CN112149099B - Office safety control method, safety keyboard and office system - Google Patents
Office safety control method, safety keyboard and office system Download PDFInfo
- Publication number
- CN112149099B CN112149099B CN201910560955.5A CN201910560955A CN112149099B CN 112149099 B CN112149099 B CN 112149099B CN 201910560955 A CN201910560955 A CN 201910560955A CN 112149099 B CN112149099 B CN 112149099B
- Authority
- CN
- China
- Prior art keywords
- key
- factor
- keyboard
- smart card
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000012795 verification Methods 0.000 claims abstract description 205
- 238000005096 rolling process Methods 0.000 claims abstract description 93
- 238000012544 monitoring process Methods 0.000 claims abstract description 58
- 230000001360 synchronised effect Effects 0.000 claims abstract description 56
- 230000007958 sleep Effects 0.000 claims description 29
- 238000004891 communication Methods 0.000 claims description 20
- 238000001514 detection method Methods 0.000 claims description 10
- 230000005059 dormancy Effects 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 3
- 239000000523 sample Substances 0.000 claims 1
- 239000000758 substrate Substances 0.000 claims 1
- 230000006870 function Effects 0.000 description 5
- 230000000737 periodic effect Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- YBJHBAHKTGYVGT-ZKWXMUAHSA-N (+)-Biotin Chemical compound N1C(=O)N[C@@H]2[C@H](CCCCC(=O)O)SC[C@@H]21 YBJHBAHKTGYVGT-ZKWXMUAHSA-N 0.000 description 4
- FEPMHVLSLDOMQC-UHFFFAOYSA-N virginiamycin-S1 Natural products CC1OC(=O)C(C=2C=CC=CC=2)NC(=O)C2CC(=O)CCN2C(=O)C(CC=2C=CC=CC=2)N(C)C(=O)C2CCCN2C(=O)C(CC)NC(=O)C1NC(=O)C1=NC=CC=C1O FEPMHVLSLDOMQC-UHFFFAOYSA-N 0.000 description 4
- 238000003491 array Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000012937 correction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W56/00—Synchronisation arrangements
- H04W56/001—Synchronization between nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephone Function (AREA)
- Input From Keyboards Or The Like (AREA)
Abstract
The invention provides an office security control method, a security keyboard and a system, wherein the method comprises the following steps: S1-S3, verifying the smart card by the security keyboard, and establishing Bluetooth connection with the smart card; s4, the initial key is generated by negotiating with the intelligent key as a current key verification factor; s5, monitoring that the rolling period is reached, executing S6, and reaching the scanning period, executing S7; s6, obtaining the next key verification factor of the current key verification factor as the current key verification factor according to a key synchronous rolling mode, and returning to S5; s7, scanning an authentication factor broadcasted by the smart card; s8, comparing the current key verification factor with the authentication factor, and executing S9 in a non-consistent manner; S9-S10, obtaining the lower 1 to m and the upper 1 to n key check factors of the current key check factors according to a key synchronous rolling mode, comparing the key check factors with the authentication factors respectively, and taking the key check factors which are consistent with the authentication factors as the current key check factors; without, the safety control operation is performed.
Description
Technical Field
The present invention relates to the field of electronic technologies, and in particular, to an office security control method, a security keyboard, and an office system.
Background
In the traditional office system, the modes of password, user confirmation and the like are mostly adopted in login safety control, but only the office equipment authenticates the user equipment when the user equipment is logged in for the first time, after the authentication is passed, the user equipment is not authenticated in real time, a WeChat login on a computer is taken as an example, if the WeChat login is performed for the first time, a two-dimensional code appears on the computer, a two-dimensional code on the computer is scanned by a user mobile phone, after the user confirms on the mobile phone, the login is successful, and the user can use the computer to complete the WeChat function. After the employee temporarily leaves the office equipment, other personnel can also use the office equipment, and the privacy and information security of the employee cannot be protected.
In addition, in some scenes, after the staff leaves, the staff needs to manually lock the screen or log out of the login state, and when the staff is used again, the staff still needs to be authenticated again, so that the safety and the convenience are improved in the use process.
Disclosure of Invention
The present invention aims to solve one of the above problems.
The invention mainly aims to provide an office safety control method.
It is another object of the present invention to provide an office system.
It is another object of the present invention to provide a secure keyboard.
In order to achieve the above purpose, the technical scheme of the invention is specifically realized as follows:
in one aspect, the present invention provides an office security control method, including: step 1, a security keyboard reads user information in an intelligent card, verifies the user information, and requests Bluetooth pairing information from the intelligent card after verification; step 2, the security keyboard receives the Bluetooth pairing information transmitted by the smart card; step 3, the security keyboard establishes Bluetooth connection with the smart card by utilizing the Bluetooth pairing information; step 4, the secure keyboard negotiates a key synchronous rolling mode with the smart card through the Bluetooth connection, negotiates to generate an initial key, and takes the initial key as a current key verification factor of the secure keyboard; step 5, the security keyboard monitors whether a rolling period and a scanning period are reached, and if the rolling period is reached, step 6 is executed, and if the scanning period is reached, step 7 is executed, wherein the rolling period is a first preset duration from the current key checking factor to a next key checking factor interval, and the scanning period is a second preset duration of an interval between two scans; step 6, the security keyboard acquires the next key verification factor of the current key verification factor of the security keyboard according to a key synchronous rolling mode negotiated with the smart card, and the next key verification factor is used as the current key verification factor; and returning to the step 5; step 7, the security keyboard scans the authentication factors broadcasted by the smart card, and step 8 is executed under the condition that the authentication factors broadcasted by the smart card are scanned; step 8, comparing the current key verification factor with the authentication factor, returning to the step 5 if the current key verification factor is consistent with the authentication factor, and executing the step 9 if the current key verification factor is inconsistent with the authentication factor; step 9, obtaining the next 1 to m key check factors of the current key check factors of the security keyboard and the last 1 to n key check factors of the current key check factors of the security keyboard according to a key synchronous rolling mode negotiated with the smart card, wherein m and n are positive integers larger than 1; step 10, comparing the lower 1 to m key check factors and the upper 1 to n key check factors of the current key check factors of the security keyboard with the authentication factors respectively, if the key check factors are consistent, taking the key check factors consistent with the authentication factors as the current key check factors of the security keyboard, and returning to the step 5; if there is no coincidence, step 11 is performed; and 11, executing corresponding safety control operation by the safety keyboard according to a preset safety strategy.
Optionally, the key synchronous scrolling mode negotiated with the smart card includes: a strategy for carrying out key check factor jump in a key check factor pool, wherein the key check factor pool comprises a plurality of key check factors generated by the security keyboard according to a key generation algorithm negotiated with the smart card; the step of obtaining the next key verification factor of the current key verification factor of the security keyboard according to the key synchronous rolling mode negotiated with the smart card comprises the following steps: the security keyboard selects the next key verification factor of the current key verification factors of the security keyboard from the key verification factor pool according to the key verification factor jump strategy; or, the obtaining the next key verification factor of the current key verification factor of the security keyboard according to the key synchronous scrolling mode negotiated with the smart card includes: the security keyboard obtains the next key verification factor of the current key verification factor of the security keyboard according to the key verification factor obtaining strategy negotiated with the smart card based on the current key verification factor of the security keyboard.
Optionally, in the case that the authentication factor sent by the smart card is not scanned, the method further includes: the security keyboard detects whether the authentication factor broadcasted by the smart card is scanned in a preset monitoring threshold, and if so, the step 8 is executed; if not, detecting whether the authentication factor broadcasted by the smart card is scanned or not in a preset time interval; if so, executing the step 8; if not, step 11 is performed.
Optionally, in the step 5, further includes: the safety keyboard monitors whether a preset key event occurs or not, and if so, the step 12 is executed; step 12, the safety keyboard starts a camera device to collect face image information of a user, and performs face recognition authentication on the face image information; wherein the predetermined key event comprises at least one of: the secure keyboard negotiates with the smart card that the initial key is complete, the secure keyboard receives an encryption input instruction, and the secure keyboard recognizes that a password input is received.
Optionally, the security keyboard performs a corresponding security control operation according to a predetermined security policy, including at least: and the security keyboard sends a dormancy instruction to the intelligent card.
Optionally, after the security keypad performs a corresponding security control operation according to a predetermined security policy, the method further includes: and deleting all key verification factors stored locally by the security keyboard.
Optionally, after the secure keyboard receives the key synchronization response returned by the smart card, the method further includes: and the smart card enters a sleep mode, wakes up once every preset wake-up period after entering the sleep mode, and broadcasts the current authentication factor of the smart card during the wake-up period.
Another aspect of the present invention provides a security keypad comprising: the card reading module is used for reading the user information in the intelligent card; the authentication module is used for verifying the user information; the communication module is used for requesting Bluetooth pairing information from the smart card after the authentication module passes the authentication, receiving the Bluetooth pairing information transmitted by the smart card and establishing Bluetooth connection with the smart card by utilizing the Bluetooth pairing information; the negotiation module is used for negotiating a key synchronous rolling mode with the intelligent card through the Bluetooth connection by utilizing the communication module, negotiating to generate an initial key, taking the initial key as a current key verification factor of the safety keyboard, and triggering the monitoring module to work; the monitoring module is used for monitoring whether a rolling period and a scanning period are reached, and triggering the factor checking rolling module to work under the condition that the rolling period is monitored; triggering a scanning detection module to work under the condition that the scanning period is reached, wherein the rolling period is a first preset time length from the current key checking factor to the next key checking factor interval, and the scanning period is a second preset time length between two times of scanning; the verification factor rolling module is used for acquiring the next key verification factor of the current key verification factor of the security keyboard according to a key synchronous rolling mode negotiated with the smart card under the condition that the monitoring module monitors that the rolling period is reached, taking the next key verification factor as the current key verification factor, and triggering the monitoring module; the scanning detection module is used for scanning the authentication factors broadcast by the smart card and triggering the authentication module under the condition that the authentication factors broadcast by the smart card are scanned; the authentication module is further used for comparing the current key verification factor with the authentication factor, and triggering the monitoring module if the current key verification factor is consistent with the authentication factor; if the key verification factors are inconsistent, acquiring the key verification factors from the lower 1 to m of the current key verification factors of the security keyboard and the key verification factors from the upper 1 to n of the current key verification factors of the security keyboard in a key synchronous rolling mode negotiated with the smart card, wherein m and n are positive integers larger than 1; comparing the lower 1 to m key check factors and the upper 1 to n key check factors of the current key check factors of the safety keyboard with the authentication factors respectively, and if the key check factors are consistent, taking the key check factors consistent with the authentication factors as the current key check factors of the safety keyboard and triggering the monitoring module; if the conditions are not consistent, triggering a safety control module; the safety control module is used for executing corresponding safety control operation according to a preset safety strategy.
Optionally, the scan detection module is further configured to detect, in a preset monitoring threshold, whether the authentication factor broadcasted by the smart card is scanned or not under the condition that the authentication factor broadcasted by the smart card is not scanned, and if so, trigger the authentication module; if not, detecting whether the authentication factor broadcasted by the smart card is scanned or not in a preset time interval; if scanning is performed, triggering the authentication module; and if the scanning is not performed, triggering the safety control module.
Optionally, the security keyboard further includes: a face verification module; the monitoring module is further used for monitoring whether a preset key event occurs or not, and triggering the face verification module when the preset key event occurs; wherein the predetermined key event comprises at least one of: the security keyboard negotiates with the smart card that the initial key is completed, the security keyboard receives an encryption input instruction, and the security keyboard recognizes that password input is received; the face verification module is used for starting the camera device to collect face image information of a user and carrying out face recognition authentication on the face image information.
Optionally, the safety control module performs the corresponding safety control operation according to a predetermined safety policy at least by: triggering the communication module to send a dormancy instruction to the intelligent card; and the communication module is also used for sending the dormancy instruction to the intelligent card.
Optionally, the security keyboard further includes: and the emptying module is used for deleting all key verification factors stored by the safety keyboard after the safety control module executes the safety control operation.
In another aspect, the present invention provides an office system, including: a smart card and a secure keyboard as described above, wherein:
the smart card is used for outputting user information to the secure keyboard, sending Bluetooth pairing information to the secure keyboard after receiving a request of the Bluetooth pairing information sent by the secure keyboard, establishing Bluetooth connection with the secure keyboard by utilizing the Bluetooth pairing information, negotiating a key synchronous rolling mode with the secure keyboard through the Bluetooth connection, negotiating to generate an initial key, and taking the initial key as a current authentication factor of the smart card; the method is also used for broadcasting the current authentication factor of the smart card; and the method is also used for monitoring whether the rolling period is reached, and under the condition of monitoring the rolling period, acquiring the next authentication factor of the current authentication factor of the smart card according to a key synchronous rolling mode negotiated with the secure keyboard, and taking the next authentication factor as the current authentication factor of the smart card.
Optionally, the smart card is further configured to enter a sleep state when receiving a sleep instruction sent by the secure keyboard.
Optionally, the smart card is further configured to enter a sleep mode after returning a synchronization response to the secure keyboard, wake up once every predetermined wake-up period after entering the sleep mode, and broadcast a current second authentication factor of the smart card during the wake-up period.
According to the technical scheme provided by the invention, the office security control method, the security keyboard and the office system are provided, the security keyboard can authenticate the smart card in real time, and once authentication fails, security control operation is executed, so that the smart card of an employee is always the same smart card user after communication is established between the smart card and the security keyboard, and a legal smart card user logs in to use the security keyboard, business confidentiality of the employee is protected, and information leakage caused by corresponding operation executed by irrelevant personnel on the security keyboard is avoided. During authentication, the step-out caused by packet loss or clock offset can be avoided, the safety keyboard can correct the error by itself, and the safety keyboard and the authentication factor of the intelligent card side are ensured to keep synchronous after the step-out.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of an office system according to an embodiment of the present invention;
fig. 2 is a flowchart of an office security control method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a security keyboard according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to fall within the scope of the invention.
In the description of the present invention, it should be understood that the terms "center", "longitudinal", "lateral", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", etc. indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, are merely for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or position.
In the description of the present invention, it should be noted that, unless explicitly specified and limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be either fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
The embodiment of the invention is based on an office system comprising a security keyboard 10 and a smart card 20 as shown in fig. 1. The secure keyboard 10 may be a shared secure keyboard in a company, and the secure keyboard not only has the functions of an existing keyboard, but also has a main control chip, a card reading device, a camera, and the like, wherein the main control chip is a microprocessor of the secure keyboard, controls the secure keyboard to execute corresponding operations, and can perform key operation. The smart card 20 is a card individually assigned to each employee of the company and bound to that employee. Each employee has a unique user ID, the user ID of the employee is stored in the smart card, and the employee can be identified to determine the user identity of the employee. The secure keypad is used on behalf of the employee during the process of the smart card establishing short-range wireless communication, authentication, and login with the secure keypad.
In the present invention, before bluetooth connection is established between the secure keyboard 10 and the smart card 20, user information stored in the smart card 20 may be read by swiping a card, scanning a code, etc., wherein the user information may be a user name, a password, etc., then the secure keyboard 10 performs identity verification on the read user information, after the verification is passed, bluetooth pairing information may be exchanged between the secure keyboard 10 and the smart card 20, and bluetooth connection is established using the bluetooth pairing information. After the bluetooth connection is established, the secure keyboard 10 negotiates a key synchronous scrolling mode with the smart card 20, and negotiates to generate an initial key, the secure keyboard 10 takes the initial key as its current key verification factor, and the smart card 20 takes the initial key as its current authentication factor. Then, based on the same rolling period, when the security keyboard 10 and the smart card 20 monitor the rolling period, according to the negotiated key synchronous rolling mode, the security keyboard 10 obtains the next key verification factor of the current key verification factor, takes the next key verification factor as the current key verification factor, and the smart card 20 obtains the next authentication factor of the current authentication factor and takes the next authentication factor as the current authentication factor. When the security keyboard 10 monitors that the scanning period is reached, the current key check factor or the specific key check factors before and after the current key check factor are compared with the current authentication factor broadcasted by the scanned smart card 20, if the current key check factor is consistent with the current authentication factor, the authentication is passed, otherwise, the authentication is failed, and the security keyboard executes corresponding security control operation according to a preset security policy. Therefore, based on the periodically scanning authentication factor broadcasted by the smart card, the security keyboard can authenticate the smart card in real time, and once authentication cannot pass, corresponding security control operation is executed according to a preset security policy, so that the smart card of an employee is always the smart card of the same employee after communication is established between the smart card and the security keyboard, and a legal user logs in the security keyboard, the business confidentiality of the employee is prevented from being revealed, and irrelevant personnel are prevented from executing corresponding operation on the security keyboard.
Example 1
The embodiment provides an office security control method. The office security control method can be applied to an office system as shown in fig. 1. As shown in fig. 2, the office security control method specifically includes the following steps S101 to S111:
s101, a security keyboard reads user information in an intelligent card and verifies the user information, and after verification is passed, the security keyboard requests Bluetooth pairing information from the intelligent card;
in this embodiment, before bluetooth connection is established between the secure keyboard and the smart card, user information stored in the smart card may be read by swiping a card, scanning a code, or the like, where the user information may be a user name, a password, or the like, and the secure keyboard locally verifies the user name and the password, or uploads the user information to the server to verify the user name and the password, after the user information passes the verification, bluetooth pairing information may be exchanged between the secure keyboard and the smart card, and bluetooth connection is established by using the bluetooth pairing information.
S102, the security keyboard receives Bluetooth pairing information transmitted by the smart card;
s103, the security keyboard establishes Bluetooth connection with the smart card by utilizing Bluetooth pairing information;
in practical application, for example, the staff can place the smart card in the card reading area of the safety keyboard, the smart card establishes NFC connection with the safety keyboard, bluetooth pairing information is transmitted through NFC connection, after bluetooth connection is established, the staff can take the smart card out of the card reading area of the safety keyboard, and the user experience is improved by logging in the safety keyboard without placing the smart card in the card reading area of the safety keyboard all the time. Through NFC connection transmission bluetooth pairing information, can find the equipment of waiting to connect fast, improve bluetooth connection's speed, avoid bluetooth broadcasting respective information in traditional bluetooth connection, search the problem that the opposite side paired and lead to slow, further avoid appearing waiting to connect equipment and other bluetooth equipment to be connected and can't be connected with this equipment's problem.
In order to ensure the data transmission security between the security keyboard and the smart card, as an optional implementation manner of the embodiment of the present invention, after the bluetooth connection is established between the security keyboard and the smart card, the office security control method provided in this embodiment further includes: the secure keyboard and the smart card authenticate each other. The authentication method may include, but is not limited to, a method of verifying a digital certificate of the counterpart, verifying a digital signature sent by the counterpart, verifying a device identifier of a device of the counterpart, and the like, and the verification method may be an existing verification method, which is not described herein. By verifying the digital certificate of the opposite party, verifying the digital signature sent by the opposite party and verifying the equipment identification of the opposite party equipment, the legitimacy of the opposite party equipment can be ensured, and further, the information of staff can not be revealed.
S104, negotiating a key synchronous rolling mode with the smart card by the secure keyboard through Bluetooth connection, negotiating to generate an initial key, and taking the initial key as a current key verification factor of the secure keyboard;
after the Bluetooth connection is established between the security keyboard and the smart card, the security keyboard negotiates an initial key with the smart card, the security keyboard takes the initial key as a current key verification factor of the security keyboard, and the smart card takes the initial key as a current authentication factor of the smart card. For example, when the secure keyboard and the smart card negotiate an initial key, the secure keyboard and the smart card may first establish a secure channel, and then the secure keyboard and the smart card negotiate and generate the initial key. The key verification factor may include, but is not limited to, a symmetric key, a MAC value, a random number, etc.
Then, based on the initial keys, the security keyboard and the smart card roll the key check factor and the authentication factor according to the negotiated key synchronous rolling mode when the monitoring reaches the rolling period. Wherein, as an optional implementation manner, the key synchronous scrolling mode comprises: the next factor (the key verification factor of the security keyboard and the authentication factor of the smart card) is acquired in a pre-generated factor pool (the key verification factor pool of the security keyboard and the authentication factor pool of the smart card), or the current factor (the current key verification factor of the security keyboard and the current authentication factor of the smart card) is acquired in real time according to a preset acquisition strategy. In this step, the security keyboard and the smart card negotiate in advance a key synchronous scrolling mode that is commonly used, and a jump strategy for jumping to the next factor in the factor pool and an acquisition strategy for acquiring the current factor in real time, and the specific embodiment will be described in step S106 below, which is not described herein.
S105, monitoring whether a rolling period and a scanning period are reached by the safety keyboard, executing step S106 when the rolling period is reached, and executing step S107 when the scanning period is reached;
The rolling period is a first preset time period from the current key checking factor to the next key checking factor interval. And when the monitoring reaches the first preset duration, obtaining the current key verification factor of the security keyboard according to the negotiated key synchronous scrolling mode, restarting timing, continuously monitoring whether the monitoring reaches the first preset duration, and periodically monitoring to realize the periodic scrolling generation of the key verification factor. The rolling period of the security keyboard is set to be the same as the rolling period of the smart card, so that the security keyboard and the smart card can roll to the next authentication factor at the same interval, namely, the two parties can synchronously generate the respective key verification factor and authentication factor. In practical application, the security keyboard may set a reset timer for monitoring the rolling period, where the timing period is a first preset duration, and reset and re-time after the timing is up, so as to perform periodic timing, and of course, a local counter, a clock chip, etc. may also be used, where the reset timer in this embodiment is only used as a way of implementing the rolling period, and the invention is not limited.
The scanning period is a second preset duration of the interval between two scans. And triggering to scan the authentication factor broadcasted by the smart card when the timing is monitored to reach the second preset time length, restarting the timing, continuously monitoring whether the timing reaches the second preset time length, and periodically monitoring to realize the periodic scanning of the authentication factor broadcasted by the smart card. When in practical application, the safety keyboard can set a reset timer for monitoring the scanning period, the timing period is a second preset duration, and after the timing is up, the safety keyboard resets and reckons to perform periodic timing.
S106, the secure keyboard acquires the next key verification factor of the current key verification factor of the secure keyboard according to a key synchronous rolling mode negotiated with the smart card, takes the next key verification factor as the current key verification factor, and returns to the step S105;
the key synchronous scrolling mode negotiated with the smart card comprises the following steps: the key check factor jump strategy is carried out in a key check factor pool, wherein the key check factor pool comprises a plurality of key check factors generated by a security keyboard according to a key generation algorithm negotiated with a smart card; according to the key synchronous rolling mode negotiated with the smart card, obtaining the next key verification factor of the current key verification factor of the security keyboard comprises the following steps: the security keyboard selects the next key verification factor of the current key verification factor of the security keyboard from the key verification factor pool according to the key verification factor jump strategy; or,
according to the key synchronous rolling mode negotiated with the smart card, obtaining the next key verification factor of the current key verification factor of the security keyboard comprises the following steps: the security keyboard obtains the next key verification factor of the current key verification factor of the security keyboard according to the key verification factor obtaining strategy negotiated with the smart card based on the current key verification factor of the security keyboard.
As an optional implementation manner of this embodiment, the secure keyboard obtains a next key verification factor of a current key verification factor of the secure keyboard according to a key synchronous scrolling manner negotiated with the smart card, including one of the following manners:
(1) The key synchronous scrolling mode negotiated with the smart card comprises the following steps: the key check factor jump strategy is carried out in a key check factor pool, wherein the key check factor pool comprises a plurality of key check factors generated by a security keyboard according to a key generation algorithm negotiated with a smart card;
in this manner, according to a key synchronous scrolling manner negotiated with the smart card, a next key verification factor of a current key verification factor of the secure keyboard is obtained, including: the security keyboard selects the next key verification factor of the current key verification factor of the security keyboard from the key verification factor pool according to the key verification factor jump strategy;
(2) The key synchronous scrolling mode negotiated with the smart card comprises the following steps: acquiring in real time according to a key verification factor acquisition strategy negotiated with the smart card;
in this manner, according to a key synchronous scrolling manner negotiated with the smart card, a next key verification factor of a current key verification factor of the secure keyboard is obtained, including: the security keyboard obtains the next key verification factor of the current key verification factor of the security keyboard according to the key verification factor obtaining strategy negotiated with the smart card based on the current key verification factor of the security keyboard.
For the mode (1), the secure keyboard and the smart card generate respective key verification factor pools and authentication factor pools in advance before the key synchronously rolls, wherein each key verification factor pool comprises a plurality of key verification factors generated by the secure keyboard according to a preset key generation algorithm, each authentication factor pool comprises a plurality of authentication factors generated by the smart card according to the preset key generation algorithm, and the key verification factors and the authentication factors can be, but are not limited to, symmetric keys, MAC values, random numbers and the like. The parties may perform factor hopping in their respective factor pools according to a pre-negotiated policy. For example, the secure keyboard and the smart card generate respective factor pools when establishing the communication connection to negotiate an initial key, and a plurality of key verification factors in the key verification factor pool of the secure keyboard and a plurality of authentication factors in the authentication factor pool of the smart card are sequentially arranged and sequentially correspond to each other. The two parties can select the next factor in sequence every time the monitoring reaches the rolling period, or can select the next factor according to a pre-negotiated strategy (for example, the next factor for obtaining the current authentication factor is selected by one factor), so the invention is not limited as long as the factor rolling synchronization of the two parties can be ensured. Thus, both the secure keyboard and the smart card scroll synchronously to the next factor when the monitoring reaches the scroll cycle. The acquisition mode can enable the security keyboard to generate a plurality of key check factors in advance for the rolling of the authentication factors, so that the problem that errors are easy to occur when one key check factor is generated once due to clock errors is avoided, and further the problem that authentication fails due to the clock errors is avoided.
For mode (2), the secure keyboard and smart card acquire the next factor in real time. Optionally, the key verification factor obtained by the secure keyboard in real time may be a key adopting a preset key generation algorithm for at least one of the current time of the local clock, the current count value of the local counter, and the random number. In the embodiment, the next factor is generated in real time by the security keyboard and the smart card, so that an attacker can be prevented from forging the next factor in advance and then maliciously logging in the security keyboard, and the security of the security keyboard is protected.
S107, the security keyboard scans the authentication factors broadcasted by the smart card, and under the condition that the authentication factors broadcasted by the smart card are scanned, the step S108 is executed;
under the condition that the security keyboard monitors the arrival of the scanning period, the authentication factor broadcasted by the smart card is scanned in the signal coverage range of the security keyboard. Of course, the safety keyboard can also be scanned continuously, but in order to save the electric energy of the safety keyboard, the embodiment adopts a periodic scanning mode.
In this embodiment, after the smart card negotiates an initial authentication factor with the secure keyboard, the smart card periodically scrolls in synchronization with the secure keyboard to generate an authentication factor on the smart card side, and continuously or periodically broadcasts the current authentication factor generated by the scrolling. As an optional implementation manner in this embodiment, after the secure keyboard negotiates with the smart card to generate the initial key, and the initial key is used as the current key verification factor of the secure keyboard, the method provided in this embodiment further includes: the smart card enters a sleep mode, wakes up once every preset wake-up period after entering the sleep mode, and broadcasts the current authentication factor of the smart card during the wake-up period. Therefore, the electric quantity of the intelligent card can be saved, and the service time is prolonged. Wherein during sleep, the smart card keeps scrolling in synchronization with the secure keyboard to generate the authentication factor. Of course, the smart card can also not enter the sleep mode and continuously or periodically broadcast the current authentication factor all the time, so that the security keyboard does not need to wait or wake up the smart card to restore the working state, and can timely scan the authentication factor of the smart card and timely complete real-time authentication.
It should be noted that, no matter the smart card automatically enters the sleep state or is temporarily disconnected from the secure keyboard, as long as the user does not leave the secure keyboard completely, i.e. the smart card cannot receive the scan instruction of the secure keyboard within the preset time, or as long as the smart card does not receive the instruction of clearing the authentication factor sent by the secure keyboard, the disconnection instruction, the sleep instruction or the other instruction for indicating that the smart card cannot use the secure keyboard any more, the smart card continues to perform the rolling of the authentication factor synchronously with the secure keyboard according to the previous rolling mode of the authentication factor, so that the employee carries the smart card to use the secure keyboard after leaving briefly and returning or wake up from the sleep state period and then use the secure keyboard again, the smart card can keep the rolling synchronization with the key verification factor on the secure keyboard side, and the secure keyboard can continue to compare the current key verification factor with the authentication factor broadcasted by the smart card in real time.
S108, the security keyboard compares the current key verification factor with the authentication factor, if the current key verification factor is consistent with the authentication factor, the security keyboard returns to the step S105, and if the current key verification factor is inconsistent with the authentication factor, the step S109 is executed;
s109, acquiring the lower 1 to m key check factors of the current key check factors of the security keyboard and the upper 1 to n key check factors of the current key check factors of the security keyboard according to a key synchronous rolling mode negotiated with the smart card, wherein m and n are positive integers larger than 1;
S110, comparing the lower 1 to m key check factors and the upper 1 to n key check factors of the current key check factors of the security keyboard with the authentication factors respectively, if the key check factors are consistent, taking the key check factors consistent with the authentication factors as the current key check factors of the security keyboard, and returning to the step S105; if there is no match, then step S111 is performed, wherein M, N is a positive integer;
in this embodiment, in order to avoid out-of-step (i.e. inconsistent comparison and authentication failure) caused by packet loss or clock skew, the security keyboard adds redundancy comparison and self-error correction modes. That is, under the condition that the current key verification factor of the security keyboard is inconsistent with the authentication factor, the method is expanded to compare a specific number of key verification factors before and after the current key verification factor of the security keyboard with the current authentication factor broadcasted by the scanned smart card, and if the key verification factors are consistent with the current authentication factor, the authentication can be passed. This indicates that there is a loss of synchronization caused by packet loss or clock skew, but since a certain key check factor before and after the current key check factor of the secure keyboard can be matched, the secure keyboard can correct the current key check factor by itself, i.e., the key check factor consistent with the authentication factor is used as the current key check factor of the secure keyboard, and returns to step S105. Under the condition that the security keyboard monitors the rolling period, the next key check factor of the current key check factor of the security keyboard is obtained according to a key synchronous rolling mode negotiated with the smart card, and the next key check factor is used as the current key check factor, so that after the step out caused by packet loss or clock offset occurs, the security keyboard can still pass through the authentication of the smart card, and the user can continue to use the security keyboard without re-executing operations such as connection synchronization with the smart card. Meanwhile, the method can correct errors by itself, so that the smart card can roll to the same authentication factor when the next rolling period comes, namely, the step-out is guaranteed, and the smart card is re-synchronized with the authentication factor on the side of the smart card. The comparison in step S108 is consistent or the comparison in step S110 is consistent, which indicates that the currently used user of the security keyboard is consistent with the currently bound security keyboard, and the user does not leave the security keyboard, so that the process returns to step S105 to continuously monitor whether the scrolling period and the scanning period are reached.
For example, assume that the secure keyboard is currently key verification factor S k M is 2, n is 1, and the current key verification factor S k From 1 to m below and from 1 to n above). S is S k-1 、S k+1 And S is k+2 . In the case of normal authentication factor rolling synchronization, the authentication factor sent by the smart card scanned by the security keyboard after monitoring the rolling period is also S k . But if the security keyboard scans the authentication factor L of the smart card broadcast k With the current key verification factor S k Inconsistencies, indicating that packet loss (or clock asynchronization) occurred, require error correction. Will S k-1 、S k+1 And S is k+2 Respectively with authentication factor L k And (5) performing comparison, and if the comparison is consistent, passing the authentication. For example, S k+1 And L is equal to k The comparison is consistent, and the security keyboard corrects the current key verification factor into S k+1 . Then, upon the arrival of the next scrolling period, the secure keyboard acquires S k+1 Is the next key verification factor S k+2 At this time, the current authentication factor of the smart card side should also be scrolled to L k+2 Therefore, the purpose of re-synchronizing the security keyboard with the authentication factor of the smart card side after the security keyboard is out of step is achieved.
As an optional implementation manner in this embodiment, according to a key synchronous scrolling manner negotiated with the smart card, obtaining the next 1 to m key check factors of the current key check factors of the secure keyboard and the last 1 to n key check factors of the current key check factors of the secure keyboard may include: the security keyboard selects the lower m and/or the upper n key verification factors of the current key verification factors of the security keyboard from the key verification factor pool according to the key verification factor jump strategy; or the security keyboard acquires the lower m and/or the upper n key verification factors of the current key verification factor of the security keyboard according to the key verification factor acquisition strategy negotiated with the smart card based on the current key verification factor of the security keyboard. Specifically, the next m and/or the last n key verification factors of the current key verification factor are obtained in a similar manner to the next key verification factor of the current key verification factor. In particular, reference may be made to the description of the next key verification factor for obtaining the current key verification factor of the security keypad in step S106. And will not be described in detail herein.
S111, the safety keyboard executes corresponding safety control operation according to a preset safety strategy.
The safety control operation may include: a first safety control operation and a second safety control operation. The two security control operations have different levels, for example, the first security control operation can be used as high-level control, and when authentication is not passed or a user leaves the security keyboard for a long time, the first security control operation is executed by adopting a first strategy, so that the smart card can not be connected and used with the security keyboard any more; the second security control can be used as low-level control, and when the user temporarily leaves, in order to prevent information leakage and facilitate the user to return and then use, the second security control operation is executed by adopting a second strategy, so that the security keyboard can not be used temporarily, and the problem that the security keyboard is illegally used by other people after the employee temporarily leaves can be avoided.
As an alternative implementation in this embodiment, the first safety control operation may include, but is not limited to, one of: the security keyboard sends a dormancy instruction to the smart card, sends a disconnection instruction to the smart card, and is disconnected with the smart card, and the security keyboard is powered off. For example, after authentication of the security keyboard to the smart card fails, the security keyboard sends an instruction for forcing the smart card to sleep to the smart card, and the smart card enters a sleep state after receiving the sleep instruction, so that the smart card cannot normally log in to use the security keyboard, thereby avoiding the risk of leakage of information stored on the security keyboard, preventing illegal users or non-identical smart cards from using the security keyboard, and protecting privacy security of staff.
As an alternative implementation in this embodiment, the second safety control operation may include, but is not limited to, one of: the invention is not limited by the way of locking the screen of the security keyboard, notifying the PC connected with the security keyboard of the screen, entering the sleep state of the security keyboard, alarming the security keyboard, and the like, as long as the smart card can not use the security keyboard any more. Therefore, the problem that the safety keyboard is illegally used by other people after the staff leaves for a short time can be avoided, and the staff can conveniently and quickly recover the safety keyboard to be in a usable state after the staff leaves for a short time and returns.
In order to save the storage space, under the condition that the smart card is not used any more, the security keyboard deletes all key verification factors stored locally, and provides more sufficient space for the synchronous rolling authentication factors after the next smart card is connected with the key verification factors. As an optional implementation manner in this embodiment, after the security keyboard performs the corresponding security control operation according to the predetermined security policy, the method provided in this embodiment further includes: the secure keyboard deletes all key verification factors stored locally. After the safety keyboard executes corresponding safety control operation according to a preset safety strategy, the safety keyboard is not logged in for the smart card, so that the local storage space can be saved, and more sufficient space is provided for the synchronous rolling authentication factor after the next smart card is connected with the smart card. In addition, the security keyboard can also send an instruction for clearing the authentication factors to the smart card, and after receiving the instruction, the smart card deletes all the authentication factors stored locally so as to save the space of the smart card, facilitate the request of logging the next security keyboard, and can synchronously roll the authentication factors after being connected with the security keyboard to provide more sufficient space.
By the device authentication method provided by the embodiment, the security keyboard can authenticate the smart card in real time, and once authentication cannot pass, security control operation is executed, so that the smart card of an employee is always the same smart card after communication is established with the security keyboard, and the legal smart card is logged in to use the security keyboard, the business confidentiality of the employee is protected, and information leakage caused by the fact that irrelevant personnel execute corresponding operation on the security keyboard is avoided. During authentication, the step-out caused by packet loss or clock offset can be avoided, the safety keyboard can correct the error by itself, and the safety keyboard and the authentication factor of the intelligent card side are ensured to keep synchronous after the step-out.
In this embodiment, if the user needs to leave the secure keyboard with his smart card for a short period of time, in order to ensure that the user can continue to use the secure keyboard normally after returning, as an optional implementation manner in this embodiment, under the condition that the authentication factor sent by the smart card is not scanned, the method provided in this embodiment further includes: the security keyboard detects whether the authentication factor broadcasted by the smart card is scanned in a preset monitoring threshold, and if so, step S108 is executed; if not, detecting whether the authentication factor broadcasted by the smart card is scanned or not in a preset time interval; if so, executing step S108; if not, step S111 is performed.
In this embodiment, in the case that the authentication factor broadcasted by the smart card is not scanned in step S105, the scanning event still occurs, and the security keyboard performs the operation of scanning the authentication factor broadcasted by the smart card by the device every time the preset scanning period is reached. The preset monitoring threshold + preset time interval may be understood as a time of a reasonable disconnection set for a short departure of the user, if the security keypad does not scan the authentication factor broadcasted by the smart card at the preset monitoring threshold, it may be understood that the employee only temporarily leaves the security keypad, the security keypad may perform a second full control operation according to a second security policy, such as a security keypad lock screen, dormancy, etc., while in order to wait for the employee to return, the scrolling of the authentication factor is continuously maintained for the preset time interval, and whether the authentication factor broadcasted by the smart card is scanned or not is detected for the preset time interval, and if the authentication factor broadcasted by the smart card is not scanned yet, it is considered that the user has left the security keypad, the security keypad may perform a first security control operation according to the first security policy, such as disconnecting from the smart card, deleting link-related information of the smart card, and powering off the security keypad, etc.
In practical applications, the employee may leave temporarily during the use of the office system, for example, a preset monitoring threshold is set to 1 minute, and if the employee leaves for 1 minute without returning, the security keyboard detects that the authentication factor broadcasted by the smart card is not scanned within the preset monitoring threshold, so that the smart card may perform a second security control operation, for example, screen locking, etc., in order to ensure the security of the office system. For example, the preset time interval is set to 5 minutes, and if the employee leaves for 5 minutes and does not return, the security keypad detects that the authentication factor broadcasted by the smart card is not scanned within the preset time interval, and in order to ensure the security of the office system, the smart card may perform a first security control operation, such as shutdown, etc. In this embodiment, the second security control operation is different from the first security control operation, and thus, different security control policies may be set according to different times of departure of the user, and multi-stage security control is performed, so as to provide convenience for the user while ensuring security.
As an optional implementation manner in this embodiment, if the smart card does not receive the scan command sent by the security keyboard within the preset time (which indicates that the user leaves the security keyboard completely and does not use the security keyboard for a period of time), deleting all the locally stored authentication factors is performed, so as to save space of the smart card, facilitate requesting to log on the next security keyboard, and provide more sufficient space for synchronously scrolling the authentication factors after connecting with the smart card. If it is necessary to connect with the security keypad again, steps S101 to S111 are re-executed.
As an alternative implementation of this embodiment, step S105 further includes: the security keypad monitors whether a predetermined key event occurs, and if so, performs step S112 (not shown in fig. 1); step S112, the safety keyboard starts the camera device to collect the face image information of the user, and performs face recognition authentication on the face image information; wherein the predetermined critical event comprises at least one of: the secure keyboard negotiates with the smart card that the initial key is complete, the secure keyboard receives an encryption input instruction, and the secure keyboard recognizes that a password input is received. If the authentication is passed, returning to the step S105 to continuously monitor whether a preset key event occurs; if the authentication is not passed, step S111 is performed. For example, when it is necessary to encrypt the information input by the user on the keyboard, the user may issue an encryption input instruction to the keyboard, and after the keyboard receives the encryption input instruction input by the user, the information input by the user on the keyboard is encrypted, and step S112 is performed. For another example, when the user inputs a PIN code on the keyboard, the keyboard recognizes that a password is input when the PIN code is received, and step S112 may be executed. The embodiment can support the start of face recognition assistance when the smart card executes key actions (such as encrypting information input by a user on a keyboard or inputting a PIN code, and the like), and execute security control operation when the acquired operator does not accord with a login person, so that the operator and a smart card user logging in the security keyboard are ensured to be the same person, and further data security is protected from malicious theft in some key events.
Fig. 1 shows an office system provided by an embodiment of the present invention, and fig. 3 shows a security keyboard provided by an embodiment of the present invention. The office system and the security keyboard both adopt the device authentication method, and only the structures of the office system and the security keyboard are briefly described below, and other less matters are referred to for the description of the device authentication method. Referring to fig. 1, an office system provided in an embodiment of the present invention includes: a secure keyboard 10 and a smart card 20; wherein:
the secure keyboard 10 is configured to read user information in the smart card 20, verify the user information, and request bluetooth pairing information from the smart card 20 after the user information passes the verification; receiving bluetooth pairing information transmitted by the smart card 20; establishing Bluetooth connection with the smart card 20 by utilizing Bluetooth pairing information, negotiating a key synchronous rolling mode with the smart card 20 through the Bluetooth connection, negotiating to generate an initial key, and taking the initial key as a current key verification factor of the security keyboard 10; the method is also used for monitoring whether a rolling period and a scanning period are reached, under the condition of monitoring the reaching of the rolling period, acquiring the next key check factor of the current key check factor of the security keyboard 10 according to a key synchronous rolling mode negotiated with the smart card, taking the next key check factor as the current key check factor, and continuously monitoring whether the rolling period is reached; under the condition that the scanning period is reached, scanning an authentication factor broadcasted by the smart card 20, under the condition that the authentication factor broadcasted by the smart card 20 is scanned, comparing the current key verification factor with the authentication factor, if the current key verification factor is consistent, continuing to monitor whether the rolling period and the scanning period are reached, if the current key verification factor is inconsistent, acquiring the next 1 to m key verification factors of the current key verification factors of the security keyboard 10 and the last 1 to n key verification factors of the current key verification factors of the security keyboard 10 according to a key synchronous rolling mode negotiated with the smart card, wherein m and n are positive integers larger than 1, comparing the next 1 to m key verification factors and the last 1 to n key verification factors of the current key verification factors of the security keyboard 10 with the authentication factor respectively, and if the current key verification factors of the security keyboard 10 are consistent, continuing to monitor whether the rolling period and the scanning period are reached; if the conditions are not consistent, corresponding safety control operation is executed according to a preset safety strategy.
The smart card 20 is configured to output user information to the secure keyboard 10, send bluetooth pairing information to the secure keyboard 10 after receiving a request for bluetooth pairing information sent by the secure keyboard 10, establish bluetooth connection with the secure keyboard 10 by using the bluetooth pairing information, negotiate a key synchronous scrolling mode with the secure keyboard 1 through the bluetooth connection, and negotiate to generate an initial key, where the initial key is used as a current authentication factor of the smart card 20; and also for broadcasting the current authentication factor of the smart card 20; and is further configured to monitor whether a rolling period is reached, and in case that the rolling period is monitored, acquire a next authentication factor of the current authentication factor of the smart card 20 according to a key synchronous rolling manner negotiated with the secure keyboard 10, and use the next authentication factor as the current authentication factor of the smart card 20.
As an optional implementation manner in this embodiment, the smart card 20 is further configured to enter a sleep state when receiving a sleep command sent by the secure keyboard.
As an optional implementation manner in this embodiment, the smart card 20 is further configured to enter the sleep mode after negotiating with the secure keyboard to generate the initial authentication factor, wake up once every predetermined wake-up period after entering the sleep mode, and broadcast the current authentication factor of the smart card during the wake-up period.
As an alternative implementation of this embodiment, the period of scrolling of the smart card 20 is the same as the duration of the period of scrolling of the secure keyboard 10.
Referring to fig. 3, the security keypad 10 includes: a card reading module 101, an authentication module 102, a communication module 103, a negotiation module 104, a monitoring module 105, a verification factor scrolling module 106, a scanning detection module 107, and a security control module 108; wherein:
a card reading module 101 for reading user information in the smart card 20;
an authentication module 102, configured to verify the user information;
a communication module 103, configured to request bluetooth pairing information from the smart card 20 after the authentication module verifies the smart card, receive the bluetooth pairing information transmitted by the smart card 20, and establish bluetooth connection with the smart card 20 using the bluetooth pairing information;
a negotiation module 104, configured to negotiate a key synchronous scrolling manner with the smart card 20 through the bluetooth connection by using the communication module 103, and negotiate to generate an initial key, and use the initial key as a current key verification factor of the security keyboard 10, to trigger the monitoring module 105 to work;
the monitoring module 105 is used for monitoring whether a rolling period and a scanning period are reached, and triggering the check factor rolling module to work 106 under the condition that the rolling period is monitored; triggering the scanning detection module 107 to work under the condition that a scanning period is reached, wherein the rolling period is a first preset time length from the current key checking factor to the next key checking factor interval, and the scanning period is a second preset time length between two scans;
The verification factor rolling module 106 is further configured to, when the monitoring module 105 monitors that the rolling period is reached, obtain a next key verification factor of a current key verification factor of the secure keyboard according to a key synchronous rolling manner negotiated with the smart card, take the next key verification factor as the current key verification factor, and trigger the monitoring module 105;
a scan detection module 107, configured to scan the authentication factor broadcasted by the smart card 20, and trigger the authentication module 102 if the authentication factor broadcasted by the smart card 20 is scanned;
the authentication module 102 is further configured to compare the current key verification factor with the authentication factor, and if the current key verification factor is consistent with the authentication factor, trigger the monitoring module 105; if the key verification factors are inconsistent, acquiring the key verification factors from the lower 1 to m of the current key verification factors of the security keyboard and the key verification factors from the upper 1 to n of the current key verification factors of the security keyboard in a key synchronous rolling mode negotiated with the smart card, wherein m and n are positive integers larger than 1; comparing the lower 1 to m key check factors and the upper 1 to n key check factors of the current key check factors of the safety keyboard with the authentication factors respectively, and if the key check factors are consistent, taking the key check factors consistent with the authentication factors as the current key check factors of the safety keyboard and triggering a monitoring module 105; if there is no match, triggering the security control module 108, wherein M, N is a positive integer;
The security control module 108 is configured to perform a corresponding security control operation according to a predetermined security policy.
As an optional implementation manner in this embodiment, the scan detection module 107 is further configured to detect, in a preset monitoring threshold, whether the authentication factor broadcasted by the smart card 20 is scanned without scanning the authentication factor broadcasted by the smart card 20, and if so, trigger the authentication module 102; if not, detecting whether the authentication factor broadcasted by the intelligent 20 card is scanned or not in a preset time interval; if scanned, triggering the authentication module 102; if not, the security control module 108 is triggered.
As an alternative implementation of this embodiment, the security keyboard 10 further includes: a face verification module 109;
the monitoring module 105 is further configured to monitor whether a predetermined key event occurs, and trigger the face verification module 109 when the predetermined key event is monitored; wherein the predetermined critical event comprises at least one of: the secure keyboard 10 negotiates with the smart card 20 that the initial key is complete, the secure keyboard 10 receives an encrypted input instruction, and the secure keyboard 10 recognizes that a password input is received;
The face verification module 109 is configured to start the camera device to collect face image information of a user, and perform face recognition authentication on the face image information.
As an alternative implementation of this embodiment, the security control module 108 performs the corresponding security control operation according to the predetermined security policy at least by: triggering the communication module 103 to send a sleep instruction to the smart card 20; the communication module 103 is further configured to send a sleep instruction to the smart card 20.
As an alternative implementation of this embodiment, the security keyboard 10 further includes: the emptying module 110 is configured to delete all key verification factors stored in the security keyboard after the security control module 108 performs the security control operation.
Through the office system and the safety keyboard provided by the embodiment, the safety keyboard can authenticate the smart card in real time, and once authentication cannot pass, safety control operation is executed, so that the smart card of an employee and the safety keyboard are always users of the same smart card after communication is established, legal smart card users log in to use the safety keyboard, the business confidentiality of the employee is protected, and the situation that irrelevant personnel execute corresponding operation on the safety keyboard to cause information leakage is avoided. During authentication, the step-out caused by packet loss or clock offset can be avoided, the safety keyboard can correct the error by itself, and the safety keyboard and the authentication factor of the intelligent card side are ensured to keep synchronous after the step-out.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and further implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
Those of ordinary skill in the art will appreciate that all or a portion of the steps carried out in the method of the above-described embodiments may be implemented by a program to instruct related hardware, where the program may be stored in a computer readable storage medium, and where the program, when executed, includes one or a combination of the steps of the method embodiments.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing module, or each unit may exist alone physically, or two or more units may be integrated in one module. The integrated modules may be implemented in hardware or in software functional modules. The integrated modules may also be stored in a computer readable storage medium if implemented in the form of software functional modules and sold or used as a stand-alone product.
The above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, or the like.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives, and variations may be made in the above embodiments by those skilled in the art without departing from the spirit and principles of the invention. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (15)
1. An office security control method, comprising:
step 1, a security keyboard reads user information in an intelligent card, verifies the user information, and requests Bluetooth pairing information from the intelligent card after verification;
step 2, the security keyboard receives the Bluetooth pairing information transmitted by the smart card;
step 3, the security keyboard establishes Bluetooth connection with the smart card by utilizing the Bluetooth pairing information;
step 4, the secure keyboard negotiates a key synchronous rolling mode with the smart card through the Bluetooth connection, negotiates to generate an initial key, and takes the initial key as a current key verification factor of the secure keyboard;
step 5, the security keyboard monitors whether a rolling period and a scanning period are reached, and if the rolling period is reached, step 6 is executed, and if the scanning period is reached, step 7 is executed, wherein the rolling period is a first preset duration from the current key checking factor to a next key checking factor interval, and the scanning period is a second preset duration of an interval between two scans;
Step 6, the security keyboard acquires the next key verification factor of the current key verification factor of the security keyboard according to a key synchronous rolling mode negotiated with the smart card, and the next key verification factor is used as the current key verification factor; and returning to the step 5;
step 7, the security keyboard scans the authentication factors broadcasted by the smart card, and step 8 is executed under the condition that the authentication factors broadcasted by the smart card are scanned;
step 8, comparing the current key verification factor with the authentication factor, returning to the step 5 if the current key verification factor is consistent with the authentication factor, and executing the step 9 if the current key verification factor is inconsistent with the authentication factor;
step 9, obtaining the next 1 to m key check factors of the current key check factors of the security keyboard and the last 1 to n key check factors of the current key check factors of the security keyboard according to a key synchronous rolling mode negotiated with the smart card, wherein m and n are positive integers larger than 1;
step 10, comparing the lower 1 to m key check factors and the upper 1 to n key check factors of the current key check factors of the security keyboard with the authentication factors respectively, if the key check factors are consistent, taking the key check factors consistent with the authentication factors as the current key check factors of the security keyboard, and returning to the step 5; if there is no coincidence, step 11 is performed;
And 11, executing corresponding safety control operation by the safety keyboard according to a preset safety strategy.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
the key synchronous scrolling mode negotiated with the smart card comprises the following steps: a strategy for carrying out key check factor jump in a key check factor pool, wherein the key check factor pool comprises a plurality of key check factors generated by the security keyboard according to a key generation algorithm negotiated with the smart card; the step of obtaining the next key verification factor of the current key verification factor of the security keyboard according to the key synchronous rolling mode negotiated with the smart card comprises the following steps: the security keyboard selects the next key verification factor of the current key verification factors of the security keyboard from the key verification factor pool according to the key verification factor jump strategy; or,
the step of obtaining the next key verification factor of the current key verification factor of the security keyboard according to the key synchronous rolling mode negotiated with the smart card comprises the following steps: the security keyboard obtains the next key verification factor of the current key verification factor of the security keyboard according to the key verification factor obtaining strategy negotiated with the smart card based on the current key verification factor of the security keyboard.
3. A method according to claim 1 or 2, characterized in that,
in the absence of scanning for an authentication factor sent by the smart card, the method further comprises:
the security keyboard detects whether the authentication factor broadcasted by the smart card is scanned in a preset monitoring threshold, and if so, the step 8 is executed; if not, detecting whether the authentication factor broadcasted by the smart card is scanned or not in a preset time interval; if so, executing the step 8; if not, step 11 is performed.
4. The method of claim 3, wherein the step of,
the step 5 further comprises: the safety keyboard monitors whether a preset key event occurs or not, and if so, the step 12 is executed;
step 12, the safety keyboard starts a camera device to collect face image information of a user, and performs face recognition authentication on the face image information; wherein the predetermined key event comprises at least one of: the secure keyboard negotiates with the smart card that the initial key is complete, the secure keyboard receives an encryption input instruction, and the secure keyboard recognizes that a password input is received.
5. The method according to any one of claims 1 to 4, wherein,
the safety keyboard executes corresponding safety control operation according to a preset safety strategy at least comprises the following steps: and the security keyboard sends a dormancy instruction to the intelligent card.
6. The method of claim 5, wherein the step of determining the position of the probe is performed,
after the security keypad performs a corresponding security control operation according to a predetermined security policy, the method further includes:
and deleting all key verification factors stored locally by the security keyboard.
7. The method of claim 6, wherein after the secure keyboard negotiates with the smart card to generate an initial key, the initial key is used as a current key verification factor for the secure keyboard, the method further comprises:
and the smart card enters a sleep mode, wakes up once every preset wake-up period after entering the sleep mode, and broadcasts the current authentication factor of the smart card during the wake-up period.
8. A secure keyboard, comprising:
the card reading module is used for reading the user information in the intelligent card;
the authentication module is used for verifying the user information;
The communication module is used for requesting Bluetooth pairing information from the smart card after the authentication module passes the authentication, receiving the Bluetooth pairing information transmitted by the smart card and establishing Bluetooth connection with the smart card by utilizing the Bluetooth pairing information;
the negotiation module is used for negotiating a key synchronous rolling mode with the intelligent card through the Bluetooth connection by utilizing the communication module, negotiating to generate an initial key, taking the initial key as a current key verification factor of the safety keyboard, and triggering the monitoring module to work;
the monitoring module is used for monitoring whether a rolling period and a scanning period are reached, and triggering the check factor rolling module to work under the condition that the rolling period is monitored; triggering a scanning detection module to work under the condition that the scanning period is reached, wherein the rolling period is a first preset time length from the current key checking factor to the next key checking factor interval, and the scanning period is a second preset time length between two times of scanning;
the verification factor rolling module is used for acquiring the next key verification factor of the current key verification factor of the security keyboard according to a key synchronous rolling mode negotiated with the smart card under the condition that the monitoring module monitors that the rolling period is reached, taking the next key verification factor as the current key verification factor, and triggering the monitoring module;
The scanning detection module is used for scanning the authentication factors broadcast by the smart card and triggering the authentication module under the condition that the authentication factors broadcast by the smart card are scanned;
the authentication module is further used for comparing the current key verification factor with the authentication factor, and triggering the monitoring module if the current key verification factor is consistent with the authentication factor; if the key verification factors are inconsistent, acquiring the key verification factors from the lower 1 to m of the current key verification factors of the security keyboard and the key verification factors from the upper 1 to n of the current key verification factors of the security keyboard in a key synchronous rolling mode negotiated with the smart card, wherein m and n are positive integers larger than 1; comparing the lower 1 to m key check factors and the upper 1 to n key check factors of the current key check factors of the safety keyboard with the authentication factors respectively, and if the key check factors are consistent, taking the key check factors consistent with the authentication factors as the current key check factors of the safety keyboard and triggering the monitoring module; if the conditions are not consistent, triggering a safety control module;
the safety control module is used for executing corresponding safety control operation according to a preset safety strategy.
9. The secure keyboard of claim 8, wherein the key comprises a key pad,
the scanning detection module is further used for detecting whether the authentication factor broadcasted by the smart card is scanned or not in a preset monitoring threshold under the condition that the authentication factor broadcasted by the smart card is not scanned, and triggering the authentication module if the authentication factor broadcasted by the smart card is scanned; if not, detecting whether the authentication factor broadcasted by the smart card is scanned or not in a preset time interval; if scanning is performed, triggering the authentication module; and if the scanning is not performed, triggering the safety control module.
10. The secure keyboard of claim 9, further comprising: a face verification module;
the monitoring module is further used for monitoring whether a preset key event occurs or not, and triggering the face verification module when the preset key event occurs; wherein the predetermined key event comprises at least one of: the security keyboard negotiates with the smart card that the initial key is completed, the security keyboard receives an encryption input instruction, and the security keyboard recognizes that password input is received;
the face verification module is used for starting the camera device to collect face image information of a user and carrying out face recognition authentication on the face image information.
11. The secure keyboard of any of claims 8-10,
the safety control module performs corresponding safety control operation according to a preset safety strategy at least by the following modes: triggering the communication module to send a dormancy instruction to the intelligent card;
and the communication module is also used for sending the dormancy instruction to the intelligent card.
12. The secure keyboard of claim 11, further comprising:
and the emptying module is used for deleting all key verification factors stored by the safety keyboard after the safety control module executes the safety control operation.
13. An office system, comprising: a smart card and a secure keyboard as claimed in any one of claims 7 to 11, wherein:
the smart card is used for outputting user information to the secure keyboard, sending Bluetooth pairing information to the secure keyboard after receiving a request of the Bluetooth pairing information sent by the secure keyboard, establishing Bluetooth connection with the secure keyboard by utilizing the Bluetooth pairing information, negotiating a key synchronous rolling mode with the secure keyboard through the Bluetooth connection, negotiating to generate an initial key, and taking the initial key as a current authentication factor of the smart card; the method is also used for broadcasting the current authentication factor of the smart card; and the method is also used for monitoring whether the rolling period is reached, and under the condition of monitoring the rolling period, acquiring the next authentication factor of the current authentication factor of the smart card according to a key synchronous rolling mode negotiated with the secure keyboard, and taking the next authentication factor as the current authentication factor of the smart card.
14. The office system of claim 13, wherein the plurality of modules are configured to communicate with each other,
the smart card is also used for entering a sleep state under the condition of receiving a sleep instruction sent by the security keyboard.
15. The office system of claim 13, wherein the plurality of modules are configured to communicate with each other,
the smart card is further configured to enter a sleep mode after returning a synchronization response to the secure keyboard, wake up once every predetermined wake-up period after entering the sleep mode, and broadcast a current second authentication factor of the smart card during the wake-up period.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910560955.5A CN112149099B (en) | 2019-06-26 | 2019-06-26 | Office safety control method, safety keyboard and office system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910560955.5A CN112149099B (en) | 2019-06-26 | 2019-06-26 | Office safety control method, safety keyboard and office system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112149099A CN112149099A (en) | 2020-12-29 |
| CN112149099B true CN112149099B (en) | 2024-02-13 |
Family
ID=73869847
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910560955.5A Active CN112149099B (en) | 2019-06-26 | 2019-06-26 | Office safety control method, safety keyboard and office system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112149099B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103888453A (en) * | 2014-03-12 | 2014-06-25 | 天地融科技股份有限公司 | Data processing method based on negotiation secret keys |
| CN107077788A (en) * | 2014-10-01 | 2017-08-18 | 大陆智能交通系统有限责任公司 | Exchanged and service system using the parcel of key card simulator |
| CN108322440A (en) * | 2017-12-28 | 2018-07-24 | 天地融科技股份有限公司 | It is a kind of to utilize safety equipment Card Reader login method and Security Login System |
| CN109493488A (en) * | 2018-11-23 | 2019-03-19 | 北京小米移动软件有限公司 | Smart card authentication method, smart lock, smart card, system and device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8245292B2 (en) * | 2005-11-16 | 2012-08-14 | Broadcom Corporation | Multi-factor authentication using a smartcard |
| US20120260324A1 (en) * | 2009-11-06 | 2012-10-11 | Emue Holdings Pty Ltd. | Method and a system for validating identifiers |
-
2019
- 2019-06-26 CN CN201910560955.5A patent/CN112149099B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103888453A (en) * | 2014-03-12 | 2014-06-25 | 天地融科技股份有限公司 | Data processing method based on negotiation secret keys |
| CN107077788A (en) * | 2014-10-01 | 2017-08-18 | 大陆智能交通系统有限责任公司 | Exchanged and service system using the parcel of key card simulator |
| CN108322440A (en) * | 2017-12-28 | 2018-07-24 | 天地融科技股份有限公司 | It is a kind of to utilize safety equipment Card Reader login method and Security Login System |
| CN109493488A (en) * | 2018-11-23 | 2019-03-19 | 北京小米移动软件有限公司 | Smart card authentication method, smart lock, smart card, system and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112149099A (en) | 2020-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220358802A1 (en) | Remote auditing of electronic keys | |
| JP4679205B2 (en) | Authentication system, apparatus, method, program, and communication terminal | |
| CN111835689B (en) | Identity authentication method of digital key, terminal device and medium | |
| CN106780901A (en) | A kind of intelligent door lock system and its application based on mobile phone MAC Address | |
| CN104751032A (en) | Authentication method and authentication device | |
| CN109920100B (en) | Unlocking method and system of intelligent lock | |
| CN104182670A (en) | Method for authenticating by virtue of wearable equipment and wearable equipment | |
| CN108322507B (en) | Method and system for executing security operation by using security device | |
| WO2017166775A1 (en) | Method of ensuring security, device and smart terminal | |
| TW200910894A (en) | Authentication system and method thereof for wireless networks | |
| CN110930574A (en) | Access control method and system and intelligent device | |
| US20120144194A1 (en) | Service providing client, wireless terminal and method for implementing binding | |
| CN105611036A (en) | Method, system and terminal for unlocking verification | |
| US10548015B2 (en) | Mobile device security lock | |
| CN112153642B (en) | Equipment authentication method in office environment, office equipment and system | |
| CN112668032B (en) | Method and system for encrypting and decrypting computer, server and mobile equipment | |
| CN112149099B (en) | Office safety control method, safety keyboard and office system | |
| CN112149083B (en) | Equipment authentication method, security keyboard and office system | |
| CN112149096B (en) | Office authentication method, security keyboard and office system | |
| JP6717068B2 (en) | Information processing terminal, information processing system, program, and control method | |
| CN112149098B (en) | Office system safety control method, device and system | |
| CN112152960B (en) | Office system safety control method, device and system | |
| CN106792687B (en) | Connection method and system of WIFI network of mobile terminal | |
| CN112152810B (en) | Safety control method, device and system | |
| CN109067798B (en) | Reverse interconnection authentication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |