CN1612148A - Data storage and application authentication method and IC card authentication hardware - Google Patents

Data storage and application authentication method and IC card authentication hardware Download PDF

Info

Publication number
CN1612148A
CN1612148A CN 200310103376 CN200310103376A CN1612148A CN 1612148 A CN1612148 A CN 1612148A CN 200310103376 CN200310103376 CN 200310103376 CN 200310103376 A CN200310103376 A CN 200310103376A CN 1612148 A CN1612148 A CN 1612148A
Authority
CN
China
Prior art keywords
card
authentication
hardware
user
servomechanism
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 200310103376
Other languages
Chinese (zh)
Inventor
林晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN 200310103376 priority Critical patent/CN1612148A/en
Publication of CN1612148A publication Critical patent/CN1612148A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention relates to a data storage application certifying method and IC card certifying hardware, arranging an ICCID and a GLN in an IC card, placing the IC card in an IC card reader and installing them on a flash memory compatible with computer USB interface, which acts as a certifying hardware; the certifying hardware assorted with the IC card and IC card reader can also act as a storage medium and cannot make the data only able to be stored in the fixed hard disc of single computer and can make a special coding/decoding action on the stored file, thus making it have data accessing secrecy, safety, flexibility and uniformity all the more, and can act as legal use resort and the hardware showing mode of the certifying hardware is like the application of general entrance guard key and the user mode of the certifying hardware is relatively able to be accepted by general user.

Description

Data storage application authentication method and IC-card authentication hardware
Technical field
The present invention relates to a kind of data storage application authentication method and IC-card authentication hardware, refer to that especially a kind of IC-card authentication hardware that utilizes is as the legal data storage application authorization flow process of logining media.
Background technology
This especially exemplified by present network on the migration intellectual property laws make the example at edge illustrate.The website of downloading singer's song MP3 at present on the network is a lot, and adopt P2P (Peer to Peer more, point-to-point transmission, technology application model a kind of) mode, automatically upload, download, share the MP3 archives for the online friend, with easy function of searching, the online friend can be searched easily and the archives of sharing each other; In general, this has set modality for co-operation with the disc dealer MP3 dealer of this class, mutual seeking balance point, provide the updated signal of all kinds of music to browse the gas of buying that hope drives the disc dealer whereby for the member by the MP3 dealer, but along with MP3 dealer's member is more and more many, quick-fried the increasing of MP3 archives that the online friend uploads, but become a people and upload all free downloads of all members of MP3 archives, the software platform that the MP3 dealer provides because of the member arrives suitable quantity emphasize that the intellectual property of this software platform belongs to this MP3 software dealer, and then collect software and use monthly fee, increase because of membership is quick-fried and to cause the income that MP3 software platform dealer is provided quick-fried the increasing that be directly proportional, review and have legal property right of an author, the disc dealer rights and interests of intellectual property are heavy losses but, cause remaining inactive over long periods of time of disc industry, and then had influence on creator's power and confidence.
Moreover, extend the password that member system is taked on the general up till now well-known web sites of discussion and be all the user certainly if be the password that system gives, but owing to be to carry out information information encipherment at the website servo driver end, in order to prevent leaking of communication network internet information, program and logic that research and design encipherment technology is arranged, wish to resist mutually with the hacker technically, yet on present situation, still can't accomplish to prevent completely.
And the inlet of website review member confidential data, it is member's login system, and present website members login mode, all only on webpage, directly login user's title and password, if the two conforms to, just can enter this website members function webpage, go to carry out the action that legal member can carry out with this login user's data, even can inquire some relevant confidential datas of user, and contact record; But with the coding techniques that today, general application website servomechanism (AP Server) was adopted, using the action of doing the password encoding and decoding on website servomechanism (AP Server) the end web page program separately, really be to guarantee not by hacker cracks, and today world-wide web boundless, for facility is used the demand that can both surf the Net that reaches whenever and wherever possible, make the user can utilize different computers or other equipment online easily in a lot of places, and its difficulty is arranged because present technology will be set the user authority and classifying system, for example utilize the unility computer online in library, or surf the Net in the Internet bar, owing to use the user of same machine numerous, if inadvertent, its user's title and password are retained in the words of forgetting deletion in the login screen, just backdoor programs that is easy to be usurped by next user or is utilized some simple and easy operating systems by the hacker etc. is brought and is cracked and usurp its confidential data, carry out illegal transaction, so that user's loss.
Existing cyberspace vulnerability is numerous, wherein especially with: " hacker cracks user cipher in Dictionary Attack mode, the fake user identity " the most general, generally as you know, mode with input user proof of identification ID and password logs on computer system, is the simplest but also is least safe mode really.
Its reason is as follows:
1, common people select the foundation of password, are based on convenient memory, and the few can select a string any arrangement and be mingled with English alphabet and the password of numeral.Famous cryptography great master Daniel Klein claims that with general dictionary attack method (Dictionary Attack), the password on 40% computer can be cracked easily.Be studded with at present manyly on the network, the instrument of inside and outside hacker attacks of enterprise is provided by the designed password cracking software of student, system expert and hacker.
2, increasingly sophisticatedization of information system now, the result that many Heterogeneous systemss are connected mutually causes the user when logging on the different computers system, because of the requirement of each operating system, must input password once more.According to expert statistics, have only a few peoples can remember three groups of differences simultaneously and length is the password of eight word strings.Conclusion is, therefore most people can write down password, is placed on the user and thinks the place of safe ready.Obviously, this provides the pipeline of inside and outside hacker attacks of enterprise again.
Even 3 users never offend above 2 errors, but obviously, password is to exist with form expressly before being transferred to servomechanism from user's end.The hacker can be via any point on world-wide web or the LAN, and the intercepting password is palmed off user (Replay) beginning illegal invasion system then.A lot of people think special line of rent, just can be not by hacker attacks.Such idea is wrong.Even special line also is to do circuit switched through public switching systems, and is for the hacker attacks system, more convenient.Because special line is not in case after setting up, the route that data flowed just can often change.So, the hacker more can pooling of resources, is absorbed in the data that flows on the intercepting permanent haulage line.
Moreover, " hacker also can intercept the data that not encrypted is crossed in the point-to-point transmission, and is distorted ", the communications protocol of walking on world-wide web is TCP/IP.Before two computers can data transmission, must finish syllogic earlier and hand over and hold (Three-way Handing Shaking), could set up line, begin the transmission data.The problem that this is wherein hiding but gives the good opportunity of hacker attacks.
Its reason is as follows:
1, for the transmission of both sides' data is a world-wide web by the public, and the data that is transmitted is to exist with form expressly.Any computer that connects world-wide web can be done monitoring (Sniffing) to online data.Thus, individual privacy, property, and the enterprise commerce secret then exposes to the open air fully on world-wide web, has no privacy at all, secret can be sayed.
2, sometimes the hacker for the above-mentioned line of setting up on top of, and palm off former user's identity, with resource on the access remote host and service, can palm off the identity of main frame simultaneously, a large amount of useless data are returned arithmetic capability (the Denial of Service of attempt paralysis user computer system to the user; DoS).Thus, the hacker not only can palm off former user's identity, with resource on the access remote host and service, issues arbitrarily, distorts or the deletion data, and the system operator of host side can't be discovered.More seriously, the hacker revises data in the mode that leaves no trace like this, under the situation that can't confirm message source (user's identity), round user is difficult to from clear.
Moreover, if the user uses the unility computer online in the public place, all be that LAN (LAN) by this inside, public place connects external network (Internet), on LAN (LAN), with Ethernet-based IP networks is example, and all data (package) all are to flow to all PC in the LAN in the mode of broadcasting (Broadcasting).Because a network card (Network Interface Card) is all arranged, on each PC so can filter out the package that is not to send to oneself.And this wherein hiding problem but gives another good chance of hacker attacks, the data that intercepting is transmitted on LAN.
Its reason is as follows:
1,, and be to exist with form expressly for all packages all are to flow to all PC in the LAN in the mode of broadcasting (Broadcasting).Therefore, any PC that connects LAN can play the part of prison hearer's (Sniffer) role, the generous data of stealing a glance at others.
2, worse,, then probably logged on system in illegal mode, do some unauthorized things by the people in case someone password is intercepted.For example, sign-off or sign-out official document, change can account, scatter unreal message, sell rival etc. after stealing the research and development data.
Based on above-mentioned, provide the relative progressive that reflects importance of the present invention and essence and the exigence of confusion at dealer's migration intellectual property edge of MP3 software platform on existing cyberspace vulnerability and the network.
Therefore, the inventor in view of this, be that the spy concentrates on studies and constantly test discussion of process, finally propose a kind of reasonable in design and effectively improve a kind of easy-to-use integrated circuit (IC) of arranging in pairs or groups (Integrated Circuit) card authentication hardware of above-mentioned disappearance, effectively protection and via the data storage application authorization flow process and the IC-card authentication hardware of the machine-processed double authentication of peace control.
Summary of the invention
The objective of the invention is to solve existing cyberspace vulnerability, and utilize IC-card authentication hardware mode to do effectively to authorize to control, to avoid point-to-point transmission P2P on the present network (Peer toPeer) mode, the confusion at migration intellectual property power law edge makes legal property right of an author, intellectual property weigh the problem of the greatest loss of possessor.
For this reason, the technical scheme of the present invention's proposition is:
A kind of data storage application authentication method, wherein: will be built-in with an identity and check the IC-card of a private mark integrated circuit card identification code ICCID (Integrated Circuit Card Identification) and an international check code global identity GLN (Global Number) and insert in the IC-card reading device (Reader), and be installed on the hardware that generally is compatible to computer as authentication hardware, this method mainly comprises following steps:
Step a: the authentication hardware of user's use device one IC-card and an IC-card reading device (Reader) is logined the member, the information of the required login of input user, and by login button (Login);
Step b: utilize the embedded program of IC-card that its login process is directed at the CA of proof of identification management organization (Certification Authority) authentication servomechanism, and the ICCID private mark that IC-card is built-in reaches CA authentication servomechanism, judge whether legal and audit authority of the IC-card of authentication on the hardware by the special program of CA authentication servomechanism, correctly then on CA authentication servomechanism data bank, write down it and login number of times, produce rely on (the Server Result) of an authentication hardware identification success, and the random at random numerical value (Random) that is produced in the passback decode procedure is to IC-card;
Step c: after abovementioned steps is correct, the random at random numerical value (Random) that IC-card utilizes the embedded program of IC-card to obtain is used for the ICCID private mark of decoding built-in, and produce rely on (the Client Result) of IC-card authentication, and its login process is directed at uses website servomechanism (APServer), and with ICCID private mark, the relying on of IC-card authentication (Client Result), the user imports information and reaches application website servomechanism (AP Server) in the lump, allow application website servomechanism (AP Server) judge according to its data bank whether the information of user's input is correct, and the inquiry term of life;
Steps d: after abovementioned steps is correct, uses website servomechanism (AP Server) the relying on of the ICCID private mark accepted and IC-card authentication (Client Result) reached CA authentication servomechanism is confirmed authentication hardware and user's information for deciphering once more correctness.
A kind of IC-card authentication hardware of data storage application authorization, wherein: this IC-card is built-in with an identity and checks a private mark ICCID and an international check code GLN, this IC-card is inserted in the IC-card reading device (Reader), and is installed on the hardware that generally is compatible to computer, as authentication hardware.
Wherein: the authentication hardware of this device IC-card can be the hardware of a general-purpose serial bus USB (Universal Serial Bus) interface.
The authentication hardware of this device IC-card can be a flash memory.
It is numerous that main intention of the present invention comes from existing cyberspace vulnerability, feel at ease to use the protective deficiency of its secret data for user's online, utilize so concentrate on studies an IC-card arrange in pairs or groups one the authentication hardware, and promote the five big information security demands that the electronic data network safe transmission is desired to reach to reach with CA authentication server (peace control mechanism), be:
(1) confidentiality of data (Confidentiality)
Guarantee that data information does not suffer the third party to peep or steal,, can encrypt by data and finish with the privacy of protected data data transmission.
(2) integrality of data (Integrity)
Guarantee that the transmission information data message is distorted by the person who is ambitious or tenacious of purpose,, can encrypt by digital signature or data and be protected to guarantee the correctness of data transmission content.
(3) source identification (Authentication)
Confirm the source of data transmission message, palmed off, can be taken precautions against by modes such as digital signature or data encryptions to avoid the data transmission message.
(4) non-repudiation (Non-repudiation)
Transmit and receive message and avoid the user to deny once carrying out data transmission afterwards, can reach by digital signature and public key architecture.
(5) access control (Access Control)
According to user's identity, make the keyholed back plate of access data.In addition, and can be according to user's identity, the execution authority of decision peace control functions of modules.
Moreover, the present invention utilizes IC-card authentication hardware mode, do effectively to authorize to control, and the archives that store are done a special coding and decoding move, make it to have more confidentiality, security and maneuverability and the uniqueness (having the archives that legal user could use its storage only) of data access, to avoid point-to-point transmission P2P on the present network (Peer to Peer) mode, the confusion at migration intellectual property power law edge makes legal property right of an author, intellectual property weigh the problem of the greatest loss of possessor.
The present invention is via the protection action of above-mentioned several encryption and decryption and coding, can guarantee the security of user's login authentication on the website, and avoid the leakage of user's secret data, and the CA authentication server more can be suitable be website dealer's keyholed back plate flow, administration authority is also set up classifying system, safer network environment is provided, what is more, for being willing to service provider on network environment, the also therefore foundation of mechanism, allow its service more have according to doing equivalent feedback, the network environment good service further is provided, and allows network trading more meet the principle of utmost fair dealing order.
Data storage application authentication method of the present invention and IC-card authentication hardware are all linked Web Server website by the user with the browser online and are carried out relevant operation, send each solicited message by authentication procedure again and come to the voucher servo-drive system.User's voucher is confirmed and correlation function can very easily be carried out, and the installation of Web Server network server end authentication procedure system is simple, it is used go up execution easily.
With the existing method comparison that is applied to generally use Website server (AP Server) user's login system, a secret authenticated data and an identity that the present invention has utilized an IC-card to store the user are checked private mark ICCID, and this IC-card is installed on the flash memory that generally is compatible with the computing machine USB interface (dish with oneself), as authentication hardware, and the authentication procedure of arranging in pairs or groups in general application Website server (AP Server) end and a plug-in authentication procedure on output software, when the user utilizes this authentication hardware online its user's title of login and password, protection action via several encryption and decryption and coding, to guarantee the security of user's login authentication on the website, and avoid the leakage of user's secret data, and can be suitable be website dealer's keyholed back plate flow, administration authority is also set up classifying system, and safer network environment is provided.
The authentication hardware of going up IC-card and IC-card reading device (Reader) of arranging in pairs or groups in addition also can be used to as storing media, and the data that can not make can only be deposited in single the fixed hard disk of computing machine, and the archives that store can be done a special coding and decoding action, make it to have more confidentiality, security and maneuverability and the uniqueness (promptly having the archives that legal user could use its storage only) of data access.
Description of drawings
Fig. 1 is a download archives flow chart of steps of the present invention;
Fig. 2 is a certification entity schematic flow sheet of the present invention;
Fig. 3 is a download archives entity schematic flow sheet of the present invention;
Fig. 4 is a file opening flow chart of steps of the present invention;
Fig. 5 is a file opening entity schematic flow sheet of the present invention;
Fig. 6 is an authentication hardware synoptic diagram of the present invention;
Fig. 7, Fig. 8 are applied to the form figure of MP3 player for the present invention;
Fig. 9 is inserted in the synoptic diagram of computer for the present invention.
[figure number explanation]
10, authentication hardware
20, CA authentication servomechanism
30, IC-card
40, authentication hardware
51, authentication hardware
61, CA authentication servomechanism
71, use the website servomechanism
Embodiment
Ought more can understand after below cooperating diagram that embodiments of the present invention are described further.
Fig. 1 is a flow chart of steps of the present invention, comprises a, b, four key steps of c, d among the figure, and another is correct logins and comprised step.1 in the process to six main flow processs such as step.6:
Step a: the authentication hardware of user's use device one IC-card and an IC-card reading device (Reader) is logined the member, the information of the required login of input user, and by login button (Login);
Step b: utilize the embedded program of IC-card that its login process is directed at CA authentication servomechanism, and the ICCID private mark that IC-card is built-in reaches CA authentication servomechanism (step.1), judge whether legal and audit authority of the IC-card of authentication on the hardware by the special program of CA authentication servomechanism, correctly then on CA authentication servomechanism data bank, write down it and login number of times, produce rely on (the Server Result) of an authentication hardware identification success, and the random at random numerical value (Random) that is produced in the passback decode procedure is to IC-card (step.2);
Step c: after abovementioned steps is correct, the random at random numerical value (Random) that IC-card utilizes the embedded program of IC-card to obtain is used for the ICCID private mark of decoding built-in, and produce IC-card authentication rely on (Client Result) (step.3), and its login process is directed at uses website servomechanism (APServer), and with ICCID private mark, the relying on of IC-card authentication (Client Result), the user imports information and reaches application website servomechanism (AP Server) in the lump, allow application website servomechanism (ApServer) judge according to its data bank whether the information of user's input is correct, and inquiry term of life (avail date);
Steps d: after abovementioned steps is correct, uses website servomechanism (AP Server) the relying on of the ICCID private mark accepted and IC-card authentication (Client Result) reached CA authentication servomechanism is confirmed authentication hardware and user's information for deciphering once more correctness (stcp.4).
Now be described in detail above step as follows:
At first step a is meant: the user checks private mark and an ICCID and an international check code GLN by the built-in identity of an IC-card, this IC-card is inserted in the IC-card reading device (Reader), and be installed on the flash memory (dish with oneself) that generally is compatible to the computer USB interface, as authentication hardware, and utilize this authentication hardware online its user's title (Username) of login and password (Password) back by login button (Login).
Step b is meant: after the user inputs its user's title (Username) and password (Password), earlier its login process is imported CA authentication servomechanism by the embedded program of IC-card and carry out the encryption and decryption action, decrypt the value of ICCID private mark earlier by special flow process, and borrow it to compare CA authentication data bank, corresponding ICCID private mark and mandate are by behind the EKI of (Validate=Y), decipher in advance KI, and the result who produces a random at random numerical value (Random) and encrypt with KI is stored in the data bank of CA authentication servomechanism, result after this encryption is rely on (the Server Result) of authentication hardware identification success, and can be in order to write down the number of times that this user uses this authentication hardware to login, confirm the legitimacy of this authentication hardware and the authority whether this private mark ICCID has this website of login, and the authority that is awarded is much, after hardware identification passes through, CA authentication servomechanism can send back IC-card with the random at random numerical value (Random) that is produced, regard KEY, be used for supplying general application website servomechanism (AP Server) end to pass through second and go on foot behind the identifying procedure and CA authentication servomechanism intersection comparison usefulness; And if unauthorized is not by (Validate=N opens card to the ICCID private mark of establishing in the IC-card on this authentication hardware) in comparison result, then system can inform that the user holds the hardware identification failure, and loses the qualification of the login of being open to the custom.This is the authentication flow step of the first step.
Step c is meant: the identifying procedure success of the first step, the general website servomechanism (APServer) of using can receive the KEY value that is sent by CA authentication servomechanism on the IC-card earlier, ICCID private mark, user's title (Username) of user's input and the password of keying in (Password), whether correct, and whether check this user's effective life expired if again its flow process being directed at compare user's name (Username) and password (Password) of general application website servomechanism (AP Server).
Steps d is meant: if step c is errorless through comparing, then pass KEY value and ICCID private mark back CA authentication servomechanism and carry out encryption and decryption, decrypt the value of ICCID private mark earlier by special flow process, and borrow it to compare CA authentication data bank, corresponding ICCID private mark and mandate are by behind the EKI of (Validate=Y), and go the EKI value is deciphered with the KEY value, whether comparison conforms to ServerResult, if conform to, then the authentication of second step is passed through, if the user compares to determine it is legal registrant through intersecting, then could login inlet by the member with legal rights of using, continue to import next step Web Page and the ServerResult that encryption and decryption on the CA authentication servomechanism is gone out and empty, so that can produce new Server Result during user's login next time and for temporary, if comparison result does not conform to, then inform general application website servomechanism (AP Server) authentication hardware IC CID private mark mistake, authentification failure loses the qualification of the login of being open to the custom, and this is the second step identifying procedure.
Fig. 2 is a certification entity schematic flow sheet of the present invention, show the flow guiding when actual authentication of the present invention operates among the figure, sign in to formal authentication success through 5 routes from the user, please refer to diagram, route 1 is logined its Member Information for the user utilizes an authentication hardware (device IC-card) 50 to login WebServer servomechanism 70 webpage Member Login forms, the user is after input Username and Password, by login button (Login), the embedded program of IC-card this moment just can be directed at its login process CA authentication servomechanism 60 earlier, and the ICCID private mark that IC-card is built-in reaches CA authentication servomechanism 60 and carries out encryption and decryption action, carry out the identifying procedure 1 (Winsock) of CA authentication servomechanism this moment, the value that decrypts ICCID private mark earlier by special flow process in identifying procedure (Winsock) lining, and borrow it to compare CA authentication data bank, corresponding ICCID private mark and mandate are by behind the EKI of (Validate=Y), decipher in advance KI, and the result who produces a random at random numerical value (Random) and encrypt with KI is stored in the data bank of CA authentication servomechanism, result after this encryption is rely on (ServerResult) of authentication hardware identification success, and can be in order to write down the number of times that this user uses this authentication hardware to login, confirm the legitimacy of this authentication hardware and the authority whether this private mark ICCID has this website of login, and the authority that is awarded is much, after hardware identification is finished, and then touch route 2, the random at random numerical value (Random) that CA authentication servomechanism is produced sends back IC-card, after IC-card receives this random at random numerical value (Random), the embedded program of IC-card can be earlier will built-in ICCID private mark in advance deciphering and a KI value (KI value herein and whether last to examine it be the authentication hardware that mandate is passed through, audit power and comparison power are at CA authentication servomechanism), relend rely on (the Client Result) that produces IC-card authentication to encrypt with the random at random numerical value (Random) that is received, be used for for general use website servomechanism (AP Server) end carry out second step during identifying procedure and CA authentication servomechanism intersect comparison and use; And if unauthorized is not by (Validate=N opens card to the ICCID private mark of establishing in the IC-card on this authentication hardware) in comparison result, then system can inform that the user holds the hardware identification failure, and loses the qualification of the login of being open to the custom.
And if the words of the identifying procedure success of the first step, then touch the route 3 general website servomechanisms (AP Server) of using, can receive the ICCID private mark on the IC-card earlier, the relying on of IC-card authentication (Client Result), user's title (Username) of user's input and the password of keying in (Password), whether this moment general to use website servomechanism (AP Server) can be earlier correct by compare user's title (Username) and password (Password) of itself data bank if being, and whether the effective life of checking this user is expired, if it is errorless through comparing, touch route 4 again and carry out identifying procedure 2, pass the relying on of ICCID private mark and IC-card authentication (Client Result) back CA authentication servomechanism and intersect comparison, decrypt the value of ICCID private mark earlier by special flow process, and borrow it to compare CA authentication data bank, find out corresponding ICCID private mark and authorize authentication hardware identification success by (Validate=Y) rely on (Server Result) after, whether rely on (the Server Result) of the success of comparison authentication hardware identification conforms to rely on (the Client Result) of IC-card authentication, if conform to, then the authentication of second step is passed through, touch route 5, if the user compares to determine it is legal registrant through intersecting, then could login inlet by the member with legal rights of using, continuation imports next step Web Page and the Server Result that encryption and decryption on the CA authentication servomechanism is gone out empties, this is a final step, route 8; And, then inform general application website servomechanism (AP Server) authentication hardware IC CID private mark mistake if comparison result does not conform to, authentification failure loses the qualification of the login of being open to the custom.
Fig. 3 is a download archives entity schematic flow sheet of the present invention, it is the schematic diagram of Fig. 2, by the flow guiding that can know among the figure when finding out download archives entity process operation of the present invention, sign in to formal login from the user and finish altogether through 4 routes, wherein route 2 is authentication mechanism (seeing also Fig. 2).
Fig. 4 is a file opening flow chart of steps of the present invention, by knowing among the figure when finding out that user's desire is opened the archives encoded, must former authentication hardware be inserted among the USB joint of computer USB joint or other players earlier, when opening MP3 playout software or application software, the embedded program of IC-card can elder generation reach plug-in authentication procedure with built-in ICCID private mark or the correctness (step.1) of go ahead of the rest decoding and judgement authentication hardware on MP3 playout software that itself has the authentication procedure sign indicating number or application software, again authentication result is passed back MP3 playout software or application software (step.2), if authentication is legal by authentication hardware, then the archives of desire being opened by the embedded program of IC-card are done decoding (step.3), and open these decoded archives by MP3 playout software or application software and use (step.4), and if the words of authentication hardware identification failure, then can produce error messages, inform that the user authenticates hardware IC CID mistake authentification failure.
Fig. 5 is a file opening entity schematic flow sheet of the present invention, it is the schematic diagram of Fig. 4, by the flow guiding that can know among the figure when finding out file opening entity process operation of the present invention, utilize authentication hardware to be inserted among the USB joint of computer USB joint or other players from the user, arrive correct file opening when opening MP3 playout software or application software altogether through 5 routes, wherein route 2 is plug-in authentication procedure or the correctness of go ahead of the rest decoding and judgement authentication hardware on MP3 playout software that itself has the authentication procedure sign indicating number or application software.
Fig. 6 is an authentication hardware synoptic diagram of the present invention, as shown in the figure, the present invention has utilized the built-in identity of an IC-card to check private mark ICCID and private mark GLN is checked in a world, and this IC-card is installed on the flash memory (dish with oneself) that generally is compatible to the computer USB interface, as authentication hardware.
Fig. 7 and Fig. 8 are applied to the form figure of MP3 player for the present invention in addition, as shown in the figure, utilize the authentication hardware of collocation USB interface of the present invention, can engage with present MP3 player on the market, authentication hardware is inserted among the USB joint of computer USB joint or other players, when opening MP3 playout software or application software, the embedded program of IC-card can elder generation reach plug-in authentication procedure with built-in ICCID private mark or the correctness (step.1) of go ahead of the rest decoding and judgement authentication hardware on MP3 playout software that itself has the authentication procedure sign indicating number or application software, again authentication result is passed back MP3 playout software or application software (step.2), if authentication is legal by authentication hardware, then the archives of desire being opened by the embedded program of IC-card are done decoding (step.3), and open these decoded archives by MP3 playout software or application software and use (step.4), and if the words of authentication hardware identification failure, then can produce error messages, inform that the user authenticates hardware IC CID mistake authentification failure.
Fig. 9 is inserted in the synoptic diagram of computer for the present invention, will utilize the authentication hardware of collocation USB interface of the present invention to insert in the USB slot of computer host housing, just can carry out aforementioned institute in steps.
In sum, data storage application authentication method provided by the present invention and IC-card authentication hardware, can replace existing application website servomechanism (AP Server) login mode, it is to have utilized the built-in identity of an IC-card to check private mark ICCID and private mark GLN is checked in a world, and this IC-card is installed on the flash memory that generally is compatible to the computer USB interface (dish with oneself), as authentication hardware, when the user utilizes this authentication hardware to do the login action, via the intersection comparison system of several encryption and decryption and destination and authentication end servomechanism, can effectively confirm user's legitimacy and effective keyholed back plate flow; Moreover, another surcharge of utilizing the authentication hardware of collocation IC-card of the present invention is the private key as the individual, superior functionality with permanent protective property and high security, its application extensively reaches the high security characteristics, and the design that has by preceding end, the present invention more can make the website pages person (as the disc dealer) that property right of an author archives or intellectual property archives are provided do effectively to authorize to control in addition, and can avoid point-to-point transmission P2P on the present network (Peer to Peer) mode, upload mutually for the online friend, download, divide the generation of migration intellectual property law edge confusion enjoy property right of an author or the archives (as singer's MP3) of intellectual property are arranged, and make legal dealer (property right of an author, intellectual property possessor) rights and interests heavy losses, just design for pressing for now, really the application important document that has met patent of invention, earnestly asking authorities examines in detail, and bestow and grant a patent, benefit the nation and the people with Jiahui people's livelihood, the true feeling moral just.
Yet methods such as the above technology of narrating, figure say, program or control only are one of preferred embodiments of the present invention; Such as the equalization of doing according to the technology of the present patent application claim changes or modifies or the identical making of acquisition partial function, the scope that still belongs to patent right of the present invention and contained; When not limiting scope of the invention process according to this.

Claims (4)

1, a kind of data storage application authentication method, it is characterized in that: will be built-in with an identity and check the IC-card of a private mark ICCID and an international check code GLN and insert in the IC-card reading device, and be installed on the hardware that generally is compatible to computer as authentication hardware, this method mainly comprises following steps:
Step a: the authentication hardware of user's use device one IC-card and an IC-card reading device is logined the member, the information of the required login of input user, and by login button;
Step b: utilize the embedded program of IC-card that its login process is directed at CA authentication servomechanism, and the ICCID private mark that IC-card is built-in reaches CA authentication servomechanism, judge whether legal and audit authority of the IC-card of authentication on the hardware by the special program of CA authentication servomechanism, correctly then on CA authentication servomechanism data bank, write down it and login number of times, produce relying on of an authentication hardware identification success, and the random at random numerical value that is produced in the passback decode procedure is to IC-card;
Step c: after abovementioned steps is correct, the random at random numerical value that IC-card utilizes the embedded program of IC-card to obtain is used for the ICCID private mark of decoding built-in, and produce relying on of IC-card authentication, and its login process is directed at uses the website servomechanism, and relying on ICCID private mark, IC-card authentication, the user imports information and reaches application website servomechanism in the lump, allows application website servomechanism judge according to its data bank whether the information of user's input is correct, and inquires about term of life;
Steps d: after abovementioned steps is correct, uses the website servomechanism ICCID private mark and the relying on of being accepted of IC-card authentication reached CA authentication servomechanism for deciphering the correctness of confirming authentication hardware and user's information once more.
2, a kind of IC-card of data storage application authorization authentication hardware, it is characterized in that: this IC-card is built-in with an identity and checks a private mark ICCID and an international check code GLN, this IC-card is inserted in the IC-card reading device, and is installed on the hardware that generally is compatible to computer, as authentication hardware.
3, the IC-card of data storage application authorization as claimed in claim 2 authentication hardware is characterized in that: the authentication hardware of this device IC-card can be the hardware of a USB interface.
4, the IC-card of data storage application authorization as claimed in claim 2 authentication hardware, it is characterized in that: the authentication hardware of this device IC-card can be a flash memory.
CN 200310103376 2003-10-29 2003-10-29 Data storage and application authentication method and IC card authentication hardware Pending CN1612148A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200310103376 CN1612148A (en) 2003-10-29 2003-10-29 Data storage and application authentication method and IC card authentication hardware

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200310103376 CN1612148A (en) 2003-10-29 2003-10-29 Data storage and application authentication method and IC card authentication hardware

Publications (1)

Publication Number Publication Date
CN1612148A true CN1612148A (en) 2005-05-04

Family

ID=34756642

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200310103376 Pending CN1612148A (en) 2003-10-29 2003-10-29 Data storage and application authentication method and IC card authentication hardware

Country Status (1)

Country Link
CN (1) CN1612148A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008148245A1 (en) * 2007-06-06 2008-12-11 Hui Lin Digital content protection method and system based on user identification
CN101043566B (en) * 2006-03-24 2010-04-21 京瓷美达株式会社 Image forming device having routine selectable activated by memory key
WO2011003304A1 (en) * 2009-07-08 2011-01-13 中兴通讯股份有限公司 Phone-card locking method and device for wireless communication
WO2011116555A1 (en) * 2010-03-22 2011-09-29 中兴通讯股份有限公司 Method and system for automatically logging in client
WO2013127158A1 (en) * 2012-03-01 2013-09-06 深圳趋势数码科技有限公司 Information distribution usb flash disk and information distribution method
CN111382411A (en) * 2020-03-13 2020-07-07 通威太阳能(眉山)有限公司 Use method of IC system for conveniently acquiring machine permission

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043566B (en) * 2006-03-24 2010-04-21 京瓷美达株式会社 Image forming device having routine selectable activated by memory key
WO2008148245A1 (en) * 2007-06-06 2008-12-11 Hui Lin Digital content protection method and system based on user identification
WO2011003304A1 (en) * 2009-07-08 2011-01-13 中兴通讯股份有限公司 Phone-card locking method and device for wireless communication
WO2011116555A1 (en) * 2010-03-22 2011-09-29 中兴通讯股份有限公司 Method and system for automatically logging in client
US8990565B2 (en) 2010-03-22 2015-03-24 Zte Corporation Method and system for automatically logging in a client
WO2013127158A1 (en) * 2012-03-01 2013-09-06 深圳趋势数码科技有限公司 Information distribution usb flash disk and information distribution method
CN111382411A (en) * 2020-03-13 2020-07-07 通威太阳能(眉山)有限公司 Use method of IC system for conveniently acquiring machine permission

Similar Documents

Publication Publication Date Title
US7231526B2 (en) System and method for validating a network session
CN101176103B (en) Computer security system
CN101192926B (en) Account protection method and system
US6981156B1 (en) Method, server system and device for making safe a communication network
US20080148057A1 (en) Security token
US7100048B1 (en) Encrypted internet and intranet communication device
US20040143738A1 (en) System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data
CN104662870A (en) Data security management system
CN106453384A (en) Security cloud disk system and security encryption method thereof
JP2005295570A (en) Method and system which restore private data protected with password through communication network without exposing private data
CN102217277A (en) Method and system for token-based authentication
JP5013931B2 (en) Apparatus and method for controlling computer login
CN1322431C (en) Encryption retention and data retrieve based on symmetric cipher key
CN110650021A (en) Authentication terminal network real-name authentication method and system
CN1612148A (en) Data storage and application authentication method and IC card authentication hardware
US20050066199A1 (en) Identification process of application of data storage and identification hardware with IC card
CN100469012C (en) An authentication method for information storaging application and IC card authentication hardware
US20100058453A1 (en) Identification process of application of data storage and identification hardware with ic card
JP2007058807A (en) Authentication system and method
US20150121504A1 (en) Identification process of application of data storage and identification hardware with ic card
CN100477594C (en) Method of internet clearance security certification
CN1612117A (en) Internet link secure authentication method and IC card authentication hardware
CN109412754B (en) Data storage, distribution and access method of coding cloud
Leicher et al. Trusted computing enhanced user authentication with OpenID and trustworthy user interface
CN1612149A (en) Mail servo accessing safety authentication method and IC card authentication hardware

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication