CN206962826U - Identity authorization system based on FIDO U2F double factor fingerprint recognitions - Google Patents
Identity authorization system based on FIDO U2F double factor fingerprint recognitions Download PDFInfo
- Publication number
- CN206962826U CN206962826U CN201720833397.1U CN201720833397U CN206962826U CN 206962826 U CN206962826 U CN 206962826U CN 201720833397 U CN201720833397 U CN 201720833397U CN 206962826 U CN206962826 U CN 206962826U
- Authority
- CN
- China
- Prior art keywords
- fingerprint
- key management
- fido
- equipment
- authorization system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The utility model discloses a kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions, the identity authorization system includes public key management server and the fingerprint U2F equipment connected by data link;The fingerprint U2F equipment includes fingerprint recognition module, Private key management chip and communication part;The fingerprint recognition module and the communication part connect the Private key management chip respectively.The utility model has the advantages that user no longer needs to remember substantial amounts of complicated password, conventional cipher is mainly used in user and logs in use, security of not determining deal height;Password can simplify:User using 4 simple passwords even if only not interfering with final transaction security yet;FIDO U2F checkings equipment based on fingerprint identification technology can be that multiple websites or service carry out strong Security Authentication Service simultaneously.
Description
Technical field
It the utility model is related to information security field, and in particular to a kind of body based on FIDO U2F double factor fingerprint recognitions
Part Verification System.
Background technology
High speed development and popularization with Internet technology, particularly various smart machines such as smart mobile phone, flat board pad
And various wearable devices are advanced by leaps and bounds, people are also being faced with increasingly while more intelligence and convenient life is enjoyed
Serious user profile leakage problem.And current internet is verified with Internet of Things online identity and account authenticates some exposed peaces
Full risk problem is as follows:
1. account password centralised storage, once server database is attacked, password and data message are all revealed;
It is not easy to remember into user 2. the complexity of password is shone, and a chain of leakage easily occurs;
3. it is not easy to the use of intelligent movable equipment.
With the popularization of mobile phone and smart machine, OTP token technology is increasingly becoming another conventional user's checking
Mode.OTP, also known as full name One Time Password, disposal password or dynamic password, is used only once and certain
In time limit effectively.Its typical case scene is that backstage authentication system sends 6 or 8 random OTP passwords in the form of short message
Onto user mobile phone, user is in login or transaction authentication, and after inputting traditional static password, while it is close to input this dynamic
Code, so that it is guaranteed that the security of system identity checking.But OTP design premises are only when customer transaction terminal and OTP receive hand
Machine just can guarantee that safe enough when must be two different mobile phones.Therefore, when most users are same using only a mobile phone
When complete transaction with authentication when, the technology does not ensure that user information safety, can not be applied to mobile Internet
Authentication application.
The content of the invention
The purpose of this utility model is according in place of above-mentioned the deficiencies in the prior art, there is provided one kind based on FIDO U2F it is double because
The identity authorization system of sub- fingerprint recognition, by combining U2F agreements and fingerprint identification technology, realize one kind has the system
Identity authorization system easy to use and high security.
The utility model purpose is realized and completed by following technical scheme:
A kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions, the identity authorization system include passing through
The public key management server and fingerprint U2F equipment of data link connection;The fingerprint U2F equipment include fingerprint recognition module,
Private key management chip and communication part;The fingerprint recognition module and the communication part connect the Private key management respectively
Chip.
The fingerprint U2F equipment also includes power supply, and the power supply connects the fingerprint recognition module, the Private key management core
Piece and the communication part.
The fingerprint recognition module is made up of the fingerprint sensor and algorithm chip being connected with each other.
The communication part is one or more combinations in USB interface, bluetooth module and NFC modules.
The data link includes user terminal, and the user terminal is connected by internet and the public key management server
Connect, the fingerprint U2F equipment is connected by the communication component with the user terminal.
The user terminal is computer or mobile phone.
The Private key management chip is safety chip.
The utility model has the advantages that:
1. user no longer needs to remember substantial amounts of complicated password, conventional cipher is mainly used in user and logs in use, do not determine
Transaction security height;
2. password can simplify:User pacifies even if only also not interfering with final transaction using 4 simple passwords
Entirely;
3. the FIDO U2F checkings equipment based on fingerprint identification technology, which can be multiple websites or service simultaneously, carries out strong safety
Authentication service.
Brief description of the drawings
Fig. 1 is the structured flowchart of the utility model identity authorization system;
Fig. 2 is the structured flowchart of fingerprint U2F equipment in the utility model.
Embodiment
Feature of the present utility model and other correlated characteristics are made further specifically by embodiment below in conjunction with accompanying drawing
It is bright, in order to the understanding of technical staff of the same trade:
Such as Fig. 1-2, mark 1-11 is respectively in figure:Public key management server 1, fingerprint U2F equipment 2, fingerprint recognition module
3rd, Private key management chip 4, communication part 5, user terminal 7, USB interface 8, bluetooth module 9, NFC modules 10, power supply 11.
Embodiment:As shown in figure 1, the present embodiment is specifically related to a kind of identity based on FIDO U2F double factor fingerprint recognitions
Verification System, the system include public key management server 1 and fingerprint U2F equipment 2;Fingerprint U2F equipment 2 is carried by user, public
Key management server 1 is remote server;Connected between fingerprint U2F equipment and public key management server 1 by data link.
As shown in Fig. 2 fingerprint U2F equipment 2 includes fingerprint recognition module 3, Private key management chip 4 and communication part 5;Refer to
Line identifies that module 3 and communication part 5 connect Private key management chip 4 respectively;Fingerprint recognition module 3 is passed by the fingerprint being connected with each other
Sensor and algorithm chip composition;Fingerprint recognition module 3 is used to gather and identify the finger print data of user;Private key management chip 4
For generating and storing the public private key pair based on rivest, shamir, adelman;Private key management chip 4 is safety chip, and it has hardware
Independent safe unit.
As shown in Figure 1, 2, data link includes user terminal 7, and user terminal 7 is computer or mobile phone in the present embodiment;
User terminal 7 is connected by internet with public key management server 1, and fingerprint U2F equipment 2 passes through communication part 5 and user terminal
Connection;By data link, the public key that fingerprint U2F equipment 2 can be generated is sent to public key management server 1;Used in checking
During the identity of family, public key management server 1 can send data to be signed by data link to fingerprint U2F equipment 2;Fingerprint
U2F equipment 2 can be signed data to be signed using its internal private key preserved, and the data after signature are passed through into Data-Link
Pass public key management server 1 back in road.
As shown in Fig. 2 communication part includes USB interface 8, bluetooth module 9 and NFC modules 10 in the present embodiment;Fingerprint
U2F equipment 2 also includes power supply 11, and power supply 11 connects fingerprint recognition module 3, Private key management chip 4 and communication part 5;Power supply
11 are used for above-mentioned module and assembly power supply.
As shown in Figure 1, 2, it is necessary at this before application software or network application is logged in using fingerprint U2F equipment 2 first
Registered fingerprint U2F equipment 2 in application software or the public key management server 1 of network application, registration process comprises the following steps:
1)User is logged in application software or network application by original username and password, in the application software
Or in the case that U2F agreements are supported in network application, user initiates fingerprint U2F 2 notes as the second authentication factor of equipment
Volume application;
2)After application passes through, public key management server 1 will be by identification informations such as protocol name, Hostname and port numbers
The server HASH values of generation pass application software or the client of network application back, and Client-Prompt user is by fingerprint U2F equipment 2
It is connected to the user terminal of operation client(Computer or mobile phone);The server HASH values received are pushed to finger by client
Line U2F equipment 2;
3)Fingerprint U2F equipment 2 prompts user to make to press with finger fingerprint recognition module 3, when user presses fingerprint recognition mould
After group, the Private key management chip 4 in fingerprint U2F equipment 2 is according to step 2)In the server HASH values that receive should for current
A unique public private key pair is generated with software or network application and a private key indexes;And the public key and private key are indexed
Send to public key management server 1;Private key management chip 4 preserves the public private key pair and private key index of its generation simultaneously;
4)Public key management server 1 is verified after receiving public key and private key index to it;By public key after the completion of checking
And private key index is stored in database, and it is used as the second authentication key element during follow-up use.
As shown in Figure 1, 2, when user steps on the application registered by fingerprint U2F equipment 2 by existing username and password
After program or network application, whenever user carries out the operation of high safety attribute(As payment affirmation, user profile modification, file are repaiied
Change the operation such as deletion)When, it is necessary to carry out secondary identity authentication by fingerprint U2F equipment 2, secondary identity authentication includes following step
Suddenly:
1)Public key management server 1 passes through Data-Link by server HASH values and for the data to be signed of authentication
Road pushes to fingerprint U2F equipment 2;
2)Compared with the server HASH values that fingerprint U2F equipment 2 receives the server HASH values received when registration,
Next step operation is carried out when both are identical;When both are different, fingerprint U2F equipment 2 is not responding to;
3)Fingerprint U2F equipment 2 prompts user to make to press with finger fingerprint recognition module 3;User presses fingerprint recognition module
Afterwards, fingerprint U2F equipment 2 is authenticated to the fingerprint of user, when user finger print identifying by after, the basis of Private key management chip 4
Private key corresponding to the lookup of server HASH values, and the data to be signed received are signed using private key;After the completion of signature,
Fingerprint U2F equipment 2 sends the data by signature to public key management server 1;
4)Public key management server 1 is received after the data of signature, using the public key of its preservation to the number by signature
According to being decrypted;If successful decryption, user passes through secondary identity authentication;If decryption failure, user test not over secondary identity
Card.
Whole system framework, which employs, is divided into design, is formed by two layers:Upper strata is logical layer, is responsible for completing to assist based on U2F
The authentication of view;Lower floor is communication layers, is responsible for fingerprint U2F equipment 2 and user terminal 7(Such as computer or mobile device)Friendship
Mutually, and to upper strata shielded communication details.By layering with standard interface design, U2F agreements can simultaneously compatible communication,
Ensure that the cross-platform cross of agreement using ability.
The identity authorization system of the present embodiment can be used for plurality of application scenes, such as:Log in PC website clients end, log in shifting
Dynamic equipment website or APP, carry out the operation acknowledgement of the high security attribute of website or client on PC, move equipment online
Stand or the operation acknowledgement of the high security attribute of client, to carry out PC online tradings confirmations, the transaction moved in equipment true
Recognize.
The advantageous effects of the present embodiment are:
1. user no longer needs to remember substantial amounts of complicated password, conventional cipher is mainly used in user and logs in use, do not determine
Transaction security height;
2. password can simplify:User pacifies even if only also not interfering with final transaction using 4 simple passwords
Entirely;
3. the FIDO U2F checkings equipment based on fingerprint identification technology, which can be multiple websites or service simultaneously, carries out strong safety
Authentication service.
Claims (7)
- A kind of 1. identity authorization system based on FIDO U2F double factor fingerprint recognitions, it is characterised in that the authentication system System includes public key management server and the fingerprint U2F equipment connected by data link;The fingerprint U2F equipment includes fingerprint Identify module, Private key management chip and communication part;The fingerprint recognition module and the communication part connect institute respectively State Private key management chip.
- 2. a kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions according to claim 1, its feature Being the fingerprint U2F equipment also includes power supply, the power supply connect the fingerprint recognition module, the Private key management chip with And the communication part.
- 3. a kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions according to claim 1, its feature It is that the fingerprint recognition module is made up of the fingerprint sensor and algorithm chip being connected with each other.
- 4. a kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions according to claim 1, its feature One or more combinations in being USB interface, bluetooth module and NFC modules in the communication part.
- 5. a kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions according to claim 1, its feature It is that the data link includes user terminal, the user terminal is connected by internet with the public key management server, The fingerprint U2F equipment is connected by the communication part with the user terminal.
- 6. a kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions according to claim 5, its feature It is computer or mobile phone to be the user terminal.
- 7. a kind of identity authorization system based on FIDO U2F double factor fingerprint recognitions according to claim 1, its feature It is safety chip to be the Private key management chip.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201720833397.1U CN206962826U (en) | 2017-07-11 | 2017-07-11 | Identity authorization system based on FIDO U2F double factor fingerprint recognitions |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201720833397.1U CN206962826U (en) | 2017-07-11 | 2017-07-11 | Identity authorization system based on FIDO U2F double factor fingerprint recognitions |
Publications (1)
Publication Number | Publication Date |
---|---|
CN206962826U true CN206962826U (en) | 2018-02-02 |
Family
ID=61383432
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201720833397.1U Expired - Fee Related CN206962826U (en) | 2017-07-11 | 2017-07-11 | Identity authorization system based on FIDO U2F double factor fingerprint recognitions |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN206962826U (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110784395A (en) * | 2019-11-04 | 2020-02-11 | 航天信息股份有限公司 | Mail safety login method and system based on FIDO authentication |
CN111199049A (en) * | 2018-11-16 | 2020-05-26 | 浙江宇视科技有限公司 | File authority management method and device |
CN112069493A (en) * | 2019-06-10 | 2020-12-11 | 联阳半导体股份有限公司 | Authentication system and authentication method |
CN112597470A (en) * | 2021-01-22 | 2021-04-02 | 建投物联股份有限公司 | Intelligent safe biological secret treasure system |
-
2017
- 2017-07-11 CN CN201720833397.1U patent/CN206962826U/en not_active Expired - Fee Related
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111199049A (en) * | 2018-11-16 | 2020-05-26 | 浙江宇视科技有限公司 | File authority management method and device |
CN112069493A (en) * | 2019-06-10 | 2020-12-11 | 联阳半导体股份有限公司 | Authentication system and authentication method |
CN110784395A (en) * | 2019-11-04 | 2020-02-11 | 航天信息股份有限公司 | Mail safety login method and system based on FIDO authentication |
CN112597470A (en) * | 2021-01-22 | 2021-04-02 | 建投物联股份有限公司 | Intelligent safe biological secret treasure system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11405380B2 (en) | Systems and methods for using imaging to authenticate online users | |
US11068575B2 (en) | Authentication system | |
US20220058655A1 (en) | Authentication system | |
US20220191016A1 (en) | Methods, apparatuses, and computer program products for frictionless electronic signature management | |
CN108989346B (en) | Third-party valid identity escrow agile authentication access method based on account hiding | |
CN102088353B (en) | Two-factor authentication method and system based on mobile terminal | |
US9240886B1 (en) | Authentication adaptation | |
CN206962826U (en) | Identity authorization system based on FIDO U2F double factor fingerprint recognitions | |
CN104283886B (en) | A kind of implementation method of the web secure access based on intelligent terminal local authentication | |
CN103401880B (en) | The system and method that a kind of industrial control network logs in automatically | |
CN106488452B (en) | Mobile terminal safety access authentication method combining fingerprint | |
CN105591744A (en) | Network real-name authentication method and system | |
TWI632798B (en) | Server, mobile terminal, and network real-name authentication system and method | |
CN105184566A (en) | Work method of intelligent secret key equipment | |
CN104125230B (en) | A kind of short message certification service system and authentication method | |
CN106488453A (en) | A kind of method and system of portal certification | |
CN110290134A (en) | A kind of identity identifying method, device, storage medium and processor | |
CN104767617A (en) | Message processing method, system and related device | |
CN103024706A (en) | Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication | |
CN104469736B (en) | A kind of data processing method, server and terminal | |
CN110247758A (en) | The method, apparatus and code management device of Password Management | |
CN107612949A (en) | A kind of intelligent wireless terminal access authentication method and system based on radio-frequency fingerprint | |
TW201544983A (en) | Data communication method and system, client terminal and server | |
Kim et al. | Puf-based iot device authentication scheme on iot open platform | |
CN206962853U (en) | The identity authorization system without close fingerprint recognition based on FIDO UAF |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180202 Termination date: 20200711 |
|
CF01 | Termination of patent right due to non-payment of annual fee |