WO2016095555A1 - 一种多种子动态令牌的工作方法 - Google Patents
一种多种子动态令牌的工作方法 Download PDFInfo
- Publication number
- WO2016095555A1 WO2016095555A1 PCT/CN2015/087772 CN2015087772W WO2016095555A1 WO 2016095555 A1 WO2016095555 A1 WO 2016095555A1 CN 2015087772 W CN2015087772 W CN 2015087772W WO 2016095555 A1 WO2016095555 A1 WO 2016095555A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- seed data
- dynamic token
- flag
- dynamic
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2115—Third party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2153—Using hardware token as a secondary aspect
Definitions
- the invention relates to a working method of a plurality of sub-dynamic tokens, and belongs to the field of information security.
- a One-time Password is a safe and convenient account anti-theft technology.
- OTP One-time Password
- an unpredictable random number combination is generated as a password, and each password can be used only once.
- the user When the user performs authentication, in addition to inputting the account number and static password, the user must be required to input a dynamic password. Only through system authentication can the user log in or trade normally, thereby effectively ensuring the legality and uniqueness of the user identity.
- the biggest advantage of dynamic tokens is that the passwords used by users are different each time, so that criminals can not fake the identity of legitimate users.
- the dynamic password authentication technology is considered to be one of the most effective ways to solve the user's identity authentication method at present, which can effectively prevent the loss of the user's property or data caused by various network problems such as hacking Trojans stealing user account passwords and fake websites.
- the seed data in the current dynamic token is built in the dynamic token by the dynamic token manufacturer before the dynamic token is shipped from the factory. After the dynamic token is activated, the user is not allowed to update, and only for a single application. Not only brings inconvenience to the user's use, but also wastes hardware resources.
- the object of the present invention is to provide a method for working a plurality of sub-dynamic tokens, wherein the dynamic token can store and manage a plurality of seeds, and the user is convenient to use, and the reliability and security of the seed data are high.
- the present invention provides a method for working with a plurality of sub-dynamic tokens, the basic implementation process of which is as follows:
- Step S1) The dynamic token is powered on and initialized, the total interrupt is turned on, the system state is set to the first preset state, and the sleep mode is entered, waiting to be awakened;
- Step S2 the dynamic token is awakened when detecting an interrupt, enters an interrupt processing flow, and after the end of the interrupt processing flow, step S3 is performed;
- the interrupt processing procedure includes: the dynamic token determines whether the button interrupt flag is set, and if the button wake-up flag is set, resetting the button interrupt flag, the interrupt processing flow ends, otherwise the interrupt processing flow ends, wherein, when When the button of the dynamic token is pressed, the button interrupt is triggered, and the button interrupt flag is set;
- Step S3 The dynamic token checks the button wake-up flag. If the button wake-up flag is set, the button processing flow is entered. After the button processing flow ends, the sleep mode is re-entered, waiting to be awakened, returning. Step S2;
- the button processing flow includes:
- Step a) the dynamic token acquires a key value, determines a key value and a system state, and when the key value is the first preset key value and the system state is the first preset state, performing step b; when the key value is the second pre- Step c is performed when the key value is set and the system state is the second preset state; step d is performed when the key value is the second preset key value and the system state is the third preset state; and when the key value is the second preset key Step e is performed when the value is the fifth preset state, and step f is performed when the key value is the third preset key value and the system state is the second preset state; when the key value is the third preset key value and Step g is performed when the system state is the third preset state; otherwise, step h is performed;
- Step c) The dynamic token determines an operation selected by the user according to the function menu index. If the operation selected by the user is to generate a password, the seed data menu is displayed, the seed menu index is initialized, and the system state is set to a third preset state. Step h is performed. If the operation selected by the user is to write seed data, the pre-stored dynamic token serial number is obtained and displayed. Show, set the system state to the fifth preset state, and perform step h;
- Step d) The dynamic token reads the seed data corresponding to the seed menu index stored in the dynamic token, generates a dynamic password according to the read seed data, and displays the system state as a sixth preset. Status, step h;
- Step e) The dynamic token collects light sensing data, and determines whether the serial number in the collected light sensing data matches the pre-stored dynamic token serial number, and if yes, stores the seed data in the collected light sensing data. And generating a dynamic password according to the newly stored seed data, displaying, setting the system state to the sixth preset state, performing step h, if not, clearing the collected light sensing data, and acquiring the pre-stored dynamic token serial number And displaying, setting the system state to the fifth preset state, performing step h;
- Step f) the dynamic token updates the function menu index, performing step h;
- Step g) the dynamic token updating the seed menu index, performing step h;
- Step h The dynamic token resets the button wake-up flag, and the button processing flow ends.
- the step c may further include: if the operation selected by the user is to update the seed data, the dynamic token displays the seed data menu, initializes the seed menu index, sets the system state to the fourth preset state, and performs steps. h;
- the method when the operation selected by the user is to write the seed data, the method further includes: setting the added seed data flag;
- the step a further includes: when the key value is the second preset key value and the system state is the fourth preset state, the dynamic token acquires a pre-stored dynamic token serial number and displays, and sets The system state is a fifth preset state, the adding the seed data flag is reset, and step h is performed; when the key value is the third preset key value and the system state is the fourth preset state, updating the seed menu index , performing step h;
- the storing the seed data in the collected light sensing data specifically includes: checking the added seed data flag, and storing the collected light sensing data if the added seed data flag is set The seed data, if the added seed data flag is not set, replaces the seed data corresponding to the seed menu index with the seed data in the collected light sensing data.
- the step c may further include: if the operation selected by the user is to delete the seed data, displaying the seed data menu, initializing the seed menu index, setting the system state to the tenth preset state, and performing step h;
- the step a further includes: when the key value is the second preset key value and the system state is the tenth preset state, the dynamic token deletes the seed corresponding to the seed menu index.
- the step e may be replaced by: the dynamic token collects the light sense data, and determines whether the serial number in the collected light sense data matches the pre-stored dynamic token serial number, and if it matches, the display is collected.
- the application information in the light sense data is set to the seventh preset state, and step h is performed. If not, the collected light sense data is cleared, the pre-stored dynamic token serial number is obtained and displayed, and the system state is set. For the fifth preset state, performing step h;
- the step a further includes: when the key value is the second preset key value and the system state is the seventh preset state, the dynamic token stores the seed in the collected light sensing data. Data, generating a dynamic password according to the obtained seed data and displaying, setting the system state to the sixth preset state, and performing step h.
- the determining whether the serial number in the collected light sensing data matches the pre-stored dynamic token serial number may further include: determining whether to collect If the acquisition is completed, it is determined whether the serial number in the collected light sensing data matches the pre-stored dynamic token serial number; if the acquisition is not completed, it is determined whether the acquisition timeout is received, and if the collection timeout is stopped, the light sensing data is stopped, prompting The seed data is timed out, the pre-stored dynamic token serial number is obtained and displayed, the system state is set to the fifth preset state, step h is performed, and the light sensing data is continuously collected if the acquisition does not time out.
- the method before the collecting the light sensing data, further includes: setting the system state to an eighth preset state; after the collecting the light sensing data, determining the collected light sensing data Before the sequence number is matched with the pre-stored dynamic token serial number, the method further includes: determining whether the acquisition is completed, and determining whether the serial number in the collected light-sensing data matches the pre-stored dynamic token serial number; If the acquisition is not completed, it is determined whether the system state is the ninth preset state. If yes, the collection of the light sense data is stopped, the prompting that the seed data has been cancelled, the pre-stored dynamic token serial number is obtained, and the system state is set as described. In the fifth preset state, step h is performed, otherwise the light sensing data is continuously collected;
- the set button wakes up the flag, and further includes: determining a system state, and acquiring the system state if the system state is the eighth preset state Determining a key value, when the key value is the first preset key value, setting a system state to a ninth preset state, the interrupt processing flow ends, when the key value is not the first preset key value, The interrupt processing flow ends; if the system state is not the eighth preset state, the button wake-up flag is set.
- the method may further include: when the key value is the first preset key value and the system state is the third, fourth or sixth preset state, displaying the function menu, initializing the function menu index And setting the system state to the second preset state, performing step h; setting the system state to the first preset state when the key value is the fourth preset key value, and the system state is not the first preset state, and performing the step h.
- the method may further include: acquiring the collected light sensing data.
- the dynamic password displays the number of bits, and stores the obtained dynamic password display digits corresponding to the obtained seed data;
- the generating a dynamic password according to the newly stored seed data, and displaying specifically: generating a dynamic password according to the newly stored seed data, and then dynamically generating the generated data according to the latest stored dynamic password display digits.
- Password showing the data obtained by interception;
- step d the generating a dynamic password according to the read seed data, and displaying, specifically: generating a dynamic password according to the read seed data, corresponding to the read seed data stored in the dynamic token
- the dynamic password display digits intercept the generated dynamic password and display the intercepted data.
- the method may further include: determining whether the RTC interrupt flag is set, and setting the RTC wake-up flag to reset the RTC interrupt flag.
- the interrupt processing flow ends, otherwise the interrupt processing flow ends; wherein, when the RTC interrupt is triggered, the RTC interrupt flag is set;
- step S3 is replaced by: the dynamic token determines whether there is a wake-up flag that is set, and if there is a wake-up flag that is set, the RTC wake-up flag and the button wake-up flag are sequentially checked, if When the button wake-up flag is set, the button processing flow is entered. After the button processing flow ends, step S3 is re-executed. If the RTC wake-up flag is set, the RTC processing flow is entered, and the RTC is executed. After the processing flow ends, step S3 is re-executed; if there is no wake-up flag set, the dynamic token enters a sleep mode, waits for being awakened, and returns to step S2;
- the RTC processing flow includes:
- Step X1) The dynamic token decrements the number of RTC interrupts, determines whether the RTC interrupt number is a preset number of times, if yes, resets the RTC wake-up flag, and performs step X2; otherwise, step X2 is performed;
- Step X2 The dynamic token increments the first parameter and the second parameter, respectively, to determine whether the first parameter and the second parameter reach a corresponding threshold, and if the first parameter reaches a threshold of the first parameter, And setting the first parameter to be an initial value thereof, updating a first time factor stored in the dynamic token, and if the second parameter reaches a threshold of the second parameter, setting the second parameter to The initial value, the second time factor stored in the dynamic token is updated, and then step X3 is performed; if the first parameter and the second parameter do not reach the corresponding threshold, step X3 is directly executed;
- Step X3) The dynamic token updates the calibration count value, determines whether the first parameter is equal to the preset value, and if yes, performs step X4; otherwise, the RTC processing flow ends;
- Step X4) The dynamic token determines whether it is necessary to calibrate the first parameter and the second parameter according to the calibration count value and a calibration value stored in the dynamic token, and according to the calibration Updating the first parameter, the second parameter, and the calibration count value by the value and the calibration count value, the RTC processing flow ends, otherwise the RTC processing flow ends;
- the method further includes: acquiring dynamic token mode information from the collected light sensing data, If the obtained dynamic token mode information is an event type, the obtained dynamic token mode information is stored corresponding to the acquired seed data, and an event factor corresponding to the acquired seed data is set, and if obtained, The dynamic token mode information is the first time mode or the second time mode, and the obtained dynamic token mode information is stored corresponding to the obtained seed data;
- the generating a dynamic password according to the newly stored seed data includes: checking the newly stored dynamic token mode information, and if it is an event mode, generating according to the newly stored seed data and the newly set event factor. a dynamic password, if it is the first time mode, generating a dynamic password according to the newly stored seed data and the first time factor in the dynamic token, and if it is the second time mode, according to the newly stored seed data and the The second time factor in the dynamic token generates a dynamic password;
- the generating a dynamic password according to the read seed data includes: checking dynamic token mode information corresponding to the read seed data stored in the dynamic token, if the event is an event a mode, the dynamic password is generated according to the read seed data and an event factor corresponding to the read seed data stored in the dynamic token, and if it is the first time mode, according to the read seed data and The first time factor in the dynamic token generates a dynamic password, and if it is the second time mode, generates a dynamic password according to the read seed data and a second time factor in the dynamic token;
- the method further includes: updating the newly set event factor;
- the method further includes: updating an event corresponding to the read seed data factor;
- the RTC processing flow further includes: detecting whether the dynamic token is opened, and clearing the sensitive data stored in the dynamic token when the dynamic token is detected to be opened, and setting the open flag Wherein the sensitive data includes seed data;
- the method further includes: checking whether the open shell flag is set, and prompting that the dynamic token has self-destructed, performing step h, otherwise displaying a function menu;
- the method further includes: checking a system state, if the system state is the first preset state, the RTC processing flow ends, and if the system state is not the first preset state, decrementing the automatic shutdown time If the automatic shutdown time is equal to the preset time, the display is powered off, the system state is set to the first preset state, and the RTC processing flow ends, if the automatic shutdown time is not equal to the preset Time, the RTC processing flow ends;
- the method further includes: resetting the automatic shutdown time;
- the dynamic password is generated and displayed according to the newly stored seed data, and the method further includes: obtaining the seed data validity period from the collected light sensing data, And storing the obtained seed data validity period corresponding to the obtained seed data;
- the method further includes: checking whether the various sub-data is based on the validity period of the seed data corresponding to the various sub-data stored in the dynamic token. Expiration, and update the seed data validity period corresponding to the unexpired seed data, and set the seed data invalidation flag corresponding to the expired seed data;
- the method further includes: checking whether the seed data invalidation flag corresponding to the read seed data is set, if yes, prompting the seed data to be invalid, and performing step h ,no Generating a dynamic password based on the read seed data;
- the dynamic token determines whether the first parameter and the second parameter need to be calibrated according to the calibration count value and a calibration value pre-stored in the dynamic token, and specifically includes: determining the dynamic token Whether the result of the AND operation of the calibration value and 0x7F is less than the calibration count value, and the first parameter and the second parameter need to be calibrated, otherwise the first parameter and the first parameter are not required.
- the updating the first parameter, the second parameter, and the calibration count value according to the calibration value and the calibration count value specifically includes: updating the calibration count value to its current value minus the calibration a value, checking a highest bit of the calibration value, if the highest bit of the calibration value is 1, updating the first parameter to decrease its current value by 1, and updating the second parameter to decrease its current value by 1; The highest bit of the calibration value is 0, then the first parameter is updated to add 1 to its current value, and the second parameter is updated to add 1 to its current value.
- the method further comprises: determining whether the tooling communication interruption flag is set, and setting the tooling communication wake-up flag to reset the tooling communication interruption. Marking, the interrupt processing flow ends, otherwise executing the determining whether the key interrupt flag is set; wherein, when the dynamic token receives the communication data sent by the tooling, triggering the tooling communication interruption, the tooling communication interruption flag is Position;
- step S3 is replaced by: the dynamic token determines whether there is a wake-up flag that is set, and if there is a wake-up flag that is set, the tooling communication wake-up flag and the button wake-up flag are sequentially checked, if the tooling When the communication flag is set, the tooling communication processing flow is entered. After the tooling communication processing flow ends, step S3 is re-executed. If the button wake-up flag is set, the key processing flow is entered, and the button is pressed. After the processing flow ends, step S3 is re-executed, if there is no wake-up flag set, the dynamic token enters the sleep mode, waits for being awakened, and returns to step S2;
- the tooling communication processing flow includes:
- Step Y1) closing the total interrupt, determining whether the currently received data is the wake-up signal sent by the tooling, and returning the handshake signal to the tooling, continuing to receive the communication data sent by the tooling, and performing step Y2; otherwise, performing the step Y3;
- Step Y2) determining the type of the currently received data, if the command to obtain the token hardware information, obtaining the random number in the acquiring token hardware information command, saving the random number, and returning the obtained random number For the tooling, step Y3 is performed. If it is another tooling command, the received tooling command is decrypted according to the random number stored in the dynamic token, the decrypted command is executed, and the execution result is returned to the tooling. Go to step Y3, otherwise go to step Y3;
- Step Y3 setting the tooling communication wake-up flag to enable the total interruption, and the tooling communication processing flow ends.
- a user can implement burning of seed data into a dynamic token by operating a dynamic token, and updating seed data in the dynamic token.
- the dynamic token can store and manage a plurality of seeds.
- the dynamic password can be generated by using the corresponding seed data according to the user's selection, which is convenient for the user to use, and the unique identifier and seed of the dynamic token. Binding between data ensures the reliability and security of seed data.
- FIG. 1 is a flowchart of key processing in a working method of multiple sub-dynamic tokens according to Embodiment 1 of the present invention
- FIG. 2 is a flowchart of a working method of multiple sub-dynamic tokens according to Embodiment 2 of the present invention
- Embodiment 3 is a flowchart of an interrupt processing procedure provided in Embodiment 2 of the present invention.
- FIG. 4 is a flowchart of a tooling communication processing flow provided in Embodiment 2 of the present invention.
- FIG. 5 is a flowchart of an RTC processing flow provided in Embodiment 2 of the present invention.
- FIG. 6 is a flowchart of a button processing procedure according to Embodiment 2 of the present invention.
- Embodiment 1 of the present invention provides a working method for a plurality of sub-dynamic tokens, where the method specifically includes:
- Step S1 The dynamic token is powered on and initialized, the total interrupt is turned on, the system state is set to the first preset state, and the sleep mode is entered, waiting to be awakened;
- Step S2 the dynamic token is awakened when detecting an interrupt, enters an interrupt processing flow, and after the interrupt processing flow ends, step S3 is performed;
- the interrupt processing procedure includes: the dynamic token determines whether the button interrupt flag is set, and if the button wake-up flag is set, resetting the button interrupt flag, the interrupt processing flow ends, otherwise the interrupt processing flow ends, wherein, when When the button of the dynamic token is pressed, the button interrupt is triggered, and the button interrupt flag is set;
- Step S3 The dynamic token checks the button wake-up flag. If the button wake-up flag is set, the button processing flow is entered. After the button processing flow ends, the sleep mode is re-entered, waiting to be awakened, returning. Step S2;
- the button processing flow is as shown in FIG. 1 , and specifically includes:
- Step 11 The dynamic token acquires a key value, determines a key value, and a system state.
- step 12 is performed;
- step 13 is performed when the key value is set and the system state is the second preset state;
- step 16 is performed;
- step 16 is performed;
- step 17 when the value of the system is the fifth preset state;
- step 20 when the key value is the third preset key value and the system state is the second preset state; and when the key value is the third preset key value and Step 21 is performed when the system state is the third preset state; otherwise, step 22 is performed;
- Step 12 The dynamic token display function menu, initialize the function menu index, set the system state to the second preset state, and perform step 22;
- Step 13 The dynamic token determines the operation selected by the user according to the function menu index. If the operation selected by the user is to generate a password, step 14 is performed. If the operation selected by the user is to write the seed data, step 15 is performed;
- Step 14 The dynamic token displays a seed data menu, initializes a seed menu index, sets a system state to a third preset state, and performs step 22;
- Step 15 The dynamic token acquires a pre-stored dynamic token serial number and displays it, sets the system state to a fifth preset state, and performs step 22;
- Step 16 The dynamic token reads the seed data corresponding to the seed menu index stored in the dynamic token, generates a dynamic password according to the read seed data, and displays the system state as a sixth preset. State, go to step 22;
- Step 17 The dynamic token collects the optical sensation data, and determines whether the serial number in the collected optical sensation data matches the pre-stored dynamic token serial number. If yes, go to step 18. If not, go to step 19. ;
- Step 18 The dynamic token stores the seed data in the collected light-sensing data, generates a dynamic password according to the newly stored seed data, and displays, sets the system state to the sixth preset state, and performs step 22;
- Step 19 The dynamic token clears the collected light sense data, obtains the pre-stored dynamic token serial number and displays it, sets the system state to the fifth preset state, and performs step 22;
- Step 20 The dynamic token updates the function menu index, and step 22 is performed;
- Step 21 The dynamic token updates the seed menu index, step 22 is performed;
- Step 22 The dynamic token resets the button wake-up flag, and the button processing flow ends.
- the method further includes: when the key value is the first preset key value and the system state is the third, fourth or sixth preset state, the dynamic token display function menu Initializing the function menu index, setting the system state to the second preset state, performing step 22; setting the system state to the first pre-preparation when the key value is the fourth preset key value and the system state is not the first preset state Set the status and go to step 22.
- One or more of the first preset key value, the second preset key value, the third preset key value, and the fourth preset key value correspond to one physical button.
- the dynamic token obtains a corresponding key value by using a physical button;
- the dynamic token passes the physical button and/or Press the button mode (such as long press, short press, etc.) to get the corresponding key value.
- the order of determining the key value and determining the state of the system is not limited.
- the purpose of the present invention can be achieved by first determining the key value or first determining the system state.
- the key value is determined first.
- An example provides a working method for a plurality of sub-dynamic tokens. As shown in FIG. 2, the method specifically includes:
- Step 101 Initialize the dynamic token power-on, open the total interrupt, set the system state to the first preset state, enter the sleep mode, and wake up when the interrupt is detected, and perform step 102.
- the interrupt includes: tooling communication interruption, RTC interruption, and key interruption.
- Step 102 The dynamic token enters the interrupt processing flow for interrupt processing, and sets the corresponding wake-up flag according to the interrupt type. After the interrupt processing flow ends, step 103 is performed;
- the interrupt processing process is as shown in FIG. 3, and specifically includes:
- Step A1 determining whether the tooling communication interruption flag is set, if yes, executing step A2, otherwise performing step A3;
- Step A2 reset the tooling communication interrupt flag, set the tooling communication wake-up flag, and the interrupt processing flow ends;
- Step A3 determining whether the button interrupt flag is set, if yes, executing step A4, otherwise performing step A8;
- Step A4 determining whether the system state is the eighth preset state, if yes, executing step A5, otherwise performing step A7;
- Step A5 Acquire a key value, determine whether it is the first preset key value, if yes, execute step A6, otherwise the interrupt processing flow ends;
- Step A6 setting the system state to the ninth preset state, and the interrupt processing flow ends
- Step A7 reset the button interrupt flag, set the button wake-up flag, and the interrupt processing flow ends;
- Step A8 determining whether the RTC interrupt flag is set, if yes, executing step A9, otherwise the interrupt processing flow ends;
- Step A9 Reset the RTC interrupt flag, update the RTC interrupt count, set the RTC wake-up flag, and the interrupt processing flow ends.
- the communication interruption when the token receives the communication data sent by the tooling, the communication interruption is triggered, the communication interruption flag is set, and when the button of the token is pressed, the button is interrupted, the key interrupt flag is set, and the RTC is interrupted. Trigger once per second, when the RTC interrupt is triggered, the RTC interrupt flag is set.
- Step 103 The dynamic token determines whether there is a wake-up flag that is set, if yes, step 104 is performed; otherwise, the dynamic token enters a sleep mode, and when the interrupt is detected, it is awakened, and returns to step 102;
- Step 104 The dynamic token sequentially checks each wake-up flag. If the tooling communication wake-up flag is set, step 105 is performed. If the RTC wake-up flag is set, step 106 is performed, and if the button wake-up flag is set, the step is performed. 107;
- the wake-up flag described in the second embodiment includes: a tooling communication wake-up flag, an RTC wake-up flag, and a button wake-up flag.
- the dynamic token sequentially checks each wake-up according to the tooling communication wake-up flag, the RTC wake-up flag, and the button wake-up flag. Sign.
- Step 105 The dynamic token enters the tooling communication processing flow, and after the tooling communication processing flow ends, the process returns to step 103;
- the dynamic token entering the tooling communication processing flow is as shown in FIG. 4, and specifically includes the dynamic token performing the following operations:
- Step B1 closing the total interrupt, determining whether the currently received data is a wake-up signal sent by the tooling, if yes, executing step B2, otherwise performing step B9;
- Step B2 returning a handshake signal to the tooling, and continuing to receive the communication data sent by the tooling;
- Step B3 determining whether the length of the data in the currently received data is greater than a preset length, if yes, executing step B9, otherwise performing step B4;
- the preset length is 50 bytes.
- Step B4 continue to receive communication data sent by the tooling according to the length of the data
- Step B5 Verify that the currently received data is correct, if yes, go to step B6, otherwise go to step B9;
- Step B6 determining the type of data currently received, if it is a preset tooling command, executing step B7, if it is another tooling command, executing step B8, otherwise executing step B9;
- the preset tooling command described in the second embodiment of the present embodiment is a command to acquire a token hardware information sent by the tooling.
- Step B7 Obtain a random number in the preset tooling command, save the obtained random number, and return the obtained random number to the tool, and perform step B9;
- Step B8 Decrypt the received tooling command according to the random number stored in the token, execute the decrypted command, and return the execution result to the tooling, and execute step B9;
- the other tooling commands include: a write time factor command; and the executing the write time factor command after the decryption, specifically comprising: storing a time factor in the write time factor command, the time factor including the first time factor and the second Time factor.
- Step B9 reset the tooling communication wake-up flag, enable the total interrupt, and the tooling communication processing flow ends.
- Step 106 The dynamic token enters the RTC processing flow, and returns to step 103 after the end of the RTC processing flow;
- the dynamic token enters the RTC processing flow as shown in FIG. 5, which specifically includes the dynamic token performing the following operations:
- Step C1 Decrement the number of RTC interruptions
- step C1 of this embodiment the number of times of decrementing the RTC interrupt is specifically to update the number of RTC interrupts to be the current number of times minus 1;
- Step C2 determining whether the number of RTC interruptions is a preset number of times, if yes, performing step C3, otherwise performing step C4;
- the preset number of times is 0 times.
- Step C3 reset the RTC wakeup flag, and perform step C4;
- Step C4 incrementing the first parameter and the second parameter
- the initial values of the first parameter and the second parameter are both 0, and the incrementing the first parameter and the second parameter are specifically: updating the first parameter to add 1 to its current value, and updating the second parameter to its current value. plus 1;
- Step C5 determining whether the first parameter reaches the threshold of the first parameter, if yes, executing step C6, otherwise performing step C7;
- the threshold of the first parameter is 30.
- Step C6 setting the first parameter to its initial value, incrementing the first time factor, and performing step C7;
- the increasing the first time factor is specifically updating the first time factor to increase its current value by one;
- Step C7 determining whether the second parameter reaches the threshold of the second parameter, if yes, executing step C8, otherwise performing step C9;
- the threshold of the second parameter is 60.
- Step C8 setting the second parameter to its initial value, incrementing the second time factor, and performing step C9;
- the increasing the second time factor is specifically updating the second time factor to increase its current value by one;
- Step C9 incrementing the calibration count value
- the incremental calibration count value is specifically that the updated calibration count value is increased by 1;
- Step C10 determining whether the first parameter is equal to the preset value, if yes, executing step C11, otherwise performing step C13;
- the preset value is 15;
- Step C11 judging whether it is necessary to calibrate the first parameter and the second parameter according to the calibration count value and the calibration value stored in the token, if yes, step C12 is performed, otherwise step C13 is performed;
- the step C11 specifically includes: determining whether the calibration value &0x7F is smaller than the calibration count value, if the calibration of the first parameter and the second parameter is required, performing step C12, otherwise the first parameter and the second parameter are not required. Perform calibration and perform step C13.
- Step C12 The first parameter and the second parameter are calibrated according to the calibration value and the calibration count value, and the calibration count value is updated, and step C13 is performed;
- the update calibration count value is the current value minus the calibration value, and the highest value of the calibration value is checked. If the highest value of the calibration value is 1, the first parameter is calibrated to its current value minus 1, and the second value is The parameter calibration is decremented by 1 for its current value. If the highest bit of the calibration value is 0, the first parameter is calibrated to its current value plus one, and the second parameter is calibrated to its current value plus one.
- Step C13 detecting whether the token is unpacked, if yes, proceeding to step C14, otherwise performing step C15;
- Step C14 Clearing the sensitive data stored in the token, setting the open flag, and ending the RTC processing flow;
- Step C15 Check the system status, if it is the first preset state, the RTC processing flow ends, otherwise step C16 is performed;
- Step C16 Decrement the automatic shutdown time, determine whether the automatic shutdown time is the preset time, if yes, execute step C17, otherwise the RTC processing flow ends;
- the decrement automatic shutdown time is specifically that the update automatic shutdown time is reduced by 1 for the current time, and the preset time is 0;
- Step C17 Power off the display, set the system state to the first preset state, and the RTC processing flow ends.
- the sensitive data described in the second embodiment is data that requires confidentiality and brings security risks once it is illegally acquired, including all seed data and the like.
- Step 107 The dynamic token enters the button processing flow, and after the button processing flow ends, the process returns to step 103;
- the dynamic token entry button processing flow is as shown in FIG. 6, and specifically includes the dynamic token performing the following operations:
- Step D0 obtaining a key value, determining whether the key value is valid, if yes, performing step D1, otherwise performing step D32;
- Step D1 reset the automatic shutdown time, check the key value, if it is the first preset key value, perform step D2, if it is the second preset key value, perform step D8, if it is the third preset key value, perform the step D29, otherwise step D32;
- Step D2 counting the time when the button is pressed, determining whether the time when the button is pressed exceeds the preset duration, if yes, executing step D3, otherwise performing step D5;
- step D2 includes:
- Step i Initialize the count value of the timer, turn on the timer to start timing
- the count value of the initialization timer is 0;
- Step ii determining whether the count value of the timer reaches a preset duration, if the button is pressed for more than the preset duration, the timer is turned off, step D3 is performed, otherwise step iii is performed;
- the preset duration is 1 second
- Step iii Determine whether the button state is pressed, if yes, return to step ii, otherwise the button is pressed for less than the preset duration, the timer is turned off, and step D5 is performed.
- Step D3 Check the system status, if it is the first preset state, execute step D32, otherwise perform step D4;
- Step D4 power off the display, set the system state to the first preset state, and perform step D32;
- Step D5 Check the system status. If it is the first preset state, execute step D6. If it is the third, fourth, fifth, sixth, seventh or tenth preset state, execute step D7, otherwise execute Step D32;
- Step D6 power on the display, set the system state to the second preset state, initialize the function menu index, write the function menu to the display buffer area, and identify the selected function item according to the function menu index, and perform step D32;
- Step D7 setting the system state to the second preset state, initializing the function menu index, and writing the function menu to the display Cache area, and according to the function menu index to identify the selected function item, step D32;
- the function menu includes generating a password entry, updating a seed entry, and adding a seed entry.
- Step D8 Checking the system status, if it is the second preset state, executing step D9, if it is the third preset state, executing step D14, if it is the fourth preset state, performing step D15, if it is the fifth preset state Step D16 is performed, if it is the sixth preset state, step D24 is performed, if it is the seventh preset state, step D25 is performed, if it is the tenth preset state, step D28 is performed, otherwise step D32 is performed;
- Step D9 Determine the selected function entry according to the function menu index. If the password entry is generated, step D10 is performed. If the seed entry is updated, step D11 is performed. If the seed entry is added, step D12 is performed, and if the seed entry is deleted, Go to step D13, otherwise go to step D32;
- Step D10 setting the system state to the third preset state, initializing the seed menu index, writing the seed menu to the display buffer area, and identifying the selected seed entry according to the seed menu index, performing step D32;
- the seed menu includes application information corresponding to various sub-data stored in the dynamic token.
- Step D11 setting the system state to the fourth preset state, initializing the seed menu index, writing the seed menu to the display buffer area, and identifying the selected seed entry according to the seed menu index, performing step D32;
- Step D12 The pre-stored serial number in the dynamic token is written into the display buffer area, the system state is set to the fifth preset state, the seed data flag is set, and step D32 is performed;
- Step D13 setting the system state to the tenth preset state, initializing the seed menu index, writing the seed menu to the display buffer area, and identifying the selected seed entry according to the seed menu index, performing step D32;
- Step D14 Searching the corresponding seed data stored in the dynamic token according to the seed menu index, generating a dynamic password according to the found seed data and the dynamic factor stored in the dynamic token, and writing the generated dynamic password into the display buffer area, and setting The system state is the sixth preset state, and step D32 is performed;
- Step D15 Write the sequence number pre-stored in the dynamic token into the display buffer area, set the system state to the fifth preset state, reset the add seed data flag, and perform step D32;
- Step D16 setting the system state to the eighth preset state, and performing step D17;
- Step D17 collecting the light sense data, indicating that the light sense data is being collected, determining whether the light sense data is collected, if yes, performing step D18, otherwise performing step D21;
- Step D18 determining whether the serial number in the collected light sense data matches the serial number pre-stored in the dynamic token, if yes, proceed to step D19, otherwise perform step D20;
- step D18 is specifically: determining whether the serial number in the collected light sensing data is consistent with the serial number stored in the dynamic token. If yes, step D19 is performed; otherwise, step D20 is performed.
- Step D19 setting the system state to the seventh preset state, writing the application information in the collected light sensing data into the display buffer area, prompting the user to confirm, and performing step D32;
- Step D20 Clear the collected light sense data, prompt the seed data to be written incorrectly, write the pre-stored serial number in the dynamic token into the display buffer area, set the system state to the fifth preset state, and perform step D32;
- Step D21 determining whether the acquisition is timed out, or the system state is the ninth preset state, if the acquisition timeout, step D22 is performed, if the system state is the ninth preset state, step D23 is performed, otherwise returning to step D16;
- Step D22 Clear the collected light sense data, prompt the seed data to be programmed to time out, write the pre-stored serial number in the dynamic token to the display buffer area, set the system state to the fifth preset state, and perform step D32;
- Step D23 Clear the collected light sense data, prompting that the seed data has been canceled, writing the pre-stored serial number in the dynamic token to the display buffer area, setting the system state to the fifth preset state, and performing step D32;
- Step D24 setting the system state to the second preset state, initializing the function menu index, writing the function menu to the display buffer area, and identifying the selected function item according to the function menu index, performing step D32;
- Step D25 determining whether the added seed data flag is set, if yes, proceeding to step D26, otherwise performing step D27;
- Step D26 storing seed data in the collected light sensing data, and applying the collected information in the light sensing data. Adding to the seed menu, generating a dynamic password according to the newly stored seed data and the dynamic factor stored in the dynamic token, writing the generated dynamic password into the display buffer area, setting the system state to the sixth preset state, executing step D32;
- step D26 may further include: increasing the number of seeds, and correspondingly, in the second embodiment, each time the function menu is written into the output buffer area, the number of seeds is checked, and if the number of seeds reaches the maximum value, The function menu is written to the output buffer except for the addition of the seed entry. If the number of seeds does not reach the maximum value, the entire contents of the function menu are written to the output buffer.
- Step D27 replacing the seed data corresponding to the seed menu index with the seed data in the collected light sensing data, and generating a dynamic password according to the newly stored seed data and the dynamic factor stored in the dynamic token, and generating the dynamic password.
- Write the display buffer area set the system state to the sixth preset state, and perform step D32;
- Step D28 deleting the application information and the seed data corresponding to the seed menu index, setting the system state to the second preset state, initializing the function menu index, writing the function menu to the display buffer area, and selecting the function according to the function menu index identifier.
- Function entry step D32;
- step D28 the number of seeds may be decreased.
- Step D29 Check the system status, if it is the second preset state, step D30 is performed, if it is the third, fourth or tenth preset state, step D31 is performed, otherwise step D32 is performed;
- Step D30 update the function menu index, re-identify the selected function item according to the updated function menu index, and perform step D32;
- Step D31 update the seed menu index, re-identify the selected seed entry according to the updated seed menu index, step D32;
- Step D32 Reset the button wake-up flag, and the button processing flow ends.
- the light data may also include the validity period of the seed data, correspondingly:
- step C9 of the RTC processing flow the method further includes determining, according to the validity period of the various sub-data stored in the dynamic token, whether the corresponding various sub-data expires, and then setting the corresponding seed data invalidation flag, and then performing step C9, otherwise updating
- the various sub-data valid periods stored in the dynamic token are then executed in step C9; specifically, it can be determined whether the corresponding various sub-data is expired by determining whether the various sub-data valid periods stored in the dynamic token are 0, and the seed The seed data whose data validity period is 0 expires, the seed data whose seed data validity period is not 0 has not expired, and the seed data validity period of the updated unexpired seed data is reduced by 1 for its current value;
- step D14 of the button processing flow after the seed data is found, the method further includes checking whether the seed data invalidation flag corresponding to the seed data is set, and if yes, prompting the seed data to be invalid, performing step D32, otherwise, according to the found seed data and dynamics.
- the dynamic factor calculation stored in the token generates a dynamic password; in step D26, the method further includes storing the seed data validity period in the collected light sensing data; and in step D27, further comprising replacing the seed data validity period in the collected light sensing data.
- the light sensitivity data may also include a dynamic password display digit, correspondingly:
- the step D26 of the key processing flow further includes storing the dynamic password display digits in the collected light sensing data; and in step D27, further comprising: replacing the dynamic password display digits in the collected light sensing data with the seed menu index
- the dynamic password display bit number of the corresponding seed data in step D14, step D26 and step D27, the generated dynamic password is written into the display buffer area, and the generated dynamic password is intercepted according to the corresponding dynamic password display digits. , the data obtained by the interception is written into the display buffer area;
- the last 6 bits of the generated dynamic password are intercepted and written into the display buffer area
- the dynamic sensation mode information may further include dynamic token mode information, where the dynamic token mode information includes: an event mode, a first time mode, and a second time mode, respectively:
- step D26 of the button processing flow before generating the dynamic password, the method further includes: storing the dynamic token mode information in the collected light sensing data, and if the dynamic token mode information is the event mode, further including setting the event corresponding to the seed data.
- the component factor; the step D27 further comprising: replacing the dynamic token mode information of the seed data corresponding to the seed menu index with the dynamic token mode information in the collected light sensing data, if the dynamic information in the collected light sensing data
- the token mode information is an event mode, and further includes: resetting an event factor corresponding to the seed data corresponding to the seed menu index; and generating a dynamic password according to the found seed data and the dynamic factor stored in the dynamic token in step D14,
- the method includes: reading the dynamic token mode information and the dynamic factor corresponding to the found seed data stored in the dynamic token, and if the event mode is, reading the corresponding to the found seed data stored in the dynamic token.
- the event factor generates a dynamic password according to the found seed data and the read event factor; if it is the first time mode, reads the first time factor stored in the dynamic token, according to the found seed data and the read The first time factor obtained is calculated to generate a dynamic password; if it is the second time mode, the read is stored in the dynamic token
- the second time factor generates a dynamic password according to the found seed data and the read second time factor; wherein, when the dynamic password is generated according to the found seed data and the read event factor, the dynamic password is generated Before or after, the method further includes: updating an event factor corresponding to the found seed data stored in the dynamic token; and generating a dynamic password according to the latest stored seed data and the dynamic factor stored in the dynamic token in step D26 and step D27; Specifically, the method includes: checking dynamic token mode information corresponding to the newly stored seed data, and if the event mode is, generating a dynamic password according to the newly stored seed data and the event factor; if the first time mode, according to the latest storage The seed data and
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephone Function (AREA)
- Programmable Controllers (AREA)
Abstract
一种多种子动态令牌的工作方法,属于信息安全领域。所述方法包括:动态令牌上电初始化,打开总中断,初始化系统状态后进入休眠模式,当动态令牌检测到中断时从休眠模式被唤醒进入中断处理流程,中断处理流程结束后检查各唤醒标志,执行与被置位的唤醒标志对应的处理流程。根据本发明,用户能够通过操作动态令牌实现向动态令牌中烧写种子数据,以及更新动态令牌中的种子数据。并且根据本发明,动态令牌可存储和管理多个种子,在动态令牌使用过程中,能够根据用户的选择使用对应的种子数据生成动态口令,方便用户使用,并且动态令牌的唯一标识与种子数据之间的绑定,保障了种子数据的可靠性和安全性。
Description
本发明涉及一种多种子动态令牌的工作方法,属于信息安全领域。
在现有技术中,动态令牌(One-time Password,OTP)是一种安全便捷的账号防盗技术,根据专门的算法生成一个不可预测的随机数字组合作为口令,每个口令只能使用一次,用户进行认证时候,除输入账号和静态密码之外,必须要求输入动态密码,只有通过系统验证,才可以正常登录或者交易,从而有效保证用户身份的合法性和唯一性。动态令牌最大的优点在于,用户每次使用的口令都不相同,使得不法分子无法仿冒合法用户的身份。动态口令认证技术被认为是目前能够最有效解决用户的身份认证方式之一,可以有效防范黑客木马盗窃用户账户口令、假网站等多种网络问题,导致的用户的财产或者资料的损失。目前被广泛运用在网银、网游、电信运营商、电子政务、企业等领域。
目前的动态令牌中的种子数据都是在动态令牌出厂前,由动态令牌生产厂家内置在动态令牌中,动态令牌被激活后不允许用户更新,并且只面向单一应用,这些问题不仅给用户的使用带来了不便,还会带来硬件资源的浪费。
发明内容
本发明的目的是提供一种多种子动态令牌的工作方法,其动态令牌可存储和管理多个种子,用户使用方便,种子数据的可靠性和安全性高。
为此,本发明提供了一种多种子动态令牌的工作方法,其基本实施过程如下:
步骤S1)动态令牌上电初始化,打开总中断,设置系统状态为第一预设状态,进入休眠模式,等待被唤醒;
步骤S2)所述动态令牌检测到中断时被唤醒,进入中断处理流程,待所述中断处理流程结束后执行步骤S3;
所述中断处理流程包括:所述动态令牌判断按键中断标志是否被置位,是则置位按键唤醒标志,复位所述按键中断标志,中断处理流程结束,否则中断处理流程结束,其中,当所述动态令牌的按键被按下时触发按键中断,所述按键中断标志被置位;
步骤S3)所述动态令牌检查所述按键唤醒标志,若所述按键唤醒标志被置位,则进入按键处理流程,待所述按键处理流程结束后,重新进入休眠模式,等待被唤醒,返回步骤S2;
所述按键处理流程包括:
步骤a)所述动态令牌获取键值,判断键值和系统状态,当键值为第一预设键值且系统状态为第一预设状态时执行步骤b;当键值为第二预设键值且系统状态为第二预设状态时执行步骤c;当键值为第二预设键值且系统状态为第三预设状态时执行步骤d;当键值为第二预设键值且系统状态为第五预设状态时执行步骤e;当键值为第三预设键值且系统状态为第二预设状态时执行步骤f;当键值为第三预设键值且系统状态为第三预设状态时执行步骤g;否则,执行步骤h;
步骤b)所述动态令牌显示功能菜单,初始化功能菜单索引,设置系统状态为第二预设状态,执行步骤h;
步骤c)所述动态令牌根据所述功能菜单索引判断用户选择的操作,若用户选择的操作为生成口令,则显示种子数据菜单,初始化种子菜单索引,设置系统状态为第三预设状态,执行步骤h,若用户选择的操作为烧写种子数据,则获取预先存储的动态令牌序列号并显
示,设置系统状态为第五预设状态,执行步骤h;
步骤d)所述动态令牌读取所述动态令牌中存储的与所述种子菜单索引对应的种子数据,根据读取到的种子数据生成动态口令并显示,设置系统状态为第六预设状态,执行步骤h;
步骤e)所述动态令牌采集光感数据,判断采集到的光感数据中的序列号与预先存储的动态令牌序列号是否匹配,若匹配则存储采集到的光感数据中的种子数据,根据最新存储的种子数据生成动态口令并显示,设置系统状态为所述第六预设状态,执行步骤h,若不匹配则清除采集到的光感数据,获取预先存储的动态令牌序列号并显示,设置系统状态为所述第五预设状态,执行步骤h;
步骤f)所述动态令牌更新所述功能菜单索引,执行步骤h;
步骤g)所述动态令牌更新所述种子菜单索引,执行步骤h;以及
步骤h)所述动态令牌复位所述按键唤醒标志,所述按键处理流程结束。
优选地,所述步骤c中,还可以包括:若用户选择的操作为更新种子数据,所述动态令牌显示种子数据菜单,初始化种子菜单索引,设置系统状态为第四预设状态,执行步骤h;
相应地,所述步骤c中,当用户选择的操作为烧写种子数据时,还包括:置位添加种子数据标志;
所述步骤a中,还包括:当键值为第二预设键值且系统状态为所述第四预设状态时,所述动态令牌获取预先存储的动态令牌序列号并显示,设置系统状态为第五预设状态,复位所述添加种子数据标志,执行步骤h;当键值为第三预设键值且系统状态为所述第四预设状态时,更新所述种子菜单索引,执行步骤h;
所述步骤e中,所述存储采集到的光感数据中的种子数据具体包括:检查所述添加种子数据标志,若所述添加种子数据标志被置位,则存储采集到的光感数据中的种子数据,若所述添加种子数据标志未被置位,则用采集到的光感数据中的种子数据替换与种子菜单索引对应的种子数据。
优选地,所述步骤c中,还可以包括:若用户选择的操作为删除种子数据,则显示种子数据菜单,初始化种子菜单索引,设置系统状态为第十预设状态,执行步骤h;
相应地,所述步骤a中,还包括:当键值为第二预设键值且系统状态为所述第十预设状态时,所述动态令牌删除与所述种子菜单索引对应的种子数据,显示功能菜单,初始化功能菜单索引,设置系统状态为第二预设状态,执行步骤h;当键值为第三预设键值且系统状态为所述第十预设状态时,更新所述种子菜单索引,执行步骤h。
优选地,所述步骤e可以替换为:所述动态令牌采集光感数据,判断采集到的光感数据中的序列号与预先存储的动态令牌序列号是否匹配,若匹配则显示采集到的光感数据中的应用信息,设置系统状态为第七预设状态,执行步骤h,若不匹配则清除采集到的光感数据,获取预先存储的动态令牌序列号并显示,设置系统状态为所述第五预设状态,执行步骤h;
相应地,所述步骤a中,还包括:当键值为第二预设键值且系统状态为所述第七预设状态时,所述动态令牌存储采集到的光感数据中的种子数据,根据获取到的种子数据生成动态口令并显示,设置系统状态为所述第六预设状态,执行步骤h。
优选地,所述步骤e中,所述采集光感数据之后,所述判断采集到的光感数据中的序列号与预先存储的动态令牌序列号是否匹配之前,还可以包括:判断是否采集完成,若采集完成则判断采集到的光感数据中的序列号与预先存储的动态令牌序列号是否匹配;若采集未完成则判断是否采集超时,若采集超时则停止采集光感数据,提示种子数据烧写超时,获取预先存储的动态令牌序列号并显示,设置系统状态为所述第五预设状态,执行步骤h,若采集未超时则继续采集光感数据。
优选地,所述步骤e中,所述采集光感数据之前,还可以包括:设置系统状态为第八预设状态;所述采集光感数据之后,所述判断采集到的光感数据中的序列号与预先存储的动态令牌序列号是否匹配之前,还包括:判断是否采集完成,若采集完成则判断采集到的光感数据中的序列号与预先存储的动态令牌序列号是否匹配;若采集未完成则判断系统状态是否为第九预设状态,是则停止采集光感数据,提示已取消烧写种子数据,获取预先存储的动态令牌序列号并显示,设置系统状态为所述第五预设状态,执行步骤h,否则继续采集光感数据;
相应地,所述中断处理流程中,当所述按键标志被置位时,所述置位按键唤醒标志之前,还包括:判断系统状态,若系统状态为所述第八预设状态则获取并判断键值,当键值为所述第一预设键值时,设置系统状态为第九预设状态,所述中断处理流程结束,当键值不为所述第一预设键值时,所述中断处理流程结束;若系统状态不为所述第八预设状态则置位按键唤醒标志。
优选地,所述步骤a中,还可以包括:当键值为第一预设键值且系统状态为所述第三、第四或第六预设状态时,显示功能菜单,初始化功能菜单索引,设置系统状态为第二预设状态,执行步骤h;当键值为第四预设键值且系统状态不为第一预设状态时设置系统状态为所述第一预设状态,执行步骤h。
优选地,所述步骤e中,所述存储采集到的光感数据中的种子数据之后,根据最新存储的种子数据生成动态口令并显示之前,还可以包括:从采集到的光感数据中获取动态口令显示位数,并将获取到的动态口令显示位数与获取到的种子数据对应存储;
相应地,所述步骤e中,所述根据最新存储的种子数据生成动态口令并显示,具体包括:根据最新存储的种子数据生成动态口令,再根据最新存储的动态口令显示位数截取生成的动态口令,显示截取得到的数据;
所述步骤d中,所述根据读取到的种子数据生成动态口令并显示,具体包括:根据读取到的种子数据生成动态口令,根据动态令牌中存储的与读取到的种子数据对应的动态口令显示位数截取生成的动态口令,显示截取得到的数据。
优选地,所述中断处理流程中,当所述按键中断标志未被置位时,还可以包括:判断RTC中断标志是否被置位,是则置位RTC唤醒标志,复位所述RTC中断标志,所述中断处理流程结束,否则所述中断处理流程结束;其中,当所述RTC中断被触发时,所述RTC中断标志被置位;
相应地,所述步骤S3替换为:所述动态令牌判断是否有被置位的唤醒标志,如果有被置位的唤醒标志则依次检查所述RTC唤醒标志和所述按键唤醒标志,若所述按键唤醒标志被置位,则进入所述按键处理流程,待所述按键处理流程结束后,重新执行步骤S3,若所述RTC唤醒标志被置位,则进入RTC处理流程,待所述RTC处理流程结束后,重新执行步骤S3;如果没有被置位的唤醒标志则所述动态令牌进入休眠模式,等待被唤醒,返回步骤S2;
其中,所述RTC处理流程包括:
步骤X1)所述动态令牌递减RTC中断次数,判断所述RTC中断次数是否为预设次数,是则复位所述RTC唤醒标志,执行步骤X2,否则执行步骤X2;
步骤X2)所述动态令牌递增第一参数和第二参数,分别判断所述第一参数和所述第二参数是否达到相应阈值,若所述第一参数达到所述第一参数的阈值,则设置所述第一参数为其初始值,更新所述动态令牌中存储的第一时间因子,若所述第二参数达到所述第二参数的阈值,则设置所述第二参数为其初始值,更新所述动态令牌中存储的第二时间因子,然后执行步骤X3;若所述第一参数和所述第二参数均未达到相应阈值则直接执行步骤X3;
步骤X3)所述动态令牌更新校准计数值,判断所述第一参数是否等于预设值,是则执行步骤X4,否则,所述RTC处理流程结束;
步骤X4)所述动态令牌根据所述校准计数值和所述动态令牌内预先存储的校准值判断是否需要对所述第一参数和所述第二参数进行校准,是则根据所述校准值和所述校准计数值更新所述第一参数、所述第二参数和所述校准计数值,所述RTC处理流程结束,否则所述RTC处理流程结束;
更进一步地,所述存储采集到的光感数据中的种子数据之后,根据最新存储的种子数据生成动态口令并显示之前,还包括:从采集到的光感数据中获取动态令牌模式信息,若获取到的动态令牌模式信息为事件型,则将获取到的动态令牌模式信息与获取到的种子数据对应存储,并设置与所述获取到的种子数据对应的事件因子,若获取到的动态令牌模式信息为第一时间模式或第二时间模式,则将获取到的动态令牌模式信息与获取到的种子数据对应存储;
所述步骤e中,所述根据最新存储的种子数据生成动态口令,具体包括:检查最新存储的动态令牌模式信息,若为事件模式,则根据最新存储的种子数据和最新设置的事件因子生成动态口令,若为第一时间模式,则根据最新存储的种子数据和所述动态令牌中的第一时间因子生成动态口令,若为第二时间模式,则根据最新存储的种子数据和所述动态令牌中的第二时间因子生成动态口令;
所述步骤d中,所述根据读取到的种子数据生成动态口令,具体包括:检查与所述动态令牌中存储的与读取到的种子数据对应的动态令牌模式信息,若为事件模式,则根据读取到的种子数据和所述动态令牌中存储的与读取到的种子数据对应的事件因子生成动态口令,若为第一时间模式,则根据读取到的种子数据和所述动态令牌中的第一时间因子生成动态口令,若为第二时间模式,则根据读取到的种子数据和所述动态令牌中的第二时间因子生成动态口令;
所述根据最新存储的种子数据和最新设置的事件因子生成动态口令之前或之后,还包括:更新最新设置的事件因子;
所述根据读取到的种子数据和所述动态令牌中存储的与读取到的种子数据对应的事件因子生成动态口令之前或之后,还包括:更新与读取到的种子数据对应的事件因子;
所述RTC处理流程中还包括:检测所述动态令牌是否被开壳,并且当检测出所述动态令牌被开壳时清除所述动态令牌内部存储的敏感数据,置位开壳标志;其中,所述敏感数据包括种子数据;
所述步骤b中,显示功能菜单之前,还包括:检查所述开壳标志是否被置位,是则提示动态令牌已自毁,执行步骤h,否则显示功能菜单;
所述步骤X4中,当不需要对所述第一参数和所述第二参数进行校准时,以及根据所述校准值和所述校准计数值更新所述第一参数、所述第二参数和所述校准计数值之后,还包括:检查系统状态,若系统状态为所述第一预设状态则所述RTC处理流程结束,若系统状态不为所述第一预设状态则递减自动关机时间,若所述自动关机时间等于预设时间,则对显示屏下电,设置系统状态为所述第一预设状态,所述RTC处理流程结束,若所述自动关机时间不等于所述预设时间,则所述RTC处理流程结束;
所述按键处理流程中,所述步骤a之前,还包括:重置所述自动关机时间;
所述步骤e中,所述存储采集到的光感数据中的种子数据之后,根据最新存储的种子数据生成动态口令并显示之前,还包括:从采集到的光感数据中获取种子数据有效期,将获取到的种子数据有效期与获取到的种子数据对应存储;
所述步骤X2中,当所述第二参数达到所述第二参数的阈值时,还包括:根据所述动态令牌中存储的与各种子数据对应的种子数据有效期检查各种子数据是否到期,并更新未到期的种子数据对应的种子数据有效期,置位到期的种子数据对应的种子数据失效标志;
所述步骤d中,根据读取到的种子数据生成动态口令之前,还包括:检查与读取到的种子数据对应的种子数据失效标志是否被置位,是则提示种子数据失效,执行步骤h,否
则根据读取到的种子数据生成动态口令;
所述动态令牌根据所述校准计数值和所述动态令牌内预先存储的校准值判断是否需要对所述第一参数和所述第二参数进行校准,具体包括:所述动态令牌判断所述校准值和0x7F进行与运算的结果是否小于所述校准计数值,是则需要对所述第一参数和所述第二参数进行校准,否则不需要对所述第一参数和所述第二参数进行校准;
所述根据所述校准值和所述校准计数值更新所述第一参数、所述第二参数和所述校准计数值,具体包括:更新所述校准计数值为其当前值减去所述校准值,检查所述校准值的最高位,若所述校准值的最高位为1,则更新所述第一参数为其当前值减1,更新所述第二参数为其当前值减1;若所述校准值的最高位为0,则更新所述第一参数为其当前值加1,更新所述第二参数为其当前值加1。
优选地,所述中断处理流程中,所述判断按键中断标志是否被置位之前,还包括:判断工装通信中断标志是否被置位,是则置位工装通信唤醒标志,复位所述工装通信中断标志,所述中断处理流程结束,否则执行所述判断按键中断标志是否被置位;其中,当所述动态令牌接收到工装发送的通信数据时触发工装通信中断,所述工装通信中断标志被置位;
所述步骤S3替换为:所述动态令牌判断是否有被置位的唤醒标志,如果有被置位的唤醒标志则依次检查所述工装通信唤醒标志和所述按键唤醒标志,若所述工装通信标志被置位,则进入工装通信处理流程,待所述工装通信处理流程结束后,重新执行步骤S3,若所述按键唤醒标志被置位,则进入所述按键处理流程,待所述按键处理流程结束后,重新执行步骤S3,如果没有被置位的唤醒标志则所述动态令牌进入休眠模式,等待被唤醒,返回步骤S2;
所述工装通信处理流程包括:
步骤Y1)关闭总中断,判断当前接收到的数据是否为所述工装发送的唤醒信号,是则向所述工装返回握手信号,继续接收所述工装发送的通信数据,执行步骤Y2,否则执行步骤Y3;
步骤Y2)判断当前接收到的数据的类型,若为获取令牌硬件信息命令,则获所述获取令牌硬件信息命令中的随机数,保存所述随机数,并将获取到的随机数返回给所述工装,执行步骤Y3,若为其他工装命令,则根据所述动态令牌中保存的随机数对接收到的工装命令进行解密,执行解密后的命令,并向所述工装返回执行结果,执行步骤Y3,否则执行步骤Y3;
步骤Y3)置位所述工装通信唤醒标志,使能总中断,所述工装通信处理流程结束。
根据本发明,用户能够通过操作动态令牌实现向动态令牌中烧写种子数据,以及更新动态令牌中的种子数据。根据本发明,动态令牌可存储和管理多个种子,在动态令牌使用过程中,能够根据用户的选择使用对应的种子数据生成动态口令,方便用户使用,并且动态令牌的唯一标识与种子数据之间的绑定,保障了种子数据的可靠性和安全性。
为了更清楚的说明本发明或现有技术,下面将对附图作简单的介绍。显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1为本发明实施例一提供的一种多种子动态令牌的工作方法中的按键处理流程图;
图2为本发明实施例二提供的一种多种子动态令牌的工作方法的流程图;
图3为本发明实施例二中提供的中断处理流程的流程图;
图4为本发明实施例二中提供的工装通信处理流程的流程图;
图5为本发明实施例二中提供的RTC处理流程的流程图;
图6为本发明实施例二中提供的按键处理流程的流程图。
下面将结合附图,对本发明的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域的技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。
实施例1
本发明实施例1提供一种多种子动态令牌的工作方法,所述方法具体包括:
步骤S1、动态令牌上电初始化,打开总中断,设置系统状态为第一预设状态,进入休眠模式,等待被唤醒;
步骤S2、所述动态令牌检测到中断时被唤醒,进入中断处理流程,待所述中断处理流程结束后执行步骤S3;
所述中断处理流程包括:所述动态令牌判断按键中断标志是否被置位,是则置位按键唤醒标志,复位所述按键中断标志,中断处理流程结束,否则中断处理流程结束,其中,当所述动态令牌的按键被按下时触发按键中断,所述按键中断标志被置位;
步骤S3、所述动态令牌检查所述按键唤醒标志,若所述按键唤醒标志被置位,则进入按键处理流程,待所述按键处理流程结束后,重新进入休眠模式,等待被唤醒,返回步骤S2;
本实施例1中,按键处理流程如图1所述,具体包括:
步骤11:所述动态令牌获取键值,判断键值和系统状态,当键值为第一预设键值且系统状态为第一预设状态时执行步骤12;当键值为第二预设键值且系统状态为第二预设状态时执行步骤13;当键值为第二预设键值且系统状态为第三预设状态时执行步骤16;当键值为第二预设键值且系统状态为第五预设状态时执行步骤17;当键值为第三预设键值且系统状态为第二预设状态时执行步骤20;当键值为第三预设键值且系统状态为第三预设状态时执行步骤21;否则执行步骤22;
步骤12:所述动态令牌显示功能菜单,初始化功能菜单索引,设置系统状态为第二预设状态,执行步骤22;
步骤13:所述动态令牌根据所述功能菜单索引判断用户选择的操作,若用户选择的操作为生成口令,则执行步骤14,若用户选择的操作为烧写种子数据,则执行步骤15;
步骤14:所述动态令牌显示种子数据菜单,初始化种子菜单索引,设置系统状态为第三预设状态,执行步骤22;
步骤15:所述动态令牌获取预先存储的动态令牌序列号并显示,设置系统状态为第五预设状态,执行步骤22;
步骤16:所述动态令牌读取所述动态令牌中存储的与所述种子菜单索引对应的种子数据,根据读取到的种子数据生成动态口令并显示,设置系统状态为第六预设状态,执行步骤22;
步骤17:所述动态令牌采集光感数据,判断采集到的光感数据中的序列号与预先存储的动态令牌序列号是否匹配,若匹配则执行步骤18,若不匹配则执行步骤19;
步骤18:所述动态令牌存储采集到的光感数据中的种子数据,根据最新存储的种子数据生成动态口令并显示,设置系统状态为所述第六预设状态,执行步骤22;
步骤19:所述动态令牌清除采集到的光感数据,获取预先存储的动态令牌序列号并显示,设置系统状态为所述第五预设状态,执行步骤22;
步骤20:所述动态令牌更新所述功能菜单索引,执行步骤22;
步骤21:所述动态令牌更新所述种子菜单索引,执行步骤22;
步骤22:所述动态令牌复位所述按键唤醒标志,所述按键处理流程结束。
进一步地,本实施例中,步骤11中,还包括:当键值为第一预设键值且系统状态为第三、第四或第六预设状态时,所述动态令牌显示功能菜单,初始化功能菜单索引,设置系统状态为第二预设状态,执行步骤22;当键值为第四预设键值且系统状态不为第一预设状态时设置系统状态为所述第一预设状态,执行步骤22。
第一预设键值、第二预设键值、第三预设键值和第四预设键值中的一个或多个对应一个物理按键。当第一预设键值、第二预设键值、第三预设键值和第四预设键值分别对应不同的物理按键时,所述动态令牌通过物理按键获取对应的键值;当第一预设键值、第二预设键值、第三预设键值和第四预设键值中的多个对应同一个物理按键时,所述动态令牌通过物理按键和/或按键方式(如长按、短按等)获取对应的键值。
实施例2
实施例1中的按键处理流程中,没有限制判断键值和判断系统状态的顺序,先判断键值或先判断系统状态均能实现本发明的目的,本发明实施例2以先判断键值为例提供一种多种子动态令牌的工作方法,如图2所示,所述方法具体包括:
步骤101:动态令牌上电初始化,打开总中断,设置系统状态为第一预设状态,进入休眠模式,当检测到中断时被唤醒,执行步骤102。
本实施例2中,中断包括:工装通信中断、RTC中断和按键中断。
步骤102:动态令牌进入中断处理流程进行中断处理,根据中断类型置位相应唤醒标志,待中断处理流程结束后,执行步骤103;
本实施例中,中断处理流程如图3所述,具体包括:
步骤A1:判断工装通信中断标志是否被置位,是则执行步骤A2,否则执行步骤A3;
步骤A2:复位工装通信中断标志,置位工装通信唤醒标志,中断处理流程结束;
步骤A3:判断按键中断标志是否被置位,是则执行步骤A4,否则执行步骤A8;
步骤A4:判断系统状态是否为第八预设状态,是则执行步骤A5,否则执行步骤A7;
步骤A5:获取键值,判断是否为第一预设键值,是则执行步骤A6,否则中断处理流程结束;
步骤A6:设置系统状态为第九预设状态,中断处理流程结束;
步骤A7:复位按键中断标志,置位按键唤醒标志,中断处理流程结束;
步骤A8:判断RTC中断标志是否被置位,是则执行步骤A9,否则中断处理流程结束;
步骤A9:复位RTC中断标志,更新RTC中断次数,置位RTC唤醒标志,中断处理流程结束。
本实施例2中,当令牌接收到工装发送的通信数据时触发通信中断,通信中断标志被置位,当令牌的按键被按下时触发按键中断,按键中断标志被置位,RTC中断每秒触发一次,当RTC中断被触发时,RTC中断标志被置位。
本实施例2中所述的中断处理流程中,当RTC中断标志被置位时,具体更新RTC中断次数为其当前次数加1。
步骤103:动态令牌判断是否有被置位的唤醒标志,是则执行步骤104,否则动态令牌进入休眠模式,当检测到中断时被唤醒,返回步骤102;
步骤104:动态令牌依次检查各唤醒标志,若工装通信唤醒标志被置位,则执行步骤105,若RTC唤醒标志被置位,则执行步骤106,若按键唤醒标志被置位,则执行步骤107;
本实施例2中所述的唤醒标志包括:工装通信唤醒标志、RTC唤醒标志和按键唤醒标志,优选地,动态令牌按照工装通信唤醒标志、RTC唤醒标志、按键唤醒标志的顺序依次检查各唤醒标志。
步骤105:动态令牌进入工装通信处理流程,待工装通信处理流程结束后返回步骤103;
本实施例2中,动态令牌进入工装通信处理流程如图4所述,具体包括动态令牌执行以下操作:
步骤B1:关闭总中断,判断当前接收到的数据是否为工装发送的唤醒信号,是则执行步骤B2,否则执行步骤B9;
步骤B2:向工装返回握手信号,继续接收工装发送的通信数据;
步骤B3:判断当前接收到的数据中的数据长度是否大于预设长度,是则执行步骤B9,否则执行步骤B4;
本实施例中,预设长度为50字节。
步骤B4:根据数据长度继续接收工装发送的通信数据;
步骤B5:检验当前接收到的数据是否正确,是则执行步骤B6,否则执行步骤B9;
步骤B6:判断当前接收到的数据的类型,若是预设工装命令则执行步骤B7,若是其他工装命令则执行步骤B8,否则执行步骤B9;
本实施2例中所述的预设工装命令为工装发送的获取令牌硬件信息命令。
步骤B7:获取预设工装命令中的随机数,保存获取到的随机数并将获取到的随机数返回给工装,执行步骤B9;
步骤B8:根据令牌中保存的随机数对接收到的工装命令进行解密,执行解密后的命令,并向工装返回执行结果,执行步骤B9;
本实施例2中,其他工装命令包括:写时间因子命令;执行解密后的写时间因子命令,具体包括:存储写时间因子命令中的时间因子,所述时间因子包括第一时间因子和第二时间因子。
步骤B9:复位工装通信唤醒标志,使能总中断,工装通信处理流程结束。
步骤106:动态令牌进入RTC处理流程,待RTC处理流程结束后返回步骤103;
本实施例2中,动态令牌进入RTC处理流程如图5所示,具体包括动态令牌执行以下操作:
步骤C1:递减RTC中断次数;
本实施例步骤C1中,递减RTC中断次数具体为更新RTC中断次数为其当前次数减1;
步骤C2:判断RTC中断次数是否为预设次数,是则执行步骤C3,否则执行步骤C4;
本实施例中,预设次数为0次。
步骤C3:复位RTC唤醒标志,执行步骤C4;
步骤C4:递增第一参数和第二参数;
本实施例2中,第一参数和第二参数的初始值均为0,递增第一参数和第二参数具体为:更新第一参数为其当前值加1,更新第二参数为其当前值加1;
步骤C5:判断第一参数是否达到第一参数的阈值,是则执行步骤C6,否则执行步骤C7;
本实施例2中,第一参数的阈值为30。
步骤C6:设置第一参数为其初始值,递增第一时间因子,执行步骤C7;
本实施例2中,递增第一时间因子具体为更新第一时间因子为其当前值加1;
步骤C7:判断第二参数是否达到第二参数的阈值,是则执行步骤C8,否则执行步骤C9;
本实施例2中,第二参数的阈值为60。
步骤C8:设置第二参数为其初始值,递增第二时间因子,执行步骤C9;
本实施例2中,递增第二时间因子具体为更新第二时间因子为其当前值加1;
步骤C9:递增校准计数值;
本实施例2中,递增校准计数值具体为更新校准计数值为其当前值加1;
步骤C10:判断第一参数是否等于预设值,是则执行步骤C11,否则执行步骤C13;
本实施例2中,预设值为15;
步骤C11:根据校准计数值和令牌内存储的校准值判断是否需要对第一参数和第二参数进行校准,是则执行步骤C12,否则执行步骤C13;
本实施例2中,步骤C11具体包括:判断校准值&0x7F是否小于校准计数值,是则需要对第一参数和第二参数进行校准,执行步骤C12,否则不需要对第一参数和第二参数进行校准,执行步骤C13。
步骤C12:根据校准值和校准计数值对第一参数和第二参数进行校准,并更新校准计数值,执行步骤C13;
本实施例2中,更新校准计数值为其当前值减去校准值,检查校准值的最高位,若校准值的最高位为1则将第一参数校准为其当前值减1,将第二参数校准为其当前值减1,若校准值的最高位为0则将第一参数校准为其当前值加1,将第二参数校准为其当前值加1。
步骤C13:检测令牌是否被开壳,是则执行步骤C14,否则执行步骤C15;
步骤C14:清除令牌内部存储的敏感数据,置位开壳标志,RTC处理流程结束;
步骤C15:检查系统状态,若为第一预设状态则RTC处理流程结束,否则执行步骤C16;
步骤C16:递减自动关机时间,判断自动关机时间是否为预设时间,是则执行步骤C17,否则RTC处理流程结束;
本实施例2中,递减自动关机时间具体为更新自动关机时间为其当前时间减1,预设时间为0;
步骤C17:对显示屏下电,设置系统状态为第一预设状态,RTC处理流程结束。
本实施例2中所述的敏感数据为需要保密、一旦被非法获取将带来安全隐患的数据,包括全部的种子数据等。
步骤107:动态令牌进入按键处理流程,待按键处理流程结束后返回步骤103;
本实施例2中,动态令牌进入按键处理流程如图6所示,具体包括动态令牌执行以下操作:
步骤D0:获取键值,判断键值是否有效,是则执行步骤D1,否则执行步骤D32;
步骤D1:重置自动关机时间,检查键值,若为第一预设键值则执行步骤D2,若为第二预设键值则执行步骤D8,若为第三预设键值则执行步骤D29,否则执行步骤D32;
步骤D2:统计按键被按下的时间,判断按键被按下的时间是否超过预设时长,是则执行步骤D3,否则执行步骤D5;
具体地,步骤D2包括:
步骤i.初始化计时器的计数值,打开计时器开始计时;
本实施例2中,初始化计时器的计数值为0;
步骤ii.判断计时器的计数值是否达到预设时长,是则按键被按下时间超过预设时长,关闭计时器,执行步骤D3,否则执行步骤iii;
本实施例2中,预设时长为1秒;
步骤iii.判断按键状态是否为被按下,是则返回步骤ii,否则按键被按下时间未超过预设时长,关闭计时器,执行步骤D5。
步骤D3:检查系统状态,若为第一预设状态则执行步骤D32,否则执行步骤D4;
步骤D4:对显示屏下电,设置系统状态为第一预设状态,执行步骤D32;
步骤D5:检查系统状态,若为第一预设状态,则执行步骤D6,若为第三、第四、第五、第六、第七或第十预设状态,则执行步骤D7,否则执行步骤D32;
步骤D6:对显示屏上电,设置系统状态为第二预设状态,初始化功能菜单索引,将功能菜单写入显示缓存区,并根据功能菜单索引标识被选中的功能条目,执行步骤D32;
步骤D7:设置系统状态为第二预设状态,初始化功能菜单索引,将功能菜单写入显示
缓存区,并根据功能菜单索引标识被选中的功能条目,执行步骤D32;
本实施例2中,功能菜单中包括生成口令条目、更新种子条目和添加种子条目。
步骤D8:检查系统状态,若为第二预设状态则执行步骤D9,若为第三预设状态则执行步骤D14,若为第四预设状态则执行步骤D15,若为第五预设状态则执行步骤D16,若为第六预设状态则执行步骤D24,若为第七预设状态则执行步骤D25,若为第十预设状态则执行步骤D28,否则执行步骤D32;
步骤D9:根据功能菜单索引判断被选中的功能条目,若为生成口令条目则执行步骤D10,若为更新种子条目则执行步骤D11,若为添加种子条目则执行步骤D12,若为删除种子条目则执行步骤D13,否则执行步骤D32;
步骤D10:设置系统状态为第三预设状态,初始化种子菜单索引,将种子菜单写入显示缓存区,并根据种子菜单索引标识被选中的种子条目,执行步骤D32;
优选地,本实施例2中,种子菜单包括与动态令牌中存储的各种子数据对应的应用信息。
步骤D11:设置系统状态为第四预设状态,初始化种子菜单索引,将种子菜单写入显示缓存区,并根据种子菜单索引标识被选中的种子条目,执行步骤D32;
步骤D12:将动态令牌内预先存储的序列号写入显示缓存区,设置系统状态为第五预设状态,置位添加种子数据标志,执行步骤D32;
步骤D13:设置系统状态为第十预设状态,初始化种子菜单索引,将种子菜单写入显示缓存区,并根据种子菜单索引标识被选中的种子条目,执行步骤D32;
步骤D14:根据种子菜单索引查找动态令牌中存储的相应种子数据,根据查找到的种子数据和动态令牌中存储的动态因子计算生成动态口令,将生成的动态口令写入显示缓存区,设置系统状态为第六预设状态,执行步骤D32;
步骤D15:将动态令牌内预先存储的序列号写入显示缓存区,设置系统状态为第五预设状态,复位添加种子数据标志,执行步骤D32;
步骤D16:设置系统状态为第八预设状态,执行步骤D17;
步骤D17:采集光感数据,提示正在采集光感数据,判断光感数据是否采集完成,是则执行步骤D18,否则执行步骤D21;
步骤D18:判断采集到的光感数据中的序列号与动态令牌中预先存储的序列号是否匹配,是则执行步骤D19,否则执行步骤D20;
本实施例2中,步骤D18具体为:判断采集到的光感数据中的序列号与动态令牌中预先存储的序列号是否一致,是则执行步骤D19,否则执行步骤D20。
步骤D19:设置系统状态为第七预设状态,将采集到的光感数据中的应用信息写入显示缓存区,提示用户确认,执行步骤D32;
步骤D20:清除采集到的光感数据,提示种子数据烧写错误,将动态令牌内预先存储的序列号写入显示缓存区,设置系统状态为第五预设状态,执行步骤D32;
步骤D21:判断采集是否超时,或者系统状态为第九预设状态,若采集超时,则执行步骤D22,若系统状态为第九预设状态,则执行步骤D23,否则返回步骤D16;
步骤D22:清除采集到的光感数据,提示种子数据烧写超时,将动态令牌中预先存储的序列号写入显示缓存区,设置系统状态为第五预设状态,执行步骤D32;
步骤D23:清除采集到的光感数据,提示已取消烧写种子数据,将动态令牌中预先存储的序列号写入显示缓存区,设置系统状态为第五预设状态,执行步骤D32;
步骤D24:设置系统状态为第二预设状态,初始化功能菜单索引,将功能菜单写入显示缓存区,并根据功能菜单索引标识被选中的功能条目,执行步骤D32;
步骤D25:判断添加种子数据标志是否被置位,是则执行步骤D26,否则执行步骤D27;
步骤D26:存储采集到的光感数据中的种子数据,将采集到的光感数据中的应用信息
添加到种子菜单,根据最新存储的种子数据和动态令牌中存储的动态因子计算生成动态口令,将生成的动态口令写入显示缓存区,设置系统状态为第六预设状态,执行步骤D32;
进一步地,步骤D26中还可以包括,种子个数递增,相应地,本实施例2中,每次将功能菜单写入输出缓存区之前,检查种子个数,若种子个数达到最大值则将功能菜单中除添加种子条目以外的内容写入输出缓存区,若种子个数未达到最大值则将功能菜单的全部内容写入输出缓存区。
步骤D27:用采集到的光感数据中的种子数据替换与种子菜单索引相对应的种子数据,根据最新存储的种子数据和动态令牌中存储的动态因子计算生成动态口令,将生成的动态口令写入显示缓存区,设置系统状态为第六预设状态,执行步骤D32;
步骤D28:删除与种子菜单索引相对应的应用信息和种子数据,设置系统状态为第二预设状态,初始化功能菜单索引,将功能菜单写入显示缓存区,并根据功能菜单索引标识被选中的功能条目,执行步骤D32;
进一步地,步骤D28中还可以包括,种子个数递减。
步骤D29:检查系统状态,若为第二预设状态则执行步骤D30,若为第三、第四或第十预设状态则执行步骤D31,否则执行步骤D32;
步骤D30:更新功能菜单索引,根据更新后的功能菜单索引重新标识被选中的功能条目,执行步骤D32;
步骤D31:更新种子菜单索引,根据更新后的种子菜单索引重新标识被选中的种子条目,执行步骤D32;
步骤D32:复位按键唤醒标志,按键处理流程结束。
进一步地,本实施例2中:
光感数据中还可以包括种子数据有效期,相应地:
RTC处理流程的步骤C9中,还包括根据动态令牌内存储的各种子数据有效期判断对应的各种子数据是否到期,是则置位相应种子数据失效标志,然后执行步骤C9,否则更新动态令牌内存储的各种子数据有效期,然后执行步骤C9;具体地,可以通过判断动态令牌中存储的各种子数据有效期是否为0来判断对应的各种子数据是否到期,种子数据有效期为0的种子数据到期,种子数据有效期不为0的种子数据未到期,更新未到期的种子数据的种子数据有效期为其当前值减1;
按键处理流程的步骤D14中,查找到种子数据之后还包括检查该种子数据对应的种子数据失效标志是否被置位,是则提示种子数据失效,执行步骤D32,否则根据查找到的种子数据和动态令牌中存储的动态因子计算生成动态口令;步骤D26中,还包括存储采集到的光感数据中的种子数据有效期;步骤D27中,还包括用采集到的光感数据中的种子数据有效期替换与种子菜单索引相对应的种子数据的种子数据有效期;
光感数据中还可以包括动态口令显示位数,相应地:
按键处理流程的步骤D26中,还包括存储采集到的光感数据中的动态口令显示位数;步骤D27中,还包括用采集到的光感数据中的动态口令显示位数替换与种子菜单索引相对应的种子数据的动态口令显示位数;步骤D14、步骤D26和步骤D27中,将生成的动态口令写入显示缓存区替换为:根据相应的动态口令显示位数对生成的动态口令进行截取,将截取得到的数据写入显示缓存区;
例如,与生成动态口令所根据的种子数据相对应的动态口令显示位数为6,则截取生成的动态口令的后6位,并写入显示缓存区;
光感数据中还可以包括动态令牌模式信息,其中动态令牌模式信息包括:事件模式、第一时间模式和第二时间模式,相应地:
按键处理流程的步骤D26中,生成动态口令之前还包括:存储采集到的光感数据中的动态令牌模式信息,若动态令牌模式信息为事件模式,则还包括设置与种子数据对应的事
件因子;步骤D27中,还包括用采集到的光感数据中的动态令牌模式信息替换与种子菜单索引相对应的种子数据的动态令牌模式信息,若采集到的光感数据中的动态令牌模式信息为事件模式,则还包括重新设置与种子菜单索引相对应的种子数据对应的事件因子;步骤D14中根据查找到的种子数据和动态令牌中存储的动态因子计算生成动态口令,具体包括:读取动态令牌中存储的与查找到的种子数据对应的动态令牌模式信息和动态因子,若为事件模式,则读取动态令牌中存储的与查找到的种子数据对应的事件因子,根据查找到的种子数据以及读取到的事件因子计算生成动态口令;若为第一时间模式,则读取动态令牌中存储的第一时间因子,根据查找到的种子数据以及读取到的第一时间因子计算生成动态口令;若为第二时间模式,则读取动态令牌中存储的第二时间因子,根据查找到的种子数据以及读取到的第二时间因子计算生成动态口令;其中,当根据查找到的种子数据以及读取到的事件因子计算生成动态口令时,在生成动态口令之前或之后还包括:更新动态令牌中存储的与查找到的种子数据对应的事件因子;步骤D26和步骤D27中,根据最新存储的种子数据和动态令牌中存储的动态因子计算生成动态口令,具体包括:检查最新存储的种子数据对应的动态令牌模式信息,若为事件模式,则根据最新存储的种子数据以及事件因子计算生成动态口令;若为第一时间模式,则根据最新存储的种子数据以及第一时间因子计算生成动态口令;若为第二时间模式,则根据最新存储的种子数据以及第二时间因子计算生成动态口令;其中,当根据最新存储的种子数据和事件因子计算生成动态口令时,在生成动态口令之前或之后还包括:更新动态令牌中存储的事件因子。
以上所述的实施例1-2只是本发明较优选的具体实施方式,本领域的技术人员在本发明技术方案范围内进行的通常变化和替换都应包含在本发明的保护范围内。
Claims (17)
- 一种多种子动态令牌的工作方法,其特征在于,包括:步骤S1)动态令牌上电初始化,打开总中断,设置系统状态为第一预设状态,进入休眠模式,等待被唤醒;步骤S2)所述动态令牌检测到中断时被唤醒,进入中断处理流程,待所述中断处理流程结束后执行步骤S3;所述中断处理流程包括:所述动态令牌判断按键中断标志是否被置位,是则置位按键唤醒标志,复位所述按键中断标志,中断处理流程结束,否则中断处理流程结束,其中,当所述动态令牌的按键被按下时触发按键中断,所述按键中断标志被置位;并且步骤S3)所述动态令牌检查所述按键唤醒标志,若所述按键唤醒标志被置位,则进入按键处理流程,待所述按键处理流程结束后,重新进入休眠模式,等待被唤醒,返回步骤S2;所述按键处理流程包括:步骤a)所述动态令牌获取键值,判断键值和系统状态,当键值为第一预设键值且系统状态为第一预设状态时执行步骤b;当键值为第二预设键值且系统状态为第二预设状态时执行步骤c;当键值为第二预设键值且系统状态为第三预设状态时执行步骤d;当键值为第二预设键值且系统状态为第五预设状态时执行步骤e;当键值为第三预设键值且系统状态为第二预设状态时执行步骤f;当键值为第三预设键值且系统状态为第三预设状态时执行步骤g;否则,执行步骤h;步骤b)所述动态令牌显示功能菜单,初始化功能菜单索引,设置系统状态为第二预设状态,执行步骤h;步骤c)所述动态令牌根据所述功能菜单索引判断用户选择的操作,若用户选择的操作为生成口令,则显示种子数据菜单,初始化种子菜单索引,设置系统状态为第三预设状态,执行步骤h,若用户选择的操作为烧写种子数据,则获取预先存储的动态令牌序列号并显示,设置系统状态为第五预设状态,执行步骤h;步骤d)所述动态令牌读取所述动态令牌中存储的与所述种子菜单索引对应的种子数据,根据读取到的种子数据生成动态口令并显示,设置系统状态为第六预设状态,执行步骤h;步骤e)所述动态令牌采集光感数据,判断采集到的光感数据中的序列号与预先存储的动态令牌序列号是否匹配,若匹配则存储采集到的光感数据中的种子数据,根据最新存储的种子数据生成动态口令并显示,设置系统状态为所述第六预设状态,执行步骤h,若不匹配则清除采集到的光感数据,获取预先存储的动态令牌序列号并显示,设置系统状态为所述第五预设状态,执行步骤h;步骤f)所述动态令牌更新所述功能菜单索引,执行步骤h;步骤g)所述动态令牌更新所述种子菜单索引,执行步骤h;并且步骤h)所述动态令牌复位所述按键唤醒标志,所述按键处理流程结束。
- 如权利要求1所述的方法,其特征在于,所述步骤c中,还包括:若用户选择的操作为更新种子数据,所述动态令牌显示种子数据菜单,初始化种子菜单索引,设置系统状态为第四预设状态,执行步骤h;所述步骤c中,当用户选择的操作为烧写种子数据时,还包括:置位添加种子数据标志;所述步骤a中,还包括:当键值为第二预设键值且系统状态为所述第四预设状态时,所述动态令牌获取预先存储的动态令牌序列号并显示,设置系统状态为第五预设状态,复位所述添加种子数据标志,执行步骤h;当键值为第三预设键值且系统状态为所述第四预 设状态时,更新所述种子菜单索引,执行步骤h;所述步骤e中,所述存储采集到的光感数据中的种子数据具体包括:检查所述添加种子数据标志,若所述添加种子数据标志被置位,则存储采集到的光感数据中的种子数据,若所述添加种子数据标志未被置位,则用采集到的光感数据中的种子数据替换与种子菜单索引对应的种子数据。
- 如权利要求1所述的方法,其特征在于,所述步骤c中,还包括:若用户选择的操作为删除种子数据,则显示种子数据菜单,初始化种子菜单索引,设置系统状态为第十预设状态,执行步骤h;所述步骤a中,还包括:当键值为第二预设键值且系统状态为所述第十预设状态时,所述动态令牌删除与所述种子菜单索引对应的种子数据,显示功能菜单,初始化功能菜单索引,设置系统状态为第二预设状态,执行步骤h;当键值为第三预设键值且系统状态为所述第十预设状态时,更新所述种子菜单索引,执行步骤h。
- 如权利要求1所述的方法,其特征在于,所述步骤e替换为:所述动态令牌采集光感数据,判断采集到的光感数据中的序列号与预先存储的动态令牌序列号是否匹配,若匹配则显示采集到的光感数据中的应用信息,设置系统状态为第七预设状态,执行步骤h,若不匹配则清除采集到的光感数据,获取预先存储的动态令牌序列号并显示,设置系统状态为所述第五预设状态,执行步骤h;所述步骤a中,还包括:当键值为第二预设键值且系统状态为所述第七预设状态时,所述动态令牌存储采集到的光感数据中的种子数据,根据获取到的种子数据生成动态口令并显示,设置系统状态为所述第六预设状态,执行步骤h。
- 如权利要求1所述的方法,其特征在于,所述步骤e中,所述采集光感数据之后,所述判断采集到的光感数据中的序列号与预先存储的动态令牌序列号是否匹配之前,还包括:判断是否采集完成,若采集完成则判断采集到的光感数据中的序列号与预先存储的动态令牌序列号是否匹配;若采集未完成则判断是否采集超时,若采集超时则停止采集光感数据,提示种子数据烧写超时,获取预先存储的动态令牌序列号并显示,设置系统状态为所述第五预设状态,执行步骤h,若采集未超时则继续采集光感数据。
- 如权利要求1所述的方法,其特征在于,所述步骤e中,所述采集光感数据之前,还包括:设置系统状态为第八预设状态;所述采集光感数据之后,所述判断采集到的光感数据中的序列号与预先存储的动态令牌序列号是否匹配之前,还包括:判断是否采集完成,若采集完成则判断采集到的光感数据中的序列号与预先存储的动态令牌序列号是否匹配;若采集未完成则判断系统状态是否为第九预设状态,是则停止采集光感数据,提示已取消烧写种子数据,获取预先存储的动态令牌序列号并显示,设置系统状态为所述第五预设状态,执行步骤h,否则继续采集光感数据;所述中断处理流程中,当所述按键标志被置位时,所述置位按键唤醒标志之前,还包括:判断系统状态,若系统状态为所述第八预设状态则获取并判断键值,当键值为所述第一预设键值时,设置系统状态为第九预设状态,所述中断处理流程结束,当键值不为所述第一预设键值时,所述中断处理流程结束;若系统状态不为所述第八预设状态则置位按键唤醒标志。
- 如权利要求1所述的方法,其特征在于,所述步骤a中,还包括:当键值为第一预设键值且系统状态为所述第三、第四或第六预设状态时,显示功能菜单,初始化功能菜单索引,设置系统状态为第二预设状态,执行步骤h;当键值为第四预设键值且系统状态不为第一预设状态时设置系统状态为所述第一预设状态,执行步骤h。
- 如权利要求1所述的方法,其特征在于,所述步骤e中,所述存储采集到的光感数据中的种子数据之后,根据最新存储的种子数据生成动态口令并显示之前,还包括:从采集到的光感数据中获取动态口令显示位数,并将获取到的动态口令显示位数与获取到的种 子数据对应存储;所述步骤e中,所述根据最新存储的种子数据生成动态口令并显示,具体包括:根据最新存储的种子数据生成动态口令,再根据最新存储的动态口令显示位数截取生成的动态口令,显示截取得到的数据;所述步骤d中,所述根据读取到的种子数据生成动态口令并显示,具体包括:根据读取到的种子数据生成动态口令,根据动态令牌中存储的与读取到的种子数据对应的动态口令显示位数截取生成的动态口令,显示截取得到的数据。
- 如权利要求1所述的方法,其特征在于,所述中断处理流程中,当所述按键中断标志未被置位时,还包括:判断RTC中断标志是否被置位,是则置位RTC唤醒标志,复位所述RTC中断标志,所述中断处理流程结束,否则所述中断处理流程结束;其中,当所述RTC中断被触发时,所述RTC中断标志被置位;所述步骤S3替换为:所述动态令牌判断是否有被置位的唤醒标志,如果有被置位的唤醒标志则依次检查所述RTC唤醒标志和所述按键唤醒标志,若所述按键唤醒标志被置位,则进入所述按键处理流程,待所述按键处理流程结束后,重新执行步骤S3,若所述RTC唤醒标志被置位,则进入RTC处理流程,待所述RTC处理流程结束后,重新执行步骤S3;如果没有被置位的唤醒标志则所述动态令牌进入休眠模式,等待被唤醒,返回步骤S2;所述RTC处理流程包括:步骤X1)所述动态令牌递减RTC中断次数,判断所述RTC中断次数是否为预设次数,是则复位所述RTC唤醒标志,执行步骤X2,否则执行步骤X2;步骤X2)所述动态令牌递增第一参数和第二参数,分别判断所述第一参数和所述第二参数是否达到相应阈值,若所述第一参数达到所述第一参数的阈值,则设置所述第一参数为其初始值,更新所述动态令牌中存储的第一时间因子,若所述第二参数达到所述第二参数的阈值,则设置所述第二参数为其初始值,更新所述动态令牌中存储的第二时间因子,然后执行步骤X3;若所述第一参数和所述第二参数均未达到相应阈值则直接执行步骤X3;步骤X3)所述动态令牌更新校准计数值,判断所述第一参数是否等于预设值,是则执行步骤X4,否则所述RTC处理流程结束;并且步骤X4)所述动态令牌根据所述校准计数值和所述动态令牌内预先存储的校准值判断是否需要对所述第一参数和所述第二参数进行校准,是则根据所述校准值和所述校准计数值更新所述第一参数、所述第二参数和所述校准计数值,所述RTC处理流程结束,否则所述RTC处理流程结束。
- 如权利要求9所述的方法,其特征在于,所述步骤e中,所述存储采集到的光感数据中的种子数据之后,根据最新存储的种子数据生成动态口令并显示之前,还包括:从采集到的光感数据中获取动态令牌模式信息,若获取到的动态令牌模式信息为事件型,则将获取到的动态令牌模式信息与获取到的种子数据对应存储,并设置与所述获取到的种子数据对应的事件因子,若获取到的动态令牌模式信息为第一时间模式或第二时间模式,则将获取到的动态令牌模式信息与获取到的种子数据对应存储;所述步骤e中,所述根据最新存储的种子数据生成动态口令,具体包括:检查最新存储的动态令牌模式信息,若为事件模式,则根据最新存储的种子数据和最新设置的事件因子生成动态口令,若为第一时间模式,则根据最新存储的种子数据和所述动态令牌中的第一时间因子生成动态口令,若为第二时间模式,则根据最新存储的种子数据和所述动态令牌中的第二时间因子生成动态口令;所述步骤d中,所述根据读取到的种子数据生成动态口令,具体包括:检查与所述动态令牌中存储的与读取到的种子数据对应的动态令牌模式信息,若为事件模式,则根据读取到的种子数据和所述动态令牌中存储的与读取到的种子数据对应的事件因子生成动态口令,若为第一时间模式,则根据读取到的种子数据和所述动态令牌中的第一时间因子生成 动态口令,若为第二时间模式,则根据读取到的种子数据和所述动态令牌中的第二时间因子生成动态口令。
- 如权利要求10所述的方法,其特征在于,所述根据最新存储的种子数据和最新设置的事件因子生成动态口令之前或之后,还包括:更新最新设置的事件因子;所述根据读取到的种子数据和所述动态令牌中存储的与读取到的种子数据对应的事件因子生成动态口令之前或之后,还包括:更新与读取到的种子数据对应的事件因子。
- 如权利要求9所述的方法,其特征在于,所述RTC处理流程中还包括:检测所述动态令牌是否被开壳,并且当检测出所述动态令牌被开壳时清除所述动态令牌内部存储的敏感数据,置位开壳标志;其中,所述敏感数据包括种子数据;所述步骤b中,显示功能菜单之前,还包括:检查所述开壳标志是否被置位,是则提示动态令牌已自毁,执行步骤h,否则显示功能菜单。
- 如权利要求9所述的方法,其特征在于,所述步骤X4中,当不需要对所述第一参数和所述第二参数进行校准时,以及根据所述校准值和所述校准计数值更新所述第一参数、所述第二参数和所述校准计数值之后,还包括:检查系统状态,若系统状态为所述第一预设状态则所述RTC处理流程结束,若系统状态不为所述第一预设状态则递减自动关机时间,若所述自动关机时间等于预设时间,则对显示屏下电,设置系统状态为所述第一预设状态,所述RTC处理流程结束,若所述自动关机时间不等于所述预设时间,则所述RTC处理流程结束;所述按键处理流程中,所述步骤a之前,还包括:重置所述自动关机时间。
- 如权利要求9所述的方法,其特征在于,所述步骤e中,所述存储采集到的光感数据中的种子数据之后,根据最新存储的种子数据生成动态口令并显示之前,还包括:从采集到的光感数据中获取种子数据有效期,将获取到的种子数据有效期与获取到的种子数据对应存储;所述步骤X2中,当所述第二参数达到所述第二参数的阈值时,还包括:根据所述动态令牌中存储的与各种子数据对应的种子数据有效期检查各种子数据是否到期,并更新未到期的种子数据对应的种子数据有效期,置位到期的种子数据对应的种子数据失效标志;所述步骤d中,根据读取到的种子数据生成动态口令之前,还包括:检查与读取到的种子数据对应的种子数据失效标志是否被置位,是则提示种子数据失效,执行步骤h,否则根据读取到的种子数据生成动态口令。
- 如权利要求9所述的方法,其特征在于,所述动态令牌根据所述校准计数值和所述动态令牌内预先存储的校准值判断是否需要对所述第一参数和所述第二参数进行校准,具体包括:所述动态令牌判断所述校准值和0x7F进行与运算的结果是否小于所述校准计数值,是则需要对所述第一参数和所述第二参数进行校准,否则不需要对所述第一参数和所述第二参数进行校准。
- 如权利要求15所述的方法,其特征在于,所述根据所述校准值和所述校准计数值更新所述第一参数、所述第二参数和所述校准计数值,具体包括:更新所述校准计数值为其当前值减去所述校准值,检查所述校准值的最高位,若所述校准值的最高位为1,则更新所述第一参数为其当前值减1,更新所述第二参数为其当前值减1;若所述校准值的最高位为0,则更新所述第一参数为其当前值加1,更新所述第二参数为其当前值加1。
- 如权利要求1所述的方法,其特征在于,所述中断处理流程中,所述判断按键中断标志是否被置位之前,还包括:判断工装通信中断标志是否被置位,是则置位工装通信唤醒标志,复位所述工装通信中断标志,所述中断处理流程结束,否则执行所述判断按键中断标志是否被置位;其中,当所述动态令牌接收到工装发送的通信数据时触发工装通信中断,所述工装通信中断标志被置位;所述步骤S3替换为:所述动态令牌判断是否有被置位的唤醒标志,如果有被置位的唤 醒标志则依次检查所述工装通信唤醒标志和所述按键唤醒标志,若所述工装通信标志被置位,则进入工装通信处理流程,待所述工装通信处理流程结束后,重新执行步骤S3,若所述按键唤醒标志被置位,则进入所述按键处理流程,待所述按键处理流程结束后,重新执行步骤S3,如果没有被置位的唤醒标志则所述动态令牌进入休眠模式,等待被唤醒,返回步骤S2;所述工装通信处理流程包括:步骤Y1)关闭总中断,判断当前接收到的数据是否为所述工装发送的唤醒信号,是则向所述工装返回握手信号,继续接收所述工装发送的通信数据,执行步骤Y2,否则执行步骤Y3;步骤Y2)判断当前接收到的数据的类型,若为获取令牌硬件信息命令,则获所述获取令牌硬件信息命令中的随机数,保存所述随机数,并将获取到的随机数返回给所述工装,执行步骤Y3,若为其他工装命令,则根据所述动态令牌中保存的随机数对接收到的工装命令进行解密,执行解密后的命令,并向所述工装返回执行结果,执行步骤Y3,否则执行步骤Y3;并且步骤Y3)置位所述工装通信唤醒标志,使能总中断,所述工装通信处理流程结束。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/115,938 US10255421B2 (en) | 2014-12-15 | 2015-08-21 | Working method for multi-seed one-time password |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410771841.2 | 2014-12-15 | ||
CN201410771841.2A CN104506319B (zh) | 2014-12-15 | 2014-12-15 | 一种多种子动态令牌的工作方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016095555A1 true WO2016095555A1 (zh) | 2016-06-23 |
Family
ID=52948035
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2015/087772 WO2016095555A1 (zh) | 2014-12-15 | 2015-08-21 | 一种多种子动态令牌的工作方法 |
Country Status (3)
Country | Link |
---|---|
US (1) | US10255421B2 (zh) |
CN (1) | CN104506319B (zh) |
WO (1) | WO2016095555A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI671645B (zh) * | 2016-03-17 | 2019-09-11 | 香港商阿里巴巴集團服務有限公司 | 隨機數的生成及獲取方法和裝置 |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104333454B (zh) * | 2014-10-28 | 2017-07-14 | 飞天诚信科技股份有限公司 | 一种可更新种子的动态令牌的工作方法 |
CN104506319B (zh) * | 2014-12-15 | 2017-11-28 | 飞天诚信科技股份有限公司 | 一种多种子动态令牌的工作方法 |
US11064358B2 (en) * | 2016-05-24 | 2021-07-13 | Feitian Technologies Co., Ltd. | One-time-password authentication method and device |
US10115104B2 (en) * | 2016-09-13 | 2018-10-30 | Capital One Services, Llc | Systems and methods for generating and managing dynamic customized electronic tokens for electronic device interaction |
CN108234110B (zh) * | 2017-12-29 | 2019-07-12 | 飞天诚信科技股份有限公司 | 信用卡及其工作方法 |
US11340796B2 (en) * | 2019-08-30 | 2022-05-24 | Dell Products L.P. | Method for managing sleep mode at a data storage device and system therefor |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20070075715A (ko) * | 2006-01-16 | 2007-07-24 | (주)에이티솔루션 | 일회용 비밀번호 생성방법과 일회용 비밀번호 인증 시스템 |
CN203870558U (zh) * | 2014-05-09 | 2014-10-08 | 杭州晟元芯片技术有限公司 | 一种用于动态令牌系统的主控芯片 |
KR101459415B1 (ko) * | 2014-01-13 | 2014-11-20 | 주식회사 에스씨테크원 | 금융카드의 집적회로를 이용한 일회용 패스워드 생성 장치 및 방법 |
CN104184590A (zh) * | 2014-09-01 | 2014-12-03 | 飞天诚信科技股份有限公司 | 一种激活动态令牌的方法和装置 |
CN104333454A (zh) * | 2014-10-28 | 2015-02-04 | 飞天诚信科技股份有限公司 | 一种可更新种子的动态令牌的工作方法 |
CN104506319A (zh) * | 2014-12-15 | 2015-04-08 | 飞天诚信科技股份有限公司 | 一种多种子动态令牌的工作方法 |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8832453B2 (en) * | 2007-02-28 | 2014-09-09 | Red Hat, Inc. | Token recycling |
US8190906B1 (en) * | 2008-12-16 | 2012-05-29 | Emc Corporation | Method and apparatus for testing authentication tokens |
WO2010111440A2 (en) * | 2009-03-25 | 2010-09-30 | Pacid Technologies, Llc | Token for securing communication |
CN101719826B (zh) * | 2009-05-13 | 2013-01-02 | 北京宏基恒信科技有限责任公司 | 具有种子密钥更新功能的动态令牌及其种子密钥的更新方法 |
US7970954B2 (en) | 2009-08-04 | 2011-06-28 | Dell Products, Lp | System and method of providing a user-friendly device path |
WO2011099325A1 (ja) * | 2010-02-15 | 2011-08-18 | 株式会社日立製作所 | 暗号通信システム及びそれに用いる送信機及び受信機 |
US8590030B1 (en) * | 2011-04-14 | 2013-11-19 | Symantec Corporation | Credential seed provisioning system |
US8745710B1 (en) * | 2012-06-25 | 2014-06-03 | Amazon Technologies, Inc. | Automated secret renegotiation |
CN102882678B (zh) * | 2012-07-02 | 2014-10-29 | 飞天诚信科技股份有限公司 | 一种非接触式烧写种子的方法及系统 |
CN103780388A (zh) * | 2012-10-25 | 2014-05-07 | 苏州海博智能系统有限公司 | 动态令牌种子密钥自助更新的方法及系统 |
US9332010B2 (en) * | 2014-03-07 | 2016-05-03 | Motorola Solutions, Inc. | Methods and systems for token-based application management |
-
2014
- 2014-12-15 CN CN201410771841.2A patent/CN104506319B/zh active Active
-
2015
- 2015-08-21 US US15/115,938 patent/US10255421B2/en active Active
- 2015-08-21 WO PCT/CN2015/087772 patent/WO2016095555A1/zh active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20070075715A (ko) * | 2006-01-16 | 2007-07-24 | (주)에이티솔루션 | 일회용 비밀번호 생성방법과 일회용 비밀번호 인증 시스템 |
KR101459415B1 (ko) * | 2014-01-13 | 2014-11-20 | 주식회사 에스씨테크원 | 금융카드의 집적회로를 이용한 일회용 패스워드 생성 장치 및 방법 |
CN203870558U (zh) * | 2014-05-09 | 2014-10-08 | 杭州晟元芯片技术有限公司 | 一种用于动态令牌系统的主控芯片 |
CN104184590A (zh) * | 2014-09-01 | 2014-12-03 | 飞天诚信科技股份有限公司 | 一种激活动态令牌的方法和装置 |
CN104333454A (zh) * | 2014-10-28 | 2015-02-04 | 飞天诚信科技股份有限公司 | 一种可更新种子的动态令牌的工作方法 |
CN104506319A (zh) * | 2014-12-15 | 2015-04-08 | 飞天诚信科技股份有限公司 | 一种多种子动态令牌的工作方法 |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI671645B (zh) * | 2016-03-17 | 2019-09-11 | 香港商阿里巴巴集團服務有限公司 | 隨機數的生成及獲取方法和裝置 |
US10691415B2 (en) | 2016-03-17 | 2020-06-23 | Alibaba Group Holding Limited | Random number generation and acquisition method and device |
US10929103B2 (en) | 2016-03-17 | 2021-02-23 | Advanced New Technologies Co., Ltd. | Random number generation and acquisition method and device |
US11182129B2 (en) | 2016-03-17 | 2021-11-23 | Advanced New Technologies Co., Ltd. | Random number generation and acquisition method and device |
Also Published As
Publication number | Publication date |
---|---|
US10255421B2 (en) | 2019-04-09 |
CN104506319B (zh) | 2017-11-28 |
US20170293751A1 (en) | 2017-10-12 |
CN104506319A (zh) | 2015-04-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016095555A1 (zh) | 一种多种子动态令牌的工作方法 | |
US10069821B2 (en) | Operating method for one-time password with updatable seed | |
JP4320013B2 (ja) | 不正処理判定方法、データ処理装置、コンピュータプログラム、及び記録媒体 | |
EP2078272B1 (en) | Protecting secret information in a programmed electronic device | |
US8549314B2 (en) | Password generation methods and systems | |
WO2019200799A1 (zh) | 短信验证码的推送方法、电子装置及可读存储介质 | |
CN102611556B (zh) | 一种动态令牌的工作方法 | |
KR101756692B1 (ko) | 다이나믹 보안모듈 단말장치 및 그 구동방법 | |
CN102098315A (zh) | 一种客户端安全登录方法、装置及系统 | |
WO2010111440A2 (en) | Token for securing communication | |
WO2011050321A1 (en) | Compact security device with transaction risk level approval capability | |
TW201539247A (zh) | 密碼輸入與確認方法及其系統 | |
CN101286848A (zh) | 登录认证方法和登录签名程序 | |
US9781104B2 (en) | Working method of dynamic token | |
CN103235911A (zh) | 一种签名方法 | |
CN103118201A (zh) | 一种触摸屏解锁系统及方法 | |
US8683211B2 (en) | Method of projecting a secure USB key | |
JP2011028623A (ja) | 情報処理装置およびプログラム | |
US20210192023A1 (en) | Authenticating an entity | |
US20210209216A1 (en) | System and user pattern authentication method for preventing smudge and shoulder surfing attack of mobile device | |
JP5565030B2 (ja) | 機密情報消去方法および機密情報消去装置とそのプログラム | |
CN116340920B (zh) | 一种基于安全模型的智能穿戴设备密码锁系统 | |
RU190666U1 (ru) | Аппаратный кошелек для криптовалюты | |
EP3573305A1 (en) | Authenticating an entity | |
WO2021229584A1 (en) | System and method to support message authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15869066 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15869066 Country of ref document: EP Kind code of ref document: A1 |