminal ID and the first User ID;
Second matching unit, for being set to the first device id, first terminal ID and the first User ID that receive with second Standby ID, second terminal ID and second user ID are matched respectively;
5th transmission unit, for sending authorization message to data storage device, so that data storage device is according to reception The data of corresponding first User ID are sent to authorization message to mobile terminal;
Wherein, mobile terminal is known in the first biometric feature and the second biology for the user being stored in the mobile terminal When other characteristic matching, the second device id, second terminal ID and second user ID are sent to server, and send the to detection device One Termination ID and the first User ID, and
First biometric feature is collected at data storage device and is sent to mobile terminal by detection device, and first Device id is sent to mobile terminal by detection device.
Embodiments of the present invention also disclose a kind of equipment, which includes being stored with depositing for computer executable instructions Reservoir and processor, processor are configured as executing instruction to implement the use of data storage device disclosed in above embodiment Method for authenticating.
Embodiments of the present invention also disclose a kind of non-volatile computer storage Jie using computer program code Matter, wherein computer program includes instruction, when instruction is executed by more than one computer, is instructed so that more than one Data storage device disclosed in computer execution above embodiment uses method for authenticating.
Compared with prior art, the main distinction and its effect are embodiment of the present invention:
The bi-directional authentification of biometric feature based on user, it can be ensured that the physically user of request data For I, so that the situation that related data after effectively avoiding user identity or mobile terminal stolen is stolen, improves number According to the safety of acquisition.
Further, encryption data is stored in local and key saves beyond the clouds, so that encryption data is without passing through net Network is propagated, and the risk that encryption data is intercepted is reduced, meanwhile, data itself counter can not be released after key loss, further Improve the safety of data acquisition.
Further, the biometric feature for not storing user sends biometric feature without long-range, is guaranteeing to award Weigh the leakage that user biological identification feature is avoided while safety.
Detailed description of the invention
Fig. 1 is the flow diagram using method for authenticating of the data storage device of first embodiment according to the present invention;
Fig. 2 is the flow diagram using method for authenticating of the data storage device of second embodiment according to the present invention;
Fig. 3 is the flow diagram using method for authenticating of the data storage device of third embodiment according to the present invention;
Fig. 4 is the flow diagram using method for authenticating of the data storage device of the 4th embodiment according to the present invention;
Fig. 5 is the structural schematic diagram using authentication device of the data storage device of the 5th embodiment according to the present invention;
Fig. 6 is the structural schematic diagram of the mobile terminal of sixth embodiment according to the present invention;
Fig. 7 is the structural schematic diagram of the server of the 7th embodiment according to the present invention.
Specific embodiment
In the following description, in order to make the reader understand this application better, many technical details are proposed.But this The those of ordinary skill in field is appreciated that even if without these technical details and many variations based on the following respective embodiments And modification, each claim of the application technical solution claimed can also be realized.
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to implementation of the invention Mode is described in further detail.
It is appreciated that in the present invention, biometric feature refers to the biometric feature of unique identification user, such as refer to Line, iris, facial characteristics, sound etc..
Furthermore, it is to be understood that in the present invention, mobile terminal includes but is not limited to smart phone, tablet computer etc..Service Device can be remote server or cloud server.Device id refers to the information of unique identification data storage equipment, for example The identification code perhaps IP address of identifier or data storage device, MAC Address etc. of data storage device setting.It is mobile whole The Termination ID at end also refers to the information for capableing of unique identification mobile terminal, such as MAC Address or the mark being specially arranged for terminal Symbol.User ID refers to the identification information for uniquely showing user identity, such as the machine code (SN code) of the mobile phone of user, cell-phone number Code, user name etc..It is worth noting that, the ID different to transmission source is carried out using by the way of the preceding plus first or second herein It distinguishes, for example, first terminal ID and second terminal ID are the ID for identifying mobile terminal, the equipment only directly transmitted is different, So being distinguished.
Furthermore, it is to be understood that data storage device mentioned by the present invention can be can be accessed by multiple user authentication Common storage device, for example, the mobile memory medium etc. of electronic message board, self-contained battery.
First embodiment of the invention is related to a kind of use method for authenticating of data storage device.Fig. 1 is data storage The flow diagram using method for authenticating of equipment.
Specifically, as shown in Figure 1, the data storage device using method for authenticating the following steps are included:
In a step 101, the first biometric feature of the user acquired at data storage device is obtained.
Hereafter, 102 are entered step.
In a step 102, send the first biometric feature to mobile terminal, for mobile terminal by receive this One biometric feature is matched with the second biometric feature for the user being stored in the mobile terminal.
Hereafter, 103 are entered step.
In step 103, judge the mobile terminal that mobile terminal transmission whether is received within the first predetermined time The first User ID of the user of first terminal ID and the mobile terminal.I.e. mobile terminal by the first biometric feature and storage In the mobile terminal after the second biometric feature successful match, first terminal ID and the movement of the mobile terminal can be sent The first User ID of the user of terminal.
If it is judged that be it is yes, then enter step 104;Otherwise, terminate this process.
At step 104, it is sent to server and identifies the first device id of the data storage device, first terminal ID and the One User ID, for server by the first device id received, first terminal ID and the first User ID and server from movement Terminal receives the second device id, second terminal ID and second user ID and is matched respectively.Wherein, the first device id is mark The device id of data storage device, the second device id are when sending the first biometric feature to mobile terminal or to send it It is sent to the device id of the mark data storage equipment of mobile terminal afterwards.
Hereafter, 105 are entered step.
In step 105, judge whether the authorization for receiving the successful match of server transmission within second scheduled time Information.
If it is judged that be it is yes, then enter step 106;Otherwise, terminate this process.
In step 106, the data of the first User ID of correspondence of storage in a data storage device are sent to mobile terminal.
Hereafter, terminate this process.
Preferably, in order to which the safety for further enhancing data acquisition is sent in above-mentioned steps 106 to mobile terminal Data be encrypted data, and key corresponding with the encryption data is stored in server, when server matches will First device id, first terminal ID and the first User ID match respectively with the second device id, second terminal ID and second user ID After success, corresponding first User ID is sent to mobile terminal or the key of second user ID, mobile terminal are close according to this is received The encrypted data received from data storage device are decrypted in key, and, it is preferable that on the screen of the mobile terminal Show the data of decryption.In this way, encryption data is stored in local and key saves beyond the clouds, so that encryption data is without passing through Internet communication reduces the risk that encryption data is intercepted, meanwhile, anti-data itself can not be released after key loss, into one Step improves the safety of data acquisition.
The leakage of user biological identification feature in order to prevent, it is preferable that in a demonstration example, after above-mentioned steps 102, This method further include:
Delete the first biometric feature obtained.Wherein, if acquisition and the equipment for obtaining biometric feature are not Same equipment then acquires the acquisition equipment of biometric feature after sending collected biometric feature, can also delete Except the biometric feature of acquisition.In this way, not storing the biometric feature of user, bio-identification spy is sent without long-range Sign, avoids the leakage of user biological identification feature while guaranteeing authorizing secure.
In a demonstration example, the equipment of the first biometric feature of acquisition is placed or is integrated in data storage device On.For example, the acquisition equipment of the first biometric feature is installed or is arranged on the acquisition of information button of electronic message board.
In addition, the acquisition equipment of the biometric feature is also possible to external device in other demonstration examples of the invention, Collected biometric feature information is transmitted by wireless or wired connection and data storage device.
In a demonstration example, the first biometric feature and the second biometric feature are fingerprint.
The bi-directional authentification of biometric feature based on user, it can be ensured that the physically user of request data For I, so that the situation that related data after effectively avoiding user identity or mobile terminal stolen is stolen, improves number According to the safety of acquisition.
Second embodiment of the present invention is related to a kind of use method for authenticating of data storage device.Fig. 2 is that the data are deposited Store up the flow diagram using method for authenticating of equipment.
Specifically, as shown in Fig. 2, the data storage device using method for authenticating the following steps are included:
In step 201, mobile terminal receives the first biometric feature of the user acquired at data storage device. Hereafter, 202 are entered step.
In step 202, mobile terminal by the first biometric feature received and is stored in the mobile terminal The second biometric feature of user matches.
If successful match enters step 203;Otherwise, terminate this process.
In step 203, mobile terminal sends the mobile terminal to the detection device for sending the first biometric feature The first User ID of the user of first terminal ID and the mobile terminal, and
To server transmit and receive mark data storage the second device id of equipment of self-test measurement equipment, second terminal ID and Second user ID, for server: by the second device id received, second terminal ID and second user ID and server from inspection The first device id, first terminal ID and the first User ID that measurement equipment receives are matched respectively.
It is appreciated that server is to the second device id, second terminal ID and second user ID and the first device id, first After Termination ID and the first User ID are matched, if successful match, authorization message can be sent to data storage device, data are deposited After storage equipment receives authorization message, the data of the first User ID of correspondence of storage in a data storage device can be sent to shifting Dynamic terminal.It preferably, can be by the data of storage in a data storage device in order to further increase the safety of data transmission Encryption, and by the key storage of corresponding encryption data in server, in this way, server is after above-mentioned successful match, to movement Terminal sends the key of corresponding first User ID and second user ID, after mobile terminal receives the key, uses the key pair It is decrypted from the received encryption data of data storage device, and it is possible to show the number of decryption on the screen of the mobile terminal According to.
Hereafter, terminate this process.
In a demonstration example, above-mentioned detection device includes in a data storage device.
In another demonstration example, above-mentioned first biometric feature and the second biometric feature are fingerprint.
It is appreciated that in each embodiment of the present invention, detection device, which can be, to be placed or is integrated in data storage and set Standby upper, a part as data storage device.For example, together with physical characteristics collecting integration of equipments.It is also possible to external Equipment is communicated with data storage device by wired connection or wireless communication technique.
The bi-directional authentification of biometric feature based on user, it can be ensured that the physically user of request data For I, so that the situation that related data after effectively avoiding user identity or mobile terminal stolen is stolen, improves number According to the safety of acquisition.
Third embodiment of the invention is related to a kind of use method for authenticating of data storage device.Fig. 3 is data storage The flow diagram using method for authenticating of equipment.
Specifically, as shown in figure 3, the data storage device using method for authenticating the following steps are included:
In step 301, server receives the second device id, second terminal ID and second user ID from mobile terminal, and The first device id, first terminal ID and the first User ID are received from detection device.
Hereafter, 302 are entered step.
In step 302, server sets the first device id, first terminal ID and the first User ID that receive with second Standby ID, second terminal ID and second user ID are matched respectively.
If successful match enters step 303;Otherwise, terminate this process.
In step 303, server to the data storage device send authorization message, for data storage device according to The authorization message received sends the data of corresponding first User ID to mobile terminal.
It is appreciated that second life of the mobile terminal in the first biometric feature and the user being stored in the mobile terminal When object identification feature matches, second device id, second terminal ID and second user ID are sent to server, and set to detection Preparation send first terminal ID and the first User ID, and the first biometric feature is collected and by examining at data storage device Measurement equipment is sent to mobile terminal, and the first device id is sent to mobile terminal by detection device.
Hereafter, terminate this process.
It preferably, can be by the number of storage in a data storage device in order to further increase the safety of data transmission According to encryption, and by the key storage of corresponding encryption data in server, in this way, server is after above-mentioned successful match, Xiang Yi Dynamic terminal sends the key of corresponding first User ID and second user ID, after mobile terminal receives the key, uses the key It is decrypted to from the received encryption data of data storage device.
The bi-directional authentification of biometric feature based on user, it can be ensured that the physically user of request data For I, so that the situation that related data after effectively avoiding user identity or mobile terminal stolen is stolen, improves number According to the safety of acquisition.
Four embodiment of the invention is related to a kind of use method for authenticating of data storage device.Fig. 4 is data storage The flow diagram using method for authenticating of equipment.
Specifically, as shown in figure 4, the data storage device using method for authenticating the following steps are included:
In step 401, detection device obtains and is sent in the user's acquired at data storage device to mobile terminal Second device id of the first biometric feature and mark data storage equipment.
Hereafter, 402 are entered step.
In step 402, mobile terminal by first biometric feature received and is stored in the mobile terminal The second biometric feature of user match.
If it does, then entering step 403;Otherwise, terminate this process.
In step 403, mobile terminal sends the first terminal ID for identifying the mobile terminal to detection device and mark should The first User ID of the user of mobile terminal, and to server send the second device id, identify the second terminal of the mobile terminal The second user ID of the user of ID and the mark mobile terminal.
Hereafter, 404 are entered step.
In step 404, detection device sends the first device id of mark data storage equipment to server and receives The first terminal ID arrived and the first User ID.
Hereafter, 405 are entered step.
In step 405, server is to the first device id, first terminal ID and the first User ID and the second equipment received ID, second terminal ID and second user ID are matched respectively.
If successful match enters step 406;Otherwise, terminate this process.
In a step 406, server sends authorization message to data storage device and sends corresponding first to mobile terminal The key of User ID or second user ID.
Hereafter, 407 are entered step.
In step 407, data storage device according to the authorization message received from server to mobile terminal send pair Answer the encryption data of the first User ID.
Then into step 408.
In a step 408, mobile terminal stores received encryption number from data storage device using the key pair received According to being decrypted.
Hereafter, terminate this process.
The bi-directional authentification of biometric feature based on user, it can be ensured that the physically user of request data For I, so that the situation that related data after effectively avoiding user identity or mobile terminal stolen is stolen, improves number According to the safety of acquisition.
5th embodiment of the invention is related to a kind of use authentication device of data storage device.Fig. 5 is use mirror Weigh the structural schematic diagram of device.
Specifically, as shown in figure 5, this includes: using authentication device
Acquiring unit, for obtaining the first biometric feature of the user acquired at data storage device;
First transmission unit, for sending the first biometric feature to mobile terminal, so that mobile terminal will receive First biometric feature matched with the second biometric feature for the user being stored in the mobile terminal;
Second transmission unit, in first terminal ID and the movement for receiving the mobile terminal of mobile terminal transmission When the first User ID of the user of terminal, the first device id, the first terminal for identifying the data storage device are sent to server ID and the first User ID, so that server is by the first device id received, first terminal ID and the first User ID and server The second device id, second terminal ID and second user ID is received from mobile terminal to be matched respectively;
Third transmission unit, for after receiving the successful authorization message of server matches from server, to it is mobile eventually End sends the data of the first User ID of correspondence of storage in a data storage device;
Unit is deleted, for deleting first biometric feature obtained.
First and the 4th embodiment be method implementation corresponding with present embodiment, present embodiment can be with One or the 4th embodiment is worked in coordination implementation.First and the 4th the relevant technical details mentioned in embodiment in this embodiment party In formula still effectively, in order to reduce repetition, which is not described herein again.Correspondingly, the relevant technical details mentioned in present embodiment It is also applicable in first embodiment or the 4th embodiment.
Sixth embodiment of the invention discloses a kind of mobile terminal.Fig. 6 is the structural schematic diagram of the mobile terminal.
Specifically, as shown in fig. 6, the mobile terminal includes:
First receiving unit, for receiving the first biometric feature of the user acquired at data storage device;
First matching unit, the first biometric feature for that will receive and the user being stored in the mobile terminal The second biometric feature matched;
4th transmission unit, for the inspection after the first matching unit successful match, to the first biometric feature of transmission Measurement equipment sends the first User ID of the first terminal ID of the mobile terminal and the user of the mobile terminal, and
To server transmit and receive mark data storage the second device id of equipment of self-test measurement equipment, second terminal ID and Second user ID, for server: by the second device id received, second terminal ID and second user ID and server from inspection The first device id, first terminal ID and the first User ID that measurement equipment receives are matched respectively;
Second receiving unit, for receiving the first user of correspondence of storage in a data storage device from data storage device The data of ID.
In a demonstration example, the received data of the second receiving unit are encrypted data, also, the second receiving unit is also Corresponding first User ID or the key of second user ID are received from server.
The mobile terminal further include:
Decryption unit, for being decrypted based on receiving the encrypted data of key pair;
Display unit, for showing decrypted data on the screen of the mobile terminal.
Second and the 4th embodiment be method implementation corresponding with present embodiment, present embodiment can be with Two or the 4th embodiment is worked in coordination implementation.Second and the 4th the relevant technical details mentioned in embodiment in this embodiment party In formula still effectively, in order to reduce repetition, which is not described herein again.Correspondingly, the relevant technical details mentioned in present embodiment It is also applicable in second embodiment or the 4th embodiment.
7th embodiment of the invention discloses a kind of server.Fig. 7 is the structural schematic diagram of the server.
Specifically, as shown in fig. 7, the server includes:
Third receiving unit is used for from the second device id of mobile terminal reception, second terminal ID and second user ID, and from Detection device receives the first device id, first terminal ID and the first User ID;
Second matching unit, for being set to the first device id, first terminal ID and the first User ID that receive with second Standby ID, second terminal ID and second user ID are matched respectively;
5th transmission unit, for sending authorization message to data storage device, so that data storage device is according to reception The data of corresponding first User ID are sent to authorization message to mobile terminal.
It is appreciated that second life of the mobile terminal in the first biometric feature and the user being stored in the mobile terminal When object identification feature matches, the second device id, second terminal ID and second user ID are sent to server, and send out to detection device First terminal ID and the first User ID are sent, and the first biometric feature is collected at data storage device and is set by detection Preparation gives mobile terminal, and the first device id is sent to mobile terminal by detection device.
Third and fourth embodiment is method implementation corresponding with present embodiment, and present embodiment can be with Three or the 4th embodiment is worked in coordination implementation.The relevant technical details mentioned in third and fourth embodiment are in this embodiment party In formula still effectively, in order to reduce repetition, which is not described herein again.Correspondingly, the relevant technical details mentioned in present embodiment It is also applicable in third embodiment or the 4th embodiment.
8th embodiment of the invention discloses a kind of equipment.The equipment includes being stored with computer executable instructions Memory and processor, processor are configured as executing instruction to implement data storage disclosed in first to fourth embodiment and set Standby uses method for authenticating.
9th embodiment of the invention discloses a kind of to be set using the non-volatile data storage of computer program code Standby storage medium, wherein computer program includes instruction, when instruction is executed by more than one computer, is instructed so that one A above computer is executed to implement the use method for authenticating of data storage device disclosed in first to fourth embodiment.
Each method embodiment of the invention can be realized in a manner of software, hardware, firmware etc..Regardless of the present invention be with Software, hardware or firmware mode realize that it is addressable that instruction code may be stored in any kind of data storage device In memory (such as permanent perhaps revisable volatibility is perhaps non-volatile solid or non-solid, Gu Fixed or replaceable medium etc.).Equally, memory may, for example, be programmable logic array (Programmable Array Logic, referred to as " PAL "), random access memory (Random Access Memory, referred to as " RAM "), programmable Read-only memory (Programmable Read Only Memory, referred to as " PROM "), read-only memory (Read-Only Memory, referred to as " ROM "), electrically erasable programmable read-only memory (Electrically Erasable Programmable ROM, referred to as " EEPROM "), disk, CD, digital versatile disc (Digital Versatile Disc, referred to as " DVD ") etc. Deng.
It should be noted that each unit/the module mentioned in each equipment embodiment of the present invention is all logic unit/mould Block, physically, a logic unit can be a physical unit, are also possible to a part of a physical unit, may be used also With with the combination of multiple physical units realization, the Physical realization of these logic units itself be not it is most important, these The combination for the function that logic unit is realized is only the key for solving technical problem proposed by the invention.In addition, for protrusion Innovative part of the invention, the above-mentioned each equipment embodiment of the present invention is not by the technical problem proposed by the invention with solution The less close unit of relationship introduces, this does not indicate above equipment embodiment and there is no other units.
It should be noted that in the claim and specification of this patent, such as first and second or the like relationship Term is only used to distinguish one entity or operation from another entity or operation, without necessarily requiring or implying There are any actual relationship or orders between these entities or operation.Moreover, the terms "include", "comprise" or its Any other variant is intended to non-exclusive inclusion so that include the process, methods of a series of elements, article or Equipment not only includes those elements, but also including other elements that are not explicitly listed, or further include for this process, Method, article or the intrinsic element of equipment.In the absence of more restrictions, being wanted by what sentence " including one " limited Element, it is not excluded that there is also other identical elements in the process, method, article or apparatus that includes the element.
Although being shown and described to the present invention by referring to some of the preferred embodiment of the invention, It will be understood by those skilled in the art that can to it, various changes can be made in the form and details, without departing from this hair Bright spirit and scope.

Claims (15)

1. a kind of data storage device uses method for authenticating characterized by comprising
Obtain the first biometric feature of the user acquired at the data storage device;
First biometric feature is sent to mobile terminal, so that the mobile terminal knows first biology received Other feature is matched with the second biometric feature for the user being stored in the mobile terminal;
If receiving the of the first terminal ID for the mobile terminal that the mobile terminal is sent and the user of the mobile terminal One User ID then sends to server and identifies the first device id of the data storage device, the first terminal ID and described the One User ID, for the server by first device id, first terminal ID and the first User ID that receive with it is described Server receives the second device id, second terminal ID and second user ID from the mobile terminal and is matched respectively;
If receiving the successful authorization message of the server matches from the server, deposited to mobile terminal transmission Store up the data of correspondence first User ID in the data storage device.
2. data storage device according to claim 1 uses method for authenticating, which is characterized in that the mobile terminal The data of the correspondence of transmission first User ID are encrypted data, and
The mobile terminal is after receiving encrypted data, according to the server matches received from the server The key of correspondence first User ID or second user ID that send after success, is decrypted the encrypted data.
3. data storage device according to claim 2 uses method for authenticating, which is characterized in that sent to mobile terminal After first biometric feature, further includes:
Delete first biometric feature obtained.
4. data storage device according to any one of claim 1 to 3 uses method for authenticating, which is characterized in that full At least one of in foot column condition:
The equipment for acquiring first biometric feature is placed or is integrated on the data storage device;
The data storage device is electronic message board;
First biometric feature and the second biometric feature are fingerprint.
5. a kind of data storage device uses method for authenticating characterized by comprising
Mobile terminal receives the first biometric feature of the user acquired at the data storage device;
Mobile terminal is raw by the second of first biometric feature received and the user being stored in the mobile terminal Object identification feature is matched;
If the successful match, mobile terminal sends the movement to the detection device for sending first biometric feature The first User ID of the user of the first terminal ID and mobile terminal of terminal, and
The second device id from the mark data storage device of the detection device, second terminal are transmitted and received to server ID and second user ID, for the server: second device id, second terminal ID and the second user ID that will be received First device id, first terminal ID and the first User ID received with the server from the detection device respectively into Row matching.
6. data storage device according to claim 5 uses method for authenticating, which is characterized in that further include:
Mobile terminal receives correspondence first user being stored in the data storage device from the data storage device The data of ID;
Wherein, the server by second device id, second terminal ID and second user ID and first device id, After first terminal ID and the first User ID distinguish successful match, it is successful that the server matches are sent to the data storage device Authorization message, the data storage device receive and send the data to mobile terminal after the authorization message.
7. data storage device according to claim 6 uses method for authenticating, which is characterized in that mobile terminal is from described The received data of data storage device are encrypted data, also, this method further include:
Mobile terminal receives corresponding first User ID or the key of second user ID from the server, and based on described close The encrypted data are decrypted in key.
8. data storage device according to claim 7 uses method for authenticating, which is characterized in that this method further include:
The decrypted data are shown on the screen of the mobile terminal.
9. a kind of data storage device uses method for authenticating characterized by comprising
Server receives the second device id, second terminal ID and second user ID from mobile terminal, and receives the from detection device One device id, first terminal ID and the first User ID;
Server is to first device id, first terminal ID and the first User ID that receive and second device id, the Two Termination ID and second user ID are matched respectively;
Server sends authorization message after the successful match, to the data storage device, so that the data storage is set The standby data for sending corresponding first User ID to the mobile terminal according to the authorization message received;
Wherein, the mobile terminal is known in the first biometric feature and the second biology for the user being stored in the mobile terminal When other characteristic matching, second device id, second terminal ID and second user ID are sent to the server, and to the inspection Measurement equipment sends first terminal ID and the first User ID, and
First biometric feature is collected at the data storage device and is sent to by the detection device described Mobile terminal, first device id are sent to the mobile terminal by the detection device.
10. data storage device according to claim 9 uses method for authenticating, which is characterized in that the data storage The data that equipment is sent to the mobile terminal are encrypted data, also, this method further include:
The server sends corresponding first User ID or second user after the successful match, to the mobile terminal The key of ID, so that the mobile terminal is decrypted based on the data being encrypted described in the key pair received.
11. a kind of data storage device uses authentication device characterized by comprising
Acquiring unit, for obtaining the first biometric feature of the user acquired at the data storage device;
First transmission unit, for sending first biometric feature to mobile terminal, so that the mobile terminal will connect First biometric feature received is matched with the second biometric feature for the user being stored in the mobile terminal;
Second transmission unit, in first terminal ID and the movement for receiving the mobile terminal that the mobile terminal is sent When the first User ID of the user of terminal, the first device id for identifying the data storage device, described first are sent to server Termination ID and first User ID, so that the server is by first device id received, first terminal ID and One User ID and the server receive the second device id, second terminal ID and second user ID from the mobile terminal and distinguish It is matched;
Third transmission unit, for after receiving the successful authorization message of the server matches from the server, to institute State the data that mobile terminal sends correspondence first User ID being stored in the data storage device;
Unit is deleted, for deleting first biometric feature obtained.
12. a kind of mobile terminal characterized by comprising
First receiving unit, for receiving the first biometric feature of the user acquired at the data storage device;
First matching unit, for by first biometric feature received and the user that is stored in the mobile terminal The second biometric feature matched;
4th transmission unit is used for after the first matching unit successful match, to transmission first biometric feature Detection device send the first User ID of the first terminal ID of the mobile terminal and the user of the mobile terminal, and
The second device id from the mark data storage device of the detection device, second terminal are transmitted and received to server ID and second user ID, for the server: second device id, second terminal ID and the second user ID that will be received The first device id, first terminal ID and the first User ID received with the server from the detection device carries out respectively Match, and sends the authorization message of successful match to the data storage device after successful match;
Second receiving unit, for being received described in the correspondence being stored in the data storage device from the data storage device The data of first User ID.
13. a kind of server characterized by comprising
Third receiving unit, for receiving the second device id, second terminal ID and second user ID from mobile terminal, and from detection Equipment receives the first device id, first terminal ID and the first User ID;
Second matching unit, for first device id, first terminal ID and the first User ID that receive and described the Two device ids, second terminal ID and second user ID are matched respectively;
5th transmission unit, for the data storage device send authorization message, for the data storage device according to Receive the data that the authorization message sends corresponding first User ID to the mobile terminal;
Wherein, the mobile terminal is known in the first biometric feature and the second biology for the user being stored in the mobile terminal When other characteristic matching, second device id, second terminal ID and second user ID are sent to the server, and to the inspection Measurement equipment sends first terminal ID and the first User ID, and
First biometric feature is collected at the data storage device and is sent to by the detection device described Mobile terminal, first device id are sent to the mobile terminal by the detection device.
14. a kind of equipment, which is characterized in that memory and processor including being stored with computer executable instructions, the place Reason device is configured as executing use of the described instruction to implement the data storage device as described in any one of claims 1 to 10 Method for authenticating.
15. a kind of nonvolatile computer storage media using computer program code, which is characterized in that the computer journey Sequence includes instruction, and when described instruction is executed by more than one computer, described instruction makes one above calculating Data storage device of the machine execution as described in any one of claims 1 to 10 uses method for authenticating.
CN201810901051.XA 2018-08-09 2018-08-09 Use authentication method of data storage device, device and storage medium thereof Active CN108989331B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810901051.XA CN108989331B (en) 2018-08-09 2018-08-09 Use authentication method of data storage device, device and storage medium thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810901051.XA CN108989331B (en) 2018-08-09 2018-08-09 Use authentication method of data storage device, device and storage medium thereof

Publications (2)

Publication Number Publication Date
CN108989331A true CN108989331A (en) 2018-12-11
CN108989331B CN108989331B (en) 2021-03-09

Family

ID=64556344

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810901051.XA Active CN108989331B (en) 2018-08-09 2018-08-09 Use authentication method of data storage device, device and storage medium thereof

Country Status (1)

Country Link
CN (1) CN108989331B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111783065A (en) * 2020-06-30 2020-10-16 上海闻泰电子科技有限公司 Authorization method and device based on two-dimension code, electronic equipment and storage medium
CN113556740A (en) * 2020-04-07 2021-10-26 中移(成都)信息通信科技有限公司 Identity authentication system and method
CN113836082A (en) * 2020-06-23 2021-12-24 南京酷派软件技术有限公司 Data migration method and device, storage medium and server

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101330386A (en) * 2008-05-19 2008-12-24 刘洪利 Authentication system based on biological characteristics and identification authentication method thereof
CN101345761A (en) * 2008-08-20 2009-01-14 深圳市同洲电子股份有限公司 Private data transmission method and system
CN104753953A (en) * 2015-04-13 2015-07-01 成都双奥阳科技有限公司 Access control system
CN105812140A (en) * 2014-12-31 2016-07-27 上海庆科信息技术有限公司 Authorization access method
US20170214771A1 (en) * 2012-02-01 2017-07-27 Aol Advertising Inc. Systems and methods for identifying a returning web client

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101330386A (en) * 2008-05-19 2008-12-24 刘洪利 Authentication system based on biological characteristics and identification authentication method thereof
CN101345761A (en) * 2008-08-20 2009-01-14 深圳市同洲电子股份有限公司 Private data transmission method and system
US20170214771A1 (en) * 2012-02-01 2017-07-27 Aol Advertising Inc. Systems and methods for identifying a returning web client
CN105812140A (en) * 2014-12-31 2016-07-27 上海庆科信息技术有限公司 Authorization access method
CN104753953A (en) * 2015-04-13 2015-07-01 成都双奥阳科技有限公司 Access control system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
P. GUPTA: "Efficient fingerprint-based user authentication for embedded systems", 《PROCEEDINGS. 42ND DESIGN AUTOMATION CONFERENCE, 2005》 *
罗军舟等: "网络空间安全体系与关键技术", 《中国科学:信息科学》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113556740A (en) * 2020-04-07 2021-10-26 中移(成都)信息通信科技有限公司 Identity authentication system and method
CN113556740B (en) * 2020-04-07 2024-03-19 中移(成都)信息通信科技有限公司 Identity authentication system and method
CN113836082A (en) * 2020-06-23 2021-12-24 南京酷派软件技术有限公司 Data migration method and device, storage medium and server
CN111783065A (en) * 2020-06-30 2020-10-16 上海闻泰电子科技有限公司 Authorization method and device based on two-dimension code, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN108989331B (en) 2021-03-09

Similar Documents

Publication Publication Date Title
US20210350013A1 (en) Security systems and methods for continuous authorized access to restricted access locations
US8769643B1 (en) Method for identifying a remote device
EP3138265B1 (en) Enhanced security for registration of authentication devices
US9380058B1 (en) Systems and methods for anonymous authentication using multiple devices
CN103856472B (en) A kind of method and device of Account Logon
US20170085561A1 (en) Key storage device and method for using same
CN107506635B (en) Online function opening method for identity card, mobile phone, trusted terminal and verification server
CN105164689A (en) User authentication
CN104618114B (en) ID card information acquisition methods, apparatus and system
CN105636037B (en) Authentication method, device and electronic equipment
CN105939197A (en) Identity authentication method and system
CN109067881A (en) Remote-authorization method and its device, equipment and storage medium
CN108989331A (en) Data storage device uses method for authenticating and its equipment and storage medium
KR101603963B1 (en) Authentication method using fingerprint information and certification number, user terminal and financial institution server
KR101457131B1 (en) Digital system for user authentication, authentication system, and providing method thereof
KR101831381B1 (en) Method of smart login using messenger service and device thereof
EP3915221B1 (en) Offline interception-free interaction with a cryptocurrency network using a network-disabled device
KR101799517B1 (en) A authentication server and method thereof
CN109561428A (en) Remote authentication method and device thereof, equipment and storage medium
CN107306270B (en) High-security user multiple authentication system and method
CN109067745A (en) Method and device thereof, equipment and the storage medium that rider is authenticated
CN109067880A (en) The remote de-locking method and its device of shared device, equipment and storage medium
JP6801146B2 (en) Electronic approval systems, methods, and programs using biometrics
KR101257761B1 (en) Image based authentication system and method therefor
Hastings et al. Considerations for identity management in public safety mobile networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20200519

Address after: 201101 401, 39 Lane 3333, Hongxin Road, Minhang District, Shanghai

Applicant after: Gu Hongchao

Address before: 241000 A609, No. 35 Hengshan Road, Wuhu Economic and Technological Development Zone, Wuhu City, Anhui Province

Applicant before: WUHU JIZHI INTELLIGENT TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant