CN112149099A - Office safety control method, safety keyboard and office system - Google Patents
Office safety control method, safety keyboard and office system Download PDFInfo
- Publication number
- CN112149099A CN112149099A CN201910560955.5A CN201910560955A CN112149099A CN 112149099 A CN112149099 A CN 112149099A CN 201910560955 A CN201910560955 A CN 201910560955A CN 112149099 A CN112149099 A CN 112149099A
- Authority
- CN
- China
- Prior art keywords
- factor
- key
- keyboard
- smart card
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000005096 rolling process Methods 0.000 claims abstract description 105
- 230000001360 synchronised effect Effects 0.000 claims abstract description 53
- 238000012795 verification Methods 0.000 claims description 229
- 238000012544 monitoring process Methods 0.000 claims description 60
- 230000007958 sleep Effects 0.000 claims description 30
- 238000004891 communication Methods 0.000 claims description 18
- 238000001514 detection method Methods 0.000 claims description 10
- 230000009191 jumping Effects 0.000 claims description 6
- 230000004044 response Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 description 4
- 230000000737 periodic effect Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 238000012937 correction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000005059 dormancy Effects 0.000 description 2
- YBJHBAHKTGYVGT-ZKWXMUAHSA-N (+)-Biotin Chemical compound N1C(=O)N[C@@H]2[C@H](CCCCC(=O)O)SC[C@@H]21 YBJHBAHKTGYVGT-ZKWXMUAHSA-N 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 230000006266 hibernation Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- FEPMHVLSLDOMQC-UHFFFAOYSA-N virginiamycin-S1 Natural products CC1OC(=O)C(C=2C=CC=CC=2)NC(=O)C2CC(=O)CCN2C(=O)C(CC=2C=CC=CC=2)N(C)C(=O)C2CCCN2C(=O)C(CC)NC(=O)C1NC(=O)C1=NC=CC=C1O FEPMHVLSLDOMQC-UHFFFAOYSA-N 0.000 description 1
- 230000002618 waking effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W56/00—Synchronisation arrangements
- H04W56/001—Synchronization between nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephone Function (AREA)
- Input From Keyboards Or The Like (AREA)
Abstract
The invention provides an office safety control method, a safety keyboard and a system, wherein the method comprises the following steps: the S1-S3 security keyboard verifies the smart card and establishes Bluetooth connection with the smart card; s4 negotiates with the intelligence to generate an initial key as a current key check factor; s5 monitors for roll-to-roll cycle execution S6, and scan-to-scan cycle execution S7; s6, according to the key synchronous rolling mode, obtaining the next one of the current key check factor as the current key check factor, and returning to S5; s7 scanning the authentication factor broadcasted by the smart card; s8, comparing the current key check factor with the authentication factor, and executing S9 if the current key check factor is inconsistent with the authentication factor; S9-S10 obtain the lower 1 to m and the upper 1 to n key check factors of the current key check factor according to the key synchronous rolling mode, respectively compare the key check factors with the authentication factors, and if the key check factors are consistent with the authentication factors, the key check factors which are consistent with the authentication factors in comparison are used as the current key check factors; not, a safety control operation is performed.
Description
Technical Field
The invention relates to the technical field of electronics, in particular to an office safety control method, a safety keyboard and an office system.
Background
In a traditional office system, a password, user confirmation and other modes are mostly adopted in login security control, but only the office equipment authenticates user equipment when logging in for the first time, after the authentication is passed, the user equipment is not authenticated in real time, and for example, a WeChat is logged in on a computer. After the employee temporarily leaves the office equipment, other personnel can use the office equipment, and the privacy and information security of the employee cannot be protected.
In addition, in some scenes, the staff need to manually lock the screen or log out the login state after leaving, authentication needs to be performed again when the staff are used again, and the safety and the convenience are both required to be improved in the using process.
Disclosure of Invention
The present invention aims to solve one of the above problems.
The invention mainly aims to provide an office safety control method.
Another object of the present invention is to provide an office system.
Another object of the present invention is to provide a security keyboard.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
the invention provides an office safety control method on one hand, which comprises the following steps: step 1, a safety keyboard reads user information in an intelligent card, verifies the user information, and requests Bluetooth pairing information from the intelligent card after the user information passes the verification; step 2, the security keyboard receives the Bluetooth pairing information transmitted by the smart card; step 3, the security keyboard establishes Bluetooth connection with the smart card by using the Bluetooth pairing information; step 4, the security keyboard negotiates a key synchronous rolling mode with the intelligent card through the Bluetooth connection, negotiates to generate an initial key, and uses the initial key as a current key check factor of the security keyboard; step 5, the security keyboard monitors whether a rolling period and a scanning period are reached, if the rolling period is reached, step 6 is executed, and if the scanning period is reached, step 7 is executed, wherein the rolling period is a first preset time interval from the current key verification factor to the next key verification factor, and the scanning period is a second preset time interval between two times of scanning; step 6, the security keyboard acquires a next key check factor of the current key check factor of the security keyboard according to a key synchronous rolling mode negotiated with the smart card, and the next key check factor is used as the current key check factor; and returning to the step 5; step 7, the security keyboard scans the authentication factor broadcasted by the smart card, and if the authentication factor broadcasted by the smart card is scanned, the step 8 is executed; step 8, comparing the current key check factor with the authentication factor, if the current key check factor is consistent with the authentication factor, returning to the step 5, and if the current key check factor is inconsistent with the authentication factor, executing the step 9; step 9, according to a key synchronous rolling mode negotiated with the intelligent card, acquiring the lower 1 to m key verification factors of the current key verification factor of the secure keyboard and the upper 1 to n key verification factors of the current key verification factor of the secure keyboard, wherein m and n are positive integers greater than 1; step 10, comparing the lower 1 to m and the upper 1 to n key verification factors of the current key verification factor of the security keyboard with the authentication factors respectively, if the key verification factors are consistent, taking the key verification factor which is consistent with the authentication factor in comparison as the current key verification factor of the security keyboard, and returning to the step 5; if there is no coincidence, step 11 is executed; and 11, executing corresponding security control operation by the security keyboard according to a preset security policy.
Optionally, the key synchronization scrolling method negotiated with the smart card includes: a strategy of key check factor hopping is carried out in a key check factor pool, wherein the key check factor pool comprises a plurality of key check factors generated by the security keyboard according to a key generation algorithm negotiated with the smart card; the acquiring a next key verification factor of the current key verification factor of the secure keyboard according to the key synchronous rolling mode negotiated with the smart card comprises: the security keyboard selects the next key verification factor of the current key verification factor of the security keyboard from the key verification factor pool according to the strategy of key verification factor jumping; or, the obtaining a next key verification factor of the current key verification factor of the secure keyboard according to a key synchronous rolling mode negotiated with the smart card includes: and the security keyboard acquires the next key verification factor of the current key verification factor of the security keyboard according to the key verification factor acquiring strategy negotiated with the intelligent card based on the current key verification factor of the security keyboard.
Optionally, in the case that the authentication factor sent by the smart card is not scanned, the method further includes: the security keyboard detects whether the authentication factor broadcasted by the smart card is scanned within a preset monitoring threshold, and if the authentication factor broadcasted by the smart card is scanned, the step 8 is executed; if not, detecting whether the authentication factor broadcasted by the smart card is scanned within a preset time interval; if so, executing the step 8; if not, step 11 is performed.
Optionally, in step 5, the method further includes: the safety keyboard monitors whether a preset key event occurs or not, and executes the step 12 under the condition that the preset key event occurs; step 12, the safety keyboard starts a camera device to collect face image information of a user, and face identification authentication is carried out on the face image information; wherein the predetermined key event comprises at least one of: the secure keyboard and the smart card negotiate the initial key to complete, the secure keyboard receives an encryption input instruction, and the secure keyboard identifies that a password input is received.
Optionally, the executing, by the security keyboard, the corresponding security control operation according to the predetermined security policy at least includes: and the safety keyboard sends a sleep instruction to the intelligent card.
Optionally, after the security keyboard performs the corresponding security control operation according to the predetermined security policy, the method further includes: and the security keyboard deletes all the locally stored key checking factors.
Optionally, after the secure keyboard receives a key synchronization response returned by the smart card, the method further includes: the smart card enters a sleep mode, and is awakened once every preset awakening period after entering the sleep mode, and the current authentication factor of the smart card is broadcasted during the awakening period.
Another aspect of the present invention provides a security keyboard, comprising: the card reading module is used for reading user information in the intelligent card; the authentication module is used for verifying the user information; the communication module is used for requesting Bluetooth pairing information to the intelligent card after the authentication module passes the verification, receiving the Bluetooth pairing information transmitted by the intelligent card and establishing Bluetooth connection with the intelligent card by utilizing the Bluetooth pairing information; the negotiation module is used for negotiating a key synchronous rolling mode with the intelligent card through the Bluetooth connection by utilizing the communication module, negotiating to generate an initial key, using the initial key as a current key check factor of the safety keyboard and triggering the monitoring module to work; the monitoring module is used for monitoring whether a rolling period and a scanning period are reached or not, and triggering the rolling module of the tested factor to work under the condition that the rolling period is reached; under the condition that the scanning period is reached, triggering a scanning detection module to work, wherein the rolling period is a first preset time length from the current key verification factor to the next key verification factor interval, and the scanning period is a second preset time length between two times of scanning; the verification factor rolling module is used for acquiring a next key verification factor of the current key verification factor of the security keyboard according to a key synchronous rolling mode negotiated with the smart card under the condition that the monitoring module monitors that the rolling period is reached, taking the next key verification factor as the current key verification factor, and triggering the monitoring module; the scanning detection module is used for scanning the authentication factor broadcasted by the intelligent card and triggering the authentication module under the condition that the authentication factor broadcasted by the intelligent card is scanned; the authentication module is further configured to compare the current key verification factor with the authentication factor, and if the current key verification factor is consistent with the authentication factor, trigger the monitoring module; if the key verification factors are not consistent, acquiring the lower 1 to m key verification factors of the current key verification factor of the secure keyboard and the upper 1 to n key verification factors of the current key verification factor of the secure keyboard according to a key synchronous rolling mode negotiated with the smart card, wherein m and n are positive integers larger than 1; comparing the lower 1 to m and the upper 1 to n key verification factors of the current key verification factor of the security keyboard with the authentication factor respectively, if the key verification factors are consistent, taking the key verification factor which is consistent with the authentication factor in comparison as the current key verification factor of the security keyboard, and triggering the monitoring module; if the conditions are not consistent, triggering the safety control module; and the safety control module is used for executing corresponding safety control operation according to a preset safety strategy.
Optionally, the scanning detection module is further configured to detect whether the authentication factor broadcasted by the smart card is scanned within a preset monitoring threshold under the condition that the authentication factor broadcasted by the smart card is not scanned, and if the authentication factor broadcasted by the smart card is scanned, trigger the authentication module; if not, detecting whether the authentication factor broadcasted by the intelligent card is scanned within a preset time interval; if the scanning is finished, triggering the authentication module; and if not, triggering the safety control module.
Optionally, the security keyboard further includes: a face verification module; the monitoring module is also used for monitoring whether a preset key event occurs or not, and triggering the face verification module under the condition that the preset key event occurs; wherein the predetermined key event comprises at least one of: the secure keyboard and the smart card negotiate the initial key to be completed, the secure keyboard receives an encryption input instruction, and the secure keyboard identifies and receives password input; the face verification module is used for starting the camera device to collect face image information of a user and carrying out face identification authentication on the face image information.
Optionally, the security control module executes a corresponding security control operation according to a predetermined security policy by at least the following means: triggering the communication module to send a sleep instruction to the smart card; the communication module is further configured to send the sleep instruction to the smart card.
Optionally, the security keyboard further includes: and the clearing module is used for deleting all key verification factors stored by the security keyboard after the security control module executes the security control operation.
In another aspect, the present invention provides an office system, including: a smart card and a secure keyboard as described above, wherein:
the smart card is used for outputting user information to the security keyboard, sending the Bluetooth pairing information to the security keyboard after receiving a request of the Bluetooth pairing information sent by the security keyboard, establishing Bluetooth connection with the security keyboard by using the Bluetooth pairing information, negotiating a synchronous rolling mode of a key with the security keyboard through the Bluetooth connection, negotiating to generate an initial key, and taking the initial key as a current authentication factor of the smart card; the system is also used for broadcasting the current authentication factor of the smart card; and the authentication device is further used for monitoring whether a rolling period is reached, acquiring a next authentication factor of the current authentication factor of the smart card according to a key synchronous rolling mode negotiated with the security keyboard under the condition of monitoring that the rolling period is reached, and taking the next authentication factor as the current authentication factor of the smart card.
Optionally, the smart card is further configured to enter a sleep state when receiving a sleep instruction sent by the security keyboard.
Optionally, the smart card is further configured to enter a sleep mode after a synchronous response is returned to the security keyboard, and wake up the smart card every predetermined wake-up period once after entering the sleep mode, and broadcast a current second authentication factor of the smart card during the wake-up period.
According to the technical scheme provided by the invention, the invention provides the office safety control method, the safety keyboard and the office system, the safety keyboard can authenticate the intelligent card in real time, and once the authentication fails, the safety control operation is executed, so that the intelligent card of the employee is always the same intelligent card user after establishing communication with the safety keyboard, the legal intelligent card user logs in and uses the safety keyboard, the business confidentiality of the employee is protected, and the information leakage caused by the fact that irrelevant personnel execute corresponding operation on the safety keyboard is avoided. During authentication, the loss of synchronism caused by packet loss or clock offset can be avoided, the safety keyboard can correct errors by itself, and the safety keyboard and the authentication factor at the side of the intelligent card can be kept synchronous after the loss of synchronism.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of an office system according to an embodiment of the present invention;
fig. 2 is a flowchart of an office security control method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a security keyboard according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
The embodiment of the present invention is based on an office system, as shown in fig. 1, comprising a secure keyboard 10 and a smart card 20. The security keyboard 10 may be a shared security keyboard inside a company, and the security keyboard not only has the functions of an existing keyboard, but also has a main control chip, a card reading device, a camera, and the like, wherein the main control chip is a microprocessor of the security keyboard, controls the security keyboard to execute corresponding operations, and can perform key operations. The smart card 20 is a card that is individually issued for each employee of the company and bound to that employee. Each employee has a unique user ID, the user ID of the employee is stored in the smart card, and the employee can be identified to determine the user identity of the employee. The security keypad is used on behalf of the employee in the process of the smart card establishing short-range wireless communication, authentication and login with the security keypad.
In the invention, before the bluetooth connection is established between the security keyboard 10 and the smart card 20, the user information stored in the smart card 20 can be read in a card swiping mode, a code scanning mode and the like, wherein the user information can be a user name, a password and the like, then the security keyboard 10 carries out identity verification on the read user information, after the verification is passed, the bluetooth pairing information can be exchanged between the security keyboard 10 and the smart card 20, and the bluetooth connection is established by utilizing the bluetooth pairing information. After establishing the bluetooth connection, the security keyboard 10 and the smart card 20 negotiate a key synchronization rolling mode and negotiate to generate an initial key, the security keyboard 10 uses the initial key as its current key verification factor, and the smart card 20 uses the initial key as its current authentication factor. Then, based on the same rolling period, when the security keyboard 10 and the smart card 20 monitor that the rolling period is reached, according to the negotiated key synchronization rolling mode, the security keyboard 10 obtains a next key verification factor of the current key verification factor, and uses the next key verification factor as the current key verification factor, and the smart card 20 obtains a next authentication factor of the current authentication factor, and uses the next authentication factor as the current authentication factor. When the monitoring reaches the scanning period, the security keyboard 10 compares the current key check factor or the specific key check factors before and after the current key check factor with the current authentication factor broadcasted by the scanned smart card 20, if the current key check factor and the specific key check factor before and after the current key check factor are consistent, the authentication is passed, and if the authentication is failed, the security keyboard executes corresponding security control operation according to a preset security policy. Therefore, based on the authentication factor broadcasted by the periodically scanned smart card, the security keyboard can authenticate the smart card in real time, once the authentication fails, the corresponding security control operation is executed according to the preset security policy, so that the smart card of the employee is always the same smart card after the communication between the smart card and the security keyboard is established, a legal user logs in the security keyboard, the service secret of the employee is ensured not to be leaked, and the fact that irrelevant personnel execute the corresponding operation on the security keyboard is avoided.
Example 1
The embodiment provides an office safety control method. The office security control method can be applied to an office system as shown in fig. 1. As shown in fig. 2, the office security control method specifically includes the following steps S101 to S111:
s101, the security keyboard reads user information in the smart card, verifies the user information, and requests Bluetooth pairing information from the smart card after the user information passes the verification;
in this embodiment, before the bluetooth connection is established between the security keyboard and the smart card, the user information stored in the smart card may be read through a card swiping manner, a code scanning manner, and the like, where the user information may be a user name, a password, and the like, the security keyboard locally verifies the user name and the password, or uploads the user information to the server to be verified, after the user information passes the verification, the bluetooth pairing information may be exchanged between the security keyboard and the smart card, and the bluetooth connection is established using the bluetooth pairing information.
S102, the security keyboard receives Bluetooth pairing information transmitted by the smart card;
s103, the safety keyboard establishes Bluetooth connection with the smart card by using Bluetooth pairing information;
in practical application, for example, the staff can place the smart card in the card reading area of safety keyboard, and the smart card is connected with safety keyboard and is established NFC, connects transmission bluetooth through NFC and pairs information, establishes the bluetooth and connects the back, and the staff can take away the smart card from safety keyboard's card reading area, needn't place the smart card in safety keyboard's card reading area just can log in and use this safety keyboard all the time, has improved user experience. Connect transmission bluetooth through NFC and pair information, can find the equipment of treating the connection fast, improve the speed that the bluetooth is connected, avoid traditional bluetooth to connect in the respective information of bluetooth broadcast, search the other side and pair and the slow problem of speed that leads to, further avoid appearing treating the problem that the equipment of treating the connection is connected and can't be connected with this equipment with other bluetooth equipment.
In order to ensure the data transmission security between the security keyboard and the smart card, as an optional implementation manner of the embodiment of the present invention, after the bluetooth connection is established between the security keyboard and the smart card, the office security control method provided in this embodiment further includes: the security keyboard and the smart card perform mutual authentication. The authentication method may include, but is not limited to, verifying a digital certificate of the other party, verifying a digital signature sent by the other party, and verifying a device identifier of the device of the other party, and the verification method may adopt an existing verification method, which is not described herein again. The validity of the devices of the two parties can be ensured by verifying the digital certificate of the other party, the digital signature sent by the other party and the device identification of the device of the other party, so that the information of the staff cannot be leaked.
S104, the security keyboard negotiates a key synchronous rolling mode with the smart card through Bluetooth connection, negotiates to generate an initial key, and takes the initial key as a current key check factor of the security keyboard;
after the Bluetooth connection between the security keyboard and the smart card is established, the security keyboard and the smart card perform initial key negotiation, the security keyboard uses the initial key as the current key verification factor of the security keyboard, and the smart card uses the initial key as the current authentication factor of the smart card. For example, when the secure keyboard and the smart card negotiate an initial key, the secure keyboard and the smart card may establish a secure channel first, and then the secure keyboard and the smart card negotiate and generate the initial key. The key check factor may include, but is not limited to, a symmetric key, a MAC value, a random number, and the like.
And then, based on respective initial keys, the security keyboard and the smart card perform rolling of key verification factors and authentication factors according to a negotiated key synchronous rolling mode when monitoring that a rolling period is reached. As an optional implementation manner, the key synchronization scrolling manner includes: and acquiring the next factor (the key verification factor of the secure keyboard and the authentication factor of the smart card) from the pre-generated factor pool (the key verification factor of the secure keyboard and the authentication factor of the smart card), or acquiring the current factor (the current key verification factor of the secure keyboard and the current authentication factor of the smart card) in real time according to a preset acquisition strategy. In this step, the secure keyboard and the smart card negotiate in advance a key synchronization scrolling manner commonly adopted, a jump strategy for jumping to a next factor in the factor pool, and an acquisition strategy for acquiring a current factor in real time, which will be described in step S106 below, and will not be described here for the moment.
S105, the safety keyboard monitors whether a rolling period and a scanning period are reached, if the rolling period is reached, the step S106 is executed, and if the scanning period is reached, the step S107 is executed;
the rolling period is a first preset time length from the current key verification factor to the next key verification factor interval. And when the monitoring reaches the first preset time length, obtaining the current key verification factor of the safety keyboard according to the negotiated key synchronous rolling mode, restarting timing, continuously monitoring whether the first preset time length is reached, and periodically monitoring to realize that the key verification factor is periodically rolled and generated. The rolling period of the security keyboard is set to be the same as that of the smart card, so that the security keyboard and the smart card are ensured to roll to the next authentication factor at the same interval time, namely, the two parties are ensured to synchronously generate respective key verification factor and authentication factor. In practical application, the security keyboard may be configured with a reset timer for monitoring a rolling period, where the timing period is a first preset duration, and after the timing is up, the reset timer resets and times again to perform periodic timing.
And the scanning period is a second preset time interval between two times of scanning. And triggering to scan the authentication factor broadcasted by the intelligent card when the monitored timing reaches the second preset time length, restarting timing, continuously monitoring whether the second preset time length is reached, and periodically monitoring to realize the periodic scanning of the authentication factor broadcasted by the intelligent card. In practical application, the safety keyboard can be provided with a reset timer for monitoring a scanning period, the timing period is a second preset duration, and the safety keyboard is reset and re-timed after timing is up to perform periodic timing.
S106, the security keyboard acquires a next key verification factor of the current key verification factor of the security keyboard according to a key synchronous rolling mode negotiated with the smart card, takes the next key verification factor as the current key verification factor, and returns to the step S105;
the key synchronous rolling mode negotiated with the intelligent card comprises the following steps: a strategy of key check factor hopping is carried out in a key check factor pool, wherein the key check factor pool comprises a plurality of key check factors generated by a security keyboard according to a key generation algorithm negotiated with the smart card; acquiring a next key verification factor of the current key verification factor of the security keyboard according to a key synchronous rolling mode negotiated with the smart card, wherein the key synchronous rolling mode comprises the following steps: the security keyboard selects the next key verification factor of the current key verification factor of the security keyboard from the key verification factor pool according to the strategy of key verification factor jumping; or,
acquiring a next key verification factor of the current key verification factor of the security keyboard according to a key synchronous rolling mode negotiated with the smart card, wherein the key synchronous rolling mode comprises the following steps: and the security keyboard acquires the next key verification factor of the current key verification factor of the security keyboard according to the key verification factor acquisition strategy negotiated with the smart card based on the current key verification factor of the security keyboard.
As an optional implementation manner of this embodiment, the obtaining, by the security keyboard, a next key verification factor of the current key verification factor of the security keyboard according to a key synchronous scrolling manner negotiated with the smart card includes one of the following manners:
(1) the key synchronous rolling mode negotiated with the intelligent card comprises the following steps: a strategy of key check factor hopping is carried out in a key check factor pool, wherein the key check factor pool comprises a plurality of key check factors generated by a security keyboard according to a key generation algorithm negotiated with the smart card;
in this way, obtaining a next key verification factor of the current key verification factor of the security keyboard according to a key synchronous scrolling way negotiated with the smart card includes: the security keyboard selects the next key verification factor of the current key verification factor of the security keyboard from the key verification factor pool according to the strategy of key verification factor jumping;
(2) the key synchronous rolling mode negotiated with the intelligent card comprises the following steps: obtaining the key verification factor in real time according to a key verification factor obtaining strategy negotiated with the intelligent card;
in this way, obtaining a next key verification factor of the current key verification factor of the security keyboard according to a key synchronous scrolling way negotiated with the smart card includes: and the security keyboard acquires the next key verification factor of the current key verification factor of the security keyboard according to the key verification factor acquisition strategy negotiated with the smart card based on the current key verification factor of the security keyboard.
For the mode (1), the security keyboard and the smart card generate a key check factor pool and an authentication factor pool before the keys synchronously roll, the key check factor pool includes a plurality of key check factors generated by the security keyboard according to a preset key generation algorithm, the authentication factor pool includes a plurality of authentication factors generated by the smart card according to a preset key generation algorithm, and the key check factors and the authentication factors may be, but are not limited to, symmetric keys, MAC values, random numbers, and the like. Both parties can perform factor hopping in their respective factor pools according to a pre-negotiated strategy. For example, the secure keyboard and the smart card generate respective factor pools when establishing a communication connection negotiation initial key, and a plurality of key verification factors in the key verification factor pool of the secure keyboard and a plurality of authentication factors in the authentication factor pool of the smart card are sequentially arranged and correspond to each other in sequence. The two parties may select the next factor in sequence when the monitoring reaches the rolling period, or may select the next factor according to a pre-negotiated strategy (for example, the next factor of the current authentication factor is selected by one factor at intervals). Therefore, the security keyboard and the smart card synchronously scroll to the next factor when the monitoring reaches the scroll period. The obtaining mode can enable the security keyboard to generate a plurality of key checking factors for the rolling of the authentication factors at one time in advance, so that the problem that the error is easy to occur when one key checking factor is generated at a time due to clock errors is avoided, and the problem that the authentication fails due to the clock errors is further avoided.
For the mode (2), the security keyboard and the smart card acquire the next factor in real time. Optionally, the key verification factor obtained by the security keyboard in real time may be a key of a preset key generation algorithm applied to at least one of the current time of the local clock, the current count value of the local counter, and the random number. In the embodiment, the next factor is generated by the security keyboard and the smart card in real time, so that an attacker can be prevented from forging the next factor in advance and maliciously logging in the security keyboard, and the security of the security keyboard is protected.
S107, the security keyboard scans the authentication factor broadcasted by the smart card, and executes the step S108 under the condition that the authentication factor broadcasted by the smart card is scanned;
the security keyboard scans the smart card broadcast authentication factors within its signal coverage area upon monitoring the arrival of a scan cycle. Of course, the security keyboard may be continuously scanned, but in order to save the power of the security keyboard, the embodiment adopts a periodic scanning manner.
In this embodiment, after the smart card negotiates an initial authentication factor with the security keyboard, the authentication factor on the smart card side is periodically generated by scrolling in synchronization with the security keyboard, and the current authentication factor generated by scrolling is continuously or periodically broadcast. As an optional implementation manner in this embodiment, after the secure keyboard and the smart card negotiate to generate an initial key, and the initial key is used as a current key verification factor of the secure keyboard, the method provided in this embodiment further includes: the smart card enters a sleep mode, and is awakened once every preset awakening period after entering the sleep mode, and the current authentication factor of the smart card is broadcasted during the awakening period. Therefore, the electric quantity of the smart card can be saved, and the service life can be prolonged. Wherein during hibernation, the smart card keeps scrolling in synchronization with the secure keyboard to generate the authentication factor. Certainly, the smart card may not enter the sleep mode, and continuously or periodically broadcasts the current authentication factor, so that the security keyboard does not need to wait or wake up the smart card to restore the working state, and the authentication factor of the smart card can be timely scanned to timely complete the real-time authentication.
It should be noted that, whether the smart card automatically enters the sleep state or is temporarily disconnected from the security keypad, as long as the user does not completely leave the security keypad, that is, the smart card cannot receive the scanning instruction of the security keyboard within the preset time, or as long as the smart card does not receive the instruction for clearing the authentication factor, the disconnection instruction or the dormancy instruction and the like sent by the security keyboard and used for indicating that the smart card can not use the security keyboard any more, the smart card continues to synchronously perform the rolling of the authentication factor with the security keyboard according to the previous authentication factor rolling mode, so that when the employee carries the smart card to use the security keyboard after leaving and returning for a short time or to use the security keyboard again after waking up from the sleep state period, the smart card can keep rolling synchronization with the key verification factor at the side of the security keyboard, and the security keyboard can continuously compare the current key verification factor with the authentication factor broadcasted by the smart card in real time.
S108, the security keyboard compares the current key check factor with the authentication factor, if the current key check factor is consistent with the authentication factor, the step S105 is returned, and if the current key check factor is inconsistent with the authentication factor, the step S109 is executed;
s109, according to a key synchronous rolling mode negotiated with the intelligent card, acquiring lower 1 to m key verification factors of the current key verification factor of the security keyboard and upper 1 to n key verification factors of the current key verification factor of the security keyboard, wherein m and n are positive integers larger than 1;
s110, comparing the lower 1 to m and the upper 1 to n key verification factors of the current key verification factor of the security keyboard with the authentication factors respectively, if the key verification factors are consistent, taking the key verification factors which are consistent with the authentication factors in comparison as the current key verification factors of the security keyboard, and returning to the step S105; if there is no coincidence, step S111 is performed, where M, N is a positive integer;
in this embodiment, in order to avoid step-out (i.e., inconsistent comparison and authentication failure) caused by packet loss or clock skew, the security keyboard is provided with a redundant comparison and self-error correction mode. That is, under the condition that the comparison between the current key verification factor of the security keyboard and the authentication factor is inconsistent, the comparison is expanded to compare the key verification factors of a specific number before and after the current key verification factor of the security keyboard with the scanned current authentication factor broadcasted by the smart card one by one, and if the comparison is consistent, the authentication can be passed. This case indicates that there is a loss of synchronization caused by packet loss or clock skew, but since some key verification factor before and after the current key verification factor of the security keyboard can be matched, the security keyboard can correct the error by itself, correct the current key verification factor, that is, use the key verification factor that is consistent with the comparison of the authentication factor as the current key verification factor of the security keyboard, and return to step S105. Under the condition that the rolling period is reached by monitoring, the security keyboard acquires a next key verification factor of a current key verification factor of the security keyboard according to a key synchronous rolling mode negotiated with the smart card, and the next key verification factor is used as the current key verification factor, so that the security keyboard can still ensure that a user can continue to use the security keyboard through authentication of the smart card after desynchronization caused by packet loss or clock offset occurs, and operations such as synchronization with the smart card and the like do not need to be executed again. Meanwhile, the method can correct errors by itself, and ensures that the authentication factor rolls to the same authentication factor with the smart card when the next rolling period comes, namely ensures that the authentication factor is resynchronized with the authentication factor at the smart card side after the step is out. The comparison in step S108 is consistent or the comparison in step S110 is consistent, which indicates that the user of the currently used security keyboard is consistent with the current binding of the security keyboard and the user does not leave the security keyboard, so the method returns to step S105 to continue monitoring whether the scrolling period and the scanning period are reached.
For example, assume the current key verification factor S of the secure keyboardkM is 2, n is 1, the current key verification factor SkThe lower 1 to m and the upper 1 to n key check factors: sk-1、Sk+1And Sk+2. Under the condition of normal authentication factor rolling synchronization, the authentication factor sent by the smart card scanned by the security keyboard after the monitoring reaches the rolling period should also be Sk. But if the security keyboard scans the authentication factor L broadcasted by the smart cardkWith the current key check factor SkIf the difference is not consistent, it indicates that packet loss (or clock asynchronism) occurs, and error correction is required. Will Sk-1、Sk+1And Sk+2Respectively with an authentication factor LkAnd (5) comparing, and if the comparison is consistent, passing the authentication. For example, Sk+1And LkThe comparison is consistent, the security keyboard corrects the current key check factor into Sk+1. Then, when the next scroll cycle comes, the security keyboard acquires Sk+1Next key check factor Sk+2At this time, the current authentication factor on the smart card side should be scrolled to Lk+2Therefore, the aim of resynchronization between the desynchronized safety keyboard and the authentication factor at the side of the intelligent card is fulfilled.
As an optional implementation manner in this embodiment, obtaining, according to a key synchronous rolling manner negotiated with the smart card, the lower 1 to m key verification factors of the current key verification factor of the secure keyboard and the upper 1 to n key verification factors of the current key verification factor of the secure keyboard may include: the security keyboard selects the lower m and/or upper n key verification factors of the current key verification factor of the security keyboard from the key verification factor pool according to the strategy of key verification factor jumping; or the security keyboard acquires the lower m and/or upper n key verification factors of the current key verification factor of the security keyboard according to the key verification factor acquisition strategy negotiated with the smart card based on the current key verification factor of the security keyboard. Specifically, the obtaining manner of the next m and/or the last n key verification factors of the current key verification factor is similar to the obtaining manner of the next key verification factor of the current key verification factor. Specifically, refer to the description of step S106 for obtaining the next key verification factor of the current key verification factor of the secure keyboard. And will not be described in detail herein.
And S111, the security keyboard executes corresponding security control operation according to a preset security policy.
Wherein the safety control operation may include: a first safety control operation and a second safety control operation. The two security control operations have different levels, for example, the first security control operation may be used as a high-level control, and when the authentication fails or the user leaves the security keyboard for a long time, the first security control operation is executed by using the first policy, so that the smart card cannot be connected to use the security keyboard; the second security control may be used as a low-level control, and when the user temporarily leaves, in order to prevent information leakage and facilitate the user to return for convenient use, a second policy is adopted to perform a second security control operation, so that the security keyboard cannot be used temporarily, and the problem that the security keyboard is illegally used by others after the employee temporarily leaves can be avoided.
As an optional implementation manner in this embodiment, the first safety control operation may include, but is not limited to, one of the following: the safety keyboard sends a dormancy instruction to the intelligent card and sends a disconnection instruction to the intelligent card, the intelligent card is disconnected, and the safety keyboard is turned off. For example, after the authentication of the smart card by the security keyboard fails, the security keyboard sends an instruction for forcing the smart card to sleep to the smart card, and the smart card enters a sleep state after receiving the sleep instruction, so that the smart card cannot normally log in and use the security keyboard, thereby avoiding the risk that information stored on the security keyboard is leaked, preventing illegal users or non-identical smart cards from using the security keyboard, and protecting the privacy security of staff.
As an optional implementation manner in this embodiment, the second safety control operation may include, but is not limited to, one of the following: the security keyboard locks the screen, informs a PC connected with the security keyboard to lock the screen, the security keyboard enters a dormant state, alarms the security keyboard and the like, as long as the smart card can not use the security keyboard any more, and the invention does not limit the mode. Therefore, the problem that the safety keyboard is illegally used by others after the employee leaves for a short time can be solved, and the employee can conveniently and quickly recover the safety keyboard to be in an available state after the employee leaves and returns for a short time.
In order to save the storage space, under the condition that the smart card does not use the security keyboard any more, the security keyboard deletes all the locally stored key verification factors, and provides more sufficient space for the authentication factors to be synchronously rolled after the next smart card is connected with the security keyboard. As an optional implementation manner in this embodiment, after the security keyboard performs a corresponding security control operation according to a predetermined security policy, the method provided in this embodiment further includes: the security keyboard deletes all locally stored key verification factors. After the security keyboard executes corresponding security control operation according to a preset security policy, the security keyboard is no longer used for logging in the smart card, so that the local storage space can be saved, and more sufficient space is provided for the synchronous rolling authentication factor after the next smart card is connected with the security keyboard. In addition, the security keyboard can also send an instruction for clearing the authentication factors to the smart card, and after receiving the instruction, the smart card deletes all the authentication factors stored locally so as to save the space of the smart card, facilitate the request for logging in the next security keyboard and provide more sufficient space for synchronously rolling the authentication factors after being connected with the security keyboard.
According to the equipment authentication method provided by the embodiment, the security keyboard can authenticate the smart card in real time, once the authentication cannot pass, the security control operation is executed, so that the fact that the same smart card and the legal smart card are always used for logging in the security keyboard after the smart card of the employee is communicated with the security keyboard is guaranteed, the business confidentiality of the employee is protected, and information leakage caused by the fact that irrelevant personnel execute corresponding operations on the security keyboard is avoided. During authentication, the loss of synchronism caused by packet loss or clock offset can be avoided, the safety keyboard can correct errors by itself, and the safety keyboard and the authentication factor at the side of the intelligent card can be kept synchronous after the loss of synchronism.
In this embodiment, if the user needs to leave the secure keyboard for a while with his smart card, in order to ensure that the user can continue to use the secure keyboard normally after returning, as an optional implementation manner in this embodiment, in the case that the authentication factor sent by the smart card is not scanned, the method provided in this embodiment further includes: the security keyboard detects whether the authentication factor broadcasted by the smart card is scanned within a preset monitoring threshold, and if the authentication factor broadcasted by the smart card is scanned, the step S108 is executed; if not, detecting whether the authentication factor broadcasted by the smart card is scanned within a preset time interval; if so, executing step S108; if not, step S111 is executed.
In this embodiment, in the case that the authentication factor broadcasted by the smart card is not scanned in step S105, the scanning event still occurs, and the security keyboard performs the operation of scanning the authentication factor broadcasted by the smart card by the device each time a preset scanning period is reached. The preset monitoring threshold + the preset time interval may be understood as a time of reasonable disconnection set for a brief departure of the user, if the security keyboard does not scan the authentication factor broadcasted by the smart card at the preset monitoring threshold, it can be understood that the employee only temporarily leaves the security keyboard, the security keyboard may execute a second full control operation according to a second security policy, such as locking the screen of the security keyboard, sleeping, and so on, and meanwhile, in order to wait for the employee to return, continuously keeping the rolling of the authentication factor in the preset time interval, detecting whether the authentication factor broadcasted by the intelligent card is scanned in the preset time interval, if the authentication factor broadcast by the smart card has not been scanned yet, it is deemed that the user has left the security keypad from use, the security keypad may perform a first security control operation in accordance with a first security policy, such as disconnecting the smart card, deleting the link related information of the smart card, powering off the security keyboard, and the like.
In practical applications, the employee may temporarily leave the office system, for example, the preset monitoring threshold is set to 1 minute, if the employee leaves the office system for 1 minute without returning, the security keyboard detects, within the preset monitoring threshold, that the authentication factor broadcasted by the smart card is not scanned, and in order to ensure the security of the office system, the smart card may perform a second security control operation, for example, locking the screen, etc. For example, the preset time interval is set to 5 minutes, if the employee leaves for 5 minutes and does not return, the security keyboard detects that the authentication factor broadcasted by the smart card is not scanned within the preset time interval, and in order to ensure the security of the office system, the smart card may perform a first security control operation, such as shutdown. In this embodiment, the second security control operation is different from the first security control operation, so that different security control policies can be set according to different time periods when the user leaves, and multi-level security control can be performed, so as to provide convenience for the user while ensuring security.
As an optional implementation manner in this embodiment, if the smart card does not receive the scan instruction sent by the security keyboard within a preset time (it indicates that the user completely leaves the security keyboard and does not use the security keyboard within a period of time), the deletion of all locally stored authentication factors is performed, so as to save the space of the smart card, facilitate the request for logging in to the next security keyboard, and provide more sufficient space for the authentication factors to be synchronously scrolled after connection with the smart card. If the connection with the security keyboard is needed again, steps S101 to S111 are executed again.
As an optional implementation manner in this embodiment, step S105 further includes: the security keyboard monitors whether a predetermined key event occurs, and if the predetermined key event occurs, executes step S112 (not shown in fig. 1); step S112, the safety keyboard starts the camera device to collect the face image information of the user, and carries out face identification authentication on the face image information; wherein the predetermined key event comprises at least one of: the secure keyboard and the smart card negotiate the initial key and complete, the secure keyboard receives an encryption input instruction, and the secure keyboard identifies and receives password input. If the authentication is passed, returning to the step S105 to continuously monitor whether a predetermined key event occurs; if the authentication is not passed, step S111 is performed. For example, when information input by the user on the keyboard needs to be encrypted, the user may issue an encryption input instruction to the keyboard, and after the keyboard receives the encryption input instruction input by the user, the information input by the user on the keyboard is encrypted, and step S112 is performed. For example, when the user inputs a PIN code on the keypad, the keypad recognizes that the password input is received when the PIN code is received, and step S112 may be executed. The embodiment can support that when the smart card executes key actions (for example, key actions such as encrypting information input by a user on a keyboard or inputting a PIN code) face recognition assistance is started, and when an acquired operator is inconsistent with a login person, security control operation is executed, so that the operator and the smart card user who logs in the security keyboard are ensured to be the same person, and further, data security is protected from malicious stealing in some key events.
Fig. 1 shows an office system provided by an embodiment of the present invention, and fig. 3 shows a security keyboard provided by an embodiment of the present invention. The office system and the security keyboard both adopt the above device authentication method, and only the structures of the office system and the security keyboard will be briefly described below, but please refer to the related description of the above device authentication method for other matters. Referring to fig. 1, an office system provided in an embodiment of the present invention includes: a secure keyboard 10 and a smart card 20; wherein:
the security keyboard 10 is used for reading the user information in the smart card 20, verifying the user information, and requesting the bluetooth pairing information from the smart card 20 after the user information passes the verification; receiving the bluetooth pairing information transmitted by the smart card 20; establishing a Bluetooth connection with the smart card 20 by using the Bluetooth pairing information, negotiating a key synchronous rolling mode with the smart card 20 through the Bluetooth connection, and negotiating to generate an initial key, wherein the initial key is used as a current key check factor of the security keyboard 10; the system is further configured to monitor whether a rolling period and a scanning period are reached, and when the rolling period is reached, obtain a next key verification factor of the current key verification factor of the security keyboard 10 according to a key synchronous rolling manner negotiated with the smart card, use the next key verification factor as the current key verification factor, and continue to monitor whether the rolling period is reached; under the condition that the scanning period is monitored to be reached, the authentication factor broadcasted by the intelligent card 20 is scanned, under the condition that the authentication factor broadcasted by the intelligent card 20 is scanned, the current key check factor is compared with the authentication factor, if the authentication factor broadcasted by the intelligent card 20 is consistent, whether the authentication factor broadcasted by the intelligent card reaches the rolling period and the scanning period is continuously monitored, if the authentication factor broadcasted by the intelligent card does not reach the rolling period and the scanning period, the lower 1 to m key check factors of the current key check factor of the safety keyboard 10 and the upper 1 to n key check factors of the current key check factor of the safety keyboard 10 are obtained according to a key synchronous rolling mode negotiated with the intelligent card, wherein m and n are positive integers larger than 1, the lower 1 to m and the upper 1 to n key check factors of the current key check factor of the safety keyboard 10 are respectively compared with the authentication factor, if the authentication factors are consistent, the key check factors consistent with the authentication factor are used as the current key check factor of the, and continuously monitoring whether a rolling period and a scanning period are reached; and if the conditions are not consistent, executing corresponding safety control operation according to a preset safety strategy.
The smart card 20 is configured to output user information to the security keyboard 10, send bluetooth pairing information to the security keyboard 10 after receiving a request of the bluetooth pairing information sent by the security keyboard 10, establish bluetooth connection with the security keyboard 10 by using the bluetooth pairing information, negotiate a key synchronous rolling mode with the security keyboard 1 through the bluetooth connection, negotiate to generate an initial key, and use the initial key as a current authentication factor of the smart card 20; also for broadcasting the current authentication factor of the smart card 20; and is further configured to monitor whether a rolling period is reached, and, in the case of monitoring that the rolling period is reached, obtain a next authentication factor of the current authentication factor of the smart card 20 according to a key synchronization rolling manner negotiated with the security keyboard 10, and use the next authentication factor as the current authentication factor of the smart card 20.
As an optional implementation manner in this embodiment, the smart card 20 is further configured to enter a sleep state when receiving a sleep instruction sent by the security keyboard.
As an optional implementation manner in this embodiment, the smart card 20 is further configured to enter a sleep mode after negotiating with the security keyboard to generate an initial authentication factor, and wake up every predetermined wake-up period after entering the sleep mode, and during the wake-up period, broadcast the current authentication factor of the smart card.
As an alternative implementation in this embodiment, the scrolling cycle of the smart card 20 is the same duration as the scrolling cycle of the secure keyboard 10.
Referring to fig. 3, the security keyboard 10 includes: the system comprises a card reading module 101, an authentication module 102, a communication module 103, a negotiation module 104, a monitoring module 105, a check factor rolling module 106, a scanning detection module 107 and a security control module 108; wherein:
a card reading module 101, configured to read user information in the smart card 20;
an authentication module 102, configured to verify the user information;
the communication module 103 is configured to request bluetooth pairing information from the smart card 20 after the authentication module passes the verification, receive the bluetooth pairing information transmitted by the smart card 20, and establish bluetooth connection with the smart card 20 by using the bluetooth pairing information;
a negotiation module 104, configured to negotiate a key synchronous rolling mode with the smart card 20 through the bluetooth connection by using the communication module 103, negotiate to generate an initial key, use the initial key as a current key verification factor of the security keyboard 10, and trigger the monitoring module 105 to operate;
the monitoring module 105 is used for monitoring whether a rolling period and a scanning period are reached, and under the condition that the rolling period is reached through monitoring, the checking factor rolling module is triggered to work 106; under the condition that the scanning period is reached through monitoring, triggering a scanning detection module 107 to work, wherein the rolling period is a first preset time length from the current key verification factor to the next key verification factor interval, and the scanning period is a second preset time length between two times of scanning;
the verification factor rolling module 106 is further configured to, when the monitoring module 105 monitors that a rolling period is reached, obtain a next key verification factor of the current key verification factor of the secure keyboard according to a key synchronous rolling manner negotiated with the smart card, use the next key verification factor as the current key verification factor, and trigger the monitoring module 105;
a scanning detection module 107, configured to scan the authentication factor broadcast by the smart card 20, and trigger the authentication module 102 when the authentication factor broadcast by the smart card 20 is scanned;
the authentication module 102 is further configured to compare the current key verification factor with the authentication factor, and if the current key verification factor is consistent with the authentication factor, trigger the monitoring module 105; if the key verification factors are not consistent, acquiring the lower 1 to m key verification factors of the current key verification factor of the secure keyboard and the upper 1 to n key verification factors of the current key verification factor of the secure keyboard according to a key synchronous rolling mode negotiated with the smart card, wherein m and n are positive integers larger than 1; comparing the lower 1 to m and the upper 1 to n key verification factors of the current key verification factor of the security keyboard with the authentication factor respectively, if the key verification factors are consistent, taking the key verification factor which is consistent with the authentication factor in comparison as the current key verification factor of the security keyboard, and triggering a monitoring module 105; if there is no match, the security control module 108 is triggered, wherein M, N is a positive integer;
and the safety control module 108 is used for executing corresponding safety control operation according to a preset safety strategy.
As an optional implementation manner in this embodiment, the scanning detection module 107 is further configured to detect whether the authentication factor broadcasted by the smart card 20 is scanned within a preset monitoring threshold under the condition that the authentication factor broadcasted by the smart card 20 is not scanned, and if the authentication factor broadcasted by the smart card 20 is scanned, trigger the authentication module 102; if not, detecting whether the authentication factor broadcasted by the intelligent 20 card is scanned within a preset time interval; if so, triggering the authentication module 102; if not, the security control module 108 is triggered.
As an optional implementation manner in this embodiment, the security keyboard 10 further includes: a face verification module 109;
the monitoring module 105 is further configured to monitor whether a predetermined key event occurs, and trigger the face verification module 109 when the predetermined key event occurs; wherein the predetermined key event comprises at least one of: the secure keyboard 10 and the smart card 20 negotiate the initial key, the secure keyboard 10 receives an encryption input instruction, and the secure keyboard 10 recognizes that a password input is received;
and the face verification module 109 is used for starting the camera device to collect the face image information of the user and performing face identification authentication on the face image information.
As an optional implementation manner in this embodiment, the security control module 108 performs the corresponding security control operation according to the predetermined security policy at least by the following means: triggering the communication module 103 to send a sleep instruction to the smart card 20; the communication module 103 is further configured to send a sleep instruction to the smart card 20.
As an optional implementation manner in this embodiment, the security keyboard 10 further includes: and the clearing module 110 is configured to delete all key verification factors stored in the secure keyboard after the security control module 108 performs the security control operation.
Through office system and the security keyboard that this embodiment provided, security keyboard can be real-timely authenticate the smart card, in case the authentication can't pass, then carry out the safety control operation to guarantee to be the user of same smart card and legal smart card user at the login use this security keyboard all the time after the communication is established to staff's smart card and security keyboard, protect this staff's business secret, avoid irrelevant personnel to carry out corresponding operation at this security keyboard, cause the information leakage. During authentication, the loss of synchronism caused by packet loss or clock offset can be avoided, the safety keyboard can correct errors by itself, and the safety keyboard and the authentication factor at the side of the intelligent card can be kept synchronous after the loss of synchronism.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (15)
1. An office security control method, comprising:
step 1, a safety keyboard reads user information in an intelligent card, verifies the user information, and requests Bluetooth pairing information from the intelligent card after the user information passes the verification;
step 2, the security keyboard receives the Bluetooth pairing information transmitted by the smart card;
step 3, the security keyboard establishes Bluetooth connection with the smart card by using the Bluetooth pairing information;
step 4, the security keyboard negotiates a key synchronous rolling mode with the intelligent card through the Bluetooth connection, negotiates to generate an initial key, and uses the initial key as a current key check factor of the security keyboard;
step 5, the security keyboard monitors whether a rolling period and a scanning period are reached, if the rolling period is reached, step 6 is executed, and if the scanning period is reached, step 7 is executed, wherein the rolling period is a first preset time interval from the current key verification factor to the next key verification factor, and the scanning period is a second preset time interval between two times of scanning;
step 6, the security keyboard acquires a next key check factor of the current key check factor of the security keyboard according to a key synchronous rolling mode negotiated with the smart card, and the next key check factor is used as the current key check factor; and returning to the step 5;
step 7, the security keyboard scans the authentication factor broadcasted by the smart card, and if the authentication factor broadcasted by the smart card is scanned, the step 8 is executed;
step 8, comparing the current key check factor with the authentication factor, if the current key check factor is consistent with the authentication factor, returning to the step 5, and if the current key check factor is inconsistent with the authentication factor, executing the step 9;
step 9, according to a key synchronous rolling mode negotiated with the intelligent card, acquiring the lower 1 to m key verification factors of the current key verification factor of the secure keyboard and the upper 1 to n key verification factors of the current key verification factor of the secure keyboard, wherein m and n are positive integers greater than 1;
step 10, comparing the lower 1 to m and the upper 1 to n key verification factors of the current key verification factor of the security keyboard with the authentication factors respectively, if the key verification factors are consistent, taking the key verification factor which is consistent with the authentication factor in comparison as the current key verification factor of the security keyboard, and returning to the step 5; if there is no coincidence, step 11 is executed;
and 11, executing corresponding security control operation by the security keyboard according to a preset security policy.
2. The method of claim 1,
the key synchronous rolling mode negotiated with the intelligent card comprises the following steps: a strategy of key check factor hopping is carried out in a key check factor pool, wherein the key check factor pool comprises a plurality of key check factors generated by the security keyboard according to a key generation algorithm negotiated with the smart card; the acquiring a next key verification factor of the current key verification factor of the secure keyboard according to the key synchronous rolling mode negotiated with the smart card comprises: the security keyboard selects the next key verification factor of the current key verification factor of the security keyboard from the key verification factor pool according to the strategy of key verification factor jumping; or,
the acquiring a next key verification factor of the current key verification factor of the secure keyboard according to the key synchronous rolling mode negotiated with the smart card comprises: and the security keyboard acquires the next key verification factor of the current key verification factor of the security keyboard according to the key verification factor acquiring strategy negotiated with the intelligent card based on the current key verification factor of the security keyboard.
3. The method according to claim 1 or 2,
in the case where the authentication factor sent by the smart card is not scanned, the method further comprises:
the security keyboard detects whether the authentication factor broadcasted by the smart card is scanned within a preset monitoring threshold, and if the authentication factor broadcasted by the smart card is scanned, the step 8 is executed; if not, detecting whether the authentication factor broadcasted by the smart card is scanned within a preset time interval; if so, executing the step 8; if not, step 11 is performed.
4. The method of claim 3,
the method also comprises the following steps in the step 5: the safety keyboard monitors whether a preset key event occurs or not, and executes the step 12 under the condition that the preset key event occurs;
step 12, the safety keyboard starts a camera device to collect face image information of a user, and face identification authentication is carried out on the face image information; wherein the predetermined key event comprises at least one of: the secure keyboard and the smart card negotiate the initial key to complete, the secure keyboard receives an encryption input instruction, and the secure keyboard identifies that a password input is received.
5. The method according to any one of claims 1 to 4,
the security keyboard executes corresponding security control operation according to a preset security policy, and the security control operation at least comprises the following steps: and the safety keyboard sends a sleep instruction to the intelligent card.
6. The method of claim 5,
after the security keyboard performs the corresponding security control operation according to the predetermined security policy, the method further includes:
and the security keyboard deletes all the locally stored key checking factors.
7. The method of claim 6, wherein after the secure keyboard and the smart card negotiate to generate an initial key, the initial key being used as a current key verification factor of the secure keyboard, the method further comprises:
the smart card enters a sleep mode, and is awakened once every preset awakening period after entering the sleep mode, and the current authentication factor of the smart card is broadcasted during the awakening period.
8. A security keyboard, comprising:
the card reading module is used for reading user information in the intelligent card;
the authentication module is used for verifying the user information;
the communication module is used for requesting Bluetooth pairing information to the intelligent card after the authentication module passes the verification, receiving the Bluetooth pairing information transmitted by the intelligent card and establishing Bluetooth connection with the intelligent card by utilizing the Bluetooth pairing information;
the negotiation module is used for negotiating a key synchronous rolling mode with the intelligent card through the Bluetooth connection by utilizing the communication module, negotiating to generate an initial key, using the initial key as a current key check factor of the safety keyboard and triggering the monitoring module to work;
the monitoring module is used for monitoring whether a rolling period and a scanning period are reached or not, and triggering the rolling module of the tested factor to work under the condition that the rolling period is reached; under the condition that the scanning period is reached, triggering a scanning detection module to work, wherein the rolling period is a first preset time length from the current key verification factor to the next key verification factor interval, and the scanning period is a second preset time length between two times of scanning;
the verification factor rolling module is used for acquiring a next key verification factor of the current key verification factor of the security keyboard according to a key synchronous rolling mode negotiated with the smart card under the condition that the monitoring module monitors that the rolling period is reached, taking the next key verification factor as the current key verification factor, and triggering the monitoring module;
the scanning detection module is used for scanning the authentication factor broadcasted by the intelligent card and triggering the authentication module under the condition that the authentication factor broadcasted by the intelligent card is scanned;
the authentication module is further configured to compare the current key verification factor with the authentication factor, and if the current key verification factor is consistent with the authentication factor, trigger the monitoring module; if the key verification factors are not consistent, acquiring the lower 1 to m key verification factors of the current key verification factor of the secure keyboard and the upper 1 to n key verification factors of the current key verification factor of the secure keyboard according to a key synchronous rolling mode negotiated with the smart card, wherein m and n are positive integers larger than 1; comparing the lower 1 to m and the upper 1 to n key verification factors of the current key verification factor of the security keyboard with the authentication factor respectively, if the key verification factors are consistent, taking the key verification factor which is consistent with the authentication factor in comparison as the current key verification factor of the security keyboard, and triggering the monitoring module; if the conditions are not consistent, triggering the safety control module;
and the safety control module is used for executing corresponding safety control operation according to a preset safety strategy.
9. The security keyboard of claim 8,
the scanning detection module is further configured to detect whether the authentication factor broadcasted by the smart card is scanned within a preset monitoring threshold under the condition that the authentication factor broadcasted by the smart card is not scanned, and if the authentication factor broadcasted by the smart card is scanned, trigger the authentication module; if not, detecting whether the authentication factor broadcasted by the intelligent card is scanned within a preset time interval; if the scanning is finished, triggering the authentication module; and if not, triggering the safety control module.
10. The security keyboard of claim 9, further comprising: a face verification module;
the monitoring module is also used for monitoring whether a preset key event occurs or not, and triggering the face verification module under the condition that the preset key event occurs; wherein the predetermined key event comprises at least one of: the secure keyboard and the smart card negotiate the initial key to be completed, the secure keyboard receives an encryption input instruction, and the secure keyboard identifies and receives password input;
the face verification module is used for starting the camera device to collect face image information of a user and carrying out face identification authentication on the face image information.
11. The security keyboard of any one of claims 8-10,
the security control module executes corresponding security control operation according to a preset security policy at least by the following means: triggering the communication module to send a sleep instruction to the smart card;
the communication module is further configured to send the sleep instruction to the smart card.
12. The security keyboard of claim 11, further comprising:
and the clearing module is used for deleting all key verification factors stored by the security keyboard after the security control module executes the security control operation.
13. An office system, comprising: a smart card and a secure keyboard as claimed in any one of claims 7 to 11, wherein:
the smart card is used for outputting user information to the security keyboard, sending the Bluetooth pairing information to the security keyboard after receiving a request of the Bluetooth pairing information sent by the security keyboard, establishing Bluetooth connection with the security keyboard by using the Bluetooth pairing information, negotiating a synchronous rolling mode of a key with the security keyboard through the Bluetooth connection, negotiating to generate an initial key, and taking the initial key as a current authentication factor of the smart card; the system is also used for broadcasting the current authentication factor of the smart card; and the authentication device is further used for monitoring whether a rolling period is reached, acquiring a next authentication factor of the current authentication factor of the smart card according to a key synchronous rolling mode negotiated with the security keyboard under the condition of monitoring that the rolling period is reached, and taking the next authentication factor as the current authentication factor of the smart card.
14. The office system of claim 13,
the smart card is also used for entering a dormant state under the condition of receiving a dormant instruction sent by the safety keyboard.
15. The office system of claim 13,
the smart card is further configured to enter a sleep mode after a synchronous response is returned to the security keyboard, and wake up the smart card once every predetermined wake-up period after entering the sleep mode, and broadcast a current second authentication factor of the smart card during the wake-up period.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910560955.5A CN112149099B (en) | 2019-06-26 | 2019-06-26 | Office safety control method, safety keyboard and office system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910560955.5A CN112149099B (en) | 2019-06-26 | 2019-06-26 | Office safety control method, safety keyboard and office system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112149099A true CN112149099A (en) | 2020-12-29 |
| CN112149099B CN112149099B (en) | 2024-02-13 |
Family
ID=73869847
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910560955.5A Active CN112149099B (en) | 2019-06-26 | 2019-06-26 | Office safety control method, safety keyboard and office system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112149099B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070118745A1 (en) * | 2005-11-16 | 2007-05-24 | Broadcom Corporation | Multi-factor authentication using a smartcard |
| US20120260324A1 (en) * | 2009-11-06 | 2012-10-11 | Emue Holdings Pty Ltd. | Method and a system for validating identifiers |
| CN103888453A (en) * | 2014-03-12 | 2014-06-25 | 天地融科技股份有限公司 | Data processing method based on negotiation secret keys |
| CN107077788A (en) * | 2014-10-01 | 2017-08-18 | 大陆智能交通系统有限责任公司 | Exchanged and service system using the parcel of key card simulator |
| CN108322440A (en) * | 2017-12-28 | 2018-07-24 | 天地融科技股份有限公司 | It is a kind of to utilize safety equipment Card Reader login method and Security Login System |
| CN109493488A (en) * | 2018-11-23 | 2019-03-19 | 北京小米移动软件有限公司 | Smart card authentication method, smart lock, smart card, system and device |
-
2019
- 2019-06-26 CN CN201910560955.5A patent/CN112149099B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070118745A1 (en) * | 2005-11-16 | 2007-05-24 | Broadcom Corporation | Multi-factor authentication using a smartcard |
| US20120260324A1 (en) * | 2009-11-06 | 2012-10-11 | Emue Holdings Pty Ltd. | Method and a system for validating identifiers |
| CN103888453A (en) * | 2014-03-12 | 2014-06-25 | 天地融科技股份有限公司 | Data processing method based on negotiation secret keys |
| CN107077788A (en) * | 2014-10-01 | 2017-08-18 | 大陆智能交通系统有限责任公司 | Exchanged and service system using the parcel of key card simulator |
| CN108322440A (en) * | 2017-12-28 | 2018-07-24 | 天地融科技股份有限公司 | It is a kind of to utilize safety equipment Card Reader login method and Security Login System |
| CN109493488A (en) * | 2018-11-23 | 2019-03-19 | 北京小米移动软件有限公司 | Smart card authentication method, smart lock, smart card, system and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112149099B (en) | 2024-02-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP4679205B2 (en) | Authentication system, apparatus, method, program, and communication terminal | |
| US8807426B1 (en) | Mobile computing device authentication using scannable images | |
| CN106780901A (en) | A kind of intelligent door lock system and its application based on mobile phone MAC Address | |
| CN109920100B (en) | Unlocking method and system of intelligent lock | |
| CN108322507B (en) | Method and system for executing security operation by using security device | |
| CN109344588A (en) | Safety certifying method and terminal device | |
| CN108200037B (en) | Method and system for executing security operation by using security device | |
| CN108337235B (en) | Method and system for executing security operation by using security device | |
| CN110930574A (en) | Access control method and system and intelligent device | |
| US20120144194A1 (en) | Service providing client, wireless terminal and method for implementing binding | |
| CN115810232A (en) | Passage control method based on offline two-dimensional code and face characteristic value | |
| CN111405016A (en) | User information acquisition method and related equipment | |
| CN112153642B (en) | Equipment authentication method in office environment, office equipment and system | |
| EP2907330B1 (en) | Method and apparatus for disabling algorithms in a device | |
| CN112149099B (en) | Office safety control method, safety keyboard and office system | |
| CN112149096B (en) | Office authentication method, security keyboard and office system | |
| CN112149083B (en) | Equipment authentication method, security keyboard and office system | |
| CN113038464B (en) | Information transmission method and equipment | |
| CN112152960B (en) | Office system safety control method, device and system | |
| CN112149082B (en) | Office system safety control method, device and system | |
| CN112149098B (en) | Office system safety control method, device and system | |
| CN112152810B (en) | Safety control method, device and system | |
| CN117858079B (en) | Safety control method of building intercom system | |
| CN108322508A (en) | A kind of method and system executing safety operation using safety equipment | |
| JP5273977B2 (en) | Authentication target device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |