CN112149083A - Equipment authentication method, safety keyboard and office system - Google Patents
Equipment authentication method, safety keyboard and office system Download PDFInfo
- Publication number
- CN112149083A CN112149083A CN201910560518.3A CN201910560518A CN112149083A CN 112149083 A CN112149083 A CN 112149083A CN 201910560518 A CN201910560518 A CN 201910560518A CN 112149083 A CN112149083 A CN 112149083A
- Authority
- CN
- China
- Prior art keywords
- factor
- smart card
- authentication
- keyboard
- current
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000004891 communication Methods 0.000 claims abstract description 49
- 238000005096 rolling process Methods 0.000 claims description 67
- 238000012544 monitoring process Methods 0.000 claims description 61
- 238000012795 verification Methods 0.000 claims description 41
- 230000007958 sleep Effects 0.000 claims description 30
- 230000004044 response Effects 0.000 claims description 20
- 238000001514 detection method Methods 0.000 claims description 10
- 230000001960 triggered effect Effects 0.000 claims description 7
- 230000001360 synchronised effect Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 230000000737 periodic effect Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 238000012937 correction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000005059 dormancy Effects 0.000 description 2
- YBJHBAHKTGYVGT-ZKWXMUAHSA-N (+)-Biotin Chemical compound N1C(=O)N[C@@H]2[C@H](CCCCC(=O)O)SC[C@@H]21 YBJHBAHKTGYVGT-ZKWXMUAHSA-N 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000006266 hibernation Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- FEPMHVLSLDOMQC-UHFFFAOYSA-N virginiamycin-S1 Natural products CC1OC(=O)C(C=2C=CC=CC=2)NC(=O)C2CC(=O)CCN2C(=O)C(CC=2C=CC=CC=2)N(C)C(=O)C2CCCN2C(=O)C(CC)NC(=O)C1NC(=O)C1=NC=CC=C1O FEPMHVLSLDOMQC-UHFFFAOYSA-N 0.000 description 1
- 230000002618 waking effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2137—Time limited access, e.g. to a computer or data
Abstract
The invention provides an equipment authentication method, a safety keyboard and an office system, wherein the method comprises the following steps: s1, establishing communication connection; S2-S3 zero clearing local counter, adding 1 to the counter to obtain current count value, and calculating the current count value to obtain initial count check factor; s4 monitors for roll-to-roll cycle execution S5, and scan-to-scan cycle execution S6; s5, adding 1 to the current count value to obtain a new count value, calculating to obtain the current count check factor, and returning to S4; s6 scanning the authentication factor broadcasted by the smart card; s7, comparing the current counting check factor with the authentication factor, and executing S8 if the current counting check factor is inconsistent with the authentication factor; s8, adding 1 to M and subtracting 1 to N to the current count value respectively to obtain corrected count values, calculating to obtain a plurality of corresponding corrected count check factors, comparing the corrected count check factors with the authentication factors respectively, and changing the current count value into the corrected count value which is consistent in comparison; if not, the safety control operation is executed.
Description
Technical Field
The invention relates to the technical field of electronics, in particular to an equipment authentication method, a safety keyboard and an office system.
Background
In a traditional office system, a password, user confirmation and other modes are mostly adopted in login security control, but only the office equipment authenticates user equipment when logging in for the first time, after the authentication is passed, the user equipment is not authenticated in real time, and for example, a WeChat is logged in on a computer. After the employee temporarily leaves the office equipment, other personnel can use the office equipment, and the privacy and information security of the employee cannot be protected.
In addition, in some scenes, the staff need to manually lock the screen or log out the login state after leaving, authentication needs to be performed again when the staff are used again, and the safety and the convenience are both required to be improved in the using process.
Disclosure of Invention
The present invention aims to solve one of the above problems.
The invention mainly aims to provide a device authentication method.
Another object of the present invention is to provide an office system.
Another object of the present invention is to provide a security keyboard.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
one aspect of the present invention provides an apparatus authentication method, including: step 1, establishing short-distance wireless communication connection between a safety keyboard and an intelligent card; step 2, the safety keyboard clears a local counter and sends a counting synchronization request to the intelligent card through the short-distance wireless communication connection; step 3, the security keyboard receives a counting synchronization response returned by the smart card, adds 1 to the local counter to obtain a current counting value of the local counter, calculates the current counting value of the local counter by adopting a preset algorithm to obtain an initial counting check factor, and takes the initial counting check factor as the current counting check factor of the security keyboard; step 4, the safety keyboard monitors whether a rolling period and a scanning period are reached, if the rolling period is reached, step 5 is executed, and if the scanning period is reached, step 6 is executed, wherein the rolling period is a first preset time length from the current counting verification factor to the next counting verification factor interval, and the scanning period is a second preset time length between two times of scanning; step 5, the security keyboard adds 1 to the current count value of the local counter to obtain a new count value, the new count value is used as the current count value of the local counter, the current count value of the local counter is calculated by adopting the preset algorithm to obtain a new count check factor, and the new count check factor is used as the current count check factor; and returning to the step 4; step 6, the security keyboard scans the authentication factor broadcasted by the smart card, and if the authentication factor broadcasted by the smart card is scanned, the step 7 is executed; step 7, comparing the current counting check factor with the authentication factor, if the current counting check factor is consistent with the authentication factor, returning to the step 4, and if the current counting check factor is inconsistent with the authentication factor, executing the step 8; step 8, adding 1 to M to the current count value of the local counter respectively, subtracting 1 to N from the current count value of the local counter respectively to obtain a plurality of corrected count values, calculating the plurality of corrected count values respectively by adopting the preset algorithm to obtain a plurality of corresponding corrected count check factors, comparing the plurality of corrected count check factors with the authentication factor respectively, modifying the current count value of the local counter into the corrected count value corresponding to the corrected count check factor which is compared with the authentication factor in a consistent manner if the corrected count check factors are consistent, and returning to the step 4; if there is no match, then step 9 is performed, where M, N is a positive integer; and 9, executing corresponding security control operation by the security keyboard according to a preset security policy.
Optionally, in the case that the authentication factor sent by the smart card is not scanned, the method further includes:
the security keyboard detects whether the authentication factor broadcasted by the smart card is scanned within a preset monitoring threshold, and if the authentication factor broadcasted by the smart card is scanned, the step 7 is executed; if not, detecting whether the authentication factor broadcasted by the smart card is scanned within a preset time interval; if so, executing the step 7; if not, step 9 is performed.
Optionally, step 4 further includes: the safety keyboard monitors whether a preset key event occurs or not, and executes the step 10 under the condition that the preset key event occurs; step 10, the safety keyboard starts a camera device to collect face image information of a user, and face identification authentication is carried out on the face image information; wherein the predetermined key event comprises at least one of: the security keyboard obtains the initial counting verification factor, the security keyboard receives an encryption input instruction, and the security keyboard identifies and receives password input.
Optionally, the executing, by the security keyboard, the corresponding security control operation according to the predetermined security policy at least includes: and the safety keyboard sends a sleep instruction to the intelligent card.
Optionally, after the security keyboard performs the corresponding security control operation according to the predetermined security policy, the method further includes: the security keyboard deletes all count check factors stored locally.
Optionally, after the secure keyboard receives the time synchronization response returned by the smart card, the method further includes: the smart card enters a sleep mode, and is awakened once every preset awakening period after entering the sleep mode, and the current authentication factor of the smart card is broadcasted during the awakening period.
Another aspect of the present invention provides a security keyboard, comprising: the communication module is used for establishing short-distance wireless communication connection with the intelligent card, triggering a local counter to be reset, sending a counting synchronization request to the intelligent card through the short-distance wireless communication connection, and triggering a check factor rolling module after receiving a counting synchronization response returned by the intelligent card; the check factor rolling module is used for triggering the local counter to add 1 to obtain the current count value of the local counter after the communication module receives the count synchronization response returned by the smart card, calculating the current count value of the local counter by adopting a preset algorithm to obtain an initial count check factor, taking the initial count check factor as the current count check factor of the safety keyboard, and triggering the monitoring module to work; the monitoring module is used for monitoring whether a rolling period and a scanning period are reached or not, and triggering the check factor rolling module to work under the condition that the rolling period is reached; under the condition that the scanning period is reached, triggering a scanning detection module to work, wherein the rolling period is a first preset time length from the current counting verification factor to the next counting verification factor interval, and the scanning period is a second preset time length between two times of scanning; the check factor rolling module is further configured to, when the monitoring module monitors that the rolling period is reached, trigger the local counter to add 1 to a current count value of the local counter to obtain a new count value, use the new count value as the current count value of the local counter, calculate the current count value of the local counter by using the preset algorithm to obtain a new count check factor, use the new count check factor as the current count check factor, and trigger the monitoring module; the scanning detection module is used for scanning the authentication factor broadcasted by the intelligent card and triggering the authentication module under the condition that the authentication factor broadcasted by the intelligent card is scanned; the authentication module is further configured to compare the current counting and checking factor with the authentication factor, and if the current counting and checking factor is consistent with the authentication factor, the monitoring module is triggered; if the current count values are inconsistent, triggering the local counter to respectively add 1 to M to the current count value of the local counter and respectively subtract 1 to N from the current count value of the local counter to obtain a plurality of corrected count values, respectively calculating the plurality of corrected count values by adopting the preset algorithm to obtain a plurality of corresponding corrected count check factors, respectively comparing the plurality of corrected count check factors with the authentication factor, if the current count values are consistent, modifying the current count value of the local counter into the corrected count value corresponding to the corrected count check factor which is consistent with the authentication factor in comparison, and triggering the monitoring module; if there is no match, triggering the safety control module, wherein M, N is a positive integer; and the safety control module is used for executing corresponding safety control operation according to a preset safety strategy.
Optionally, the scanning detection module is further configured to detect whether the authentication factor broadcasted by the smart card is scanned within a preset monitoring threshold under the condition that the authentication factor broadcasted by the smart card is not scanned, and if the authentication factor broadcasted by the smart card is scanned, trigger the authentication module; if not, detecting whether the authentication factor broadcasted by the intelligent card is scanned within a preset time interval; if the scanning is finished, triggering the authentication module; and if not, triggering the safety control module.
Optionally, the security keyboard further comprises: a face verification module; the monitoring module is also used for monitoring whether a preset key event occurs or not, and triggering the face verification module under the condition that the preset key event occurs; wherein the predetermined key event comprises at least one of: the security keyboard obtains the initial counting verification factor, the security keyboard receives an encryption input instruction, and the security keyboard identifies and receives password input; the face verification module is used for starting the camera device to collect face image information of a user and carrying out face identification authentication on the face image information.
Optionally, the security control module executes a corresponding security control operation according to a predetermined security policy by at least the following means: triggering the communication module to send a sleep instruction to the smart card; the communication module is further configured to send the sleep instruction to the smart card.
Optionally, the security keyboard further comprises: and the emptying module is used for deleting all the counting and checking factors stored by the safety keyboard after the safety control module executes the safety control operation.
In another aspect, the present invention provides an office system, including: a smart card and a secure keyboard as described above, wherein:
the smart card is used for establishing short-distance wireless communication connection with the security keyboard, clearing a local counter after receiving a counting synchronization request sent by the security keyboard through the short-distance wireless communication connection, returning a counting synchronization response to the security keyboard, adding 1 to the local counter to obtain a current count value of the local counter, calculating the current count value of the local counter by adopting a preset algorithm to obtain an initial authentication factor, and taking the initial authentication factor as the current authentication factor of the smart card; the system is also used for broadcasting the current authentication factor of the smart card; and the authentication device is further used for monitoring whether a rolling period is reached, adding 1 to the current count value of the local counter to obtain a new count value under the condition of monitoring that the rolling period is reached, taking the new count value as the current count value of the local counter, calculating the current count value of the local counter by adopting the preset algorithm to obtain a new authentication factor, and taking the new authentication factor as the current authentication factor of the smart card.
Optionally, the smart card is further configured to enter a sleep state when receiving a sleep instruction sent by the security keyboard.
Optionally, the smart card is further configured to enter a sleep mode after returning a time synchronization response to the security keyboard, and wake up the smart card every predetermined wake-up period once after entering the sleep mode, and broadcast a current authentication factor of the smart card during the wake-up period.
According to the technical scheme provided by the invention, the equipment authentication method, the safety keyboard and the office system are provided, the safety keyboard can authenticate the smart card in real time, and once the authentication fails, the safety control operation is executed, so that the condition that the smart card of an employee is always the same smart card user and the legal smart card user logs in to use the safety keyboard after the communication is established between the smart card and the safety keyboard is ensured, the service confidentiality of the employee is protected, and the condition that information leakage is caused by the fact that irrelevant personnel execute corresponding operation on the safety keyboard is avoided. During authentication, the loss of synchronism caused by packet loss or clock offset can be avoided, the safety keyboard can correct errors by itself, and the safety keyboard and the authentication factor at the side of the intelligent card can be kept synchronous after the loss of synchronism.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of an office system according to an embodiment of the present invention;
fig. 2 is a flowchart of an apparatus authentication method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a security keyboard according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
The embodiment of the present invention is based on an office system, as shown in fig. 1, comprising a secure keyboard 10 and a smart card 20. The security keyboard 10 may be a shared security keyboard inside a company, and the security keyboard not only has the functions of an existing keyboard, but also has a main control chip, a card reading device, a local counter, a camera, and the like, wherein the main control chip is a microprocessor of the security keyboard and controls the security keyboard to execute corresponding operations. The smart card 20 is a card that is individually issued for each employee of the company and bound to that employee. Each employee has a unique user ID, and the employee's user ID is stored in a smart card that identifies the employee and determines the employee's user identity. The security keypad is used on behalf of the employee in the process of the smart card establishing short-range wireless communication, authentication and login with the security keypad.
Short-distance wireless communication can be established between the security keyboard 10 and the smart card 20, for example, wireless communication connection can be established between the security keyboard 10 and the smart card 20 through RF, NFC, Bluetooth, WIFI, 2.4G, 433M and other modes. After the short-distance wireless communication connection is established, the security keyboard 10 and the smart card 20 perform counting synchronization, synchronously clear respective local counters, add 1 to the respective local counters after the counting synchronization, and calculate the local counters by adopting a preset algorithm to obtain initial counting check factors and authentication factors. The security keyboard 10 uses the initial count verification factor as the current count verification factor of the security keyboard 10, and the smart card 20 uses the initial authentication factor as the current authentication factor of the smart card. Then, based on the same rolling period, when the security keyboard 10 and the smart card 20 monitor that the rolling period is reached, based on the fact that the current count value of each local counter is increased by one, the security keyboard 10 obtains the current count verification factor, the smart card 20 obtains the current authentication factor, and the rolling of the count verification factor and the authentication factor is completed synchronously. When the monitoring reaches the scanning period, the security keyboard 10 compares the current count check factor or the specific count check factors before and after the current count check factor with the current authentication factor broadcasted by the scanned smart card 20, if the current count check factor or the specific count check factor before and after the current count check factor is consistent with the current authentication factor broadcasted by the scanned smart card 20, the authentication is passed, and if the authentication is failed, the security keyboard executes corresponding security control operation according to a preset security policy. Therefore, based on the authentication factor broadcasted by the periodically scanned smart card, the security keyboard can authenticate the smart card in real time, once the authentication fails, the corresponding security control operation is executed according to the preset security policy, so that the smart card of the employee is always the same smart card after the communication between the smart card and the security keyboard is established, a legal user logs in the security keyboard, the service secret of the employee is ensured not to be leaked, and the fact that irrelevant personnel execute the corresponding operation on the security keyboard is avoided.
Example 1
The embodiment provides a device authentication method. The authentication method can be applied to an office system as shown in fig. 1. As shown in fig. 2, the device authentication method specifically includes the following steps S101 to S109:
s101, establishing short-distance wireless communication connection between a security keyboard and a smart card;
specifically, a short-range wireless communication connection may be established between the security keyboard and the smart card, for example, the wireless communication connection may be established between the security keyboard and the smart card through RF, NFC, bluetooth, WIFI, 2.4G, 433M, and the like, which is not limited in the present invention. The safety keyboard is connected with the intelligent card through short-distance wireless communication for data transmission, and if the safety keyboard is connected through the short-distance wireless communication for obtaining the authentication factor broadcasted by the intelligent card, the real-time authentication of the safety keyboard on the intelligent card is completed. Of course, in practical applications, the secure keyboard and the smart card may also be connected by a wire, and in the embodiment of the present invention, the secure keyboard and the smart card are only described as an example of establishing a short-distance wireless communication connection.
In order to ensure the data transmission security between the security keyboard and the smart card, as an optional implementation manner of the embodiment of the present invention, after the short-distance wireless communication connection is established between the security keyboard and the smart card, the device authentication method provided in this embodiment further includes: the security keyboard and the smart card perform mutual authentication. The authentication method may include, but is not limited to, verifying a digital certificate of the other party, verifying a digital signature sent by the other party, verifying a device identifier of the device of the other party, and verifying a user ID stored in the smart card, and the like, and this verification method may adopt an existing verification method, which is not described herein again. The validity of the devices of the two parties can be ensured by verifying the digital certificate of the other party, the digital signature sent by the other party and the device identification of the device of the other party, so that the information of the employee cannot be leaked, and the smart card can be ensured to log in the unique device of the safety keyboard for the employee. By verifying the user ID stored in the smart card, it can be ensured that the user of the smart card is an employee of the company and that the login is legitimate.
S102, the safety keyboard clears the local counter and sends a counting synchronization request to the intelligent card through short-distance wireless communication connection;
wherein, the counting synchronization request sent by the security keyboard instructs the smart card to clear the local counter. After receiving a counting synchronization request sent by the security keyboard, the smart card clears the local counter of the smart card, so that the smart card and the security keyboard achieve counter synchronization. After the counters are synchronized, the local counter is increased by 1, a counting synchronization response is returned to the safety keyboard through the short-distance wireless communication connection, and the safety keyboard is triggered to increase the local counter by 1. Meanwhile, the smart card can calculate the current count value of a local counter of the smart card by adopting a preset algorithm the same as that of the security keyboard to obtain an initial authentication factor, and the initial authentication factor is used as the current authentication factor of the smart card to ensure that the authentication factor synchronously rolls with the security keyboard based on the same factor.
S103, the security keyboard receives a counting synchronization response returned by the smart card, 1 is added to the local counter to obtain the current counting value of the local counter, and a preset algorithm is adopted to calculate the current counting value of the local counter to obtain a current counting check factor;
in this embodiment, after the short-distance wireless communication connection is established between the security keyboard and the smart card, the security keyboard and the smart card perform counter synchronization, and after the timers are synchronized, the counters are incremented by one respectively, and a preset algorithm is adopted to calculate the counters to obtain initial counting check factors and authentication factors respectively. As an optional implementation manner, the calculating, by the security keyboard, the current count check factor of the current count value of the local counter by using a preset algorithm includes one of the following steps: and taking the current count value of the local counter as a count check factor, or calculating the current count value of the local counter by adopting a hash algorithm or an encryption algorithm to obtain the count check factor. Similarly, the smart card may also obtain the authentication factor in the same manner, that is, the current count value of the smart card local counter is used as the authentication factor, or a hash algorithm or an encryption algorithm is used to calculate the current count value of the smart card local counter to obtain the authentication factor. The security keyboard takes the initial counting check factor as the current counting check factor of the security keyboard, and the intelligent card takes the initial authentication factor as the current authentication factor of the intelligent card. And in the process of synchronously carrying out the rolling of the authentication factors by the security keyboard and the smart card, when the rolling period is monitored, taking the current count value of each local counter or a value obtained by adopting a preset algorithm according to the current count value of the local counter as the current count check factor and the authentication factor.
In a specific application, the local counters of the security keyboard and the smart card may also be used to record the number of times of the same event, for example, the number of scrolling times of the local authentication factor may be recorded, that is, each time the current value of the count verification factor of the security keyboard changes once, the value of the local counter of the security keyboard is incremented by 1, and similarly, each time the current value of the authentication factor of the smart card changes once, the value of the local counter of the smart card side is incremented by 1, so that the values of the counters of the security keyboard and the smart card may be ensured to be consistent.
S104, monitoring whether a rolling period and a scanning period are reached by the safety keyboard, executing a step S105 under the condition that the rolling period is reached by monitoring, and executing a step S106 under the condition that the scanning period is reached by monitoring;
the rolling period is a first preset time length from the current counting verification factor to the next counting verification factor interval. And when the monitoring reaches the first preset time length, acquiring the current count value of the local counter to obtain the current count checking factor of the safety keyboard, restarting timing, continuously monitoring whether the first preset time length is reached, and periodically monitoring to realize that the count checking factor is generated by periodically rolling. The rolling period of the security keyboard is set to be the same as that of the smart card, so that the security keyboard and the smart card are ensured to roll to the next authentication factor at the same interval time, namely, the two parties are ensured to synchronously generate respective counting check factor and authentication factor. In practical application, the security keyboard may be configured with a reset timer for monitoring a rolling period, where the timing period is a first preset duration, and after the timing is up, the reset timer resets and times again to perform periodic timing.
And the scanning period is a second preset time interval between two times of scanning. And triggering to scan the authentication factor broadcasted by the intelligent card when the monitored timing reaches the second preset time length, restarting timing, continuously monitoring whether the second preset time length is reached, and periodically monitoring to realize the periodic scanning of the authentication factor broadcasted by the intelligent card. In practical application, the safety keyboard can be provided with a reset timer for monitoring a scanning period, the timing period is a second preset duration, and the safety keyboard is reset and re-timed after timing is up to perform periodic timing.
S105, the security keyboard acquires a new count value obtained by adding 1 to the current count value of the local counter, the new count value is used as the current count value of the local counter, a preset algorithm is adopted to calculate the current count value of the local counter to obtain a new count check factor, the new count check factor is used as the current count check factor, and the step S104 is returned;
in this embodiment, in the process of rolling the authentication factors synchronously performed by the security keyboard and the smart card, when the security keyboard monitors that the rolling period is reached, the counter is incremented by one, and as the counter is incremented, the count verification factors obtained after the rolling period is reached each time are different, so that the count verification factors of the security keyboard are different from each other, the authentication factors of the smart card are different from each other, but the count verification factors of the security keyboard correspond to the authentication factors synchronously generated by the smart card one to one, so as to ensure the accuracy of authentication comparison.
S106, the security keyboard scans the authentication factor broadcasted by the smart card, and the step S107 is executed under the condition that the authentication factor broadcasted by the smart card is scanned;
the security keyboard scans the smart card broadcast authentication factors within its signal coverage area upon monitoring the arrival of a scan cycle. Of course, the security keyboard may be continuously scanned, but in order to save the power of the security keyboard, the embodiment adopts a periodic scanning manner.
In this embodiment, after the smart card is synchronized with the secure keyboard counter, the authentication factor on the smart card side is periodically generated by scrolling in synchronization with the secure keyboard, and after a count synchronization response is returned to the secure keyboard, the current authentication factor generated by the scrolling may be continuously or periodically broadcast. As an optional implementation manner in this embodiment, after the security keyboard receives the count synchronization response returned by the smart card, the method provided in this embodiment further includes: the smart card enters a sleep mode, and is awakened once every preset awakening period after entering the sleep mode, and the current authentication factor of the smart card is broadcasted during the awakening period. Therefore, the electric quantity of the smart card can be saved, and the service life can be prolonged. Wherein during hibernation, the smart card keeps scrolling in synchronization with the secure keyboard to generate the authentication factor. Certainly, the smart card may not enter the sleep mode, and continuously or periodically broadcasts the current authentication factor, so that the security keyboard does not need to wait or wake up the smart card to restore the working state, and the authentication factor of the smart card can be timely scanned to timely complete the real-time authentication.
It should be noted that, whether the smart card automatically enters the sleep state or is temporarily disconnected from the security keypad, as long as the user does not completely leave the security keypad, that is, the smart card cannot receive the scanning instruction of the security keyboard within the preset time, or as long as the smart card does not receive the instruction for clearing the authentication factor, the disconnection instruction or the dormancy instruction and the like sent by the security keyboard and used for indicating that the smart card can not use the security keyboard any more, the smart card continues to synchronously perform the rolling of the authentication factor with the security keyboard according to the previous authentication factor rolling mode, so that when the employee carries the smart card to use the security keyboard after leaving and returning for a short time or to use the security keyboard again after waking up from the sleep state period, the intelligent card can keep rolling synchronization with the counting verification factor at the side of the safety keyboard, and the safety keyboard can continuously carry out comparison between the current counting verification factor and the authentication factor of the two parties in real time.
S107, the safety keyboard compares the current counting check factor with the authentication factor, if the current counting check factor is consistent with the authentication factor, the step S104 is returned, and if the current counting check factor is inconsistent with the authentication factor, the step S108 is executed;
s108, respectively adding 1 to M to the current count value of the local counter, respectively subtracting 1 to N from the current count value of the local counter to obtain a plurality of corrected count and check factors, respectively calculating the plurality of corrected count and check factors by adopting a preset algorithm to obtain a plurality of corresponding corrected count and check factors, respectively comparing the plurality of corrected count and check factors with the authentication factor, if the plurality of corrected count and check factors are consistent, modifying the current count value of the local counter into the corrected count and check factor corresponding to the corrected count and check factor which is consistent with the authentication factor in comparison, and returning to the step S104; if there is no coincidence, step S109 is executed, where M, N is a positive integer;
the specific implementation manner that the preset algorithm is used to calculate the plurality of corrected count check factors respectively to obtain the corresponding plurality of corrected count check factors may refer to the implementation manner that the safety keyboard in step S103 calculates the current count value of the local counter by using the preset algorithm to obtain the current count check factor, which is not described herein again.
In this embodiment, in order to avoid step-out (i.e., inconsistent comparison and authentication failure) caused by packet loss or clock skew, the security keyboard is provided with a redundant comparison and self-error correction mode. That is, under the condition that the comparison between the current count check factor of the security keyboard and the authentication factor is inconsistent, the comparison between the count check factors of the specific number before and after the current count check factor of the security keyboard and the scanned current authentication factor broadcasted by the smart card is expanded to one-to-one comparison, and if the count check factors are consistent, the authentication can be passed. This case indicates that there is a loss of synchronization caused by packet loss or clock skew, but since some count check factor before and after the current count check factor of the security keyboard can be matched, the security keyboard can correct errors by itself, and modify the current count value of the local counter and the current count check factor, that is, modify the current count value of the local counter to a modified count check factor corresponding to the modified count check factor that is consistent with the authentication factor, use the count check factor that is consistent with the authentication factor as the current count check factor of the security keyboard, and return to step S104. When the condition that the rolling period is reached by monitoring, the safety keyboard respectively adds 1 to the current count value (the count value is corrected) of the local counter to obtain a new count value, the new count value is used as the current count value of the local counter, a preset algorithm is adopted to calculate the current count value of the local counter to obtain a new count check factor, and the new count check factor is used as the current count check factor, so that the safety keyboard can still pass the authentication of the intelligent card after the loss of synchronism caused by packet loss or clock offset occurs, the user can be ensured to continue to use the safety keyboard, and the operations of connecting the safety keyboard with the intelligent card and the like do not need to be executed again. Meanwhile, the method can correct errors by itself, and ensures that the authentication factor rolls to the same authentication factor with the smart card when the next rolling period comes, namely ensures that the authentication factor is resynchronized with the authentication factor at the smart card side after the step is out. The comparison in step S107 is consistent or the comparison in step S108 is consistent, which indicates that the user of the currently used security keyboard is consistent with the current binding of the security keyboard and the user does not leave the security keyboard, so the method returns to step S104 to continue to monitor whether the scrolling period and the scanning period are reached.
For example, assuming that the current count value of the local counter is k, the current count check factor SkWhere M is 2 and N is 1, the following corrected count value can be obtained: k-1, k +1 and k +2, based on the above-mentioned modificationsThe counting value is calculated by adopting a preset algorithm to obtain the following corrected counting check factor: sk-1、Sk+1And Sk+2. Under the condition of normal authentication factor rolling synchronization, the authentication factor sent by the smart card scanned by the security keyboard after the monitoring reaches the rolling period should also be Sk. But if the security keyboard scans the authentication factor L broadcasted by the smart cardkChecking the factor S with the current countkIf the difference is not consistent, it indicates that packet loss (or clock asynchronism) occurs, and error correction is required. Checking the multiple corrected counts by a factor Sk-1、Sk+1And Sk+2Respectively with an authentication factor LkAnd (5) comparing, and if the comparison is consistent, passing the authentication. For example, Sk+1And LkAnd if the comparison is consistent, the current count value of the local counter is corrected to be k +1 by the safety keyboard. Then, when the next rolling period comes, the current count value of the local counter of the security keyboard should be k +2, the count check factor is calculated based on k +2, and at this time, the current count value of the local counter of the smart card side should also be k +2, and the authentication factor is also rolled to be calculated based on k +2, so as to achieve the purpose of resynchronization with the authentication factor of the smart card side after the security keyboard is out of step.
And S109, the security keyboard executes corresponding security control operation according to a preset security policy.
Wherein the safety control operation may include: a first safety control operation and a second safety control operation. The two security control operations have different levels, for example, the first security control operation may be used as a high-level control, and when the authentication fails or the user leaves the security keyboard for a long time, the first security control operation is executed by using the first policy, so that the smart card cannot be connected to use the security keyboard; the second security control may be used as a low-level control, and when the user temporarily leaves, in order to prevent information leakage and facilitate the user to return for convenient use, a second policy is adopted to perform a second security control operation, so that the security keyboard cannot be used temporarily, and the problem that the security keyboard is illegally used by others after the employee temporarily leaves can be avoided.
As an optional implementation manner in this embodiment, the first safety control operation may include, but is not limited to, one of the following: the safety keyboard sends a dormancy instruction to the intelligent card and sends a disconnection instruction to the intelligent card, the intelligent card is disconnected, and the safety keyboard is turned off. For example, after the authentication of the smart card by the security keyboard fails, the security keyboard sends an instruction for forcing the smart card to sleep to the smart card, and the smart card enters a sleep state after receiving the sleep instruction, so that the smart card cannot normally log in and use the security keyboard, thereby avoiding the risk that information stored on the security keyboard is leaked, preventing illegal users or non-identical smart cards from using the security keyboard, and protecting the privacy security of staff.
As an optional implementation manner in this embodiment, the second safety control operation may include, but is not limited to, one of the following: the security keyboard locks the screen, informs a PC connected with the security keyboard to lock the screen, the security keyboard enters a dormant state, alarms the security keyboard and the like, as long as the smart card can not use the security keyboard any more, and the invention does not limit the mode. Therefore, the problem that the safety keyboard is illegally used by others after the employee leaves for a short time can be solved, and the employee can conveniently and quickly recover the safety keyboard to be in an available state after the employee leaves and returns for a short time.
In order to save the storage space, under the condition that the smart card does not use the security keyboard any more, the security keyboard deletes all the count verification factors stored locally, and provides more sufficient space for the authentication factors to be synchronously rolled after the next smart card is connected with the security keyboard. As an optional implementation manner in this embodiment, after the security keyboard performs a corresponding security control operation according to a predetermined security policy, the method provided in this embodiment further includes: the security keyboard deletes all count-check factors stored locally. After the security keyboard executes corresponding security control operation according to a preset security policy, the security keyboard is no longer used for logging in the smart card, so that the local storage space can be saved, and more sufficient space is provided for the synchronous rolling authentication factor after the next smart card is connected with the security keyboard. In addition, the security keyboard can also send an instruction for clearing the authentication factors to the smart card, and after receiving the instruction, the smart card deletes all the authentication factors stored locally so as to save the space of the smart card, facilitate the request for logging in the next security keyboard and provide more sufficient space for synchronously rolling the authentication factors after being connected with the security keyboard.
According to the equipment authentication method provided by the embodiment, the security keyboard can authenticate the smart card in real time, once the authentication cannot pass, the security control operation is executed, so that the fact that the same smart card and the legal smart card are always used for logging in the security keyboard after the smart card of the employee is communicated with the security keyboard is guaranteed, the business confidentiality of the employee is protected, and information leakage caused by the fact that irrelevant personnel execute corresponding operations on the security keyboard is avoided. During authentication, the loss of synchronism caused by packet loss or clock offset can be avoided, the safety keyboard can correct errors by itself, and the safety keyboard and the authentication factor at the side of the intelligent card can be kept synchronous after the loss of synchronism.
In this embodiment, if the user needs to leave the secure keyboard for a while with his smart card, in order to ensure that the user can continue to use the secure keyboard normally after returning, as an optional implementation manner in this embodiment, in the case that the authentication factor sent by the smart card is not scanned, the method provided in this embodiment further includes: the security keyboard detects whether the authentication factor broadcasted by the smart card is scanned within a preset monitoring threshold, and if the authentication factor broadcasted by the smart card is scanned, the step S107 is executed; if not, detecting whether the authentication factor broadcasted by the smart card is scanned within a preset time interval; if so, executing step S107; if not, step S109 is performed.
In this embodiment, in the case that the authentication factor broadcasted by the smart card is not scanned in step S104, the scanning event still occurs, and the security keyboard performs the operation of scanning the authentication factor broadcasted by the smart card by the device each time a preset scanning period is reached. The preset monitoring threshold + the preset time interval may be understood as a time of reasonable disconnection set for a brief departure of the user, if the security keyboard does not scan the authentication factor broadcasted by the smart card at the preset monitoring threshold, it can be understood that the employee only temporarily leaves the security keyboard, the security keyboard may execute a second full control operation according to a second security policy, such as locking the screen of the security keyboard, sleeping, and so on, and meanwhile, in order to wait for the employee to return, continuously keeping the rolling of the authentication factor in the preset time interval, detecting whether the authentication factor broadcasted by the intelligent card is scanned in the preset time interval, if the authentication factor broadcast by the smart card has not been scanned yet, it is deemed that the user has left the security keypad from use, the security keypad may perform a first security control operation in accordance with a first security policy, such as disconnecting the smart card, deleting the link related information of the smart card, powering off the security keyboard, and the like.
In practical applications, the employee may temporarily leave the office system, for example, the preset monitoring threshold is set to 1 minute, if the employee leaves the office system for 1 minute without returning, the security keyboard detects, within the preset monitoring threshold, that the authentication factor broadcasted by the smart card is not scanned, and in order to ensure the security of the office system, the smart card may perform a second security control operation, for example, locking the screen, etc. For example, the preset time interval is set to 5 minutes, if the employee leaves for 5 minutes and does not return, the security keyboard detects that the authentication factor broadcasted by the smart card is not scanned within the preset time interval, and in order to ensure the security of the office system, the smart card may perform a first security control operation, such as shutdown. In this embodiment, the second security control operation is different from the first security control operation, so that different security control policies can be set according to different time periods when the user leaves, and multi-level security control can be performed, so as to provide convenience for the user while ensuring security.
As an optional implementation manner in this embodiment, if the smart card does not receive the scan instruction sent by the security keyboard within a preset time (it indicates that the user completely leaves the security keyboard and does not use the security keyboard within a period of time), the deletion of all locally stored authentication factors is performed, so as to save the space of the smart card, facilitate the request for logging in to the next security keyboard, and provide more sufficient space for the authentication factors to be synchronously scrolled after connection with the smart card. If the connection with the security keyboard is needed again, steps S101 to S108 are executed again.
As an optional implementation manner in this embodiment, step S104 further includes: the security keyboard monitors whether a predetermined key event occurs, and if the predetermined key event occurs, executes step S110 (not shown in fig. 1); step S110, the safety keyboard starts a camera device to collect face image information of a user, and face identification authentication is carried out on the face image information; wherein the predetermined key event comprises at least one of: the security keyboard obtains an initial counting verification factor, receives an encryption input instruction, and identifies and receives password input. If the authentication is passed, returning to the step S104 to continuously monitor whether a predetermined key event occurs; if the authentication is not passed, step S109 is performed. For example, when information input by the user on the keyboard needs to be encrypted, the user may issue an encryption input instruction to the keyboard, and after the keyboard receives the encryption input instruction input by the user, the information input by the user on the keyboard is encrypted, and step S110 is performed. For another example, when the user inputs a PIN code on the keypad, the keypad recognizes that a password input is received when receiving the PIN code, and in this case, step S110 may be executed. The embodiment can support that when the smart card executes key actions (for example, key actions such as encrypting information input by a user on a keyboard or inputting a PIN code) face recognition assistance is started, and when an acquired operator is inconsistent with a login person, security control operation is executed, so that the operator and the smart card user who logs in the security keyboard are ensured to be the same person, and further, data security is protected from malicious stealing in some key events.
Fig. 1 shows an office system provided by an embodiment of the present invention, and fig. 3 shows a security keyboard provided by an embodiment of the present invention. The office system and the security keyboard both adopt the above device authentication method, and only the structures of the office system and the security keyboard will be briefly described below, but please refer to the related description of the above device authentication method for other matters. Referring to fig. 1, an office system provided in an embodiment of the present invention includes: a secure keyboard 10 and a smart card 20; wherein:
the security keyboard 10 is configured to clear the local counter after establishing a short-distance wireless communication connection with the smart card 20, send a count synchronization request to the smart card 20 through the short-distance wireless communication connection, receive a count synchronization response returned by the smart card 20, add 1 to the local counter to obtain a current count value of the local counter, calculate the current count value of the local counter by using a preset algorithm to obtain an initial count check factor, and use the initial count check factor as the current count check factor of the security keyboard; the system is also used for monitoring whether a rolling period and a scanning period are reached, under the condition that the rolling period is monitored, adding 1 to the current count value of the local counter to obtain a new count value, taking the new count value as the current count value of the local counter, calculating the current count value of the local counter by adopting a preset algorithm to obtain a new count check factor, taking the new count check factor as the current count check factor, and continuously monitoring whether the rolling period is reached; under the condition of monitoring that the scanning period is reached, scanning the authentication factor broadcasted by the intelligent card 20, under the condition of scanning the authentication factor broadcasted by the intelligent card 20, comparing the current counting check factor with the authentication factor, if the current counting check factor is consistent with the authentication factor, continuously monitoring whether the rolling period and the scanning period are reached, if the current counting check factor is inconsistent with the authentication factor, respectively adding 1 to M to the current counting value of the local counter and respectively subtracting 1 to N from the current counting value of the local counter to obtain a plurality of corrected counting check factors, respectively calculating the plurality of corrected counting check factors by adopting a preset algorithm, respectively comparing the plurality of corrected counting check factors with the authentication factor, and if the current counting check factor is consistent with the authentication factor, modifying the current counting value of the local counter into a corrected counting check factor which is consistent with the comparison of the authentication factor, and continuously monitoring whether a rolling period and a scanning period are reached; and if the conditions are not consistent, executing corresponding safety control operation according to a preset safety strategy.
The smart card 20 is configured to, after establishing a short-distance wireless communication connection with the security keyboard 10, clear the local counter after receiving a counting synchronization request sent by the security keyboard 10 through the short-distance wireless communication connection, return a counting synchronization response to the security keyboard 10, add 1 to the local counter to obtain a current count value of the local counter, calculate a current count value of the local counter by using a preset algorithm to obtain an initial authentication factor, and use the initial authentication factor as a current authentication factor of the smart card 20; also for broadcasting the current authentication factor of the smart card 20; and the authentication module is further configured to monitor whether a rolling period is reached, add 1 to the current count value of the local counter to obtain a new count value under the condition that the rolling period is reached, use the new count value as the current count value of the local counter, calculate the current count value of the local counter by using a preset algorithm to obtain a new authentication factor, and use the new authentication factor as the current authentication factor of the smart card 20.
As an optional implementation manner in this embodiment, the smart card 20 is further configured to enter a sleep state when receiving a sleep instruction sent by the security keyboard.
As an optional implementation manner in this embodiment, the smart card 20 is further configured to enter a sleep mode after negotiating with the security keyboard to generate an initial authentication factor, and wake up every predetermined wake-up period after entering the sleep mode, and during the wake-up period, broadcast the current authentication factor of the smart card.
As an alternative implementation in this embodiment, the scrolling cycle of the smart card 20 is the same duration as the scrolling cycle of the secure keyboard 10.
Referring to fig. 3, the security keyboard 10 includes: the system comprises a communication module 101, a check factor rolling module 102, a monitoring module 103, a scanning detection module 104, an authentication module 105 and a safety control module 106; wherein:
the communication module 101 is configured to establish a short-range wireless communication connection with the smart card 10, trigger the local counter to zero, send a count synchronization request to the smart card 10 through the short-range wireless communication connection, and trigger the check factor rolling module 102 to operate after receiving a count synchronization response returned by the smart card 10;
the checking factor rolling module 102 is configured to, after the communication module 101 receives a counting synchronization response returned by the smart card 10, trigger the local counter to add 1 to obtain a current count value of the local counter, calculate the current count value of the local counter by using a preset algorithm to obtain an initial counting checking factor, use the initial counting checking factor as the current counting checking factor of the security keyboard, and trigger the monitoring module to operate 103;
the monitoring module 103 is used for monitoring whether a rolling period and a scanning period are reached, and triggering the verification factor rolling module to work 102 under the condition that the rolling period is reached; under the condition that the monitoring reaches the scanning period, triggering the scanning detection module 104 to work, wherein the rolling period is a first preset time length from the current counting verification factor to the next counting verification factor interval, and the scanning period is a second preset time length between two times of scanning;
the check factor rolling module 102 is further configured to, when the monitoring module 103 monitors that a rolling period is reached, trigger the local counter to add 1 to the current count value of the local counter to obtain a new count value, use the new count value as the current count value of the local counter, calculate the current count value of the local counter by using a preset algorithm to obtain a new count check factor, use the new count check factor as the current count check factor, and trigger the monitoring module 103;
a scanning detection module 104, configured to scan the authentication factor broadcasted by the smart card 20, and trigger the authentication module 105 in case of scanning the authentication factor broadcasted by the smart card 20;
the authentication module 105 compares the current counting check factor with the authentication factor, and if the current counting check factor is consistent with the authentication factor, the monitoring module 103 is triggered; if the current count values are inconsistent, triggering the local counter to respectively add 1 to M to the current count value of the local counter and respectively subtract 1 to N from the current count value of the local counter to obtain a plurality of corrected count values, respectively calculating the plurality of corrected count values by adopting a preset algorithm to obtain a plurality of corresponding corrected count check factors, respectively comparing the plurality of corrected count check factors with the authentication factor, if the current count values are consistent, modifying the current count value of the local counter into the corrected count value corresponding to the corrected count check factor which is consistent with the authentication factor in comparison, and triggering the monitoring module 103; if there is no match, then the security control module 106 is triggered, where M, N is a positive integer;
and the safety control module 106 is used for executing corresponding safety control operation according to a preset safety strategy.
As an optional implementation manner in this embodiment, the scanning detection module 104 is further configured to detect whether the authentication factor broadcasted by the smart card 20 is scanned within a preset monitoring threshold under the condition that the authentication factor broadcasted by the smart card 20 is not scanned, and if the authentication factor broadcasted by the smart card 20 is scanned, trigger the authentication module 105; if not, detecting whether the authentication factor broadcasted by the intelligent 20 card is scanned within a preset time interval; if so, the authentication module 105 is triggered; if not, the security control module 106 is triggered.
As an optional implementation manner in this embodiment, the security keyboard 10 further includes: a face verification module 107;
the monitoring module 103 is further configured to monitor whether a predetermined key event occurs, and trigger the face verification module 107 when the predetermined key event occurs; wherein the predetermined key event comprises at least one of: the security keyboard 10 obtains an initial counting verification factor, the security keyboard 10 receives an encryption input instruction, and the security keyboard 10 identifies that a password is received for input;
and the face verification module 107 is used for starting the camera device to acquire face image information of the user and performing face identification authentication on the face image information.
As an optional implementation manner in this embodiment, the security control module 106 performs the corresponding security control operation according to the predetermined security policy at least by the following manners: triggering the communication module 101 to send a sleep instruction to the smart card 20; the communication module 101 is further configured to send a sleep command to the smart card 20.
As an optional implementation manner in this embodiment, the security keyboard 10 further includes: and the clearing module 108 is used for deleting all the count check factors stored by the security keyboard after the security control module 106 executes the security control operation.
Through office system and the security keyboard that this embodiment provided, security keyboard can be real-timely authenticate the smart card, in case the authentication can't pass, then carry out the safety control operation to guarantee to be the user of same smart card and legal smart card user at the login use this security keyboard all the time after the communication is established to staff's smart card and security keyboard, protect this staff's business secret, avoid irrelevant personnel to carry out corresponding operation at this security keyboard, cause the information leakage. During authentication, the loss of synchronism caused by packet loss or clock offset can be avoided, the safety keyboard can correct errors by itself, and the safety keyboard and the authentication factor at the side of the intelligent card can be kept synchronous after the loss of synchronism.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (14)
1. A device authentication method, comprising:
step 1, establishing short-distance wireless communication connection between a safety keyboard and an intelligent card;
step 2, the safety keyboard clears a local counter and sends a counting synchronization request to the intelligent card through the short-distance wireless communication connection;
step 3, the security keyboard receives a counting synchronization response returned by the smart card, adds 1 to the local counter to obtain a current counting value of the local counter, calculates the current counting value of the local counter by adopting a preset algorithm to obtain an initial counting check factor, and takes the initial counting check factor as the current counting check factor of the security keyboard;
step 4, the safety keyboard monitors whether a rolling period and a scanning period are reached, if the rolling period is reached, step 5 is executed, and if the scanning period is reached, step 6 is executed, wherein the rolling period is a first preset time length from the current counting verification factor to the next counting verification factor interval, and the scanning period is a second preset time length between two times of scanning;
step 5, the security keyboard adds 1 to the current count value of the local counter to obtain a new count value, the new count value is used as the current count value of the local counter, the current count value of the local counter is calculated by adopting the preset algorithm to obtain a new count check factor, and the new count check factor is used as the current count check factor; and returning to the step 4;
step 6, the security keyboard scans the authentication factor broadcasted by the smart card, and if the authentication factor broadcasted by the smart card is scanned, the step 7 is executed;
step 7, comparing the current counting check factor with the authentication factor, if the current counting check factor is consistent with the authentication factor, returning to the step 4, and if the current counting check factor is inconsistent with the authentication factor, executing the step 8;
step 8, adding 1 to M to the current count value of the local counter respectively, subtracting 1 to N from the current count value of the local counter respectively to obtain a plurality of corrected count values, calculating the plurality of corrected count values respectively by adopting the preset algorithm to obtain a plurality of corresponding corrected count check factors, comparing the plurality of corrected count check factors with the authentication factor respectively, modifying the current count value of the local counter into the corrected count value corresponding to the corrected count check factor which is consistent with the authentication factor in comparison if the corrected count check factors are consistent with each other, and returning to the step 4; if there is no match, then step 9 is performed, where M, N is a positive integer;
and 9, executing corresponding security control operation by the security keyboard according to a preset security policy.
2. The method of claim 1,
in the case where the authentication factor sent by the smart card is not scanned, the method further comprises:
the security keyboard detects whether the authentication factor broadcasted by the smart card is scanned within a preset monitoring threshold, and if the authentication factor broadcasted by the smart card is scanned, the step 7 is executed; if not, detecting whether the authentication factor broadcasted by the smart card is scanned within a preset time interval; if so, executing the step 7; if not, step 9 is performed.
3. The method of claim 2,
the method also comprises the following steps in the step 4: the safety keyboard monitors whether a preset key event occurs or not, and executes the step 10 under the condition that the preset key event occurs;
step 10, the safety keyboard starts a camera device to collect face image information of a user, and face identification authentication is carried out on the face image information; wherein the predetermined key event comprises at least one of: the security keyboard obtains the initial counting verification factor, the security keyboard receives an encryption input instruction, and the security keyboard identifies and receives password input.
4. The method according to any one of claims 1 to 3,
the security keyboard executes corresponding security control operation according to a preset security policy, and the security control operation at least comprises the following steps: and the safety keyboard sends a sleep instruction to the intelligent card.
5. The method of claim 4,
after the security keyboard performs the corresponding security control operation according to the predetermined security policy, the method further includes:
the security keyboard deletes all count check factors stored locally.
6. The method of claim 5, wherein after the secure keyboard receives a count synchronization response returned by the smart card, the method further comprises:
the smart card enters a sleep mode, and is awakened once every preset awakening period after entering the sleep mode, and the current authentication factor of the smart card is broadcasted during the awakening period.
7. A security keyboard, comprising:
the communication module is used for establishing short-distance wireless communication connection with the intelligent card, triggering a local counter to be reset, sending a counting synchronization request to the intelligent card through the short-distance wireless communication connection, and triggering a check factor rolling module after receiving a counting synchronization response returned by the intelligent card;
the check factor rolling module is used for triggering the local counter to add 1 to obtain the current count value of the local counter after the communication module receives the count synchronization response returned by the smart card, calculating the current count value of the local counter by adopting a preset algorithm to obtain an initial count check factor, taking the initial count check factor as the current count check factor of the safety keyboard, and triggering the monitoring module to work;
the monitoring module is used for monitoring whether a rolling period and a scanning period are reached or not, and triggering the check factor rolling module to work under the condition that the rolling period is reached; under the condition that the scanning period is reached, triggering a scanning detection module to work, wherein the rolling period is a first preset time length from the current counting verification factor to the next counting verification factor interval, and the scanning period is a second preset time length between two times of scanning;
the check factor rolling module is further configured to, when the monitoring module monitors that the rolling period is reached, trigger the local counter to add 1 to a current count value of the local counter to obtain a new count value, use the new count value as the current count value of the local counter, calculate the current count value of the local counter by using the preset algorithm to obtain a new count check factor, use the new count check factor as the current count check factor, and trigger the monitoring module;
the scanning detection module is used for scanning the authentication factor broadcasted by the intelligent card and triggering the authentication module under the condition that the authentication factor broadcasted by the intelligent card is scanned;
the authentication module is further configured to compare the current counting and checking factor with the authentication factor, and if the current counting and checking factor is consistent with the authentication factor, the monitoring module is triggered; if the current count values are inconsistent, triggering the local counter to respectively add 1 to M to the current count value of the local counter and respectively subtract 1 to N from the current count value of the local counter to obtain a plurality of corrected count values, respectively calculating the plurality of corrected count values by adopting the preset algorithm to obtain a plurality of corresponding corrected count check factors, respectively comparing the plurality of corrected count check factors with the authentication factor, if the current count values are consistent, modifying the current count value of the local counter into the corrected count value corresponding to the corrected count check factor which is consistent with the authentication factor in comparison, and triggering the monitoring module; if there is no match, triggering the safety control module, wherein M, N is a positive integer;
and the safety control module is used for executing corresponding safety control operation according to a preset safety strategy.
8. The security keyboard of claim 7,
the scanning detection module is further configured to detect whether the authentication factor broadcasted by the smart card is scanned within a preset monitoring threshold under the condition that the authentication factor broadcasted by the smart card is not scanned, and if the authentication factor broadcasted by the smart card is scanned, trigger the authentication module; if not, detecting whether the authentication factor broadcasted by the intelligent card is scanned within a preset time interval; if the scanning is finished, triggering the authentication module; and if not, triggering the safety control module.
9. The security keyboard of claim 8, further comprising: a face verification module;
the monitoring module is also used for monitoring whether a preset key event occurs or not, and triggering the face verification module under the condition that the preset key event occurs; wherein the predetermined key event comprises at least one of: the security keyboard obtains the initial counting verification factor, the security keyboard receives an encryption input instruction, and the security keyboard identifies and receives password input;
the face verification module is used for starting the camera device to collect face image information of a user and carrying out face identification authentication on the face image information.
10. The security keyboard of any one of claims 7-9,
the security control module executes corresponding security control operation according to a preset security policy at least by the following means: triggering the communication module to send a sleep instruction to the smart card;
the communication module is further configured to send the sleep instruction to the smart card.
11. The security keyboard of claim 10, further comprising:
and the emptying module is used for deleting all the counting and checking factors stored by the safety keyboard after the safety control module executes the safety control operation.
12. An office system, comprising: a smart card and a secure keyboard as claimed in any one of claims 7 to 11, wherein:
the smart card is used for establishing short-distance wireless communication connection with the security keyboard, clearing a local counter after receiving a counting synchronization request sent by the security keyboard through the short-distance wireless communication connection, returning a counting synchronization response to the security keyboard, adding 1 to the local counter to obtain a current count value of the local counter, calculating the current count value of the local counter by adopting a preset algorithm to obtain an initial authentication factor, and taking the initial authentication as the current authentication factor of the smart card; the system is also used for broadcasting the current authentication factor of the smart card; and the authentication device is further used for monitoring whether a rolling period is reached, adding 1 to the current count value of the local counter to obtain a new count value under the condition of monitoring that the rolling period is reached, taking the new count value as the current count value of the local counter, calculating the current count value of the local counter by adopting the preset algorithm to obtain a new authentication factor, and taking the new authentication factor as the current authentication factor of the smart card.
13. The office system of claim 12,
the smart card is also used for entering a dormant state under the condition of receiving a dormant instruction sent by the safety keyboard.
14. The office system of claim 12,
the smart card is further configured to enter a sleep mode after a count synchronization response is returned to the security keyboard, and wake up the smart card once every predetermined wake-up period after entering the sleep mode, and broadcast a current second authentication factor of the smart card during the wake-up period.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910560518.3A CN112149083B (en) | 2019-06-26 | 2019-06-26 | Equipment authentication method, security keyboard and office system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910560518.3A CN112149083B (en) | 2019-06-26 | 2019-06-26 | Equipment authentication method, security keyboard and office system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112149083A true CN112149083A (en) | 2020-12-29 |
| CN112149083B CN112149083B (en) | 2023-12-12 |
Family
ID=73869702
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910560518.3A Active CN112149083B (en) | 2019-06-26 | 2019-06-26 | Equipment authentication method, security keyboard and office system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112149083B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685330A (en) * | 2012-05-15 | 2012-09-19 | 江苏中科梦兰电子科技有限公司 | Method for logging in operation system by taking cell phone as authentication tool |
| US20120260324A1 (en) * | 2009-11-06 | 2012-10-11 | Emue Holdings Pty Ltd. | Method and a system for validating identifiers |
| CN103839322A (en) * | 2013-07-10 | 2014-06-04 | 天地融科技股份有限公司 | Intelligent card, verification data output method, operation request response method and system |
| CN107038777A (en) * | 2017-03-29 | 2017-08-11 | 云丁网络技术(北京)有限公司 | A kind of safety communicating method and its intelligent door lock system based on intelligent door lock system |
| CN107231235A (en) * | 2016-08-02 | 2017-10-03 | 天地融科技股份有限公司 | Electronics strip generation method, business handling system and intelligent cipher key equipment |
-
2019
- 2019-06-26 CN CN201910560518.3A patent/CN112149083B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120260324A1 (en) * | 2009-11-06 | 2012-10-11 | Emue Holdings Pty Ltd. | Method and a system for validating identifiers |
| CN102685330A (en) * | 2012-05-15 | 2012-09-19 | 江苏中科梦兰电子科技有限公司 | Method for logging in operation system by taking cell phone as authentication tool |
| CN103839322A (en) * | 2013-07-10 | 2014-06-04 | 天地融科技股份有限公司 | Intelligent card, verification data output method, operation request response method and system |
| CN107231235A (en) * | 2016-08-02 | 2017-10-03 | 天地融科技股份有限公司 | Electronics strip generation method, business handling system and intelligent cipher key equipment |
| CN107038777A (en) * | 2017-03-29 | 2017-08-11 | 云丁网络技术(北京)有限公司 | A kind of safety communicating method and its intelligent door lock system based on intelligent door lock system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112149083B (en) | 2023-12-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107734502B (en) | Micro base station communication management method, system and equipment based on block chain | |
| CN104727658B (en) | Smart lock, Intelligent key and its control method and device | |
| JP4679205B2 (en) | Authentication system, apparatus, method, program, and communication terminal | |
| CN106780901A (en) | A kind of intelligent door lock system and its application based on mobile phone MAC Address | |
| EP3941014A1 (en) | Digital key-based identity authentication method, terminal apparatus, and medium | |
| CN109920100B (en) | Unlocking method and system of intelligent lock | |
| CN104751032A (en) | Authentication method and authentication device | |
| CN101847279A (en) | Network human face recognition system with intelligent management system and recognition method thereof | |
| US20150278556A1 (en) | Centralized security for a computing device | |
| US10229291B2 (en) | Method and system for cryptographically enabling and disabling lockouts for critical operations in a smart grid network | |
| CN105530356A (en) | Mobile communication terminal and data protection method and apparatus thereof | |
| WO2017166775A1 (en) | Method of ensuring security, device and smart terminal | |
| WO2022002146A1 (en) | Smart device control method and system | |
| CN110930574A (en) | Access control method and system and intelligent device | |
| EP3039896A1 (en) | Method and network node device for controlling the run of technology specific push-button configuration sessions within a heterogeneous or homogeneous wireless network and heterogeneous or homogeneous wireless network | |
| CN108337235B (en) | Method and system for executing security operation by using security device | |
| CN112153642B (en) | Equipment authentication method in office environment, office equipment and system | |
| CN112149083B (en) | Equipment authentication method, security keyboard and office system | |
| CN112149099B (en) | Office safety control method, safety keyboard and office system | |
| CN108629876A (en) | Alarm method, equipment and the computer readable storage medium of lockset | |
| CN112149096A (en) | Office authentication method, security keyboard and office system | |
| CN112152810B (en) | Safety control method, device and system | |
| KR100250976B1 (en) | Detection and managment method of terminal copying in wireless communication service | |
| CN113038464B (en) | Information transmission method and equipment | |
| CN112152960B (en) | Office system safety control method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |