CN106452845A - Online unlocking implementation method and apparatus - Google Patents

Online unlocking implementation method and apparatus Download PDF

Info

Publication number
CN106452845A
CN106452845A CN201610833664.5A CN201610833664A CN106452845A CN 106452845 A CN106452845 A CN 106452845A CN 201610833664 A CN201610833664 A CN 201610833664A CN 106452845 A CN106452845 A CN 106452845A
Authority
CN
China
Prior art keywords
cipher key
key equipment
intelligent cipher
sequence number
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610833664.5A
Other languages
Chinese (zh)
Other versions
CN106452845B (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201610833664.5A priority Critical patent/CN106452845B/en
Publication of CN106452845A publication Critical patent/CN106452845A/en
Application granted granted Critical
Publication of CN106452845B publication Critical patent/CN106452845B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an online unlocking implementation method and apparatus. The method comprises the following steps: when user information input by a user is received, judging whether the user information is correct, and terminating if the user information is incorrect; if the user information is correct, acquiring a serial number of an intelligent key device, judging whether the serial number of the intelligent key device is matched with the user information, if not, terminating, and if so, acquiring a corresponding administrator password according to the serial number of the intelligent key device; and using the administrator password to perform an unlocking operation on the intelligent key device. The method in the embodiment is suitable for the situation that when the intelligent key device of the user is locked or when a personal identification code is forgotten, and when the user accesses a website to submit data, the user inserts the intelligent key device needing to be unlocked, the apparatus acquires the serial number of the intelligent key device from the intelligent key device, calculates the administrator password according to the serial number of the intelligent key device and uses the administrator password to unlock the intelligent key device, thereby being safe and convenient.

Description

A kind of implementation method of online unblock and device
Technical field
The present invention relates to electronics field, the implementation method of more particularly, to a kind of online unblock and device.
Background technology
Intelligent cipher key equipment is a kind of small hardware device with processor and memory, and it can be by the number of computer It is connected with computer according to communication interface.Intelligent cipher key equipment completes the generation of key by built-in single-chip microcomputer or intelligent card chip And the safety storage of key, wherein can preset AES function, and the computing related to key set in intelligent key completely , so that intelligent cipher key equipment has the characteristic of attack resistance, security is high for standby internal operation.
In prior art, intelligent cipher key equipment (USB Key) is generally by the PIN code of verification user input Whether (personal identification number, PIN) correctness closes the identity to verify this user Method.Specific checking procedure includes:Intelligent cipher key equipment is connected with computer, and it is defeated to intelligent cipher key equipment that user passes through computer Enter PIN code, the correctness of intelligent cipher key equipment this PIN code of automatic Verification.When user input PIN code verification correct when it is allowed to This user operation intelligent cipher key equipment;When the PIN code check errors of user input and the number of times of mistake reached set in advance During maximum, the PIN code of this user is locked by intelligent cipher key equipment, and user will be unable to reuse this intelligent cipher key equipment, user This intelligent cipher key equipment is given keeper and PIN code is unlocked by needs.In prior art, keeper solves to PIN code Lock is general manually to be inputted sopin (administrator's password) to realize, and workload is too big;And decode the sopin of use every time All identical, there is potential safety hazard.
Content of the invention
The invention aims to overcoming the deficiencies in the prior art, provide a kind of implementation method of online unblock and dress Put.
The invention provides a kind of implementation method of online unblock, including:
Step S1:When device receives the user profile of user input, judge whether described user profile is correct, is then Execution step S2, otherwise terminates;
Step S2:Described device obtains the sequence number of intelligent cipher key equipment, and judges the sequence of described intelligent cipher key equipment Number whether mate with described user profile, be then execution step S3, otherwise terminate;
Step S3:Described device obtains corresponding administrator's password according to the sequence number of described intelligent cipher key equipment;
Step S4:Described device is unlocked operation using described administrator's password to described intelligent cipher key equipment.
Wherein, described step S1 includes:When described device receives the user profile of user input, judge described user Whether information is mated with the user profile preserving, and is then execution step S2, otherwise terminates.
Wherein, the sequence number of described device acquisition intelligent cipher key equipment with the sequence number judging described intelligent cipher key equipment is No and described user profile includes between mating:Described device judges whether to get the sequence number of described intelligent cipher key equipment, It is to continue, otherwise terminate.
Wherein, described device obtains the sequence number of intelligent cipher key equipment, specially:Described device is obtained by first interface The sequence number of described intelligent cipher key equipment.
Wherein, described device judges whether to get the sequence number of described intelligent cipher key equipment, specially:Described device is sentenced Whether the return value of disconnected described first interface is preset value, is to get the sequence number of described intelligent cipher key equipment, otherwise not Get the sequence number of described intelligent cipher key equipment.
Wherein, include before described step S1:When device receives unlock trigger information, eject the unblock page and wait User input user profile, execution step S1.
Wherein, successfully then also include as unlocked in described step S4:Reset PIN and notify user.
Wherein, described step S4 includes:Described administrator's password is carried out by described device as parameter call second interface Checking, as being proved to be successful, calls the 3rd interface to reset the PIN of described intelligent cipher key equipment, and judges described Whether the 3rd interface returns true value, is then to unlock successfully, otherwise unlocks unsuccessfully, terminates, such as authentication failed then unlocks failure, knot Bundle.
Wherein, described device includes client-side program and background server, and described step S3 includes:Described client-side program Sequence number according to described intelligent cipher key equipment obtains corresponding administrator's password from background server.
Wherein, described device is client-side program, and described step S3 includes:Described client-side program is close according to described intelligence The sequence number of key equipment is calculated administrator's password.
Wherein, described device includes client-side program and background server, and described step S3 includes:
Step S3-1:Described client-side program obtains from background server according to the sequence number of described intelligent cipher key equipment Random number after encryption;
Step S3-2:Described client-side program is decrypted to the random number after described encryption using client private key and obtains Random number, the sequence number of described intelligent cipher key equipment is spliced with described random number, carries out Hash operation to splicing result Obtain administrator's password.
Wherein, include before described step S4:Described client-side program obtains random train from described intelligent cipher key equipment;
Described step S4 includes:Described client-side program is encrypted to described random train using described administrator's password, Encrypted result is verified as parameter call second interface, as being proved to be successful, calls the 3rd interface to reset described intelligence The PIN of energy key devices, and judge whether described 3rd interface returns true value, it is then to unlock successfully, otherwise unblock is lost Lose, terminate, such as authentication failed then unlocks failure, terminate.
Wherein, described step S3-1 is specially:The sequence number of described intelligent cipher key equipment is sent by described client-side program To described background server;Described background server obtains corresponding random number according to the sequence number of described intelligent cipher key equipment, Random after described random number being encrypted using client public key with the random number after obtaining described encryption and described encrypting Number is sent to described client-side program.
Wherein, successfully also include as unlocked in described step S4:
Step A1:The sequence number of described intelligent cipher key equipment and described administrator's password are spelled by described client-side program Connect, Hash operation is carried out to splicing result and obtains new random number;
Step A2:Described sequence number and described new random number are spliced by described client-side program, and splicing result is entered Row Hash operation obtains new administrator's password;
Step A3:Described client-side program according to described new administrator's password modify administrator's password operation, and Judge whether successfully, to be then to send modification administrator's password operation successful information to background server, terminate, otherwise terminate.
Wherein, methods described also includes:After described background server receives modification administrator's password operation successful information, The sequence number of described intelligent cipher key equipment is spliced with the described random number preserving, and Hash operation is done to splicing result and obtained To the first cryptographic Hash, with described first cryptographic Hash, spliced splicing result is carried out to the sequence number of described intelligent cipher key equipment and does Hash operation obtains the second cryptographic Hash, and replaces, with described second cryptographic Hash, the described random number preserving.
Wherein, before described client-side program sends modification administrator's password operation successful information to described background server Including:Described client-side program generates the first data and with background server public key, described first data is encrypted, and will add Close result is sent to described background server;Described background server uses background server private key after receiving described encrypted result Described encrypted result is decrypted, as successful decryption then replaces, with decrypted result, the described random number preserving, such as deciphers unsuccessfully Return deciphering failure information to described client-side program, terminate.
Invention further provides a kind of online unblock realize device, including:
Receiver module, for the user profile of receiving user's input;
First judge module, whether correct for judging the user profile that described receiver module receives, and be used for sentencing Disconnected result is that when being, triggering obtains judge module;
Described acquisition judge module, for obtaining the sequence number of intelligent cipher key equipment, and judges described intelligent cipher key equipment Sequence number whether mate with described user profile, and for judged result be when trigger the first acquisition module;
Described first acquisition module, obtains corresponding keeper for the sequence number according to described intelligent cipher key equipment close Code;
Unlocked state, for being unlocked operation using described administrator's password to described intelligent cipher key equipment.
Wherein, described first judge module specifically for judge described user profile whether with the user profile preserving Join, and be that when being, triggering obtains judge module for judged result.
Wherein, described device also includes the second judge module, for judging whether described acquisition judge module gets institute State the sequence number of intelligent cipher key equipment.
Wherein, described acquisition judge module specifically includes:
First acquisition unit, for obtaining the sequence number of described intelligent cipher key equipment by first interface;
First judging unit, whether the sequence number for judging described intelligent cipher key equipment is mated with described user profile, And for judged result for triggering described first acquisition module when being.
Wherein, described second judge module is specifically for judging whether the return value of described first interface is preset value, is Then get the sequence number of described intelligent cipher key equipment, otherwise do not get the sequence number of described intelligent cipher key equipment.
Wherein, described receiver module, is additionally operable to receive unlock trigger information, and when receiving described unlock trigger information Eject the unblock page and wait user input user profile.
Wherein, described device also includes:Setup module, for, after the unblock success of described unlocked state, resetting PIN simultaneously notifies user.
Wherein, described unlocked state specifically for being tested described administrator's password as parameter call second interface Card, as being proved to be successful, calls the 3rd interface to reset the PIN of described intelligent cipher key equipment, and judges described the Whether three interfaces return true value, are then to unlock successfully, otherwise unlock unsuccessfully, and such as authentication failed then unlocks failure.
Wherein, described device includes client-side program and background server, and described client-side program includes described reception mould Block, the first judge module, obtain judge module, the first acquisition module and unlocked state, described background server be used for storage with The one-to-one administrator's password of intelligent cipher key equipment;
Described first acquisition module is specifically for the sequence number according to described intelligent cipher key equipment from described background server The corresponding administrator's password of middle acquisition.
Wherein, described device is client-side program, and described first acquisition module is specifically for setting according to described intelligent key Standby sequence number is calculated administrator's password.
Wherein, described device includes client-side program and background server, and described client-side program includes described reception mould Block, the first judge module, acquisition judge module, the first acquisition module and unlocked state, described background server is used for random Number is encrypted the random number after being encrypted;
Described first acquisition module includes:
Second acquisition unit, obtains from described background server for the sequence number according to described intelligent cipher key equipment and adds Random number after close;
Deciphering concatenation unit, is obtained at random for being decrypted to the random number after described encryption using client private key Number, the sequence number of described intelligent cipher key equipment is spliced with described random number, carries out Hash operation to splicing result and obtain Administrator's password.
Wherein, described client-side program also includes:Second acquisition module, for obtain from described intelligent cipher key equipment with Machine string;
Described unlocked state includes:
Ciphering unit, obtains encrypted result for being encrypted to described random train using described administrator's password;
Authentication unit, for being verified encrypted result as parameter call second interface, is such as proved to be successful, calls 3rd interface resets the PIN of described intelligent cipher key equipment, and judges whether described 3rd interface returns true value, It is then to unlock successfully, otherwise unlocks unsuccessfully, such as authentication failed then unlocks failure.
Wherein, described second acquisition unit is specifically for being sent to described backstage by the sequence number of described intelligent cipher key equipment Server;
Described background server obtains corresponding random number specifically for the sequence number according to described intelligent cipher key equipment, makes With client public key, described random number is encrypted obtain described encryption after random number and by described encryption after random number It is sent to described client-side program.
Wherein, described client-side program also includes:
First splicing hash module, for being spelled the sequence number of described intelligent cipher key equipment and described administrator's password Connect, Hash operation is carried out to splicing result and obtains new random number;
Second splicing hash module, for being spliced described sequence number and described new random number, enters to splicing result Row Hash operation obtains new administrator's password;
Modification judge module, for being modified administrator's password operation according to described new administrator's password, and judges Whether successful, and be to send modification administrator's password and operate to described background server when being successfully to believe for judged result Breath;
The modification administrator's password that described background server is additionally operable to receive described modification judge module transmission operates successfully Information.
Wherein, described background server is additionally operable to after receiving modification administrator's password operation successful information, will be described The sequence number of intelligent cipher key equipment is spliced with the described random number preserving, and does Hash operation to splicing result and obtain first Cryptographic Hash, the sequence number to described intelligent cipher key equipment and described first cryptographic Hash carry out spliced splicing result and do Hash fortune Calculation obtains the second cryptographic Hash, and replaces, with described second cryptographic Hash, the described random number preserving.
Wherein, described client-side program also includes:Generate encrypting module, for generating the first data and using background server Public key is encrypted to described first data and obtains encrypted result, and described encrypted result is sent to described background server;Institute State background server to be additionally operable to receive described encrypted result, and solved using encrypted result described in background server private key pair Close, as successful decryption then replaces, with decrypted result, the described random number preserving, such as decipher unsuccessfully to return to decipher to described device and lose Lose information.
The present invention compared with prior art, has advantages below:
The method of the present invention is applied to the intelligent cipher key equipment of user by situation that is locked or forgetting PIN, when User accesses website and submits data to, and insertion needs the intelligent cipher key equipment of unblock, and device obtains intelligence from intelligent cipher key equipment The sequence number of key devices, according to sequence number management of computing person's password of intelligent cipher key equipment, then reuses administrator's password It is unlocked, safe ready.
Brief description
The implementation method flow chart of a kind of online unblock that Fig. 1 provides for the embodiment of the present invention one;
The implementation method flow chart of a kind of online unblock that Fig. 2 provides for the embodiment of the present invention two;
The implementation method flow chart of a kind of online unblock that Fig. 3 provides for the embodiment of the present invention three;
The implementation method flow chart of a kind of online unblock that Fig. 4 provides for the embodiment of the present invention four;
A kind of online unblock that Fig. 5 provides for the embodiment of the present invention five realize device block diagram.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation description is it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, the every other enforcement that those skilled in the art are obtained under the premise of not making creative work Example, broadly falls into the scope of protection of the invention.
Embodiment one
The embodiment of the present invention one provides a kind of implementation method of online unblock, as shown in figure 1, including:
Step S1:When device receives the user profile of user input, judge whether user profile is correct, is to execute Step S2, otherwise terminates;
In the present embodiment, include before step S1:When device receives unlock trigger information, eject the unblock page simultaneously Wait user input user profile, execution step S1;
Specifically, judge whether user profile is correct, including:Judge user profile whether with the user profile preserving Join, be then execution step S2, otherwise terminate;
Step S2:Device obtains the sequence number of intelligent cipher key equipment, and judge the sequence number of intelligent cipher key equipment whether with User profile is mated, and is then execution step S3, otherwise terminates;
Specifically, in the present embodiment, device obtains the sequence number of intelligent cipher key equipment and judges intelligent cipher key equipment Whether sequence number is included between being mated with user profile:Device judges whether to get the sequence number of intelligent cipher key equipment, is then Judge whether the sequence number of intelligent cipher key equipment is mated with user profile, otherwise terminate;
In the present embodiment, device obtains the sequence number of intelligent cipher key equipment, judges whether to get intelligent cipher key equipment Sequence number, specially:Device obtains the sequence number of intelligent cipher key equipment by first interface, and judges returning of first interface Return whether value is preset value, be to get the sequence number of intelligent cipher key equipment, otherwise do not get the sequence of intelligent cipher key equipment Row number;
Step S3:Device obtains corresponding administrator's password according to the sequence number of intelligent cipher key equipment;
In the present embodiment, device can be client-side program, can also include background server, then step S3 have multiple Implementation, the embodiment of the present invention is described in detail with following several ways;
(1) device includes client-side program and background server, and client-side program is according to the sequence number of intelligent cipher key equipment Corresponding administrator's password is obtained from background server;
(2) device is client-side program, and client-side program is calculated keeper according to the sequence number of intelligent cipher key equipment Password;
(3) device includes client-side program and background server, and client-side program is according to the sequence number of intelligent cipher key equipment The random number after encryption is obtained from background server;Using client private key to encryption after random number be decrypted obtain with Machine number, the sequence number of intelligent cipher key equipment and random number are spliced, and carry out Hash operation to splicing result and obtain keeper Password;
Client-side program obtains the random number after encryption, tool according to the sequence number of intelligent cipher key equipment from background server Body is:The sequence number of intelligent cipher key equipment is sent to background server by client-side program;Background server is according to intelligent key The sequence number of equipment obtains corresponding random number, using client public key, random number is encrypted with the random number after being encrypted And the random number after encryption is sent to client-side program;
Step S4:Device is unlocked operation using administrator's password to intelligent cipher key equipment.
In the present embodiment, the result of unblock operation unlocks successfully and unlocks unsuccessfully, such as unlocks successfully then the present embodiment Method also includes:Device resets PIN and notifies user, such as unlocks and unsuccessfully then terminates;
Preferably, step S4 includes:Described administrator's password is tested by described device as parameter call second interface Card, as being proved to be successful, calls the 3rd interface to reset the PIN of described intelligent cipher key equipment, and judges described the Whether three interfaces return true value, are then to unlock successfully, otherwise unlock unsuccessfully, terminate, such as authentication failed then unlocks failure, terminate.
For improving the security of unblock, include before step S 4:Device obtains random train from intelligent cipher key equipment;Step Rapid S4 includes:Device is encrypted to random train using administrator's password, and encrypted result is entered as parameter call second interface Row checking, is such as proved to be successful, calls the 3rd interface to reset the PIN of intelligent cipher key equipment, and judge that the 3rd connects Whether mouth returns true value, is then to unlock successfully, otherwise unlocks unsuccessfully, terminates, such as authentication failed then unlocks failure, terminates.
In the present embodiment, successfully then also include as unlocked in step s 4:
Step A1:The sequence number of intelligent cipher key equipment and administrator's password are spliced by client-side program, to splicing knot Fruit carries out Hash operation and obtains new random number;
Step A2:Sequence number and new random number are spliced by client-side program, carry out Hash operation to splicing result and obtain To new administrator's password;
Step A3:Client-side program is modified administrator's password operation according to new administrator's password, and judges whether Success, is then to send modification administrator's password operation successful information to background server, terminates, otherwise terminate.
Background server, after receiving modification administrator's password operation successful information, can be carried out more to the random number preserving Newly, can be realized by following two methods;
(1) after background server receives modification administrator's password operation successful information, by the sequence of intelligent cipher key equipment Number spliced with the random number preserving, and splicing result is done with Hash operation obtain the first cryptographic Hash, to intelligent cipher key equipment Sequence number and the first cryptographic Hash carry out spliced splicing result and do Hash operation obtaining the second cryptographic Hash, and use the second Hash Value replaces the random number preserving.
(2) device includes before sending modification administrator's password operation successful information to background server:Device generates the One data is simultaneously encrypted to the first data with background server public key, and encrypted result is sent to background server;Backstage takes Business device is decrypted with background server private key pair encryption result after receiving encrypted result, and such as successful decryption then uses decrypted result Replace the random number preserving, such as decipher and unsuccessfully return deciphering failure information to device, terminate.
Embodiment two
The embodiment of the present invention two provides a kind of implementation method of online unblock, and the device in the present embodiment includes client journey Sequence and background server, as shown in Fig. 2 the method includes:
Step 101:When client-side program receives unlock trigger information, eject the unblock page and wait user input to use Family information;
In the present embodiment, user profile includes username and password;For example, user name is zhangsan, and password is Abcd1234;
Step 102:When client-side program receives the user profile of user input, judge whether user profile is correct, It is then execution step 103, otherwise terminate;
Specifically, step 102 includes:Client-side program judge the user profile that receives whether with the user profile preserving Coupling, is then execution step 103, otherwise terminates;
For example, in the present embodiment, the user profile of preservation is:User name zhangsan, password ABCD1234, then step 102 In be judged as otherwise terminating;As preserve user profile be:Zhangsan, password is Abcd1234, then be judged as in step 102 It is then execution step 103;
Step 103:Client-side program obtains the sequence number of intelligent cipher key equipment;
Specifically, in the present embodiment, client-side program is by calling P11's (PKCS11, cipher token interface standard) First interface (C_GetTokenInfo) obtains the sequence number of the intelligent cipher key equipment of insertion;
For example, in the present embodiment, the Serial No. of the intelligent cipher key equipment that client-side program gets 0653114714150A13, its corresponding user profile is:User name zhangsan, password ABCD1234;
Step 104:Client-side program judges whether to get the sequence number of intelligent cipher key equipment, is then execution step 105, Otherwise terminate;
In the present embodiment, client-side program judges whether the return value of the first interface of P11 is true value (true), is then Get the sequence number of intelligent cipher key equipment, otherwise do not get the sequence number of intelligent cipher key equipment;
For example, get Serial No. 0653114714150A13 of intelligent cipher key equipment in the present embodiment;
Step 105:Client-side program judges whether the sequence number getting intelligent cipher key equipment is believed with the user receiving Breath coupling, is then execution step 106, otherwise terminates;
For example, Serial No. 0653114714150A13 of intelligent cipher key equipment in the present embodiment, its corresponding user Information is:User name zhangsan, password ABCD1234, step 105 is judged as YES then execution step 106;
Step 106:Client-side program obtains corresponding pipe according to the sequence number of intelligent cipher key equipment from background server Reason person's password;
For example, in the present embodiment intelligent cipher key equipment the administrator's password corresponding to sequence number 0653114714150A13 For f048842c72383783;
Step 107:Client-side program is unlocked operation using administrator's password to intelligent cipher key equipment, and judges to unlock Whether successful, it is then to unlock successfully, resets PIN and notify user, otherwise unlock unsuccessfully, terminate;
In the present embodiment, step 107 includes:Client-side program is using administrator's password as the second of parameter call P11 Interface (C_Login) is verified, is such as proved to be successful, and calls the 3rd interface (C_InitPIN) of p11 to reset intelligence close The pin code of key equipment, and judge that whether the 3rd interface of p11 returns true, is then to unlock successfully, resets PIN And notify user, otherwise unlock unsuccessfully, such as authentication failed then unlocks failure, terminate;
For example, in the present embodiment, the PIN resetting is 06d49632 it is possible to pass through mail or note Mode notify user to reset after PIN;
Can also include when step 107 is judged as YES:Client-side program pop-up dialogue box, points out user to re-enter individual Identification code.
Embodiment three
The embodiment of the present invention three provides a kind of implementation method of online unblock, and the device in the present embodiment is client journey Sequence, as shown in figure 3, include:
