CN206962826U - Identity authorization system based on FIDO U2F double factor fingerprint recognitions - Google Patents

Identity authorization system based on FIDO U2F double factor fingerprint recognitions Download PDF

Info

Publication number
CN206962826U
CN206962826U CN201720833397.1U CN201720833397U CN206962826U CN 206962826 U CN206962826 U CN 206962826U CN 201720833397 U CN201720833397 U CN 201720833397U CN 206962826 U CN206962826 U CN 206962826U
Authority
CN
China
Prior art keywords
fingerprint
key management
fido
equipment
authorization system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201720833397.1U
Other languages
Chinese (zh)
Inventor
刘君
丁朴
郭佳
赵旭
毛洁明
张大成
谭政
张敏
宋健
李先桃
胡洋洋
李平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Mutual Intelligent Technology Co Ltd
Original Assignee
Shanghai Mutual Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Mutual Intelligent Technology Co Ltd filed Critical Shanghai Mutual Intelligent Technology Co Ltd
Priority to CN201720833397.1U priority Critical patent/CN206962826U/en
Application granted granted Critical
Publication of CN206962826U publication Critical patent/CN206962826U/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The utility model discloses a kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions, the identity authorization system includes public key management server and the fingerprint U2F equipment connected by data link;The fingerprint U2F equipment includes fingerprint recognition module, Private key management chip and communication part;The fingerprint recognition module and the communication part connect the Private key management chip respectively.The utility model has the advantages that user no longer needs to remember substantial amounts of complicated password, conventional cipher is mainly used in user and logs in use, security of not determining deal height;Password can simplify:User using 4 simple passwords even if only not interfering with final transaction security yet;FIDO U2F checkings equipment based on fingerprint identification technology can be that multiple websites or service carry out strong Security Authentication Service simultaneously.

Description

Identity authorization system based on FIDO U2F double factor fingerprint recognitions
Technical field
It the utility model is related to information security field, and in particular to a kind of body based on FIDO U2F double factor fingerprint recognitions Part Verification System.
Background technology
High speed development and popularization with Internet technology, particularly various smart machines such as smart mobile phone, flat board pad And various wearable devices are advanced by leaps and bounds, people are also being faced with increasingly while more intelligence and convenient life is enjoyed Serious user profile leakage problem.And current internet is verified with Internet of Things online identity and account authenticates some exposed peaces Full risk problem is as follows:
1. account password centralised storage, once server database is attacked, password and data message are all revealed;
It is not easy to remember into user 2. the complexity of password is shone, and a chain of leakage easily occurs;
3. it is not easy to the use of intelligent movable equipment.
With the popularization of mobile phone and smart machine, OTP token technology is increasingly becoming another conventional user's checking Mode.OTP, also known as full name One Time Password, disposal password or dynamic password, is used only once and certain In time limit effectively.Its typical case scene is that backstage authentication system sends 6 or 8 random OTP passwords in the form of short message Onto user mobile phone, user is in login or transaction authentication, and after inputting traditional static password, while it is close to input this dynamic Code, so that it is guaranteed that the security of system identity checking.But OTP design premises are only when customer transaction terminal and OTP receive hand Machine just can guarantee that safe enough when must be two different mobile phones.Therefore, when most users are same using only a mobile phone When complete transaction with authentication when, the technology does not ensure that user information safety, can not be applied to mobile Internet Authentication application.
The content of the invention
The purpose of this utility model is according in place of above-mentioned the deficiencies in the prior art, there is provided one kind based on FIDO U2F it is double because The identity authorization system of sub- fingerprint recognition, by combining U2F agreements and fingerprint identification technology, realize one kind has the system Identity authorization system easy to use and high security.
The utility model purpose is realized and completed by following technical scheme:
A kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions, the identity authorization system include passing through The public key management server and fingerprint U2F equipment of data link connection;The fingerprint U2F equipment include fingerprint recognition module, Private key management chip and communication part;The fingerprint recognition module and the communication part connect the Private key management respectively Chip.
The fingerprint U2F equipment also includes power supply, and the power supply connects the fingerprint recognition module, the Private key management core Piece and the communication part.
The fingerprint recognition module is made up of the fingerprint sensor and algorithm chip being connected with each other.
The communication part is one or more combinations in USB interface, bluetooth module and NFC modules.
The data link includes user terminal, and the user terminal is connected by internet and the public key management server Connect, the fingerprint U2F equipment is connected by the communication component with the user terminal.
The user terminal is computer or mobile phone.
The Private key management chip is safety chip.
The utility model has the advantages that:
1. user no longer needs to remember substantial amounts of complicated password, conventional cipher is mainly used in user and logs in use, do not determine Transaction security height;
2. password can simplify:User pacifies even if only also not interfering with final transaction using 4 simple passwords Entirely;
3. the FIDO U2F checkings equipment based on fingerprint identification technology, which can be multiple websites or service simultaneously, carries out strong safety Authentication service.
Brief description of the drawings
Fig. 1 is the structured flowchart of the utility model identity authorization system;
Fig. 2 is the structured flowchart of fingerprint U2F equipment in the utility model.
Embodiment
Feature of the present utility model and other correlated characteristics are made further specifically by embodiment below in conjunction with accompanying drawing It is bright, in order to the understanding of technical staff of the same trade:
Such as Fig. 1-2, mark 1-11 is respectively in figure:Public key management server 1, fingerprint U2F equipment 2, fingerprint recognition module 3rd, Private key management chip 4, communication part 5, user terminal 7, USB interface 8, bluetooth module 9, NFC modules 10, power supply 11.
Embodiment:As shown in figure 1, the present embodiment is specifically related to a kind of identity based on FIDO U2F double factor fingerprint recognitions Verification System, the system include public key management server 1 and fingerprint U2F equipment 2;Fingerprint U2F equipment 2 is carried by user, public Key management server 1 is remote server;Connected between fingerprint U2F equipment and public key management server 1 by data link.
As shown in Fig. 2 fingerprint U2F equipment 2 includes fingerprint recognition module 3, Private key management chip 4 and communication part 5;Refer to Line identifies that module 3 and communication part 5 connect Private key management chip 4 respectively;Fingerprint recognition module 3 is passed by the fingerprint being connected with each other Sensor and algorithm chip composition;Fingerprint recognition module 3 is used to gather and identify the finger print data of user;Private key management chip 4 For generating and storing the public private key pair based on rivest, shamir, adelman;Private key management chip 4 is safety chip, and it has hardware Independent safe unit.
As shown in Figure 1, 2, data link includes user terminal 7, and user terminal 7 is computer or mobile phone in the present embodiment; User terminal 7 is connected by internet with public key management server 1, and fingerprint U2F equipment 2 passes through communication part 5 and user terminal Connection;By data link, the public key that fingerprint U2F equipment 2 can be generated is sent to public key management server 1;Used in checking During the identity of family, public key management server 1 can send data to be signed by data link to fingerprint U2F equipment 2;Fingerprint U2F equipment 2 can be signed data to be signed using its internal private key preserved, and the data after signature are passed through into Data-Link Pass public key management server 1 back in road.
As shown in Fig. 2 communication part includes USB interface 8, bluetooth module 9 and NFC modules 10 in the present embodiment;Fingerprint U2F equipment 2 also includes power supply 11, and power supply 11 connects fingerprint recognition module 3, Private key management chip 4 and communication part 5;Power supply 11 are used for above-mentioned module and assembly power supply.
As shown in Figure 1, 2, it is necessary at this before application software or network application is logged in using fingerprint U2F equipment 2 first Registered fingerprint U2F equipment 2 in application software or the public key management server 1 of network application, registration process comprises the following steps:
1)User is logged in application software or network application by original username and password, in the application software Or in the case that U2F agreements are supported in network application, user initiates fingerprint U2F 2 notes as the second authentication factor of equipment Volume application;
2)After application passes through, public key management server 1 will be by identification informations such as protocol name, Hostname and port numbers The server HASH values of generation pass application software or the client of network application back, and Client-Prompt user is by fingerprint U2F equipment 2 It is connected to the user terminal of operation client(Computer or mobile phone);The server HASH values received are pushed to finger by client Line U2F equipment 2;
3)Fingerprint U2F equipment 2 prompts user to make to press with finger fingerprint recognition module 3, when user presses fingerprint recognition mould After group, the Private key management chip 4 in fingerprint U2F equipment 2 is according to step 2)In the server HASH values that receive should for current A unique public private key pair is generated with software or network application and a private key indexes;And the public key and private key are indexed Send to public key management server 1;Private key management chip 4 preserves the public private key pair and private key index of its generation simultaneously;
4)Public key management server 1 is verified after receiving public key and private key index to it;By public key after the completion of checking And private key index is stored in database, and it is used as the second authentication key element during follow-up use.
As shown in Figure 1, 2, when user steps on the application registered by fingerprint U2F equipment 2 by existing username and password After program or network application, whenever user carries out the operation of high safety attribute(As payment affirmation, user profile modification, file are repaiied Change the operation such as deletion)When, it is necessary to carry out secondary identity authentication by fingerprint U2F equipment 2, secondary identity authentication includes following step Suddenly:
1)Public key management server 1 passes through Data-Link by server HASH values and for the data to be signed of authentication Road pushes to fingerprint U2F equipment 2;
2)Compared with the server HASH values that fingerprint U2F equipment 2 receives the server HASH values received when registration, Next step operation is carried out when both are identical;When both are different, fingerprint U2F equipment 2 is not responding to;
3)Fingerprint U2F equipment 2 prompts user to make to press with finger fingerprint recognition module 3;User presses fingerprint recognition module Afterwards, fingerprint U2F equipment 2 is authenticated to the fingerprint of user, when user finger print identifying by after, the basis of Private key management chip 4 Private key corresponding to the lookup of server HASH values, and the data to be signed received are signed using private key;After the completion of signature, Fingerprint U2F equipment 2 sends the data by signature to public key management server 1;
4)Public key management server 1 is received after the data of signature, using the public key of its preservation to the number by signature According to being decrypted;If successful decryption, user passes through secondary identity authentication;If decryption failure, user test not over secondary identity Card.
Whole system framework, which employs, is divided into design, is formed by two layers:Upper strata is logical layer, is responsible for completing to assist based on U2F The authentication of view;Lower floor is communication layers, is responsible for fingerprint U2F equipment 2 and user terminal 7(Such as computer or mobile device)Friendship Mutually, and to upper strata shielded communication details.By layering with standard interface design, U2F agreements can simultaneously compatible communication, Ensure that the cross-platform cross of agreement using ability.
The identity authorization system of the present embodiment can be used for plurality of application scenes, such as:Log in PC website clients end, log in shifting Dynamic equipment website or APP, carry out the operation acknowledgement of the high security attribute of website or client on PC, move equipment online Stand or the operation acknowledgement of the high security attribute of client, to carry out PC online tradings confirmations, the transaction moved in equipment true Recognize.
The advantageous effects of the present embodiment are:
1. user no longer needs to remember substantial amounts of complicated password, conventional cipher is mainly used in user and logs in use, do not determine Transaction security height;
2. password can simplify:User pacifies even if only also not interfering with final transaction using 4 simple passwords Entirely;
3. the FIDO U2F checkings equipment based on fingerprint identification technology, which can be multiple websites or service simultaneously, carries out strong safety Authentication service.

Claims (7)

  1. A kind of 1. identity authorization system based on FIDO U2F double factor fingerprint recognitions, it is characterised in that the authentication system System includes public key management server and the fingerprint U2F equipment connected by data link;The fingerprint U2F equipment includes fingerprint Identify module, Private key management chip and communication part;The fingerprint recognition module and the communication part connect institute respectively State Private key management chip.
  2. 2. a kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions according to claim 1, its feature Being the fingerprint U2F equipment also includes power supply, the power supply connect the fingerprint recognition module, the Private key management chip with And the communication part.
  3. 3. a kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions according to claim 1, its feature It is that the fingerprint recognition module is made up of the fingerprint sensor and algorithm chip being connected with each other.
  4. 4. a kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions according to claim 1, its feature One or more combinations in being USB interface, bluetooth module and NFC modules in the communication part.
  5. 5. a kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions according to claim 1, its feature It is that the data link includes user terminal, the user terminal is connected by internet with the public key management server, The fingerprint U2F equipment is connected by the communication part with the user terminal.
  6. 6. a kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions according to claim 5, its feature It is computer or mobile phone to be the user terminal.
  7. 7. a kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions according to claim 1, its feature It is safety chip to be the Private key management chip.
CN201720833397.1U 2017-07-11 2017-07-11 Identity authorization system based on FIDO U2F double factor fingerprint recognitions Expired - Fee Related CN206962826U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201720833397.1U CN206962826U (en) 2017-07-11 2017-07-11 Identity authorization system based on FIDO U2F double factor fingerprint recognitions

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201720833397.1U CN206962826U (en) 2017-07-11 2017-07-11 Identity authorization system based on FIDO U2F double factor fingerprint recognitions

Publications (1)

Publication Number Publication Date
CN206962826U true CN206962826U (en) 2018-02-02

Family

ID=61383432

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201720833397.1U Expired - Fee Related CN206962826U (en) 2017-07-11 2017-07-11 Identity authorization system based on FIDO U2F double factor fingerprint recognitions

Country Status (1)

Country Link
CN (1) CN206962826U (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110784395A (en) * 2019-11-04 2020-02-11 航天信息股份有限公司 Mail safety login method and system based on FIDO authentication
CN111199049A (en) * 2018-11-16 2020-05-26 浙江宇视科技有限公司 File authority management method and device
CN112069493A (en) * 2019-06-10 2020-12-11 联阳半导体股份有限公司 Authentication system and authentication method
CN112597470A (en) * 2021-01-22 2021-04-02 建投物联股份有限公司 Intelligent safe biological secret treasure system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111199049A (en) * 2018-11-16 2020-05-26 浙江宇视科技有限公司 File authority management method and device
CN112069493A (en) * 2019-06-10 2020-12-11 联阳半导体股份有限公司 Authentication system and authentication method
CN110784395A (en) * 2019-11-04 2020-02-11 航天信息股份有限公司 Mail safety login method and system based on FIDO authentication
CN112597470A (en) * 2021-01-22 2021-04-02 建投物联股份有限公司 Intelligent safe biological secret treasure system

Similar Documents

Publication Publication Date Title
US11405380B2 (en) Systems and methods for using imaging to authenticate online users
US11068575B2 (en) Authentication system
US20220058655A1 (en) Authentication system
US20220191016A1 (en) Methods, apparatuses, and computer program products for frictionless electronic signature management
CN108989346B (en) Third-party valid identity escrow agile authentication access method based on account hiding
CN102088353B (en) Two-factor authentication method and system based on mobile terminal
US9240886B1 (en) Authentication adaptation
CN206962826U (en) Identity authorization system based on FIDO U2F double factor fingerprint recognitions
CN104283886B (en) A kind of implementation method of the web secure access based on intelligent terminal local authentication
CN103401880B (en) The system and method that a kind of industrial control network logs in automatically
CN106488452B (en) Mobile terminal safety access authentication method combining fingerprint
CN105591744A (en) Network real-name authentication method and system
TWI632798B (en) Server, mobile terminal, and network real-name authentication system and method
CN105184566A (en) Work method of intelligent secret key equipment
CN104125230B (en) A kind of short message certification service system and authentication method
CN106488453A (en) A kind of method and system of portal certification
CN110290134A (en) A kind of identity identifying method, device, storage medium and processor
CN104767617A (en) Message processing method, system and related device
CN103024706A (en) Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication
CN104469736B (en) A kind of data processing method, server and terminal
CN110247758A (en) The method, apparatus and code management device of Password Management
CN107612949A (en) A kind of intelligent wireless terminal access authentication method and system based on radio-frequency fingerprint
TW201544983A (en) Data communication method and system, client terminal and server
Kim et al. Puf-based iot device authentication scheme on iot open platform
CN206962853U (en) The identity authorization system without close fingerprint recognition based on FIDO UAF

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180202

Termination date: 20200711

CF01 Termination of patent right due to non-payment of annual fee