CN112149098B - Office system safety control method, device and system - Google Patents
Office system safety control method, device and system Download PDFInfo
- Publication number
- CN112149098B CN112149098B CN201910560951.7A CN201910560951A CN112149098B CN 112149098 B CN112149098 B CN 112149098B CN 201910560951 A CN201910560951 A CN 201910560951A CN 112149098 B CN112149098 B CN 112149098B
- Authority
- CN
- China
- Prior art keywords
- time
- smart card
- factor
- password keyboard
- current
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000012795 verification Methods 0.000 claims abstract description 94
- 238000005096 rolling process Methods 0.000 claims abstract description 63
- 238000004891 communication Methods 0.000 claims abstract description 42
- 238000012544 monitoring process Methods 0.000 claims abstract description 41
- 230000004044 response Effects 0.000 claims description 18
- 238000001514 detection method Methods 0.000 claims description 12
- 239000000758 substrate Substances 0.000 claims 1
- 230000006870 function Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 4
- 238000012905 input function Methods 0.000 description 4
- 230000000737 periodic effect Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Lock And Its Accessories (AREA)
Abstract
The invention provides an office system safety control method, device and system, wherein the method comprises the following steps: step 1, establishing communication connection; step 2, time synchronization; step 3, acquiring a current first time check factor; step 4, monitoring a verification factor rolling period and an authentication scanning period; step 5, the rolling period is reached, the current time of the local clock is obtained, and the current first time check factor is obtained; step 6, reaching a scanning period, and scanning a second time check factor; step 7, scanning, namely judging whether the second time check factor is consistent with the first time check factor, if yes, step 4, and if not, step 10; step 8, if not, judging whether the time interval from the last scanning to the second time check factor exceeds the first preset time, if yes, step 10, and if not, step 9; step 9, waiting for a second preset time, scanning a second time check factor, scanning to step 7, and not scanning to step 8; and step 10, executing a safety control operation.
Description
Technical Field
The present invention relates to the field of electronic technologies, and in particular, to a method, an apparatus, and a system for controlling office security.
Background
Currently, in order to ensure the security of an office system, in the conventional solution, when a user logs in the office system for the first time, the user inputs a user name and a password or a password, the system authenticates the user name and the password or the password input by the user, after the authentication is passed, the user can use the office system until the user manually logs out of a login state or manually locks a screen, and re-authentication is needed when the user uses the office system again.
By adopting the security control means, after the authentication of the user passes, the use state of the user cannot be monitored in real time, and under the condition that the user does not manually log out of the login state or manually lock the screen, no matter whether the user is on site or not, the security control cannot be executed, but in actual use, after the authentication passes, the user is likely to leave the office temporarily before manually logging out of the login state or manually locking the screen, and during the period, the office system does not execute the security control, other users may illegally use the office system, so that the information leakage or the office system is subjected to illegal attack and other problems are caused.
Disclosure of Invention
The present invention aims to solve the above technical problems.
The invention mainly aims to provide an office system safety control method.
Another object of the present invention is to provide an office system safety control device.
It is yet another object of the present invention to provide an office system security control system.
In order to achieve the above purpose, the technical scheme of the invention is specifically realized as follows:
In one aspect, the present invention provides a method for controlling security of an office system, including: step 1, a close range wireless communication connection is established between a password keyboard and a smart card; step 2, the password keyboard sends a time synchronization request to the smart card through the short-distance wireless communication connection; step 3, the password keyboard receives a time synchronization response returned by the smart card, obtains the current time of a local clock as the current time of the password keyboard, calculates the current time of the password keyboard by adopting a preset algorithm to obtain an initial time check factor, and takes the initial time check factor as a current first time check factor; step 4, the password keyboard monitors whether a preset check factor rolling period and an authentication scanning period are reached, and if the check factor rolling period is monitored, step 5 is executed, and if the authentication scanning period is monitored, step 6 is executed; step 5, obtaining the current time of the local clock as the current time of the password keyboard, adopting the preset algorithm to calculate the current time of the password keyboard to obtain a new first time check factor, taking the new first time check factor as the current first time check factor, and returning to the step 4; step 6, the password keyboard sends a scanning instruction to the smart card, scans a second time check factor sent by the smart card, executes step 7 when the second time check factor sent by the smart card is scanned, and executes step 8 when the second time check factor sent by the smart card is not scanned; step 7, the password keyboard judges whether the scanned second time check factor is consistent with the current first time check factor of the password keyboard, if so, the step 4 is returned, otherwise, the step 10 is executed; step 8, the password keyboard judges whether the time interval from the last scanning of the current distance to the second time check factor sent by the smart card exceeds the first preset time, if so, the step 10 is executed, otherwise, the step 9 is executed; step 9, after the password keyboard waits for a second preset time, sending a scanning instruction to the smart card, scanning a second time check factor sent by the smart card, executing step 7 under the condition that the second time check factor sent by the smart card is scanned, and executing step 8 under the condition that the second time check factor sent by the smart card is not scanned, wherein the second preset time is smaller than the first preset time; and step 10, the password keyboard executes corresponding first security control operation according to a preset security policy.
Optionally, the step 4 further includes: the password keyboard monitors whether a preset key event occurs, and if so, the step 11 is executed; and step 11, the password keyboard starts the camera device to collect face data of a user, judges whether the collected face data is matched with authentication face data stored in the password keyboard, returns to step 4 if yes, and otherwise, executes step 10.
Optionally, the predetermined critical event includes at least one of: the password keyboard acquires a current first time check factor, the password keyboard receives an encryption input instruction, and the password keyboard receives the password input instruction.
Optionally, after the keypad performs the corresponding first security control operation according to the predetermined security policy, the method further includes: and deleting all the first time check factors stored locally by the password keyboard.
Optionally, after the password keyboard receives the time synchronization response returned by the smart card, the method further includes: and the smart card enters a dormant state and wakes up once every a preset wake-up period, and the current second time check factor of the smart card is broadcasted during the wake-up period.
Optionally, after the password keyboard receives the time synchronization response returned by the smart card, the method further includes: -the smart card determining whether a scan authentication command sent by the cryptographic keypad has been received within the first predetermined time, if so, the smart card sending a current second time check factor for the smart card, otherwise, the smart card deleting all locally stored second time check factors.
Optionally, in the step 6, in the case that the second time check factor sent by the smart card is not scanned, before performing the step 8, the method further includes: and the password keyboard judges whether the time interval from the last scanning of the current distance to the second time check factor sent by the smart card exceeds a preset threshold, if not, the step 4 is returned, if so, the corresponding second security control operation is executed according to a preset security policy, and then the step 8 is executed.
Another aspect of the present invention provides an office system security control apparatus, located in a keypad, comprising: the communication module is used for establishing short-distance wireless communication connection with the smart card, sending a time synchronization request to the smart card through the short-distance wireless communication connection, and triggering the verification factor rolling module after receiving a time synchronization response returned by the smart card; the verification factor rolling module is used for acquiring the current time of the local clock as the current time of the password keyboard after the communication module receives the time synchronization response returned by the intelligent card, calculating the current time of the password keyboard by adopting a preset algorithm to obtain an initial time verification factor, and taking the initial time verification factor as a current first time verification factor; the period monitoring module is used for monitoring whether a preset check factor rolling period or an authentication scanning period is reached, triggering the check factor rolling module under the condition that the check factor rolling period is monitored, and triggering the heartbeat detection module under the condition that the authentication scanning period is monitored; the verification factor rolling module is further configured to, when the period monitoring module monitors that the verification factor rolling period is reached, obtain a current time of a local clock as a current time of the password keyboard, calculate the current time of the password keyboard by using the preset algorithm to obtain a new first time verification factor, and trigger the period monitoring module by using the new first time verification factor as the current first time verification factor; the heartbeat detection module is used for sending a scanning authentication instruction to the intelligent card, scanning a second time check factor sent by the intelligent card, triggering the check factor verification module under the condition that the second time check factor sent by the intelligent card is scanned, and triggering the reconnection verification module under the condition that the second time check factor sent by the intelligent card is not scanned; the verification factor verification module is used for judging whether the scanned second time verification factor is consistent with the current first time verification factor of the password keyboard, and triggering the period monitoring module if the scanned second time verification factor is consistent with the current first time verification factor, otherwise triggering the safety control module; the reconnection verification module is used for judging whether the time interval from the last scanning of the current distance to the second time check factor broadcasted by the smart card exceeds a first preset time, if so, triggering the safety control module, and if not, triggering the reconnection data monitoring module; the loopback data monitoring module is configured to send a scanning instruction to the smart card after waiting for a second predetermined time, scan a second time check factor sent by the smart card, trigger the time check factor verification module when the second time check factor sent by the smart card is scanned, and trigger the loopback verification module when the second time check factor sent by the smart card is not scanned, where the second predetermined time is less than the first predetermined time; the safety control module is used for executing corresponding first safety control operation according to a preset safety strategy.
Optionally, the method further comprises: a face verification module; the period monitoring module is also used for triggering the face verification module when monitoring that the occurrence of the preset key event occurs or not; the face verification module is used for starting the camera device to collect face data of a user, judging whether the collected face data is matched with authentication face data stored in the password keyboard, if so, triggering the period monitoring module, and if not, triggering the safety control module.
Optionally, the method further comprises: and the key clearing module is used for deleting all first time check factors stored by the password keyboard after the security control module executes the first security control operation.
Optionally, the method further comprises: the threshold detection module is configured to determine, before triggering the loopback verification module, whether a time interval from a previous scan of the current distance to the second time verification factor sent by the smart card exceeds a predetermined threshold, if not, trigger the period monitoring module, and if not, execute a corresponding second security control operation according to a predetermined security policy, and then trigger the loopback verification module.
The invention also provides an office system safety control system, which comprises a password keyboard and a smart card, wherein the password keyboard comprises the office system safety control device; the smart card is used for: establishing short-distance wireless communication connection with the password keyboard; after receiving a time synchronization request sent by the password keyboard through the short-distance wireless communication connection, returning a time synchronization response to the password keyboard, acquiring the current time of a local clock as the current time of the smart card, and calculating the current time of the smart card by adopting a preset algorithm to obtain a current second time check factor of the smart card; receiving a scanning authentication instruction sent by the password keyboard, and sending a current second time check factor of the smart card; and when the rolling period of the check factor is monitored, acquiring the current time of the local clock as the current time of the intelligent card, adopting the preset algorithm to calculate the current time of the intelligent card to obtain a new second time check factor, and taking the new second time check factor as the current second time check factor of the intelligent card.
Optionally, the smart card is further configured to delete all the second time check factors stored locally if the scan authentication instruction sent by the password keyboard is not received within a predetermined period of time.
Optionally, the smart card is further configured to enter a sleep state after returning a time synchronization response to the cryptographic keyboard, wake up once every predetermined wake-up period, and broadcast a current second time check factor of the smart card during wake-up.
According to the technical scheme provided by the invention, the short-distance wireless communication connection is established between the password keyboard and the smart card, the time check factor is negotiated, the time check factor is updated according to a preset check factor rolling period, the time check factor sent by the smart card is scanned according to a preset authentication scanning period, and the security control operation is executed under the condition that the time check factor sent by the smart card is not scanned within a preset time interval, so that after a user logs in, whether the user leaves the password keyboard can be monitored in real time, and the security control operation is executed under the condition that the user leaves the password keyboard for more than a preset time, and the problems that information leakage or the office system is attacked by illegality and the like caused by illegal use of the office system by other users during the leaving period of the user are avoided.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an architecture of an office system security control system according to embodiment 1 of the present invention;
Fig. 2 is a flowchart of an office system security control method provided in embodiment 2 of the present invention;
fig. 3 is a schematic structural diagram of an office system security control device according to embodiment 3 of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to fall within the scope of the invention.
In the description of the present invention, it should be understood that the terms "center", "longitudinal", "lateral", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", etc. indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, are merely for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or position.
In the description of the present invention, it should be noted that, unless explicitly specified and limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be either fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Example 1
The embodiment provides an office system safety control system.
Fig. 1 is a schematic architecture diagram of an office system security control system according to the present embodiment, as shown in fig. 1, where the office system security control system mainly includes: a keypad 10 and a smart card 20. In this embodiment, a unique user identification, for example, a user ID, may be stored in the smart card 20, and the identity of the user may be determined by the smart card 20.
In this embodiment, the keypad 10 establishes a short-range wireless communication connection with the smart card 20. In a specific application, wireless communication between the keypad 10 and the smart card 20 may be established through bluetooth, WIFI, etc., which is not limited in this embodiment.
In a specific application, before the wireless communication connection is established between the keypad 10 and the smart card 20, identity authentication can be performed between the keypad and the smart card 20 by means of swiping a card, scanning a code, and the like. For example, a card reading module is arranged on the password keyboard 10, when a user needs to log in an office system, the smart card 20 is placed at the card reading module of the password keyboard 10 to read identity authentication information stored in the smart card 20 by the password keyboard 10, the identity authentication information can be a user name, a password and the like, then the password keyboard 10 performs identity authentication on the read identity authentication information, and after the identity authentication passes, the secure login is completed.
When the wireless communication connection is established between the keypad 10 and the smart card 20, the device information of both sides can be exchanged between the keypad 10 and the smart card 20, and the wireless communication connection is established through the exchanged device information, for example, if the bluetooth connection is established between the keypad 10 and the smart card 20, the bluetooth connection information can be exchanged between the keypad 10 and the smart card 20, and bluetooth pairing is performed, thereby completing the bluetooth connection.
After the short-range wireless communication connection is established, the code keyboard 10 and the smart card 20 can perform time synchronization, and after the time synchronization, the code keyboard 10 and the smart card 20 acquire the current time of the local clocks and calculate the current time by adopting a preset algorithm to obtain an initial time verification factor. The keypad 10 and the smart card 20 respectively use the initial time check factor as a current first time check factor of the keypad 10 and a current second time check factor of the smart card 20. In a particular application, keypad 10 is time synchronized with smart card 20 after keypad 10 has authenticated smart card 20. The preset algorithm may be a hash algorithm or an encryption algorithm, which is not limited in this embodiment.
In this embodiment, when the keypad 10 performs time synchronization with the smart card 20, a time synchronization request may be sent by the keypad 10 to the smart card 20, where the time synchronization request may carry the current time of the local clock of the keypad. After receiving the time synchronization request sent by the keypad 10, the smart card 20 calibrates the current time of the local clock of the smart card 20 to the current time of the local clock of the keypad 10 carried in the time synchronization request, so as to achieve time synchronization with the keypad 10.
As an optional implementation manner in this embodiment, the current time check factor obtained by calculating the current time of the local clock by using the preset algorithm adopted by the keypad 10 and the smart card 20 includes one of the following: and taking the current time of the local clock as a time check factor, or adopting a hash algorithm or an encryption algorithm to calculate the current time of the local clock to obtain the time check factor.
In the embodiment of the present invention, after the password keyboard 10 is time-synchronized with the smart card 20 to obtain the initial time verification factor, the password keyboard 10 monitors whether the predetermined verification factor rolling period and authentication scanning period are reached:
(1) Under the condition that the rolling period of the check factor is monitored, the current time of the local clock is obtained to be used as the current time of the password keyboard, a preset algorithm is adopted to calculate the current time of the password keyboard to obtain a new first time check factor, the new first time check factor is used as the current first time check factor, and then whether the rolling period and the authentication scanning period of the predetermined check factor are reached or not is continuously monitored.
Based on the check-factor rolling period, the current value of the local clock changes every time the check-factor rolling period is monitored, and therefore, the first time check factor obtained every time is different. The time check factor obtained by the password keyboard and the smart card should be consistent with each other while maintaining the rolling synchronization of the check factor.
(2) When the authentication scanning period is monitored, the password keyboard 10 sends a scanning instruction to the smart card 20, the second time check factor sent by the smart card 20 is scanned, whether the scanned second time check factor is consistent with the current first time check factor of the password keyboard 10 is judged under the condition that the second time check factor sent by the smart card 20 is scanned, and under the condition that the scanned second time check factor is consistent with the current first time check factor of the password keyboard 10, whether the preset check factor rolling period and the authentication scanning period are reached is continuously monitored, and under the condition that the scanned second time check factor is inconsistent with the current first time check factor, the password keyboard 10 executes corresponding first safety control operation according to a preset safety strategy; if the second time check factor transmitted by the smart card 20 is not scanned, the code keyboard 10 judges whether the time interval between the current distance and the second time check factor transmitted by the smart card 20 is more than a first preset time, if so, the code keyboard 10 executes corresponding first security control operation according to a preset security policy, otherwise, after the code keyboard 10 waits for the second preset time, a scanning instruction is transmitted to the smart card 20, the second time check factor transmitted by the smart card 20 is scanned, if the second time check factor transmitted by the smart card 20 is scanned, the code keyboard 10 judges whether the scanned second time check factor is consistent with the current first time check factor of the code keyboard 10, if not, the code keyboard 10 continues to monitor whether the preset check factor rolling period and the preset authentication scanning period are reached, if not, the corresponding first security control operation is executed according to the preset security policy, and if the second time check factor transmitted by the smart card 20 is not scanned, the code keyboard 10 returns to execute the first security control operation for judging whether the time interval between the current distance and the second time check factor transmitted by the smart card 20 is more than the first preset time, wherein the first preset time is less than the first preset time.
In the embodiment of the present invention, the duration of the second predetermined time may be less than the duration of the authentication scan period, that is, in the embodiment of the present invention, when the password keyboard 10 arrives in a certain authentication scan period, if the second time check factor sent by the smart card 20 is not scanned, the password keyboard 10 may shorten the scan period, scan the second time check factor sent by the smart card 20, and timely authenticate the second time check factor of the smart card 20.
According to the office system security control system provided by the embodiment of the invention, the password keyboard 10 is connected with the smart card 20 in a short-distance wireless communication manner, time synchronization is performed, an initial time check factor is determined, a first time check factor is updated according to a preset check factor rolling period, a second time check factor transmitted by the smart card is scanned according to a preset authentication scanning period, and under the condition that the second time check factor transmitted by the smart card is not scanned within a preset time interval, a first security control operation is performed, so that after a user logs in, whether the user leaves the password keyboard can be monitored in real time, and under the condition that the user leaves the password keyboard for more than a preset time, the security control operation is performed, and the problems that information leakage or the office system is attacked by illegally and the like due to illegal use of the office system by other users during the user leaving period are avoided.
In an optional implementation manner of the embodiment of the present invention, when the second time check factor sent by the smart card 20 is not scanned, the keypad 10 may determine whether the time interval from the previous scanning to the second time check factor sent by the smart card 20 exceeds a predetermined threshold before determining whether the time interval from the previous scanning to the second time check factor sent by the smart card 20 exceeds a first preset time, and if so, execute a corresponding second security control operation according to a predetermined security policy, and then determine whether the time interval from the previous scanning to the second time check factor sent by the smart card 20 exceeds the first preset time. Wherein the time value indicated by the predetermined threshold is smaller than the time value indicated by the first preset time.
In the above alternative embodiment, the first safety control operation is a different safety operation from the second safety control operation, and in a specific application, the first safety control operation may be a more stringent safety control operation than the second safety control operation, for example, the first safety control operation may include: an instruction to log out of the system is sent to the main processor of the keypad 10 and/or a shutdown instruction is sent to the main processor of the keypad 10. And the second safety control operation may include: a screen lock instruction is sent to the main processor of the keypad 10 and/or an alarm instruction is sent to an alarm of the keypad 10, etc. With this alternative embodiment, a hierarchical security control policy may be implemented, for example, in a specific application, the predetermined threshold may be set to 5 minutes, the first preset time may be set to 10 minutes, the keypad 10 does not scan the second time check factor sent by the smart card 20 within 5 minutes, then the second security control operation is implemented, a screen lock instruction is sent to the main processor of the keypad 10 and/or an alarm instruction is sent to the alarm of the keypad 10, the host screen lock and/or the alarm alarms, but the keypad 10 maintains the rolling of the time check factor, if the second time check factor sent by the smart card 20 is between 5 and 10 minutes, then the received second time check factor is authenticated, after the authentication is passed, the rolling of the time check factor is continued, and the second time check factor sent by the smart card 20 is periodically scanned, if the second time check factor sent by the smart card 20 is not yet received for 10 minutes, then the first security control operation is implemented, an instruction to log out the system is sent to the main processor of the keypad 10 and/or a shutdown instruction is sent to the main processor of the keypad 10, and after the corresponding time check factor is not received, the current time check factor is executed.
In an optional implementation manner of the embodiment of the present invention, in order to ensure the security of some key operations, after performing time synchronization with the smart card 20 and determining an initial time verification factor, the keypad 10 monitors whether a predetermined key event occurs at the same time, and if the occurrence of the key event is monitored, the keypad 10 starts the camera device to collect face data of the user, determines whether the collected face data matches with authentication face data stored in the keypad 10, if yes, continues to monitor, otherwise, performs the first security control operation. In this alternative embodiment, the authentication face data stored in the keypad 10 may be input by the user at the time of registration, or may be input at other times, for example, before the user needs to activate certain specific functions, which is not limited in this embodiment. By the alternative embodiment, the password keyboard 10 can verify the face of the current operator before executing some key operations, further ensure the identity of the current user and avoid the theft of the account number of the user.
In the above alternative embodiments, the predetermined critical events include, but are not limited to, at least one of:
(1) The password keyboard 10 and the smart card 20 acquire an initial time check factor to finish; that is, after the password keyboard 10 obtains the initial time check factor with the smart card 20, face information of the user is collected, and the collected face information is authenticated. With this alternative embodiment, the keypad 10 may initiate time check factor scrolling and authentication scanning after ensuring the identity of the user, which may save flow.
(2) The password keyboard 10 receives an encryption input instruction; in this alternative embodiment, the office system is provided with an encryption input function, that is, the information input by the user through the keyboard is encrypted information, when the user inputs an encryption input instruction, the function is started, and when the user starts the function, the password keyboard 10 collects face information of the user and authenticates the collected face information. With this alternative embodiment, the keypad 10 may turn on the encryption input function while ensuring the identity of the user.
(3) The code keypad 10 receives a code input instruction. That is, in this alternative embodiment, when a password (for example, PIN code or the like) needs to be input into the office system, the password keyboard 10 collects face information of the user first, and authenticates the collected face information. With this alternative embodiment, the password keypad 10 may allow the user to input the password again while ensuring the identity of the user, thereby ensuring the security of the password.
In the embodiment of the present invention, when the password keyboard 10 does not scan the second time verification factor sent by the smart card 20 within the first predetermined time, it is indicated that the time of the smart card 20 away from the password keyboard 10 has exceeded the first predetermined time, and since the smart card 20 is carried on the user, it can be determined that the user has been away from the password keyboard 10, and therefore, in the embodiment of the present invention, the password keyboard 10 performs the corresponding first security control operation according to the predetermined security policy, so that it can be ensured that the first security policy is performed after the user has been away from the password keyboard 10 for a certain time, and thus, the problem that the office system is illegally used by other people can be avoided. In an alternative implementation manner of the embodiment of the present invention, in order to facilitate the next use of the user, after the keypad 10 performs the corresponding first security control operation according to the predetermined security policy, the keypad 10 may delete all the first time check factors stored locally, so as to facilitate the subsequent use of the keypad 10.
In the embodiment of the present invention, the smart card 20 may broadcast the current second time check factor of the smart card 20 when receiving the scan command sent by the keypad 10. Or in an alternative implementation of the embodiment of the present invention, in order to save the electric energy of the smart card 20, the smart card 20 may enter the sleep state after acquiring the initial time checking factor in time synchronization with the keypad 10, and then wake up once every predetermined wake-up period, and during the wake-up period, the current second time checking factor of the smart card 20 is broadcasted, where the wake-up period is smaller than the authentication scan period of the keypad 10, and one authentication scan period may include a plurality of wake-up periods, and specific settings may be set according to actual use. With this alternative embodiment, the power of the smart card 20 can be saved and the use time of the battery of the smart card 20 can be increased.
In an alternative implementation manner of the embodiment of the present invention, the smart card 20 may also determine whether the user is far away from the password keyboard 10, in this alternative implementation manner, after the password keyboard 10 and the smart card 20 perform time synchronization to obtain the initial time verification factor, the smart card 20 may determine whether a scan authentication instruction sent by the password keyboard 10 is received within a predetermined period of time, if yes, the smart card 20 sends the current second time verification factor of the smart card 20, otherwise, the smart card 20 deletes all the second time verification factors stored locally. In this alternative embodiment, the duration of the predetermined period may be the same as the duration of the first preset time determined by the above-mentioned keypad 10, so that the smart card 20 side may be consistent with the maintenance of the keypad 10 side, and of course, the duration of the predetermined period does not necessarily have to be consistent with the duration of the first preset time, as long as they are not significantly different.
In practical applications, the user may leave temporarily during the process of using the office system, the leaving time may be less than the first predetermined time, in order to ensure the security of the office system during this time, a predetermined threshold may be set, where the predetermined threshold is less than the first predetermined time, for example, the first predetermined time is 5 minutes, and the predetermined threshold is 1 minute, and in the case where the user leaves beyond the predetermined threshold, the smart card 10 may perform a second security control operation, for example, locking the screen, etc., in order to ensure the security of the office system. Therefore, in an alternative implementation manner of the embodiment of the present invention, when the second time check factor sent by the smart card 20 is not scanned, before determining whether the time interval from the last time of scanning to the second time check factor sent by the smart card 20 exceeds the first predetermined time, the keypad 10 determines whether the current time interval from the last time of scanning to the second time check factor sent by the smart card 20 exceeds the predetermined threshold, if not, continues to monitor whether the next authentication scanning period is reached, otherwise, executes the corresponding second security control operation according to the predetermined security policy, then determines whether the time interval from the last time of scanning to the second time check factor sent by the smart card 20 exceeds the first predetermined time, and executes the corresponding operation according to the determination result. In this embodiment, the second security control operation is different from the first security control operation, and thus, different security control policies may be set according to different times of departure of the user, and multi-stage security control is performed, so as to provide convenience for the user while ensuring security.
Example 2
The embodiment of the invention provides an office system safety control method, which can be realized by the office system safety control system of the embodiment 1.
Fig. 2 is a flowchart of an office system security control method according to an embodiment of the present invention, as shown in fig. 2, the method mainly includes the following steps:
in step 201, the keypad establishes a short-range wireless communication connection with the smart card.
In a specific application, the wireless communication between the password keyboard and the smart card can be established through bluetooth, WIFI, etc., which is not limited in the embodiment.
In a specific application, before wireless communication connection is established between the password keyboard and the smart cards, identity authentication can be performed between the smart cards through card swiping, code scanning and the like. For example, a card reading module is arranged on the password keyboard, when a user needs to log in an office system, the smart card is placed at the card reading module of the password keyboard to read identity authentication information stored in the smart card, the identity authentication information can be a user name, a password and the like, then the password keyboard performs identity authentication on the read identity authentication information, and after the identity authentication passes, the secure login is completed.
When the wireless communication connection is established between the password keyboard and the smart card, the device information of both sides can be exchanged between the password keyboard and the smart card, the wireless communication connection is established through the exchanged device information, for example, if the bluetooth connection is established between the password keyboard and the smart card, the bluetooth connection information can be exchanged between the password keyboard and the smart card, and bluetooth pairing is performed, so that the bluetooth connection is completed, wherein the device information of the smart card can be stored in the smart card, the password keyboard can be read from the smart card through the card reading module thereof, and then the wireless communication connection is established with the smart card, or the user can also open the wireless communication functions of the smart card and the password keyboard, the smart card broadcasts the device information thereof, and after the password keyboard scans the device information, the wireless connection is established with the smart card.
Step 202, a password keyboard sends a time synchronization request to a smart card through short-range wireless communication connection;
The time synchronization request sent by the code keyboard carries the current time of the local clock of the code keyboard. After receiving the time synchronization request sent by the password keyboard, the smart card calibrates the current time of the local clock of the smart card into the current time of the local clock of the password keyboard carried in the time synchronization request, thereby achieving time synchronization with the password keyboard. And after time synchronization, returning a time synchronization response to the password keyboard through short-distance wireless communication connection, and triggering the password keyboard to acquire the current time verification factor. Meanwhile, the current time of the local clock is obtained as the current time of the intelligent card, an initial time check factor is obtained by calculating the current time of the intelligent card by adopting a preset algorithm which is the same as that of the password keyboard, the initial time check factor is used as a second current time check factor for obtaining the intelligent card, and synchronous scrolling of the time check factor based on the same time check factor with the password keyboard is ensured.
Step 203, the password keyboard receives a time synchronization response returned by the smart card, acquires the current time of the local clock as the current time of the password keyboard, and calculates the current time of the password keyboard by adopting a preset algorithm to obtain a current first time verification factor;
In a specific application, after time synchronization is performed between the password keyboard and the smart card, an initial time check factor is obtained, and the password keyboard and the smart card respectively use the initial time check factor as a current first time check factor of the password keyboard and a current second time check factor of the smart card. In a specific application, the password keyboard and the smart card may negotiate a time check factor after the password keyboard passes the identity authentication of the smart card. The preset algorithm may be a hash algorithm or an encryption algorithm, which is not limited in this embodiment. As an optional implementation manner in this embodiment, the current time check factor obtained by calculating the current time of the local clock by using a preset algorithm adopted by the password keyboard and the smart card includes one of the following: and taking the current time of the local clock as a time check factor, or adopting a hash algorithm or an encryption algorithm to calculate the current time of the local clock to obtain the time check factor.
Step 204, the password keyboard monitors whether a predetermined check factor rolling period and authentication scanning period are reached, and if the check factor rolling period is reached, step 205 is executed, and if the authentication scanning period is reached, step 206 is executed.
In a specific application, the password keyboard and the smart card may pre-agree on a check factor rolling period and monitor whether the check factor rolling period and the authentication scanning period are reached, and for the password keyboard, step 205 is performed if the check factor rolling period is monitored, and step 206 is performed if the authentication scanning period is monitored.
The check factor rolling period is a preset duration from the current time check factor to the next time check factor interval. And when the monitoring reaches the preset duration, acquiring the current time of each local clock, obtaining each current time check factor, restarting timing, continuously monitoring whether the preset duration of the rolling period is reached, and periodically monitoring to realize the periodic rolling generation of the time check factors. The rolling period of the password keyboard is set to be the same as the rolling period of the smart card, so that the password keyboard and the smart card can roll to the next time check factor at the same interval, namely, the two parties can synchronously generate the respective time check factors. In practical application, the password keyboard and the smart card can be provided with a reset timer for monitoring the rolling period, the timing period is the preset duration of the rolling period, and after the timing is up, the reset timer is reset and is re-timed to perform periodic timing, and of course, a counter, a clock chip and the like can also be adopted, wherein the reset timer in the embodiment is only used as a mode for realizing the rolling period, and the invention is not limited.
The authentication scanning period is a preset duration of an interval between two scans. And triggering to scan the second time check factor broadcasted by the smart card when the timing is monitored to reach the preset duration, restarting timing, continuously monitoring whether the preset duration of the authentication scanning period is reached, and periodically monitoring to realize the periodic scanning of the time check factor broadcasted by the smart card. When in practical application, the password keyboard can be provided with a reset timer for monitoring the scanning period, the timing period is the preset duration of the authentication scanning period, and after the timing is up, the reset timer is reset and is used for timing periodically.
In an alternative implementation manner of the embodiment of the present invention, in order to secure some critical operations, after obtaining an initial time check factor by time synchronization with the smart card, the keypad monitors whether a predetermined critical event occurs at the same time in step 204, and if it is monitored that the critical event occurs, step 211 is executed: the password keyboard starts the camera device to collect face data of a user, judges whether the collected face data is matched with authentication face data stored in the password keyboard, if so, continues to monitor and return to the step 204, otherwise, the first safety control operation is executed. In this alternative embodiment, the authentication face data stored in the password keyboard may be input by the user at the time of registration, or may be input at other times, for example, before the user needs to activate certain specific functions, which is not limited in this embodiment. By the aid of the optional implementation mode, the password keyboard can verify the face of the current operator before some key operations are executed, so that the identity of the current user is further ensured, and the account number of the user is prevented from being stolen.
In the above alternative embodiments, the predetermined critical events include, but are not limited to, at least one of:
(1) The password keyboard and the smart card are subjected to time synchronization to determine an initial time check factor; after the initial time check factor is determined by the time synchronization of the password keyboard and the smart card, the face information of the user is acquired, and the acquired face information is authenticated. By the alternative implementation, the password keyboard can start time checking factor rolling and authentication scanning after ensuring the identity of the user, and flow can be saved.
(2) The password keyboard receives an encryption input instruction; in this alternative embodiment, the office system sets an encryption input function, that is, the information input by the user through the keyboard is encrypted information, when the user inputs the encryption input instruction, the function is started, and when the user starts the function, the password keyboard collects face information of the user, and the collected face information is authenticated. With this alternative embodiment, the cryptographic key pad may turn on the cryptographic input function while ensuring the identity of the user.
(3) The password keyboard receives a password input instruction. That is, in this alternative embodiment, when a password (for example, PIN code or the like) is required to be input into the office system, the password keyboard first collects face information of the user, and authenticates the collected face information. By the alternative implementation mode, the password keyboard can enable the user to input the password again under the condition that the identity of the user is ensured, and the security of the password is ensured.
Step 205, the current time of the local clock is obtained as the current time of the password keyboard, a preset algorithm is adopted to calculate the current time of the password keyboard to obtain a new first time check factor, the new first time check factor is taken as the current first time check factor, and the step 204 is returned.
And after the smart card performs time synchronization with the password keyboard to determine an initial time check factor, taking the initial time check factor as a current second time check factor of the smart card, monitoring whether a preset check factor rolling period is reached, acquiring the current time of a local clock as the current time of the smart card when the preset check factor rolling period is monitored, adopting a preset algorithm to calculate the current time of the smart card to obtain a new second time check factor, and taking the new second time check factor as the current second time check factor so as to ensure that the second time check factor of the smart card side is synchronous with the first time check factor of the password keyboard side.
Step 206, the password keyboard sends a scanning instruction to the smart card, scans the second time check factor sent by the smart card, executes step 207 if the second time check factor sent by the smart card is scanned, and executes step 208 if the second time check factor sent by the smart card is not scanned.
In the embodiment of the invention, the smart card can send the current second time check factor of the smart card when receiving the scanning authentication instruction sent by the password keyboard. Or in an alternative implementation manner of the embodiment of the present invention, in order to save the electric energy of the smart card, the smart card may enter a sleep state after performing time synchronization with the keypad, determining an initial time checking factor, and then wake up once every predetermined wake-up period, and during the wake-up period, broadcasting a current second time checking factor of the smart card, where the wake-up period is smaller than an authentication scan period of the keypad, and one authentication scan period may include a plurality of wake-up periods, and specific settings may be set according to actual use. By the alternative embodiment, the electric energy of the intelligent card can be saved, and the service time of the battery of the intelligent card is prolonged.
Step 207, the keypad determines whether the scanned second time check factor is consistent with the current first time check factor of the keypad, and returns to step 204 if so, otherwise, step 210 is performed.
If the password keyboard judges that the scanned second time check factor is consistent with the current first time check factor of the password keyboard, it is indicated that the currently used user of the password keyboard is consistent with the current binding of the password keyboard, and the user does not leave the password keyboard, so that the password keyboard returns to step 204, whether the rolling period of the check factor and the authentication scanning period are reached is continuously monitored, if not, it is indicated that the currently used user of the password keyboard is inconsistent with the current binding of the password keyboard, so that the password keyboard executes step 210 to execute the first security control operation.
Step 208, the keypad determines whether the time interval from the last scan to the second time check factor sent by the smart card exceeds the first predetermined time, if yes, step 210 is executed, otherwise step 209 is executed.
Step 209, after the password keyboard waits for the second predetermined time, a scan command is sent to the smart card, the second time check factor sent by the smart card is scanned, step 207 is executed if the second time check factor sent by the smart card is scanned, and step 208 is executed if the second time check factor sent by the smart card is not scanned, wherein the second predetermined time is less than the first predetermined time.
That is, in the embodiment of the present invention, when a certain authentication scanning period arrives, if the second time check factor sent by the smart card is not scanned, the code keyboard may shorten the scanning period, scan the second time check factor sent by the smart card, and authenticate the second time check factor of the smart card in time.
In step 210, the keypad performs a corresponding first security control operation according to a predetermined security policy.
In an optional implementation manner of the embodiment of the present invention, when the second time check factor sent by the smart card is not scanned, the code keyboard may first determine whether the time interval from the previous scan to the second time check factor sent by the smart card exceeds a predetermined threshold before determining whether the time interval from the previous scan to the second time check factor sent by the smart card exceeds a first preset time, if so, execute a corresponding second security control operation according to a predetermined security policy, and then execute step S208 to determine whether the time interval from the previous scan to the second time check factor sent by the smart card exceeds the first preset time. Wherein the time value indicated by the predetermined threshold is smaller than the time value indicated by the first preset time.
In the above alternative embodiment, the first safety control operation is a different safety operation from the second safety control operation, and in a specific application, the first safety control operation may be a more stringent safety control operation than the second safety control operation, for example, the first safety control operation may include: and sending a command for logging out of the system to a main processor of the password keyboard and/or sending a shutdown command to the main processor of the password keyboard. And the second safety control operation may include: and sending a screen locking instruction to a main processor of the code keyboard and/or sending an alarm instruction to an alarm of the code keyboard. With this alternative embodiment, a hierarchical security control policy may be implemented to provide convenience to the user while ensuring security, for example, in a specific application, the predetermined threshold may be set to 5 minutes, the first preset time may be set to minutes, the second security control operation is performed if the second time check factor sent by the smart card is not scanned within 5 minutes by the cryptographic keyboard, a screen locking instruction is sent to the main processor of the cryptographic keyboard and/or an alarm instruction is sent to the alarm of the cryptographic keyboard, the host screen locking and/or the alarm alarms, but the cryptographic keyboard maintains the rolling of the time check factor, if the second time check factor sent by the smart card is between 5 minutes, authentication is performed on the received second time check factor, after authentication is passed, the rolling of the time check factor is continued, and the second time check factor sent by the smart card is periodically scanned, if the second time check factor sent by the smart card is not yet received within 5 minutes, a first security control operation is performed, an instruction to log out the system is sent to the main processor of the cryptographic keyboard and/or a shutdown instruction is sent to the main processor of the cryptographic keyboard, and a corresponding time check factor is not currently performed after the time check factor is received by the cryptographic keyboard.
In the embodiment of the invention, under the condition that the password keyboard does not scan the second time check factor sent by the smart card within the first preset time, the time for the smart card to get away from the password keyboard is indicated to be longer than the first preset time, and the smart card is carried on the user body, so that the user can be judged to get away from the password keyboard. In an optional implementation manner of the embodiment of the present invention, in order to facilitate a user to use the code keypad next time, after the code keypad performs a corresponding first security control operation according to a predetermined security policy, the code keypad may delete all first time check factors stored locally, so as to facilitate subsequent use of the code keypad.
In an optional implementation manner of the embodiment of the present invention, the smart card may also determine whether the user is far away from the password keyboard, where after the password keyboard negotiates a time check factor with the smart card, the method may further include: the intelligent card judges whether a scanning authentication instruction sent by the password keyboard is received in a first preset time, if so, the intelligent card sends the current second time check factor of the intelligent card, otherwise, the intelligent card deletes all the second time check factors stored locally. In this alternative embodiment, the duration of the predetermined time period may be the same as the duration of the first preset time determined by the above-mentioned password keyboard, so that the smart card side may be kept consistent with the password keyboard side, and of course, the duration of the predetermined time period does not necessarily have to be consistent with the duration of the first preset time, as long as the two are not significantly different.
According to the office system security control method provided by the embodiment of the invention, the password keyboard and the smart card are connected in a short-distance wireless communication manner, the initial time check factor is determined in a time synchronization manner, the first time check factor is updated according to the preset check factor rolling period, the second time check factor sent by the smart card is scanned according to the preset authentication scanning period, and the first security control operation is executed under the condition that the second time check factor sent by the smart card is not scanned within the preset time interval, so that after a user logs in, whether the user leaves the password keyboard or not can be monitored in real time, and the security control operation is executed under the condition that the user leaves the password keyboard for more than the preset time, and the problems of information leakage or illegal attack on the office system and the like caused by other users illegally using the office system during the user leaving period are avoided.
Example 3
The present embodiment provides an office system security control apparatus that can be provided in the code keypad of embodiment 1 for executing the office system security control method of embodiment 2.
Fig. 3 is a schematic structural diagram of an office system security control device according to the present embodiment, as shown in fig. 3, where the office system security control device mainly includes: a communication module 301, a verification factor rolling module 302, a period monitoring module 303, a heartbeat detection module 304, a verification factor verification module 305, a loopback verification module 306, a loopback data monitoring module 307 and a security control module 308. The functions of the respective modules of the office system safety control device will be mainly described below, and other matters can be seen from the descriptions of embodiment 1 and embodiment 2.
In the embodiment of the present invention, the communication module 301 is configured to establish a short-range wireless communication connection with the smart card, send a time synchronization request to the smart card 20 through the short-range wireless communication connection, and trigger the verification factor rolling module 302 after receiving a time synchronization response returned by the smart card 20; the verification factor rolling module 302 is configured to obtain, after the communication module 301 receives the time synchronization response returned by the smart card 20, the current time of the local clock as the current time of the keypad 10, calculate the current time of the keypad 10 by using a preset algorithm to obtain an initial time verification factor, and use the initial time verification factor as a current first time verification factor; the period monitoring module 303 is configured to monitor whether a predetermined check factor rolling period or an authentication scanning period is reached, trigger the check factor rolling module 302 when the check factor rolling period is detected, and trigger the heartbeat detection module 304 when the authentication scanning period is detected; the check factor rolling module 302 is further configured to, when the period monitoring module monitors that the check factor rolling period is reached, obtain the current time of the local clock as the current time of the keypad 10, calculate the current time of the keypad 10 by using a preset algorithm to obtain a new first time check factor, and trigger the period monitoring module 303 by using the new first time check factor as the current first time check factor; the heartbeat detection module 304 is configured to send a scan authentication instruction to the smart card 20, scan a second time check factor sent by the smart card 20, trigger the check factor verification module 305 when the second time check factor sent by the smart card 20 is scanned, and trigger the loopback verification module 306 when the second time check factor sent by the smart card is not scanned; the verification factor verification module 305 is configured to determine whether the scanned second time verification factor is consistent with the current first time verification factor of the password keyboard, and trigger the period monitoring module 303 if the scanned second time verification factor is consistent with the current first time verification factor, or trigger the security control module 308 if the scanned second time verification factor is not consistent with the current first time verification factor; the loopback verification module 306 is configured to determine whether a time interval from the last scan to the second time verification factor broadcast by the smart card exceeds a first predetermined time, if yes, trigger the security control module 308, and otherwise trigger the loopback data monitoring module 307; the loopback data monitoring module 307 is configured to send a scan instruction to the smart card after waiting for a second predetermined time, scan a second time check factor sent by the smart card, trigger the check factor verification module 305 when the second time check factor sent by the smart card is scanned, and trigger the loopback verification module 306 when the second time check factor sent by the smart card is not scanned, where the second predetermined time is less than the first predetermined time; the security control module 308 is configured to perform a corresponding first security control operation according to a predetermined security policy.
The office system security control device provided by the embodiment of the invention establishes short-distance wireless communication connection with the smart card, performs time synchronization to determine the initial time check factor, updates the first time check factor according to the preset check factor rolling period, scans the second time check factor sent by the smart card according to the preset authentication scanning period, and performs security control operation under the condition that the second time check factor sent by the smart card is not scanned within the preset time interval, so that after a user logs in, whether the user leaves the password keyboard can be monitored in real time, and the security control operation is performed under the condition that the user leaves the password keyboard for more than the preset time, thereby avoiding the problems that other users illegally use the office system during the user leaving period, resulting in information leakage or the office system being illegally attacked and the like.
In an alternative implementation of the embodiment of the present invention, the apparatus may further: a face verification module; the period monitoring module 303 is further configured to trigger the face verification module if a predetermined key event occurs, and if the occurrence of the key event is monitored; the face verification module is used for starting the camera device to collect face data of the user, judging whether the collected face data is matched with authentication face data stored in the password keyboard, if so, triggering the period monitoring module 303, and if not, triggering the safety control module 308.
In an alternative implementation of the embodiment of the present invention, the apparatus may further include: the key clearing module is configured to delete all the first time check factors stored in the password keyboard after the security control module 308 performs the first security control operation.
In an alternative implementation of the embodiment of the present invention, the apparatus may further include: the threshold detection module is configured to, when the heartbeat detection module 304 does not scan the second time check factor sent by the smart card, determine whether a time interval from the previous scan to the second time check factor sent by the smart card exceeds a predetermined threshold before triggering the loopback verification module 306, and if the time interval does not exceed the predetermined threshold, trigger the period detection module 303, otherwise, execute a corresponding second security control operation according to a predetermined security policy, and then trigger the loopback verification module 306.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and further implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
Those of ordinary skill in the art will appreciate that all or a portion of the steps carried out in the method of the above-described embodiments may be implemented by a program to instruct related hardware, where the program may be stored in a computer readable storage medium, and where the program, when executed, includes one or a combination of the steps of the method embodiments.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing module, or each unit may exist alone physically, or two or more units may be integrated in one module. The integrated modules may be implemented in hardware or in software functional modules. The integrated modules may also be stored in a computer readable storage medium if implemented in the form of software functional modules and sold or used as a stand-alone product.
The above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, or the like.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives, and variations may be made in the above embodiments by those skilled in the art without departing from the spirit and principles of the invention. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (14)
1. An office system security control method, comprising:
Step 1, a close range wireless communication connection is established between a password keyboard and a smart card;
Step 2, the password keyboard sends a time synchronization request to the smart card through the short-distance wireless communication connection;
Step 3, the password keyboard receives a time synchronization response returned by the smart card, obtains the current time of a local clock as the current time of the password keyboard, calculates the current time of the password keyboard by adopting a preset algorithm to obtain an initial time check factor, and takes the initial time check factor as a current first time check factor;
Step 4, the password keyboard monitors whether a preset check factor rolling period and an authentication scanning period are reached, and if the check factor rolling period is monitored, step 5 is executed, and if the authentication scanning period is monitored, step 6 is executed;
Step 5, obtaining the current time of the local clock as the current time of the password keyboard, adopting the preset algorithm to calculate the current time of the password keyboard to obtain a new first time check factor, taking the new first time check factor as the current first time check factor, and returning to the step 4;
Step 6, the password keyboard sends a scanning instruction to the smart card, scans a second time check factor sent by the smart card, executes step 7 when the second time check factor sent by the smart card is scanned, and executes step 8 when the second time check factor sent by the smart card is not scanned;
step 7, the password keyboard judges whether the scanned second time check factor is consistent with the current first time check factor of the password keyboard, if so, the step 4 is returned, otherwise, the step 10 is executed;
step 8, the password keyboard judges whether the time interval from the last scanning of the current distance to the second time check factor sent by the smart card exceeds the first preset time, if so, the step 10 is executed, otherwise, the step 9 is executed;
Step 9, after the password keyboard waits for a second preset time, sending a scanning instruction to the smart card, scanning a second time check factor sent by the smart card, executing step 7 under the condition that the second time check factor sent by the smart card is scanned, and executing step 8 under the condition that the second time check factor sent by the smart card is not scanned, wherein the second preset time is smaller than the first preset time;
And step 10, the password keyboard executes corresponding first security control operation according to a preset security policy.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
The step 4 further includes: the password keyboard monitors whether a preset key event occurs, and if so, the step 11 is executed;
and step 11, the password keyboard starts the camera device to collect face data of a user, judges whether the collected face data is matched with authentication face data stored in the password keyboard, returns to step 4 if yes, and otherwise, executes step 10.
3. The method of claim 2, wherein the predetermined critical event comprises at least one of: the password keyboard acquires a current first time check factor, the password keyboard receives an encryption input instruction, and the password keyboard receives the password input instruction.
4. A method according to any one of claim 1 to 3, wherein,
After the code keypad performs the corresponding first security control operation according to the predetermined security policy, the method further includes: and deleting all the first time check factors stored locally by the password keyboard.
5. A method according to any one of claims 1 to 3, wherein after the cryptographic keypad receives a time synchronization response returned by the smart card, the method further comprises:
And the smart card enters a dormant state and wakes up once every a preset wake-up period, and the current second time check factor of the smart card is broadcasted during the wake-up period.
6. A method according to any one of claims 1 to 3, wherein after the cryptographic keypad receives a time synchronization response returned by the smart card, the method further comprises:
and the intelligent card judges whether a scanning authentication instruction sent by the password keyboard is received within the first preset time, if so, the intelligent card sends the current second time check factor of the intelligent card, and if not, the intelligent card deletes all the second time check factors stored locally.
7. A method according to any one of claims 1 to 3, characterized in that in said step 6, without scanning the second time check factor transmitted by the smart card, the method further comprises, before performing step 8:
and the password keyboard judges whether the time interval from the last scanning of the current distance to the second time check factor sent by the smart card exceeds a preset threshold, if not, the step 4 is returned, if so, the corresponding second security control operation is executed according to a preset security policy, and then the step 8 is executed.
8. An office system security control apparatus located in a code keypad, comprising:
The communication module is used for establishing short-distance wireless communication connection with the smart card, sending a time synchronization request to the smart card through the short-distance wireless communication connection, and triggering the verification factor rolling module after receiving a time synchronization response returned by the smart card;
The verification factor rolling module is used for acquiring the current time of the local clock as the current time of the password keyboard after the communication module receives the time synchronization response returned by the intelligent card, calculating the current time of the password keyboard by adopting a preset algorithm to obtain an initial time verification factor, and taking the initial time verification factor as a current first time verification factor;
the period monitoring module is used for monitoring whether a preset check factor rolling period or an authentication scanning period is reached, triggering the check factor rolling module under the condition that the check factor rolling period is monitored, and triggering the heartbeat detection module under the condition that the authentication scanning period is monitored;
The verification factor rolling module is further configured to, when the period monitoring module monitors that the verification factor rolling period is reached, obtain a current time of a local clock as a current time of the password keyboard, calculate the current time of the password keyboard by using the preset algorithm to obtain a new first time verification factor, and trigger the period monitoring module by using the new first time verification factor as the current first time verification factor;
the heartbeat detection module is used for sending a scanning authentication instruction to the intelligent card, scanning a second time check factor sent by the intelligent card, triggering the check factor verification module under the condition that the second time check factor sent by the intelligent card is scanned, and triggering the reconnection verification module under the condition that the second time check factor sent by the intelligent card is not scanned;
The verification factor verification module is used for judging whether the scanned second time verification factor is consistent with the current first time verification factor of the password keyboard, and triggering the period monitoring module if the scanned second time verification factor is consistent with the current first time verification factor, otherwise triggering the safety control module;
The reconnection verification module is used for judging whether the time interval from the last scanning of the current distance to the second time check factor broadcasted by the smart card exceeds a first preset time, if so, triggering the safety control module, and if not, triggering the reconnection data monitoring module;
The loopback data monitoring module is configured to send a scanning instruction to the smart card after waiting for a second predetermined time, scan a second time check factor sent by the smart card, trigger the time check factor verification module when the second time check factor sent by the smart card is scanned, and trigger the loopback verification module when the second time check factor sent by the smart card is not scanned, where the second predetermined time is less than the first predetermined time;
The safety control module is used for executing corresponding first safety control operation according to a preset safety strategy.
9. The apparatus as recited in claim 8, further comprising: a face verification module;
The period monitoring module is also used for triggering the face verification module when monitoring that the occurrence of the preset key event occurs or not;
The face verification module is used for starting the camera device to collect face data of a user, judging whether the collected face data is matched with authentication face data stored in the password keyboard, if so, triggering the period monitoring module, and if not, triggering the safety control module.
10. The apparatus according to claim 8 or 9, further comprising:
And the key clearing module is used for deleting all first time check factors stored by the password keyboard after the security control module executes the first security control operation.
11. The apparatus according to claim 8 or 9, further comprising:
The threshold detection module is configured to determine, before triggering the loopback verification module, whether a time interval from a previous scan of the current distance to the second time verification factor sent by the smart card exceeds a predetermined threshold, if not, trigger the period monitoring module, and if not, execute a corresponding second security control operation according to a predetermined security policy, and then trigger the loopback verification module.
12. An office system safety control system is characterized by comprising a password keyboard and a smart card, wherein,
The keypad comprising the apparatus of any of claims 8 to 11;
The smart card is used for: establishing short-distance wireless communication connection with the password keyboard; after receiving a time synchronization request sent by the password keyboard through the short-distance wireless communication connection, returning a time synchronization response to the password keyboard, acquiring the current time of a local clock as the current time of the smart card, and calculating the current time of the smart card by adopting a preset algorithm to obtain a current second time verification factor of the smart card; receiving a scanning authentication instruction sent by the password keyboard, and sending a current second time check factor of the smart card; and when the rolling period of the check factor is monitored, acquiring the current time of the local clock as the current time of the intelligent card, adopting the preset algorithm to calculate the current time of the intelligent card to obtain a new second time check factor, and taking the new second time check factor as the current second time check factor of the intelligent card.
13. The system of claim 12, wherein the smart card is further configured to delete all second time check factors stored locally if a scan authentication command sent by the keypad is not received within a predetermined period of time.
14. The system of claim 13, wherein the smart card is further configured to enter a sleep state after returning a time synchronization response to the cryptographic keypad, wake up once every predetermined wake up period, and broadcast a current second time check factor for the smart card during wake up.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910560951.7A CN112149098B (en) | 2019-06-26 | 2019-06-26 | Office system safety control method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910560951.7A CN112149098B (en) | 2019-06-26 | 2019-06-26 | Office system safety control method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112149098A CN112149098A (en) | 2020-12-29 |
| CN112149098B true CN112149098B (en) | 2024-05-24 |
Family
ID=73869850
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910560951.7A Active CN112149098B (en) | 2019-06-26 | 2019-06-26 | Office system safety control method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112149098B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5887065A (en) * | 1996-03-22 | 1999-03-23 | Activcard | System and method for user authentication having clock synchronization |
| CN103039035A (en) * | 2010-06-22 | 2013-04-10 | 郭舜日 | Short-range secure data communication method based on sound wave or audio, and apparatus thereof |
| CN108322310A (en) * | 2017-12-28 | 2018-07-24 | 天地融科技股份有限公司 | It is a kind of to utilize safety equipment Card Reader login method and Security Login System |
| CN108737394A (en) * | 2018-05-08 | 2018-11-02 | 腾讯科技(深圳)有限公司 | Off-line verification system, barcode scanning equipment and server |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3079115A4 (en) * | 2013-12-04 | 2017-10-11 | Tendyron Corporation | Method and smart card for processing transaction data |
-
2019
- 2019-06-26 CN CN201910560951.7A patent/CN112149098B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5887065A (en) * | 1996-03-22 | 1999-03-23 | Activcard | System and method for user authentication having clock synchronization |
| CN103039035A (en) * | 2010-06-22 | 2013-04-10 | 郭舜日 | Short-range secure data communication method based on sound wave or audio, and apparatus thereof |
| CN108322310A (en) * | 2017-12-28 | 2018-07-24 | 天地融科技股份有限公司 | It is a kind of to utilize safety equipment Card Reader login method and Security Login System |
| CN108737394A (en) * | 2018-05-08 | 2018-11-02 | 腾讯科技(深圳)有限公司 | Off-line verification system, barcode scanning equipment and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112149098A (en) | 2020-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9978195B2 (en) | Wireless access control system including remote access wireless device generated magnetic field based unlocking and related methods | |
| US8201222B2 (en) | Authentication system for authenticating communication terminal | |
| EP3941014A1 (en) | Digital key-based identity authentication method, terminal apparatus, and medium | |
| CN106780901A (en) | A kind of intelligent door lock system and its application based on mobile phone MAC Address | |
| US20170116799A1 (en) | Wireless Access Control System Including Lock Assembly Generated Magnetic Field Based Unlocking And Related Methods | |
| CN104182670A (en) | Method for authenticating by virtue of wearable equipment and wearable equipment | |
| CN104727658A (en) | Intelligent lock, intelligent key and control method and device thereof | |
| CN109920100B (en) | Unlocking method and system of intelligent lock | |
| CN108322507B (en) | Method and system for executing security operation by using security device | |
| CN110930574A (en) | Access control method and system and intelligent device | |
| CN108337235B (en) | Method and system for executing security operation by using security device | |
| CN112149098B (en) | Office system safety control method, device and system | |
| CN112153642B (en) | Equipment authentication method in office environment, office equipment and system | |
| CN112152960B (en) | Office system safety control method, device and system | |
| CN112149099B (en) | Office safety control method, safety keyboard and office system | |
| CN112149096B (en) | Office authentication method, security keyboard and office system | |
| CN112149083B (en) | Equipment authentication method, security keyboard and office system | |
| CN112152810B (en) | Safety control method, device and system | |
| CN112102524A (en) | Unlocking method and unlocking system | |
| CN112149082A (en) | Office system safety control method, device and system | |
| CN210924706U (en) | Take security chip's district entrance guard remote control ware | |
| CN108009450A (en) | The method, apparatus and terminal of terminal anti-theft | |
| CN116783633A (en) | Physical access control system with secure relay | |
| WO2018006319A1 (en) | Alarm method and system | |
| WO2018006324A1 (en) | Mobile terminal-based response method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |