WO2020259202A1 - Procédé d'authentification de dispositif dans un environnement de bureau, équipement de bureau et système - Google Patents

Procédé d'authentification de dispositif dans un environnement de bureau, équipement de bureau et système Download PDF

Info

Publication number
WO2020259202A1
WO2020259202A1 PCT/CN2020/093217 CN2020093217W WO2020259202A1 WO 2020259202 A1 WO2020259202 A1 WO 2020259202A1 CN 2020093217 W CN2020093217 W CN 2020093217W WO 2020259202 A1 WO2020259202 A1 WO 2020259202A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication factor
authentication
office equipment
user equipment
office
Prior art date
Application number
PCT/CN2020/093217
Other languages
English (en)
Chinese (zh)
Inventor
李东声
Original Assignee
天地融科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 天地融科技股份有限公司 filed Critical 天地融科技股份有限公司
Publication of WO2020259202A1 publication Critical patent/WO2020259202A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Definitions

  • the present invention relates to the field of electronic technology, in particular to a device authentication method, office equipment and system in an office environment.
  • the present invention aims to solve one of the above-mentioned problems.
  • the main purpose of the present invention is to provide a device authentication method in an office environment.
  • Another object of the present invention is to provide an office system.
  • Another object of the present invention is to provide an office equipment.
  • One aspect of the present invention provides a device authentication method in an office environment, which includes: Step 1. Office equipment establishes a short-range wireless communication connection with user equipment; Step 2. The office equipment negotiates with the user equipment to generate an initial authentication factor , The initial authentication factor is used as the current first authentication factor of the office equipment; step 3.
  • step 4 The office equipment monitors whether there are authentication factor rolling events and authentication scanning events, and the occurrence of authentication factor rolling events is monitored
  • step 4 the office equipment obtains the current number of the office equipment according to the authentication factor rolling mode agreed with the user equipment The next first authentication factor of an authentication factor, and use the next first authentication factor as the current first authentication factor of the office equipment; and return to step 3;
  • step 5 the office equipment scans the user equipment For the broadcasted second authentication factor, if the second authentication factor broadcasted by the user equipment is scanned, step 6 is performed; step 6, according to the authentication factor rolling mode agreed with the user equipment, obtain the current office equipment The lower 1 to m first authentication factors of the first authentication factor and the upper 1 to n first authentication factors of the current first authentication factor of the office equipment, where m and n are positive integers greater than 1; step 7.
  • the first authentication factors are compared with the second authentication factors, and if they are consistent, the first authentication factor that is consistent with the second authentication factor is used as the current first authentication of the office equipment Factor, and return to step 3; if there is no coincidence, go to step 8; step 8, the office equipment executes corresponding security control operations in accordance with the predetermined security policy.
  • Another aspect of the present invention provides a computer-readable storage medium including computer instructions, which when executed, cause the above-mentioned device authentication method in an office environment to be executed.
  • an office equipment including: a communication module for establishing a short-range wireless communication connection with a user equipment; an authentication factor negotiation module for negotiating with the user equipment to generate an initial authentication factor, and The initial authentication factor is used as the current first authentication factor of the office equipment to trigger the monitoring module to work; the monitoring module is used to monitor whether there is an authentication factor rolling event and an authentication scanning event.
  • the authentication factor rolling module is triggered to work; when an authentication scan event is detected, the scanning detection module is triggered to work; the authentication factor rolling module is used to obtain the data according to the factor rolling mode agreed with the user equipment The next first authentication factor of the current first authentication factor of the office equipment, and use the next first authentication factor as the current first authentication factor of the office equipment, and trigger the monitoring module; the scan The detection module is configured to scan the second authentication factor broadcasted by the user equipment, and trigger the authentication module when the second authentication factor broadcasted by the user equipment is scanned; the authentication module is configured to interact with the user The device-appointed authentication factor rolling mode to obtain the lower 1 to m first authentication factors of the current first authentication factor of the office equipment and the upper 1 to n first authentication factors of the current first authentication factor of the office equipment , Where m and n are positive integers greater than 1; the current first authentication factor of the office equipment, the next 1 to m first authentication factors of the current first authentication factor of the office equipment, and the office equipment The top 1 to n first authentication factors
  • Another aspect of the present invention provides an office system, including: user equipment and the above-mentioned office equipment, wherein: the user equipment is used to establish a short-range wireless communication connection with the office equipment, and then communicate with the office equipment.
  • the device negotiates to generate an initial authentication factor, and uses the initial authentication factor as the current second authentication factor of the user equipment; also used to broadcast the current second authentication factor of the user equipment; also used to monitor whether there is an authentication factor rolling event If an authentication factor rolling event is detected, according to the authentication factor rolling mode agreed with the office equipment, the next second authentication factor of the current second authentication factor of the user equipment is obtained, and all The next second authentication factor is used as the current second authentication factor of the user equipment.
  • the present invention provides an equipment authentication method, office equipment and office system in an office environment.
  • the office equipment can authenticate the user equipment in real time. Once the authentication fails, it will execute Safely control operations to ensure that after the employee’s user equipment and office equipment communicate with each other, it is always the same user equipment and the legal user equipment is logging in to use the office equipment, protecting the employee’s business secrets, and preventing irrelevant personnel from performing corresponding actions on this office equipment. Operation, resulting in information leakage.
  • loss of synchronization caused by packet loss or clock drift can be avoided, and the office equipment can correct errors by itself to ensure that the authentication factor of the office equipment and the user equipment side is synchronized after the loss of synchronization.
  • Figure 1 is a schematic structural diagram of an office system provided by an embodiment of the present invention.
  • FIG. 2 is a flowchart of a device authentication method in an office environment provided by an embodiment of the present invention
  • Figure 3 is a schematic structural diagram of office equipment provided by an embodiment of the present invention.
  • the embodiment of the present invention is based on an office system.
  • the office system includes office equipment 10 and user equipment 20.
  • the office equipment 10 may be shared office equipment within the company, such as office equipment such as computers, printers, keyboards, scanners, and fixed telephones.
  • the user equipment 20 is a device that is individually issued for each employee of the company and is bound to the employee. It can be a mobile terminal (such as a smart phone), a smart key device (such as a USB), a smart card, and a wearable device (such as a hand Ring, smart watch, smart glasses) and so on.
  • Each employee has a unique user ID, but can have one or more of the above-mentioned user devices.
  • the user ID of the employee is stored in the user device, which can identify the employee and determine the employee's user identity.
  • authentication and login between the user equipment and the office equipment it represents that the employee is using the office equipment.
  • Multiple user devices of an employee cannot be used at the same time.
  • the currently logged-in office device will prompt the employee to have the employee’s
  • the user can reject the request and continue to use the logged-in office equipment; or, alternatively, can agree to the request to make the current user equipment log out of the logged-in office equipment, and make another user’s equipment log in to the requested other office equipment. Sign in on office equipment.
  • the office equipment 10 and the user equipment 20 in the present invention can establish short-range wireless communication.
  • the office equipment 10 and the user equipment 20 can establish wireless communication through RF, NFC, Bluetooth, WIFI, 2.4G, and 433M. connection.
  • the office equipment 10 and the user equipment 20 negotiate authentication factors to obtain at least their initial authentication factors.
  • the office equipment 10 and the user equipment 20 respectively use the initial authentication factors as the current first authentication factors of the office equipment 10 And the current second authentication factor of the user equipment 20.
  • the office equipment 10 and the user equipment 20 simultaneously perform the rolling of authentication factors when they detect that the authentication factor rolling event occurs. That is, both parties can use the same rolling event to generate the same at the same time using the same strategy.
  • Authentication factor (not considering the clock error of both parties).
  • the office equipment 10 detects the occurrence of a preset authentication scan event, it compares its current first authentication factor and the specific first authentication factor before and after the current first authentication factor with the current one broadcasted by the user equipment 20 obtained by scanning. If the second authentication factor is consistent, the authentication is passed; otherwise, the authentication fails, the office equipment executes the corresponding security control operation according to the predetermined security policy.
  • the authentication scan event can be the completion of the initial authentication factor, the receipt of the scanning instruction, the reaching the preset scanning period, etc. Therefore, the office equipment in the present invention can authenticate the user equipment in real time based on the authentication scan event.
  • This embodiment provides a device authentication method in an office environment.
  • This authentication method can be applied to the office system as shown in Figure 1.
  • the device authentication method in the office environment specifically includes the following steps S101-S108:
  • a short-range wireless communication connection can be established between office equipment and user equipment.
  • a wireless communication connection can be established between office equipment and user equipment through RF, NFC, Bluetooth, WIFI, 2.4G, and 433M.
  • the office equipment and the user equipment perform data transmission through a short-range wireless communication connection.
  • the office equipment obtains the authentication factor broadcast by the user equipment through the short-range wireless communication connection, thereby completing the real-time authentication of the user equipment by the office equipment.
  • the office equipment and the user equipment may also establish a wired connection. In the embodiment of the present invention, only a short-distance wireless communication connection between the office equipment and the user equipment is used as an example for description.
  • establishing a short-range wireless communication connection between the office equipment and the user equipment includes: establishing a first wireless connection between the office equipment and the user equipment; establishing a short distance between the office equipment and the user equipment through the first wireless connection transmission Link-related information of the wireless communication connection; office equipment and user equipment use the link-related information to establish a short-range wireless communication connection.
  • the first wireless connection may include, but is not limited to, NFC connection, Bluetooth connection, WIFI connection, human body communication connection, etc.
  • the transmitted link related information may include Bluetooth pairing information, WIFI password, etc., which is in the present invention No specific restrictions. In practical applications, for example, employees can place the badge (i.e.
  • the method provided in this embodiment further includes: authenticating through NFC to ensure that the two devices that establish the Bluetooth connection It is legal and safe.
  • the equipment authentication in the office environment provided in this embodiment is The method also includes: mutual authentication between the office equipment and the user equipment.
  • the authentication method can include, but is not limited to, verifying the digital certificate of the other party, verifying the digital signature sent by the other party, verifying the device identification of the other party's device, and verifying the user ID stored in the user's device. This verification method can use existing verification. Ways, I will not repeat them here.
  • the legitimacy of the devices of both parties can be ensured, thereby ensuring that the employee’s information will not be leaked, and that the user’s device can log in to the office for the employee The only device of the device.
  • verifying the user ID stored in the user device it can be ensured that the user of the user device is an employee of the company and the login is legal.
  • the office equipment negotiates with the user equipment to generate an initial authentication factor, and uses the initial authentication factor as the current first authentication factor of the office equipment;
  • the office equipment and the user equipment negotiate authentication factors to at least obtain their initial authentication factors.
  • the office equipment and the user equipment respectively use the initial authentication factors as the current office equipment.
  • the office equipment and the user equipment synchronize the rolling of the authentication factors when they detect the occurrence of the authentication factor rolling event, that is, both parties can use the same rolling event to generate the same authentication factor at the same time using the same strategy (Do not consider the clock error of both sides).
  • the first authentication factor of the office equipment includes multiple generated simultaneously with the user equipment, and the initial authentication factor is the first authentication factor of the first authentication factor of the office equipment.
  • the current first authentication factor (including initial authentication factor) of the office equipment includes but is not limited to one or more of the following: acquisition time, the number of accumulated authentication factors at the time of acquisition, and The key generated by the algorithm negotiated with the user equipment.
  • the first authentication factor may be a time value of a local clock of the office device or a time check value calculated by using a preset algorithm for the time value.
  • the office equipment and the user equipment perform time synchronization when negotiating the initial authentication factor. After the time synchronization, the office equipment and the user equipment respectively calculate the current value of the local clock or the current value of the clock. The time check value is used as the initial authentication factor.
  • the office equipment and the user equipment synchronize the scrolling of the authentication factor, when the authentication factor rolling event is monitored, the current time value or time check value of the respective local clock is used as the current authentication factor.
  • the clocks of the office equipment and the user equipment are synchronized, thereby ensuring that the current time values of the office equipment and the user equipment are consistent.
  • the first authentication factor may be the count value of the local counter of the office equipment or the count check value calculated by using a preset algorithm for the count value .
  • the office equipment and the user equipment negotiate the initial authentication factor, their respective local counters are synchronously cleared, and their respective counters are incremented by 1, and then the office equipment and the user equipment each add the current value of the local counter or The counter check value calculated according to the current value of the counter is used as the initial authentication factor.
  • the office equipment and the user equipment synchronize the scrolling of the authentication factor, when an authentication factor rolling event is detected, the current count value or the count check value of the respective local counter is used as the respective current authentication factor.
  • the local counters of office equipment and user equipment are used to record the number of occurrences of the same event. For example, it is possible to record the number of rolls of local authentication factors, that is, whenever the current value of the first authentication factor of the office equipment changes, The value of the local counter of the office equipment is increased by 1. Similarly, every time the value of the current second authentication factor of the user equipment changes, the value of the local counter on the user equipment side is also increased by 1, thereby ensuring that the office equipment and the user The value of the device's counter is the same.
  • the first authentication factor may be a key.
  • the office equipment and the user equipment may first establish a secure channel, and then the office equipment and the user equipment negotiate and generate an initial key, which is used as the first authentication factor .
  • the key may include but is not limited to symmetric key, MAC value, random number, etc.
  • step S103 Office equipment monitors whether there are authentication factor rolling events and authentication scanning events. In the case where authentication factor rolling events are detected, step S104 is performed, and when authentication scanning events are detected, step S105 is performed;
  • the authentication factor rolling event at least includes: reaching a preset rolling period, and each rolling period is the first interval from the current first authentication factor to the next first authentication factor.
  • the preset duration; the authentication scan event includes at least one of the following: the office equipment negotiates with the user equipment to generate the initial authentication factor, the scan instruction is received, and the preset scan period is reached, where the scan period is the first interval between two scans 2. The preset duration. .
  • the authentication factor rolling event is used to trigger the acquisition of the current first authentication factor of the office equipment when the event occurs, and the event is a periodic event, which triggers the factor rolling every predetermined duration.
  • the preset duration of the rolling cycle of the office equipment is set to be the same as the preset duration of the scrolling cycle of the user equipment to ensure that the interval between the office equipment and the user equipment is the same to scroll to the next authentication factor, that is, to ensure that both parties simultaneously generate their own authentication factors.
  • the office equipment monitors that the timing reaches the preset duration of the rolling period, it executes step S104 and restarts timing, continues to monitor whether the preset duration of the rolling period is reached, and performs periodic monitoring to complete the authentication factor. Rolling generation.
  • the office equipment can be set with a reset timer for monitoring the rolling cycle of the authentication factor.
  • the timing period is a preset duration. After the timing expires, reset and re-timing for periodic timing.
  • counters, Clock chip and so on are examples of counters, Clock chip and so on.
  • resetting the timer is only used as a way to implement the authentication factor rolling event, and the present invention is not limited.
  • the authentication scan event is used to trigger the office equipment to scan the authentication factor broadcast by the user equipment when the event occurs.
  • the authentication scan event may be that the office equipment and the user equipment are establishing a short-range wireless communication connection and the initial authentication factor is negotiated, and step S105 is executed after the authentication scan event is detected.
  • the office equipment can continuously scan the authentication factors broadcast by the user equipment after it has monitored that the initial authentication factor is generated through negotiation with the user equipment; it can also be initiated by the user logging in to the office equipment and input a scanning instruction to the office equipment to indicate the The office equipment scans the authentication factor broadcast by the user's user equipment; it can also be a periodic event, and the scan period is set to a preset duration.
  • the monitoring time Whenever the monitoring time reaches the preset duration, it scans the authentication factor broadcast by the user equipment and restarts Time, continue to monitor whether the preset scanning period is reached, and perform periodic monitoring.
  • the office equipment can be set with a reset timer for monitoring the scanning period.
  • the timing period is a preset duration. After the timing expires, it resets and re-times for periodic timing.
  • the office equipment obtains the next first authentication factor of the current first authentication factor of the office equipment according to the authentication factor rolling mode agreed upon with the user equipment, and uses the next first authentication factor as the current first authentication factor of the office equipment; And return to step S103;
  • the office equipment obtains the next first authentication factor of the current first authentication factor of the office equipment according to the authentication factor rolling mode agreed with the user equipment, including one of the following methods:
  • the office equipment negotiates with the user equipment to obtain a first authentication factor pool including multiple first authentication factors, and select the current first authentication of the office equipment from the first authentication factor pool according to the pre-negotiated authentication factor hopping strategy The next first authentication factor of the factor;
  • the office equipment obtains the next first authentication factor of the current first authentication factor of the office equipment according to the authentication factor acquisition strategy negotiated with the user equipment based on the current first authentication factor of the office equipment. This ensures that the office equipment and the user equipment can scroll their authentication factors synchronously.
  • the office equipment and the user equipment generate an authentication factor pool in advance before the authentication factor is rolled.
  • the authentication factor pool includes multiple keys generated according to the algorithm negotiated with the user equipment, and generated by the algorithm negotiated with the user equipment
  • the key can be, but is not limited to, a symmetric key, MAC value, random number, etc.
  • Both parties can perform authentication factor rolling in the authentication factor pool according to a pre-negotiated strategy. For example, office equipment and user equipment generate their own authentication factor pools when they establish a communication connection to negotiate the initial authentication factors. Multiple authentication factors in the authentication factor pool are arranged in sequence, and the two parties can select the next one in order whenever the rolling period is reached.
  • One authentication factor, or the next authentication factor can be selected according to a pre-negotiated strategy (for example, the next authentication factor is selected to obtain the current authentication factor at intervals of one authentication factor).
  • the present invention does not limit this, as long as it can ensure that both parties’
  • the authentication factor can be synchronized by rolling. As a result, both the office equipment and the user equipment simultaneously scroll to the next authentication factor when the monitoring reaches the preset rolling period.
  • This acquisition method can enable office equipment and user equipment to generate multiple authentication factors at a time in advance for the scrolling of the authentication factors, avoiding the problem of easy error when generating an authentication factor at a time due to clock errors, and avoiding clock errors. The problem of authentication failure.
  • the office equipment and the user equipment generate the next authentication factor in real time.
  • the current time, the number of accumulatively generated authentication factors and the key generated according to the algorithm negotiated between the office equipment and the user equipment can be used as the next authentication factor.
  • the key generating factor may include, but is not limited to, the current time, the number of accumulatively generated authentication factors so far, random numbers, and so on.
  • both the office equipment and the user equipment generate the next authentication factor in real time, which can prevent an attacker from forging the next authentication factor in advance and maliciously log in to the office equipment, thereby protecting the security of the office equipment.
  • step S105 The office equipment scans the second authentication factor broadcasted by the user equipment, and if the second authentication factor broadcasted by the user equipment is scanned, step S106 is executed;
  • the office equipment scans the second authentication factor broadcasted by the user equipment within its signal coverage area when it detects that an authentication scanning event occurs.
  • the authentication factor is scrolled synchronously with the office equipment.
  • the user equipment negotiates with the office equipment to generate an initial authentication factor, and uses the initial authentication factor as the current second authentication factor of the user equipment; when the user equipment detects the occurrence of an authentication factor rolling event, it will follow the authentication agreed upon with the office equipment
  • the factor rolling mode the next second authentication factor of the current second authentication factor of the user equipment is obtained, and the next second authentication factor is used as the current second authentication factor of the user equipment, and the authentication factor rolling event is continuously monitored to complete the authentication factor Scroll.
  • the way the user equipment obtains the current second authentication factor is the same as the way the office equipment side obtains the current first authentication factor.
  • the user equipment After the office equipment and the user equipment negotiate to generate the initial authentication factor, the user equipment continuously or periodically broadcasts the current second authentication factor that it generates on a rolling basis.
  • the method provided in this embodiment further includes: the user equipment enters the sleep mode, and after entering the sleep mode, every Wake up once in a predetermined wake-up period, and broadcast the current second authentication factor of the user equipment during the wake-up period. This can save the power of the user's equipment and extend the use time. Wherein, during the sleep period, the user equipment keeps scrolling the authentication factor in synchronization with the office equipment.
  • the user equipment may also not enter the sleep mode, and continuously or periodically broadcast the current second authentication factor, so that the office equipment does not need to wait or wake up the user equipment to resume working status, and can scan the second authentication factor of the user equipment in time.
  • Authentication factor complete real-time authentication in time.
  • the user equipment automatically enters the dormant state or is temporarily disconnected from the office equipment, as long as the user does not leave the office equipment completely, that is, only the user equipment cannot receive the scanning instruction of the office equipment within the preset time, or as long as If the user equipment does not receive an instruction to clear the authentication factor, a disconnection instruction, or a sleep instruction sent by the office equipment to indicate that the user equipment can no longer use the office equipment, the user equipment continues to work with the office according to the previous authentication factor rolling method.
  • the device synchronously scrolls the authentication factor, so that when the employee brings the user device back and uses the office device after a short period of time, or uses the office device again after waking up from the dormant state periodically, the user device can keep rolling synchronization with the authentication factor on the office device side , The office equipment can continue to compare the current authentication factors of both parties in real time.
  • step S107 Set the current first authentication factor of the office equipment, the lower 1 to m first authentication factors of the current first authentication factor of the office equipment, and the upper 1 to n first authentication factors of the current first authentication factor of the office equipment, respectively Compare with the second authentication factor, if there is a match, use the first authentication factor that is consistent with the second authentication factor as the current first authentication factor of the office equipment, and return to step S103; if there is no match , Then execute step S108;
  • the office equipment in order to avoid out-of-synchronization (that is, inconsistent comparison and authentication failure) caused by packet loss or clock drift, the office equipment adds redundant comparison and self-error correction methods. That is, in step S106, the office equipment is provided with an out-of-step recovery window, and the window contains the current first authentication factor of the office equipment and a specific number of first authentication factors before and after. When the office equipment scans the current second authentication factor broadcasted by the user equipment, it compares with all the first authentication factors in the window. If there is a match, the authentication can be passed, indicating that the user of the office equipment currently in use and the current office equipment The bindings are consistent and the user does not leave the office equipment.
  • the office equipment returns to step S103 to continue to monitor whether there are authentication factor rolling events and authentication scanning events. If the first authentication factor that is consistent with the second authentication factor is not the current first authentication factor of the office equipment, but one of the upper n or lower m, it indicates that there is out of synchronization caused by packet loss or clock drift , But because it can match the first authentication factor in the window, the office equipment can correct its own errors, correct the current first authentication factor, and use the first authentication factor that is consistent with the second authentication factor as the current first authentication factor of the office equipment. Authentication factor, and return to step S103.
  • the office equipment When the office equipment detects that an authentication factor rolling event occurs, it obtains the lower authentication factor of the first authentication factor consistent with the second authentication factor according to the authentication factor rolling method agreed with the user equipment.
  • a first authentication factor (that is, the revised first authentication factor), and the next obtained first authentication factor is used as the current first authentication factor of the office equipment, so as to ensure that in the event of packet loss or clock drift
  • the office equipment can pass the authentication of the user equipment to ensure that the user can continue to use the office equipment without re-executing the operation of connection authentication and login.
  • it can correct its own errors to ensure that when the next rolling cycle arrives, it will scroll to the same authentication factor as the user equipment, that is, ensure that it is resynchronized with the second authentication factor on the user equipment side after losing synchronization.
  • the authentication factors generated by the office equipment and the user equipment according to the agreed authentication factor rolling mode are: A, B, C, D, E, F, G, H.... Set m to 1 and n to 1.
  • the window for out-of-synchronization recovery includes [B, C, D].
  • scan at this time The second authentication factor sent by the user equipment should also be C.
  • the second authentication factor broadcast by the user equipment scanned by the office equipment is D, and D is in the window, the authentication factor is deemed to be consistent and the authentication is passed. Since C is not scanned, it indicates that packet loss (or clock synchronization) has occurred, and error correction is required.
  • Office equipment uses D as the current first authentication factor.
  • the next first authentication factor should be At this time, the second authentication factor on the user equipment side is also scrolled to E, so as to achieve the purpose of resynchronizing with the second authentication factor on the user equipment side after the office equipment loses synchronization.
  • the office equipment obtains the next m first authentication factors of the current first authentication factor of the office equipment and the current first authentication factor of the office equipment according to the authentication factor rolling mode agreed upon with the user equipment.
  • the method for the upper n first authentication factors of the authentication factor may include: selecting the next m and/or the upper n current first authentication factors of the office equipment from the first authentication factor pool according to a pre-negotiated authentication factor hopping strategy The first authentication factor; or, the office equipment obtains the next m and/or upper n first authentications of the current first authentication factor of the office equipment according to the authentication factor acquisition strategy negotiated with the user equipment based on the current first authentication factor of the office equipment factor.
  • the method for obtaining the next m and/or n first authentication factors of the current first authentication factor is similar to the method for obtaining the next first authentication factor of the current first authentication factor.
  • the method for obtaining the next first authentication factor of the current first authentication factor is similar to the method for obtaining the next first authentication factor of the current first authentication factor.
  • the office equipment executes corresponding security control operations according to a predetermined security policy.
  • the safety control operation may include: a first safety control operation and a second safety control operation.
  • the two security control operations have different levels.
  • the first security control operation can be used as a high-level control.
  • the first strategy is used to execute the first security control operation, so that the user equipment The office equipment can no longer be connected and used;
  • the second security control can be used as a low-level control.
  • the second strategy is used to perform the second security control operation, so that the Office equipment cannot be used temporarily, so as to avoid the problem of illegal use of office equipment by others after employees leave for a short time.
  • the first security control operation may include but is not limited to one of the following: the office device sends a sleep instruction to the user equipment, sends a disconnection instruction to the user equipment, and disconnects from the user equipment. , Office equipment shut down. For example, after the office equipment fails to authenticate the user equipment, the office equipment sends an instruction to force the user equipment to sleep, and the user equipment enters the sleep state after receiving the sleep instruction, so that the user equipment cannot log in and use the office equipment normally. Avoid the risk of leakage of information stored on office equipment, prevent illegal users or non-identical user equipment from using the office equipment, and protect the privacy of employees.
  • the second security control operation may include, but is not limited to, one of the following: lock screen of office equipment, notify the PC connected to the office equipment to lock the screen, office equipment enters a sleep state, and office equipment Alarm, etc., as long as the user equipment can no longer use the office equipment, the present invention does not limit this method. This not only avoids the problem of illegal use of office equipment by other people after employees leave for a short time, but also facilitates employees to quickly restore office equipment to a usable state after employees leave for a short time and return.
  • the office equipment deletes all the first authentication factors stored locally, so as to provide more space for the next user equipment to synchronize the scrolling authentication factors after connecting with it.
  • the method provided in this embodiment further includes: the office equipment deletes all the first authentication factors stored locally. That is, after the office equipment executes the corresponding security control operations in accordance with the predetermined security policy, the office equipment is no longer used by the user device, which can save local storage space and provide a better update for the next user device to synchronize the rolling authentication factor after connecting with it.
  • the office equipment deletes all the first authentication factors stored locally. That is, after the office equipment executes the corresponding security control operations in accordance with the predetermined security policy, the office equipment is no longer used by the user device, which can save local storage space and provide a better update for the next user device to synchronize the rolling authentication factor after connecting with it.
  • the office equipment can also send an instruction to clear the authentication factor to the user equipment.
  • the user equipment After receiving the instruction, the user equipment deletes all the second authentication factors stored locally to save space on the user equipment and facilitate the request to log in to the next office equipment , You can synchronize the rolling authentication factor to provide more space after connecting with it.
  • the office equipment can authenticate the user equipment in real time. Once the authentication fails, the security control operation will be performed to ensure that the employee’s user equipment and the office equipment always communicate It is the same user device and a legitimate user device is logging in to use the office device to protect the employee’s business secrets and prevent irrelevant personnel from performing corresponding operations on this office device, causing information leakage.
  • loss of synchronization caused by packet loss or clock drift can be avoided, and the office equipment can correct errors by itself to ensure that the authentication factor of the office equipment and the user equipment side is synchronized after the loss of synchronization.
  • the method provided in this embodiment further includes: the office equipment detects whether the second authentication factor broadcast by the user equipment is scanned within a preset monitoring threshold, and if it is scanned, then Step S106 is performed; if it is not scanned, it is detected whether the second authentication factor broadcast by the user equipment is scanned within a preset time interval; if it is scanned, step S106 is performed; if it is not scanned, step S108 is performed.
  • the authentication scan event is still occurring.
  • the preset monitoring threshold + preset time interval can be understood as the user’s short-term departure from the set reasonable disconnection time. If the office equipment does not scan the second authentication factor broadcast by the user equipment within the preset monitoring threshold, it can be understood as this The employee only temporarily leaves the office equipment, and the office equipment can perform the second full control operation according to the second security policy, such as lock screen of the office equipment, sleep, etc.
  • the first security control operation can be performed according to the first security policy, such as disconnecting from the user equipment, deleting the link associated information of the user equipment, shutting down the office equipment, and so on.
  • employees may leave temporarily while using the office system. For example, set the preset monitoring threshold to 1 minute. If the employee leaves for 1 minute and does not return, the office equipment detects that the user device is not scanned within the preset monitoring threshold
  • the user equipment may perform a second security control operation, for example, lock the screen. For example, set the preset time interval to 5 minutes. If the employee leaves for 5 minutes and does not return, the office equipment detects that the second authentication factor broadcast by the user equipment is not scanned within the preset time interval.
  • the user equipment The first safety control operation can be performed, for example, shutdown.
  • the second security control operation is different from the first security control operation. Therefore, different security control strategies can be set and multi-level security control can be performed according to the time when the user leaves. , Provide convenience for users.
  • the user equipment if the user equipment does not receive the scanning instruction sent by the office equipment within the preset time (indicating that the user completely leaves the office equipment and no longer uses the office equipment for a period of time), execute Delete all the second authentication factors stored locally to save the space of the user's device and facilitate the request to log in to the next office device. After connecting with it, the rolling authentication factor can be synchronized to provide more sufficient space. If it is necessary to reconnect with the office equipment, steps S101 to S108 are executed again.
  • step S103 further includes: office equipment monitors whether a predetermined key event occurs, and when a predetermined key event is detected, step S109 (not shown in FIG. 1) Out); Step S109, the office equipment starts the camera device to collect the user's face image information, and performs face recognition authentication on the face image information; wherein the predetermined key event includes at least one of the following: the office equipment and the user equipment negotiate to generate The initial authentication factor is completed, the office equipment receives an encrypted input instruction, and the office equipment recognizes that the password input is received. If the authentication is passed, return to step S103 to continue monitoring whether a predetermined key event occurs; if the authentication fails, then perform step S108.
  • the user can send an encrypted input instruction to the keyboard.
  • the keyboard receives the encrypted input instruction input by the user
  • the information input by the user on the keyboard will be encrypted, and step S109 is executed.
  • the keyboard recognizes that the password input has been received when the PIN code is received, and step S109 may also be executed at this time.
  • This implementation can support the use of face recognition assistance when performing key actions on the user equipment (for example, encrypting the information entered by the user on the keyboard or entering the PIN code and other key actions).
  • the security control operation is performed to ensure that the operator and the user device user logging in the office equipment are the same person, thereby protecting data security from malicious theft in some key events.
  • This embodiment also provides a computer-readable storage medium, including computer instructions, which, when executed, cause the aforementioned device authentication method in an office environment to be executed.
  • Fig. 1 shows an office system provided by an embodiment of the present invention
  • Fig. 3 shows an office equipment provided by an embodiment of the present invention
  • the office system and office equipment adopt the above-mentioned equipment authentication method in the office environment.
  • the following only briefly describes the structure of the office system and office equipment. For other matters not covered, please refer to the relevant description of the above-mentioned equipment authentication method in the office environment.
  • the office system provided by the embodiment of the present invention includes: office equipment 10 and user equipment 20; among them:
  • the office equipment 10 is used to negotiate with the user equipment to generate an initial authentication factor after establishing a short-range wireless communication connection with the user equipment, and use the initial authentication factor as the current first authentication factor of the office equipment; it is also used to monitor whether there is an authentication factor rolling event And the authentication scanning event occurs, in the case of monitoring the occurrence of the authentication factor rolling event, according to the authentication factor rolling method agreed with the user equipment, obtain the next first authentication factor of the current first authentication factor of the office equipment, and download A first authentication factor is used as the current first authentication factor of the office equipment; when an authentication scan event is detected, the second authentication factor broadcast by the user equipment is scanned, and the second authentication factor broadcast by the user equipment is scanned Next, according to the authentication factor rolling mode agreed with the user equipment, obtain the lower 1 to m first authentication factors of the current first authentication factor of the office equipment and the upper 1 to n first authentication factors of the current first authentication factor of the office equipment Factors, where m and n are positive integers greater than 1; the current first authentication factor of office equipment, the next
  • the first authentication factor that is consistent with the second authentication factor is used as the current first authentication of the office equipment Factors, and continue to monitor whether there is an authentication factor rolling event; if there is no consistent situation, perform corresponding security control operations in accordance with the predetermined security policy.
  • the user equipment 20 is configured to negotiate with the office equipment to generate an initial authentication factor after establishing a short-range wireless communication connection with the office equipment, and use the initial authentication factor as the current second authentication factor of the user equipment; and also to broadcast the current second authentication factor of the user equipment Authentication factor; it is also used to monitor whether there is an authentication factor rolling event. When an authentication factor rolling event is detected, it will obtain the current second authentication factor of the user equipment according to the authentication factor rolling method agreed with the office equipment. A second authentication factor, and the next second authentication factor is used as the current second authentication factor of the user equipment.
  • the user equipment 20 is further configured to enter a sleep state when receiving a sleep instruction sent by the office equipment.
  • the user equipment 20 is also configured to enter the sleep mode after negotiating with the office equipment to generate the initial authentication factor, and after entering the sleep mode, wake up once every predetermined wake-up period, During the wake-up period, the current second authentication factor of the user equipment is broadcast.
  • the authentication factor rolling event of the user equipment at least includes: reaching a preset rolling period, wherein the preset duration of the rolling period is the same as the preset duration of the office equipment.
  • the office equipment 10 includes: a communication module 101, an authentication factor negotiation module 102, a monitoring module 103, an authentication factor rolling module 104, a scanning detection module 105, an authentication module 106, and a security control module 107; among them:
  • the communication module 101 is used to establish a short-range wireless communication connection with the user equipment 20;
  • the authentication factor negotiation module 102 is configured to negotiate with the user equipment 20 to generate an initial authentication factor, use the initial authentication factor as the current first authentication factor of the office equipment 10, and trigger the monitoring module 103 to work;
  • the monitoring module 103 is used to monitor whether there is an authentication factor rolling event and an authentication scanning event.
  • the authentication factor rolling module 104 is triggered to work; when an authentication scanning event is detected Next, trigger the scan detection module 105 to work;
  • the authentication factor rolling module 104 is configured to obtain the next first authentication factor of the current first authentication factor of the office equipment according to the factor rolling mode agreed with the user equipment 20, and use the next first authentication factor as the current first authentication factor of the office equipment An authentication factor, and trigger the monitoring module 103;
  • the scanning detection module 105 is configured to scan the second authentication factor broadcast by the user equipment 20, and trigger the authentication module 106 when the second authentication factor broadcast by the user equipment 20 is scanned;
  • the authentication module 106 is configured to obtain the lower 1 to m first authentication factors of the current first authentication factor of the office equipment 10 and the upper limit of the current first authentication factor of the office equipment 10 according to the authentication factor rolling mode agreed with the user equipment 20 1 to n first authentication factors, where m and n are positive integers greater than 1.
  • the current first authentication factor of office equipment 10 and the next 1 to m first authentication factors of office equipment 10 s current first authentication factor
  • the first authentication factor and the current first authentication factor of the office equipment 10 are compared with the second authentication factor. If there is a match, the first authentication factor that is consistent with the second authentication factor will be compared with the second authentication factor.
  • the authentication factor is used as the current first authentication factor of the office equipment 10 and triggers the monitoring module 103; if there is no agreement, the security control module 107 is triggered;
  • the security control module 107 is configured to perform corresponding security control operations according to a predetermined security policy.
  • the current first authentication factor of the office equipment 10 includes one or more of the following: acquisition time, the cumulative number of authentication factors at the time of acquisition, and generation according to an algorithm negotiated with the user equipment Key.
  • the authentication factor rolling event includes at least: reaching a preset rolling period, and each rolling period is a preset duration; the authentication scan event includes at least one of the following: office equipment 10 and user The device 20 negotiates to generate the initial authentication factor, receives the scan instruction, and reaches the preset scan period.
  • the authentication factor rolling module 104 obtains the next first authentication factor of the current first authentication factor of the office equipment in the following manner: negotiates with the user equipment 20 to obtain the first authentication factor including multiple first authentication factors.
  • a first authentication factor pool of an authentication factor, and the next first authentication factor of the current first authentication factor of the office equipment 10 is selected from the first authentication factor pool according to the pre-negotiated authentication factor hopping strategy; or, based on the office equipment 10
  • the current first authentication factor obtains the next first authentication factor of the current first authentication factor of the office equipment 10 according to the authentication factor acquisition policy negotiated with the user equipment 20.
  • the scanning detection module 105 is further configured to detect whether the second authentication factor broadcast by the user equipment 20 is scanned within a preset monitoring threshold when the second authentication factor broadcast by the user equipment 20 is not scanned, and if it is scanned, then Trigger the authentication module 106; if it is not scanned, detect whether the second authentication factor broadcasted by the user equipment 20 is scanned within a preset time interval; if it is scanned, the authentication module 106 is triggered; if it is not scanned, the security control module is triggered 107.
  • the office equipment 10 further includes: a face verification module 108;
  • the monitoring module 103 is also used to monitor whether a predetermined key event occurs, and when a predetermined key event is detected, the face verification module 108 is triggered; wherein the predetermined key event includes at least one of the following: office equipment 10 After negotiating with the user equipment 20 to generate the initial authentication factor, the office equipment 10 receives the encrypted input instruction, and the office equipment 10 recognizes that the password input is received; the face verification module 108 is used to activate the camera device to collect the user’s face image information, And perform face recognition authentication on face image information.
  • the security control module 107 executes corresponding security control operations in accordance with a predetermined security policy at least in the following ways: triggering the communication module 101 to send a sleep instruction to the user equipment 20; the communication module 101 also Used to send a sleep instruction to the user equipment 20.
  • the office equipment 10 further includes: an authentication factor clearing module 109, configured to delete all the first authentication factors stored in the office equipment 10 after the security control module 107 performs a security control operation.
  • the office equipment can authenticate the user equipment in real time. Once the authentication fails, the security control operation will be performed to ensure that the employee’s user equipment and office equipment are always the same after communication is established. User equipment and legitimate user equipment are logging in to use the office equipment to protect the employee’s business secrets and prevent irrelevant personnel from performing corresponding operations on this office equipment, causing information leakage. During authentication, loss of synchronization caused by packet loss or clock drift can be avoided, and the office equipment can correct errors by itself to ensure that the authentication factor of the office equipment and the user equipment side is synchronized after the loss of synchronization.
  • each part of the present invention can be implemented by hardware, software, firmware or a combination thereof.
  • multiple steps or methods can be implemented by software or firmware stored in a memory and executed by a suitable instruction execution system.
  • a logic gate circuit for implementing logic functions on data signals
  • PGA programmable gate array
  • FPGA field programmable gate array
  • the functional units in the various embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units may be integrated into one module.
  • the above-mentioned integrated modules can be implemented in the form of hardware or software functional modules. If the integrated module is implemented in the form of a software function module and sold or used as an independent product, it may also be stored in a computer readable storage medium.
  • the aforementioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé d'authentification de dispositif dans un environnement de bureau, un équipement de bureau et un système. Le procédé comprend les étapes suivantes : S1, établir une connexion de communication sans fil à courte distance entre un équipement de bureau et un équipement utilisateur ; S2, utiliser un facteur d'authentification initial généré par négociation en tant que premier facteur d'authentification courant pour l'équipement de bureau ; S3, exécuter S4 si la survenue d'un événement de défilement du facteur d'authentification est surveillée, exécuter S5 si la survenue d'un événement de balayage d'authentification est surveillée ; S4, acquérir le premier facteur d'authentification suivant, utiliser le facteur d'authentification suivant en tant que premier facteur d'authentification courant, et revenir à S3 ; S5, balayer pour acquérir un second facteur d'authentification diffusé par l'équipement utilisateur ; S6, acquérir les 1-m suivants et les 1-m précédents premiers facteurs d'authentification du premier facteur d'authentification courant ; S7, comparer les premiers facteurs d'authentification acquis respectivement avec le second facteur d'authentification, utiliser le premier facteur d'authentification conforme au second facteur d'authentification après comparaison en tant que premier facteur d'authentification courant et revenir à S3, ou exécuter S8 s'il n'y a pas de consistance ; S8, exécuter une opération de commande de sécurité.
PCT/CN2020/093217 2019-06-26 2020-05-29 Procédé d'authentification de dispositif dans un environnement de bureau, équipement de bureau et système WO2020259202A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910560503.7 2019-06-26
CN201910560503.7A CN112153642B (zh) 2019-06-26 2019-06-26 一种办公环境中的设备认证方法、办公设备及系统

Publications (1)

Publication Number Publication Date
WO2020259202A1 true WO2020259202A1 (fr) 2020-12-30

Family

ID=73869786

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/093217 WO2020259202A1 (fr) 2019-06-26 2020-05-29 Procédé d'authentification de dispositif dans un environnement de bureau, équipement de bureau et système

Country Status (2)

Country Link
CN (1) CN112153642B (fr)
WO (1) WO2020259202A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI130737B1 (fi) * 2022-01-14 2024-02-20 Framery Oy Detektorin määrittelemän tilan kommunikaation ohjaus

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005038608A2 (fr) * 2003-10-15 2005-04-28 Koolspan, Inc. Gestion de donnees d'abonnes en masse
CN101102192A (zh) * 2007-07-18 2008-01-09 北京飞天诚信科技有限公司 认证设备、方法和系统
WO2011054044A1 (fr) * 2009-11-06 2011-05-12 Emue Holdings Pty Ltd Procédé et système permettant de valider des identifiants
CN102165460A (zh) * 2008-08-20 2011-08-24 韦尔普罗有限责任公司 用于生成密码的数据包发生器
WO2015073422A2 (fr) * 2013-11-15 2015-05-21 Landis+Gyr Innovations, Inc. Système et procédé permettant de mettre à jour une clé de chiffrement dans un réseau
CN107222306A (zh) * 2017-01-22 2017-09-29 天地融科技股份有限公司 一种密钥更新方法、装置及系统

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8943560B2 (en) * 2008-05-28 2015-01-27 Microsoft Corporation Techniques to provision and manage a digital telephone to authenticate with a network
CN101872392A (zh) * 2009-04-23 2010-10-27 陶梦曦 一种计算机动态安全认证方法
CN102685330A (zh) * 2012-05-15 2012-09-19 江苏中科梦兰电子科技有限公司 一种以手机为鉴权工具登录操作系统的方法
CN103488932A (zh) * 2013-10-16 2014-01-01 重庆邮电大学 一种移动设备与个人电脑的桌面安全互信系统及其实现方法
EP2925037A1 (fr) * 2014-03-28 2015-09-30 Nxp B.V. Autorisation d'accès à base NFC aux données d'un dispositif tiers
CN104363226B (zh) * 2014-11-12 2017-03-22 深圳市腾讯计算机系统有限公司 一种登录操作系统的方法、装置及系统
CN105744468A (zh) * 2016-02-03 2016-07-06 重庆邮电大学 基于蓝牙通信技术的出勤监控方法及系统
CN105681328B (zh) * 2016-02-26 2019-04-09 安徽华米信息科技有限公司 控制电子设备的方法、装置及电子设备
CN105893802A (zh) * 2016-03-29 2016-08-24 四川效率源信息安全技术股份有限公司 一种基于蓝牙锁定/解锁电脑屏幕的方法
CN106792436A (zh) * 2016-11-21 2017-05-31 深圳市金立通信设备有限公司 一种切换模式的方法、第一终端及第二终端
CN107733872B (zh) * 2017-09-18 2022-03-25 北京小米移动软件有限公司 信息打印方法及装置
CN108322507B (zh) * 2017-12-28 2021-02-19 天地融科技股份有限公司 一种利用安全设备执行安全操作的方法及系统

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005038608A2 (fr) * 2003-10-15 2005-04-28 Koolspan, Inc. Gestion de donnees d'abonnes en masse
CN101102192A (zh) * 2007-07-18 2008-01-09 北京飞天诚信科技有限公司 认证设备、方法和系统
CN102165460A (zh) * 2008-08-20 2011-08-24 韦尔普罗有限责任公司 用于生成密码的数据包发生器
WO2011054044A1 (fr) * 2009-11-06 2011-05-12 Emue Holdings Pty Ltd Procédé et système permettant de valider des identifiants
WO2015073422A2 (fr) * 2013-11-15 2015-05-21 Landis+Gyr Innovations, Inc. Système et procédé permettant de mettre à jour une clé de chiffrement dans un réseau
CN107222306A (zh) * 2017-01-22 2017-09-29 天地融科技股份有限公司 一种密钥更新方法、装置及系统

Also Published As

Publication number Publication date
CN112153642A (zh) 2020-12-29
CN112153642B (zh) 2022-02-22

Similar Documents

Publication Publication Date Title
US9268932B2 (en) Authentication of devices in a wireless network
JP4357480B2 (ja) 無線通信認証プログラムおよび無線通信プログラム
EP2857947B1 (fr) Dispositif de terminal et son procédé de déverrouillage
US20060225129A1 (en) Authentication system for authenticating communication terminal
CN106780901A (zh) 一种基于手机mac地址的智能门锁系统及其应用
CN104751032A (zh) 身份验证方法及装置
CN105389500A (zh) 利用一个设备解锁另一个设备的方法
JP2005516268A (ja) コンピュータシステムを動作させる方法
CN102316449B (zh) 一种安全终端系统及其认证和中断方法
CN108322507B (zh) 一种利用安全设备执行安全操作的方法及系统
US9747469B2 (en) Method and system for cryptographically enabling and disabling lockouts for critical operations in a smart grid network
WO2020259202A1 (fr) Procédé d'authentification de dispositif dans un environnement de bureau, équipement de bureau et système
US9876792B2 (en) Apparatus and method for host abstracted networked authorization
CN113904856A (zh) 认证方法、交换机和认证系统
JP6717068B2 (ja) 情報処理端末、情報処理システム、プログラム、および制御方法
CN112149099B (zh) 一种办公安全控制方法、安全键盘及办公系统
CN112149096B (zh) 一种办公认证方法、安全键盘及办公系统
CN112149083B (zh) 一种设备认证方法、安全键盘及办公系统
WO2020259203A1 (fr) Procédé, appareil et système de contrôle de sécurité
CN112149098B (zh) 一种办公系统安全控制方法、装置及系统
CN111179475B (zh) 一种离线生成临时密码的系统及方法
CN112152960B (zh) 一种办公系统安全控制方法、装置及系统
JP2007026037A (ja) 認証装置、認証システム、認証方法およびプログラム
CN112149082A (zh) 一种办公系统安全控制方法、装置及系统
US20220414355A1 (en) Relay attack detection for interfaces using command-response pair

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20831619

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20831619

Country of ref document: EP

Kind code of ref document: A1