Step 201:When device receives unlock trigger information, eject the unblock page and wait user input user to believe Breath;
In the present embodiment, user profile includes username and password;For example, user name is zhangsan, and password is Abcd1234;
Step 202:When device receives the user profile of user input, judge whether user profile is correct, is to hold Row step 203, otherwise terminates;
Specifically, step 202 includes:Device judges whether the user profile receiving is mated with the user profile preserving, It is then execution step 203, otherwise terminate;
For example, in the present embodiment, the user profile of preservation is:User name zhangsan, password ABCD1234, then step 202 In be judged as otherwise terminating;As preserve user profile be:Zhangsan, password is Abcd1234, then be judged as in step 202 It is then execution step 203;
Step 203:Device obtains the sequence number of intelligent cipher key equipment;
Specifically, in the present embodiment, device obtains insertion by calling the first interface (C_GetTokenInfo) of P11 The sequence number of the intelligent cipher key equipment on device;
For example, Serial No. 0653114714150A13 of intelligent cipher key equipment, corresponding use are got in the present embodiment Family information is:User name is zhangsan, and password is Abcd1234;
Step 204:Device judges whether to get the sequence number of intelligent cipher key equipment, is then execution step 205, otherwise ties Bundle;
In the present embodiment, device judges whether the return value of the first interface of P11 is true, is, gets intelligence close The sequence number of key equipment, does not otherwise get the sequence number of intelligent cipher key equipment;
Step 205:Device judges whether the sequence number getting intelligent cipher key equipment is mated with the user profile receiving, It is then execution step 206, otherwise terminate;
For example, Serial No. 0653114714150A13 of intelligent cipher key equipment in the present embodiment, its corresponding user Information is:User name zhangsan, password ABCD1234, step 205 is judged as YES then execution step 206;
Step 206:Device is according to sequence number management of computing person's password of intelligent cipher key equipment;
For example, in the present embodiment, Serial No. 653114714150A13 of intelligent cipher key equipment, carries out Hash to it The administrator's password that computing obtains is de476c4349720330;
Step 207:Device is unlocked operation using administrator's password to intelligent cipher key equipment, and judges whether unblock becomes Work(, is then to unlock successfully, resets PIN and notifies user, otherwise unlocks unsuccessfully, terminates;
In the present embodiment, step 207 includes:Device using administrator's password as parameter call P11 second interface (C_ Login) verified, be such as proved to be successful, call the 3rd interface (C_InitPIN) of p11 to reset intelligent cipher key equipment Pin code, and judge whether the 3rd interface of p11 returns true, it is then to unlock successfully, reset PIN and notify to use Family, otherwise unlocks unsuccessfully, terminates, such as authentication failed then unlocks failure, terminate;
For example, in the present embodiment, the PIN resetting is 06d49632 it is possible to pass through mail or note Mode notify user to reset after PIN;
Can also include when step 207 is judged as YES:Device pop-up dialogue box, points out user to re-enter personal identification Code.
Example IV
The embodiment of the present invention four provides a kind of implementation method of online unblock, and the device in the present embodiment includes client journey Sequence and background server, as shown in figure 4, the method includes:
Step 301:When client-side program receives unlock trigger information, eject the unblock page and wait user input to use Family information;
In the present embodiment, user profile includes username and password;For example, user name is zhangsan, and password is Abcd1234;
Step 302:When client-side program receives the user profile of user input, judge whether user profile is correct, It is then execution step 303, otherwise terminate;
Specifically, step 302 includes:Client-side program judge the user profile that receives whether with the user profile preserving Coupling, is then execution step 303, otherwise terminates;
For example, in the present embodiment, the user profile of preservation is:User name zhangsan, password ABCD1234, then step 302 In be judged as otherwise terminating;As preserve user profile be:Zhangsan, password is Abcd1234, then be judged as in step 302 It is then execution step 303;
Step 303:Client-side program obtains the sequence number of intelligent cipher key equipment;
Specifically, in the present embodiment, client-side program is obtained by calling the first interface (C_GetTokenInfo) of P11 Take the sequence number of insertion intelligent cipher key equipment;
Step 304:Client-side program judges whether to get the sequence number of intelligent cipher key equipment, is then execution step 305, Otherwise terminate;
In the present embodiment, client-side program judges whether the return value of the first interface of P11 is true, is to get The sequence number of intelligent cipher key equipment, does not otherwise get the sequence number of intelligent cipher key equipment;
For example, get Serial No. 0653114714150A13 of intelligent cipher key equipment in the present embodiment;
Step 305:Client-side program judges whether the sequence number getting intelligent cipher key equipment is believed with the user receiving Breath coupling, is then execution step 306, otherwise terminates;
Step 306:Client-side program obtains after encryption according to the sequence number of intelligent cipher key equipment from background server Random number;
Specifically, in the present embodiment, step 306 includes:The sequence number of intelligent cipher key equipment is sent by client-side program To background server;Background server obtains corresponding random number according to the sequence number of intelligent cipher key equipment, public using client Key is encrypted the random number after being encrypted to the random number obtaining, and the random number after encrypting is sent to client journey by this Sequence;
For example, the random number that background server gets is 986DE47418B778F8, after being encrypted the encryption obtaining Random number be:E5 06 20 8D D1 B6 67 37 B4 F1 70 A7 6A CD E3 27 1C CE D4 F0 88 AF 89 1E C5 35 DD 7B BC DE 2A 73 73 B5 2C 5D 33 78 20 22 10 AE 07 6E DD 93 C5 55 58 76 5D 6C E7 2E 46 E8 33 0A 0B 6B F0 9E 68 0D CB 61 4C C8 29 7A 9C 8A 3D 35 69 08 CE C6 81 6B 52 8C AB 3B C8 57 F3 5C 82 AA EC 1E B0 30 35 CC BE 61 84 CF E3 49 29 41 43 46 67 AF 2E FF 00 33 10 DF DB B3 97 8B 10 45 FE CE 55 39 61 65 1F 35;
Step 307:Client-side program is decrypted to the random number after encryption using client private key and obtains random number, will The sequence number of intelligent cipher key equipment and random number are spliced, and carry out Hash operation to splicing result and obtain administrator's password;
For example, in the present embodiment, deciphering the random number obtaining is:986DE47418B778F8, sequence number and random number Splicing result be:0653114714150A13986DE47418B778F8, carries out what Hash operation obtained to this splicing result Administrator's password is 7018600ef3548af4;
Step 308:Client-side program is unlocked operation using administrator's password to intelligent cipher key equipment, and judges to unlock Whether success, is then execution step 309, otherwise terminates;
In the present embodiment, step 308 includes:Client-side program using sopin as parameter call P11 second interface (C_Login) verified, be such as proved to be successful, call the 3rd interface (C_InitPIN) of p11 to reset PIN, And judge whether the 3rd interface of p11 returns true, it is then execution step 309, otherwise terminate, such as authentication failed then terminates;
For example, in the present embodiment, the PIN resetting is:06d49632;
Can also include when step 308 is judged as YES:Client-side program pop-up dialogue box, points out user to re-enter individual Identification code;
Step 309:The sequence number of intelligent cipher key equipment and administrator's password are spliced by client-side program, to splicing knot Fruit carries out Hash operation and obtains new random number;
For example, in the present embodiment, the splicing result of sequence number and administrator's password is 0653114714150A137018600ef3548af4;This splicing result carried out with Hash operation obtain new random number be fa5f055e350bd4ac;
Step 310:Sequence number and new random number are spliced by client-side program, carry out Hash operation to splicing result and obtain To new administrator's password;
For example, in the present embodiment, the splicing result of sequence number and new random number is 0653114714150A13fa5f055e350bd4ac;This splicing result carried out with Hash operation obtain new administrator's password be f3a6321f486b5bfe;
Step 311:Client-side program is modified administrator's password operation according to new administrator's password, and judges whether Success, is then execution step 312, otherwise terminates;
In the present embodiment, step 311 is specially:Client-side program is using new administrator's password as parameter call P11 The 4th interface (C_SetPIN) modify administrator's password, such as interface returns true and then operates successfully, otherwise operation failure;
Step 312:Client-side program sends modification administrator's password operation successful information to background server, terminates;
Specifically, in the present embodiment, after background server receives modification administrator's password operation successful information, backstage The sequence number of intelligent cipher key equipment is spliced by server with the random number that preserves, and does Hash operation to splicing result and obtain First cryptographic Hash, carries out spliced splicing result to sequence number and first cryptographic Hash of intelligent cipher key equipment and does Hash operation obtaining To the second cryptographic Hash, and replace, with the second cryptographic Hash, the random number preserving.
In the present embodiment, before client-side program sends modification administrator's password operation successful information to background server Can also include:Client-side program generates the first data this first data being encrypted with background server public key and is added Then encrypted result is sent to background server by close result;Background server uses background server after receiving encrypted result Private key pair its be decrypted, such as successful decryption then replaces, with decrypted result, the random number preserving, and such as decipher unsuccessfully to client journey Sequence returns deciphering failure information, terminates;
Preferably, in the present embodiment, also include after step 312:Client-side program is by the user's identification resetting Code is sent to user by mail or short message mode.
Method in the present embodiment is applied to the intelligent cipher key equipment of user by locked or when forgetting pin code, works as user Access website and submit data to, insertion on device needs the intelligent cipher key equipment of unblock, and client-side program is from background server Obtain the sequence number of intelligent cipher key equipment, according to sequence number management of computing person's password of intelligent cipher key equipment, then using management Member's password is unlocked, safe ready.
Embodiment five
What the embodiment of the present invention five provided a kind of online unblock realizes device, as shown in figure 5, including:
Receiver module 401, for receiving unlock trigger information, and receives ejection unblock page during unlock trigger information And wait user input user profile;It is additionally operable to the user profile from unblock page input for the receive user;
In the present embodiment, user profile includes username and password;For example, user name is zhangsan, and password is Abcd1234;
First judge module 402, whether correct for judging user profile, and be that when being, triggering obtains for judged result Take judge module 403;
In the present embodiment, the first judge module 402 specifically for judge user profile whether with the user profile preserving Coupling, and be that when being, triggering obtains judge module 403 for judged result;
Obtain judge module 403, for obtaining the sequence number of intelligent cipher key equipment, and judge the sequence of intelligent cipher key equipment The first acquisition module 404 is triggered when number whether mating with user profile, and being and be for judged result;
Specifically, in the present embodiment, obtain judge module 403 to specifically include:
First acquisition unit, for obtaining the sequence number of intelligent cipher key equipment by the first interface of P11;
First judging unit, whether the sequence number for judging intelligent cipher key equipment is mated with user profile, and is used for Judged result triggers the first acquisition module when being and being;
First acquisition module 404, obtains corresponding administrator's password for the sequence number according to intelligent cipher key equipment;
Unlocked state 405, for being unlocked operation using administrator's password to intelligent cipher key equipment;
Device in the present embodiment can also include setup module, for, after unlocked state 405 unlocks success, again setting Put PIN and notify user.
In the present embodiment, unlocked state 405 specifically for using administrator's password as parameter call P11 second interface Verified, be such as proved to be successful, call the 3rd interface of p11 to reset the pin code of intelligent cipher key equipment, and judge p11's Whether the 3rd interface returns true, is then to unlock successfully, otherwise unlocks unsuccessfully, and such as authentication failed then unlocks failure.
Device in the present embodiment also includes the second judge module, for judging to obtain whether judge module gets intelligence The sequence number of key devices;Second judge module is specifically for judging whether the return value of the first interface of P11 is preset value, is Then get the sequence number of intelligent cipher key equipment, otherwise do not get the sequence number of intelligent cipher key equipment.
Device in the present embodiment also includes the 3rd judge module, for judge the sequence number of intelligent cipher key equipment whether with User profile is mated, and triggers the first acquisition module 404 when being and be for judged result.
In the present embodiment, the first acquisition module 404 acquisition administrator's password includes multiple implementations, in the present embodiment Device can be client-side program, server can also be included.Only in following three kinds of modes as a example said in the present embodiment Bright, but it is not limited only to these implementations.
(1) device of the present embodiment includes client-side program and background server, client-side program include receiver module, First judge module, acquisition judge module, the first acquisition module and unlocked state, background server is used for storage and intelligent key The one-to-one administrator's password of equipment;First acquisition module 404 specifically for according to the sequence number of intelligent cipher key equipment from rear Corresponding administrator's password is obtained in platform server.
(2) device of the present embodiment is client-side program, and the first acquisition module 404 is specifically for setting according to intelligent key Standby sequence number is calculated administrator's password.
(3) device of the present embodiment includes client-side program and background server, client-side program include receiver module, First judge module, acquisition judge module, the first acquisition module and unlocked state, background server is used for random number being carried out add Close encrypted after random number;
First acquisition module 404 includes:
Second acquisition unit, for according to the sequence number of intelligent cipher key equipment obtain from background server encryption after with Machine number;
In the present embodiment, second acquisition unit is specifically for being sent to background service by the sequence number of intelligent cipher key equipment Device;Background server obtains corresponding random number specifically for the sequence number according to intelligent cipher key equipment, using client public key Random number is encrypted with the random number after being encrypted and the random number after encrypting is sent to client-side program by this.
Deciphering concatenation unit, obtains random number for being decrypted to the random number after encryption using client private key, will The sequence number of intelligent cipher key equipment and random number are spliced, and carry out Hash operation to splicing result and obtain administrator's password.
For making releasing process safer, the present embodiment client-side program can also include:Second acquisition module, for from Random train is obtained in intelligent cipher key equipment;
Unlocked state includes ciphering unit and authentication unit:
Ciphering unit, obtains encrypted result for being encrypted to random train using administrator's password;
Authentication unit, for being verified encrypted result as parameter call second interface, is such as proved to be successful, calls 3rd interface resets the PIN of intelligent cipher key equipment, and judges whether the 3rd interface returns true value, is, unlocks Success, otherwise unlocks unsuccessfully, and such as authentication failed then unlocks failure.
The client-side program of the third implementation also includes:
First splicing hash module, for being spliced the sequence number of intelligent cipher key equipment and administrator's password, to spelling Access node fruit carries out Hash operation and obtains new random number;
Second splicing hash module, for being spliced sequence number and new random number, carries out Hash fortune to splicing result Calculate and obtain new administrator's password;
Modification judge module, for being modified administrator's password operation according to new administrator's password, and judges whether Success, and be to send modification administrator's password operation successful information to background server when being for judged result.Backstage takes Business device is additionally operable to receive modification administrator's password operation successful information, is receiving modification administrator's password operation successful information Afterwards, the sequence number of intelligent cipher key equipment is spliced with the random number that preserves, and splicing result is done with Hash operation and obtained the One cryptographic Hash, carries out spliced splicing result to sequence number and first cryptographic Hash of intelligent cipher key equipment and does Hash operation obtaining Second cryptographic Hash, and replace, with the second cryptographic Hash, the random number preserving.
The client-side program of the third implementation of the present embodiment may also include:Generate encrypting module, for generating first Data is simultaneously encrypted to the first data with background server public key and obtains encrypted result, and encrypted result is sent to background service Device;Background server is additionally operable to receive encrypted result, and is decrypted using background server private key pair encryption result, such as deciphers Random number that is successful then being preserved with decrypted result replacement, such as deciphers and unsuccessfully returns deciphering failure information to device.
The above, the only present invention preferably specific embodiment, but protection scope of the present invention is not limited thereto, Any those familiar with the art in technical scope disclosed by the invention, the change or replacement that can readily occur in, All should be included within the scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims It is defined.

Claims (32)

1. a kind of implementation method of online unblock is it is characterised in that include:
Step S1:When device receives the user profile of user input, judge whether described user profile is correct, is to execute Step S2, otherwise terminates;
Step S2:Described device obtains the sequence number of intelligent cipher key equipment, and judges that the sequence number of described intelligent cipher key equipment is No and described user profile is mated, and is then execution step S3, otherwise terminates;
Step S3:Described device obtains corresponding administrator's password according to the sequence number of described intelligent cipher key equipment;
Step S4:Described device is unlocked operation using described administrator's password to described intelligent cipher key equipment.
2. the method for claim 1 is it is characterised in that described step S1 includes:When described device, to receive user defeated During the user profile entering, judge that whether described user profile mated with the user profile preserving, be then execution step S2, otherwise tie Bundle.
3. the method for claim 1 is it is characterised in that described device obtains sequence number and the judgement of intelligent cipher key equipment Whether the sequence number of described intelligent cipher key equipment is included between being mated with described user profile:Described device judges whether to get The sequence number of described intelligent cipher key equipment, is to continue, otherwise terminates.
4. method as claimed in claim 3 is it is characterised in that described device obtains the sequence number of intelligent cipher key equipment, specifically For:Described device obtains the sequence number of described intelligent cipher key equipment by first interface.
5. method as claimed in claim 4 is it is characterised in that described device judges whether to get described intelligent cipher key equipment Sequence number, specially:Described device judges whether the return value of described first interface is preset value, is to get described intelligence The sequence number of energy key devices, does not otherwise get the sequence number of described intelligent cipher key equipment.
6. the method for claim 1 is it is characterised in that include before described step S1:Touch when device receives unblock During photos and sending messages, eject the unblock page and wait user input user profile, execution step S1.
7. the method for claim 1 is it is characterised in that successfully then also include as unlocked in described step S4:Again set Put PIN and notify user.
8. the method for claim 1 is it is characterised in that described step S4 includes:Described device will be close for described keeper Code is verified as parameter call second interface, as being proved to be successful, calls the 3rd interface to reset described intelligent key and sets Standby PIN, and judge whether described 3rd interface returns true value, it is then to unlock successfully, otherwise unlock unsuccessfully, terminate, As authentication failed then unlocks failure, terminate.
9. the method for claim 1 is it is characterised in that described device includes client-side program and background server, institute State step S3 to include:Described client-side program obtains correspondence according to the sequence number of described intelligent cipher key equipment from background server Administrator's password.
10. it is characterised in that described device is client-side program, described step S3 includes the method for claim 1: Described client-side program is calculated administrator's password according to the sequence number of described intelligent cipher key equipment.
11. the method for claim 1 are it is characterised in that described device includes client-side program and background server, institute State step S3 to include:
Step S3-1:Described client-side program obtains encryption according to the sequence number of described intelligent cipher key equipment from background server Random number afterwards;
Step S3-2:Described client-side program is decrypted to the random number after described encryption using client private key and obtains at random Number, the sequence number of described intelligent cipher key equipment is spliced with described random number, carries out Hash operation to splicing result and obtain Administrator's password.
12. methods as described in claim 9-11 any one are it is characterised in that include before described step S4:Described visitor Family end program obtains random train from described intelligent cipher key equipment;
Described step S4 includes:Described client-side program is encrypted to described random train using described administrator's password, will add Close result is verified as parameter call second interface, as being proved to be successful, calls the 3rd interface to reset described intelligence close The PIN of key equipment, and judge whether described 3rd interface returns true value, it is then to unlock successfully, otherwise unlock unsuccessfully, Terminate, such as authentication failed then unlocks failure, terminate.
13. methods as claimed in claim 11 are it is characterised in that described step S3-1 is specially:Described client-side program will The sequence number of described intelligent cipher key equipment is sent to described background server;Described background server sets according to described intelligent key Standby sequence number obtains corresponding random number, using client public key, described random number is encrypted after obtaining described encryption Random number after described encryption is simultaneously sent to described client-side program by random number.
14. methods as claimed in claim 13 are it is characterised in that successfully also include as unlocked in described step S4:
Step A1:The sequence number of described intelligent cipher key equipment and described administrator's password are spliced by described client-side program, Hash operation is carried out to splicing result and obtains new random number;
Step A2:Described sequence number and described new random number are spliced by described client-side program, and splicing result is breathed out Uncommon computing obtains new administrator's password;
Step A3:Described client-side program is modified administrator's password operation according to described new administrator's password, and judges Whether successful, it is then to send modification administrator's password operation successful information to background server, terminate, otherwise terminate.
15. methods as claimed in claim 14 are it is characterised in that also include:Described background server receives modification management After member's Password Operations successful information, the sequence number of described intelligent cipher key equipment is spliced with the described random number preserving, and Splicing result is done with Hash operation and obtains the first cryptographic Hash, sequence number and described first cryptographic Hash to described intelligent cipher key equipment Carry out spliced splicing result and do Hash operation obtaining the second cryptographic Hash, and replace preserve described with described second cryptographic Hash Random number.
16. methods as claimed in claim 14 are it is characterised in that described client-side program repaiies to described background server transmission Include before changing administrator's password operation successful information:Described client-side program generates the first data and uses background server public key Described first data is encrypted, encrypted result is sent to described background server;Described background server receives institute It is decrypted with encrypted result described in background server private key pair after stating encrypted result, such as successful decryption is then replaced with decrypted result The described random number preserving, unsuccessfully returns deciphering failure information to described client-side program as deciphered, terminates.
A kind of 17. online unblocks realize device it is characterised in that include:
Receiver module, for the user profile of receiving user's input;
First judge module, whether correct for judging the user profile that described receiver module receives, and for judging knot Fruit is that when being, triggering obtains judge module;
Described acquisition judge module, for obtaining the sequence number of intelligent cipher key equipment, and judges the sequence of described intelligent cipher key equipment Whether row number is mated with described user profile, and triggers the first acquisition module when being and be for judged result;
Described first acquisition module, obtains corresponding administrator's password for the sequence number according to described intelligent cipher key equipment;
Unlocked state, for being unlocked operation using described administrator's password to described intelligent cipher key equipment.
18. devices as claimed in claim 17 are it is characterised in that described first judge module is specifically for judging described user Whether information is mated with the user profile preserving, and is that when being, triggering obtains judge module for judged result.
19. devices as claimed in claim 17 it is characterised in that also including the second judge module, for judging described acquisition Whether judge module gets the sequence number of described intelligent cipher key equipment.
20. devices as claimed in claim 19 are it is characterised in that described acquisition judge module specifically includes:
First acquisition unit, for obtaining the sequence number of described intelligent cipher key equipment by first interface;
First judging unit, whether the sequence number for judging described intelligent cipher key equipment is mated with described user profile, and Described first acquisition module is triggered when being and be for judged result.
21. device as claimed in claim 20 is it is characterised in that described second judge module is specifically for judging described first Whether the return value of interface is preset value, is, gets the sequence number of described intelligent cipher key equipment, does not otherwise get described The sequence number of intelligent cipher key equipment.
22. devices as claimed in claim 17 it is characterised in that
Described receiver module, is additionally operable to receive unlock trigger information, and receives ejection unblock during described unlock trigger information The page simultaneously waits user input user profile.
23. devices as claimed in claim 17 are it is characterised in that also include:Setup module, in described unlocked state solution After lock success, reset PIN and notify user.
24. devices as claimed in claim 17 are it is characterised in that described unlocked state is specifically for by described administrator's password Verified as parameter call second interface, as being proved to be successful, call the 3rd interface to reset described intelligent cipher key equipment PIN, and judge whether described 3rd interface returns true value, be then to unlock successfully, otherwise unlock unsuccessfully, such as verify Failure then unlocks unsuccessfully.
25. devices as claimed in claim 17 it is characterised in that described device includes client-side program and background server, Described client-side program includes described receiver module, the first judge module, obtains judge module, the first acquisition module reconciliation locked mode Block, described background server is used for storage and the one-to-one administrator's password of intelligent cipher key equipment;
Described first acquisition module obtains from described background server specifically for the sequence number according to described intelligent cipher key equipment Take corresponding administrator's password.
It is characterised in that described device is client-side program, described first obtains mould to 26. devices as claimed in claim 17 Block is specifically for being calculated administrator's password according to the sequence number of described intelligent cipher key equipment.
27. devices as claimed in claim 17 it is characterised in that described device includes client-side program and background server, Described client-side program includes described receiver module, the first judge module, obtains judge module, the first acquisition module reconciliation locked mode Block, described background server is used for random number is encrypted the random number after being encrypted;
Described first acquisition module includes:
Second acquisition unit, obtains after encryption for the sequence number according to described intelligent cipher key equipment from described background server Random number;
Deciphering concatenation unit, obtains random number for being decrypted to the random number after described encryption using client private key, will The sequence number of described intelligent cipher key equipment is spliced with described random number, carries out Hash operation to splicing result and obtains keeper Password.
28. devices as described in claim 25-27 any one claim are it is characterised in that described client-side program also wraps Include:Second acquisition module, for obtaining random train from described intelligent cipher key equipment;
Described unlocked state includes:
Ciphering unit, obtains encrypted result for being encrypted to described random train using described administrator's password;
Authentication unit, for being verified encrypted result as parameter call second interface, is such as proved to be successful, calls the 3rd Interface resets the PIN of described intelligent cipher key equipment, and judges whether described 3rd interface returns true value, is then Unlock successfully, otherwise unlock unsuccessfully, such as authentication failed then unlocks failure.
29. devices as claimed in claim 27 are it is characterised in that described second acquisition unit is specifically for will be close for described intelligence The sequence number of key equipment is sent to described background server;
Described background server obtains corresponding random number specifically for the sequence number according to described intelligent cipher key equipment, using visitor Family end public key is encrypted the random number after obtaining described encryption and sends the random number after described encryption to described random number To described client-side program.
30. devices as claimed in claim 29 are it is characterised in that described client-side program also includes:
First splicing hash module, for the sequence number of described intelligent cipher key equipment and described administrator's password are spliced, Hash operation is carried out to splicing result and obtains new random number;
Second splicing hash module, for being spliced described sequence number and described new random number, breathes out to splicing result Uncommon computing obtains new administrator's password;
Modification judge module, for being modified administrator's password operation according to described new administrator's password, and judges whether Success, and be to send modification administrator's password operation successful information to described background server when being for judged result;
Described background server is additionally operable to receive the modification administrator's password operation successful information that described modification judge module sends.
31. devices as claimed in claim 30 are it is characterised in that described background server is additionally operable to receiving modification management After member's Password Operations successful information, the sequence number of described intelligent cipher key equipment is spliced with the described random number preserving, and Splicing result is done with Hash operation and obtains the first cryptographic Hash, sequence number and described first cryptographic Hash to described intelligent cipher key equipment Carry out spliced splicing result and do Hash operation obtaining the second cryptographic Hash, and replace preserve described with described second cryptographic Hash Random number.
32. devices as claimed in claim 30 are it is characterised in that described client-side program also includes:Generate encrypting module, use In generating the first data and with background server public key, described first data being encrypted and obtain encrypted result, by described encryption Result is sent to described background server;Described background server is additionally operable to receive described encrypted result, and uses background service Encrypted result described in device private key pair is decrypted, and as successful decryption then replaces, with decrypted result, the described random number preserving, such as solves Close unsuccessfully return to described device deciphers failure information.
CN201610833664.5A 2016-09-20 2016-09-20 A kind of implementation method unlocked online and device Active CN106452845B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610833664.5A CN106452845B (en) 2016-09-20 2016-09-20 A kind of implementation method unlocked online and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610833664.5A CN106452845B (en) 2016-09-20 2016-09-20 A kind of implementation method unlocked online and device

Publications (2)

Publication Number Publication Date
CN106452845A true CN106452845A (en) 2017-02-22
CN106452845B CN106452845B (en) 2019-03-29

Family

ID=58165941

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610833664.5A Active CN106452845B (en) 2016-09-20 2016-09-20 A kind of implementation method unlocked online and device

Country Status (1)

Country Link
CN (1) CN106452845B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110298939A (en) * 2018-03-22 2019-10-01 施耐德电器工业公司 It locks the method for the function of electrical equipment and implements the electrical equipment of this method
CN111325545A (en) * 2018-12-13 2020-06-23 北京沃东天骏信息技术有限公司 Key management method, device and equipment based on block chain
WO2022253204A1 (en) * 2021-06-01 2022-12-08 青岛海尔洗衣机有限公司 Washing machine

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1901443A (en) * 2006-07-12 2007-01-24 北京飞天诚信科技有限公司 Remote de-locking method of information safety device
CN101166085A (en) * 2007-09-24 2008-04-23 北京飞天诚信科技有限公司 Remote unlocking method and system
CN101645124B (en) * 2009-09-03 2012-04-18 飞天诚信科技股份有限公司 Method for unlocking PIN code and intelligent secret key device
CN102571802A (en) * 2012-01-18 2012-07-11 深圳市文鼎创数据科技有限公司 Long-distance unlocking method of information safety equipment and server, equipment as well as server
CN103607281A (en) * 2013-11-12 2014-02-26 飞天诚信科技股份有限公司 Safety device unlocking method and system
CN104486085A (en) * 2014-12-24 2015-04-01 北京深思数盾科技有限公司 System and method for managing intelligent key device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1901443A (en) * 2006-07-12 2007-01-24 北京飞天诚信科技有限公司 Remote de-locking method of information safety device
CN101166085A (en) * 2007-09-24 2008-04-23 北京飞天诚信科技有限公司 Remote unlocking method and system
CN101645124B (en) * 2009-09-03 2012-04-18 飞天诚信科技股份有限公司 Method for unlocking PIN code and intelligent secret key device
CN102571802A (en) * 2012-01-18 2012-07-11 深圳市文鼎创数据科技有限公司 Long-distance unlocking method of information safety equipment and server, equipment as well as server
CN103607281A (en) * 2013-11-12 2014-02-26 飞天诚信科技股份有限公司 Safety device unlocking method and system
CN104486085A (en) * 2014-12-24 2015-04-01 北京深思数盾科技有限公司 System and method for managing intelligent key device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
宫立圆: "公钥密码算法在USBKey中关键技术的研究", 《中国优秀硕士学位论文全文数据库》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110298939A (en) * 2018-03-22 2019-10-01 施耐德电器工业公司 It locks the method for the function of electrical equipment and implements the electrical equipment of this method
CN110298939B (en) * 2018-03-22 2023-03-10 施耐德电器工业公司 Method for locking the function of an electrical device and electrical device for implementing said method
CN111325545A (en) * 2018-12-13 2020-06-23 北京沃东天骏信息技术有限公司 Key management method, device and equipment based on block chain
CN111325545B (en) * 2018-12-13 2023-05-02 北京沃东天骏信息技术有限公司 Key management method, device and equipment based on blockchain
WO2022253204A1 (en) * 2021-06-01 2022-12-08 青岛海尔洗衣机有限公司 Washing machine

Also Published As

Publication number Publication date
CN106452845B (en) 2019-03-29

Similar Documents

Publication Publication Date Title
CN105162785B (en) A kind of method and apparatus registered based on authenticating device
CN101197667B (en) Dynamic password authentication method
CN106161032B (en) A kind of identity authentication method and device
CN105516195B (en) A kind of security certification system and its authentication method based on application platform login
CN106034123B (en) Authentication method, application system server and client
CN104243458B (en) A kind of safe online game login method and system
CN105897424B (en) A kind of enhancing identity authentication method
CN104125226B (en) A kind of method, apparatus and system for locking and unlocking application
CN105827573B (en) System, method and the relevant apparatus of internet of things equipment strong authentication
CN110189442A (en) Authentication method and device
CN105405185B (en) Safe verification method and device
CN102281138B (en) Method and system for improving safety of verification code
CN103795724A (en) Method for protecting account security based on asynchronous dynamic password technology
CN108965222A (en) Identity identifying method, system and computer readable storage medium
CN102281143B (en) Remote unlocking system of intelligent card
CN105631271B (en) Unlocking method, tripper and wearable smart machine and terminal
CN103888429B (en) Virtual machine starts method, relevant device and system
CN106713279A (en) Video terminal identity authentication system
CN106027461B (en) A kind of method that authentication ids system medium cloud authentication platform uses key
CN106572082A (en) Approval signature verifying method, mobile device, terminal device and system
CN106452845A (en) Online unlocking implementation method and apparatus
CN105119721A (en) Three-factor remote identity authentication method based on intelligent card
CN109981626A (en) A kind of account authentication method and device
CN106027252A (en) Cloud authentication platform in identity card authentication system
CN107786978B (en) NFC authentication system based on quantum encryption

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant