CN107026737B - System for managing passwords through wearable equipment - Google Patents

System for managing passwords through wearable equipment Download PDF

Info

Publication number
CN107026737B
CN107026737B CN201610067583.9A CN201610067583A CN107026737B CN 107026737 B CN107026737 B CN 107026737B CN 201610067583 A CN201610067583 A CN 201610067583A CN 107026737 B CN107026737 B CN 107026737B
Authority
CN
China
Prior art keywords
wearable device
pin code
managed
information
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610067583.9A
Other languages
Chinese (zh)
Other versions
CN107026737A (en
Inventor
李明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Corp
Original Assignee
李明
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 李明 filed Critical 李明
Priority to CN201610067583.9A priority Critical patent/CN107026737B/en
Publication of CN107026737A publication Critical patent/CN107026737A/en
Application granted granted Critical
Publication of CN107026737B publication Critical patent/CN107026737B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephone Function (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a system for password management through wearable equipment, which comprises: wearable device and managed device, wearable device is used for: acquiring verification information and an online PIN of managed equipment; judging a first number meeting a preset condition; when the first number is larger than or equal to X, encrypting the online PIN code, and storing verification information and an online PIN code ciphertext; the managed device is used for sending a password acquisition request to the wearable device; the wearable device is further to: after receiving a password acquisition request sent by the managed device, judging a second quantity meeting the preset condition; when the second number is larger than or equal to Y, judging the password requested by the password acquisition request; under the condition of offline PIN code, the wearable device generates authentication information according to the verification information and the single authentication data, and sends the authentication information to the managed device; when the online PIN code is the online PIN code, the wearable device sends the stored online PIN code ciphertext to the managed device.

Description

System for managing passwords through wearable equipment
Technical Field
The invention relates to the technical field of electronics, in particular to a system for password management through wearable equipment.
Background
With the development of mobile communication technology and intelligent mobile terminals, more and more personal information is stored in mobile terminals such as smart phones, IPADs and other personal devices, and some personal information is private to users holding mobile terminals, such as short messages, call records, contacts, photos, social software, financial software and the like. If the user loses the smart phone, information in the smart phone can be acquired by lawbreakers, and therefore the user is lost. Therefore, the security of the mobile terminal is more and more required by the user.
In the related art, usually, in order to protect personal information of a user from being leaked, the user sets an unlocking password for the smart phone, for example, when the user views a short message and a photo, and opens financial software such as a payment treasure or social software such as a WeChat and a QQ, the user needs to input an unlocking password, the identity of the user of the smart phone is authenticated by verifying the input unlocking password, and the smart phone can be normally used only if the input unlocking password is correct.
Although personal information of a user can be protected from being leaked by inputting a password, the following disadvantages exist: firstly, the use and operation are complicated, and a user must input a password every time the user checks the encrypted content, so that the user experience is influenced, and the use is inconvenient; secondly, if the password set by the user is too simple, once the mobile phone is stolen, the password can be easily cracked by an illegal person, so that the aim of protecting personal information of the user from being leaked cannot be achieved.
Disclosure of Invention
The present invention is directed to solving one of the problems set forth above.
The invention mainly aims to provide a system for password management through a wearable device.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
one aspect of the present invention provides a system for password management through a wearable device, including: wearable device and managed device, wherein, wearable device is used for: acquiring verification information and an online PIN of managed equipment; judge the first quantity that satisfies the preset condition in the N detected value that N sensor of wearable equipment detected, wherein, the preset condition is: the ith detection value detected by the ith sensor reaches the ith preset threshold value, i is 1,2,3, … …, N-1, N, N is not less than 4, and N is a positive integer; encrypting the online PIN code under the condition that the first number is larger than or equal to X to obtain an online PIN code ciphertext, and storing verification information and the online PIN code ciphertext, wherein X is a positive integer and is more than or equal to 3 and less than or equal to N; the managed device is used for sending a password acquisition request to the wearable device when a password needs to be input; the wearable device is further to: after receiving a password acquisition request sent by the managed device, judging a second number meeting preset conditions in N detection values currently detected by N sensors; when the second number is smaller than Y, the wearable device refuses the password acquisition request, wherein Y is an integer and is more than or equal to 0 and less than or equal to X; under the condition that the second number is larger than or equal to Y, the wearable device judges the password requested by the password acquisition request; under the condition that the password requested by the password acquisition request is judged to be the offline PIN, the wearable device generates authentication information according to the verification information and the single authentication data, and sends the authentication information to the managed device; and under the condition that the password requested by the password acquisition request is judged to be the online PIN, the wearable device sends the stored online PIN ciphertext to the managed device.
Optionally, the wearable device obtains the authentication information of the managed device by one of the following methods: negotiating with managed equipment to obtain an authentication key, and using the authentication key as verification information; receiving an offline PIN code input by a user through an input device of the wearable device, and taking the offline PIN code as verification information; and receiving the offline PIN code sent by the managed device, and using the offline PIN code as verification information.
Optionally, the wearable device acquires the online PIN code of the managed device by: receiving an online PIN code input by a user through an input device of the wearable equipment; or, receiving the online PIN code sent by the managed device.
Optionally, the password obtaining request carries a signature value obtained by signing the data to be signed by the managed device; the wearable device is further used for verifying the signature of the signature value, executing the step of judging the password requested by the password acquisition request under the condition that the signature passes, and rejecting the password acquisition request under the condition that the signature does not pass.
Optionally, the single authentication data comprises one of: a current time of a clock of the wearable device, a current value of a counter of the wearable device, and a nonce.
Optionally, the wearable device stores the verification information and the online PIN code ciphertext by: and storing the verification information and the on-line PIN code ciphertext in the RAM.
Optionally, the wearable device is further configured to obtain verification information of the offline PIN code and obtain a device identifier of the managed device before obtaining the online PIN code; the wearable device stores the verification information and the online PIN code ciphertext in the following mode: and storing the verification information and the on-line PIN code ciphertext according to the equipment identification association.
Optionally, the wearable device is further configured to determine a connection state or a number of times of use of the managed device and the wearable device, and delete the stored verification information or online PIN code ciphertext of the managed device or set a use identifier of the stored verification information or online PIN code ciphertext of the managed device as unavailable if the connection state of the managed device and the wearable device is disconnected or the number of times of use exceeds a preset number of times.
Optionally, the managed device is further configured to: under the condition that the wearable device returns authentication information, generating a response value according to the single authentication data and predetermined authentication information, judging whether the generated response value is matched with the received authentication information or not, under the condition that the response value is matched with the authentication information, determining that the local authentication password is successfully verified by the managed device, and continuing a subsequent process; under the condition that the response value is judged not to be matched with the authentication information, the managed equipment outputs prompt information to prompt a user to input a local verification password; and under the condition that the wearable device returns the online PIN cipher text, decrypting the online PIN cipher text to obtain the online PIN, and sending the online PIN to the remote terminal for verification.
Optionally, the wearable device is further configured to: receiving transaction information sent by managed equipment; outputting prompt information to prompt a user that a transaction occurs; receiving a confirmation response input by a user; storing the transaction information and sending confirmation information to the managed device.
Optionally, the wearable device is further configured to: receiving prompt information that the managed equipment sends that a transaction occurs currently; judging whether the transaction which occurs last time is confirmed; under the condition that the last transaction is not confirmed, outputting prompt information to prompt a user to confirm the last transaction; receiving a confirmation response input by a user; setting the state of the stored last transaction information as confirmed; and sending prompt information to the managed equipment to instruct the managed equipment to continue the current transaction.
According to the technical scheme provided by the invention, the verification information and the online PIN code ciphertext of the managed device are stored when the wearable device is worn on the user, the wearable device is ensured to be worn on the user when the password acquisition request of the managed device is received, if the managed device requests the offline PIN code, the authentication information is generated according to the verification information, the authentication information is returned to the managed device, and if the managed device requests the online PIN code, the stored online PIN code ciphertext is sent to the managed device, so that the password safety can be ensured, the password input times can be reduced, and the user experience is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a system architecture diagram for password management by a wearable device according to embodiment 1 of the present invention;
fig. 2 is a schematic structural diagram of a wearable device provided in embodiment 2 of the present invention;
fig. 3 is a schematic structural diagram of another wearable device provided in embodiment 2 of the present invention;
fig. 4 is a flowchart of a method for password management by a wearable device according to embodiment 3 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Example 1
The embodiment provides a system for password management through a wearable device.
Fig. 1 is a schematic structural diagram of a system for transmitting a password by a wearable device according to this embodiment, as shown in fig. 1, the system mainly includes: wearable device 10 and managed device 20.
In this embodiment, the wearable device 10 and the managed device 20 may be connected by wire or wirelessly. Optionally, the wearable device 10 and the managed device 20 are connected wirelessly, for example, in a bluetooth mode, a WIFI mode, an infrared mode, or an NFC mode. The wearable device 10 may be a portable device such as a smart watch, a smart bracelet, a smart belt, and a smart ring that can be worn directly on a human body and can manage other devices, and the managed device 20 may be a smart card, an electronic key device, a mobile terminal (e.g., a smart phone, a tablet computer, etc.), and the like.
In this embodiment, the wearable device 10 is configured to: acquiring verification information and an online PIN of the managed device 20; determine a first number of N detection values detected by N sensors of the wearable device 10 that satisfy a preset condition, wherein the preset condition is: the ith detection value detected by the ith sensor reaches the ith preset threshold value, i is 1,2,3, … …, N-1, N, N is not less than 4, and N is a positive integer; and under the condition that the first number is larger than or equal to X, encrypting the online PIN code to obtain an online PIN code ciphertext, and storing the verification information and the online PIN code ciphertext, wherein X is a positive integer and is not less than 3 and not more than N. In this embodiment, before storing the verification information and the online PIN code ciphertext of the managed device 20, the wearable device 10 first determines whether the wearable device 10 is worn on the user, and only when the wearable device 10 is worn on the user, the verification information and the online PIN code ciphertext of the managed device 20 are stored, so that the secure use of the password is ensured.
In this embodiment, before the wearable device 10 acquires the verification information and the online PIN code of the managed device, the wearable device 10 may authenticate the identity of the managed device 20, and store the verification information after the authentication passes, so that the identity of the managed device 20 may be ensured. The wearable device 10 can store the verification information and the online PIN code ciphertext in a storage area which can only be safely accessed in the wearable device 10, so that the safety of the verification information is ensured.
For example, the wearable device 10 and the managed device 20 may mutually authenticate each other by: the managed device 20 generates first data to be signed, the first data to be signed may include a random number and/or a random event, the managed device 20 signs the first data to be signed to generate first signature data, the managed device 20 encrypts the first data to be signed and transmits the encrypted first data to the wearable device 10 together with the first signature data, the wearable device 10 verifies the first signature data by using the first data to be signed and generates second data to be signed after the verification passes, the second data to be signed may include a random number and/or a random event, the wearable device 10 signs the second data to be signed and generates second signature data, the wearable device 10 encrypts the second data to be signed and transmits the encrypted second data to the managed device 20 together with the second signature data, the managed device 20 verifies the second signature data by using the second data to be signed, after the verification passes, mutual authentication passes, and therefore, the wearable device 10 and the managed device 20 can consider that both the other parties are trusted devices, the above-mentioned authentication manner is only one of a plurality of authentication manners, and this embodiment does not exclude other authentication manners.
As an optional implementation of the embodiment of the present invention, the wearable device 10 may acquire the authentication information of the managed device 20 in the following three ways:
in the first method, the wearable device 10 negotiates with the managed device 20 to obtain an authentication key, and the authentication key is used as the verification information, or the authentication key may be calculated (for example, MAC calculation or hash calculation) and the calculation result may be used as the verification information.
The wearable device 10 and the managed device 20 may negotiate after mutual authentication to obtain an authentication key, and in addition, the wearable device 10 and the managed device 20 may also negotiate a transmission key at the same time, and in a subsequent communication process, both parties may encrypt and decrypt data transmitted in the communication process of both parties by using respective transmission keys, so as to implement encrypted transmission and ensure security of data transmission.
In this embodiment, after the wearable device 10 and the managed device 20 negotiate to obtain the authentication key, both the wearable device 10 and the managed device 20 can identify the authentication key, and after the wearable device 10 obtains the authentication key, the authentication key may be stored as the verification information. The authentication key is used as the verification information instead of the offline PIN code, so that the offline PIN code can be prevented from being leaked.
In a second mode, the wearable device 10 receives an offline PIN code input by the user through an input device of the wearable device 10, and uses the offline PIN code as the verification information, or may also perform calculation (for example, MAC calculation or hash calculation) on the offline PIN code, and use the calculation result as the verification information;
in the present embodiment, the offline PIN code is a PIN code that can locally verify the correctness of the managed device 20, such as a power-on password, an unlocking password, and the like. The user may input the offline PIN code through a keyboard of the wearable device 10, may also input the offline PIN code through a touch screen of the wearable device 10, and may also input the offline PIN code in a voice form through an audio input device of the wearable device 10, which is not limited in this embodiment. The off-line PIN code is input through the input device of the wearable device 10, and is directly acquired by the wearable device 10, so that the risk that the off-line PIN code is hijacked in the transmission process is eliminated, and the safety of the off-line PIN code is ensured.
In the third mode, the wearable device 10 receives the offline PIN code sent by the managed device 20, and uses the offline PIN code as the verification information, or may calculate the offline PIN code (for example, MAC calculation or hash calculation) and use the calculation result as the verification information.
In this embodiment, the offline PIN code sent by the managed device 20 may be the offline PIN code input by the user through the input device of the managed device 20, or may be the offline PIN code sent by another device to the managed device 20, and the managed device 20 may send the offline PIN code to the wearable device 10 after the offline PIN code is verified for the first time. The wearable device 10 receives the offline PIN code sent by the managed device 20, and no additional input device is required to be arranged on the wearable device 10, so that the structure of the wearable device 10 is simplified, and the cost of the wearable device 10 is saved.
In the present embodiment, the online PIN code is a PIN code that cannot be locally verified in the managed apparatus 20 but can be verified only in the background server, for example, a login password. When encrypting the online PIN code of the managed device 20, the wearable device 10 may encrypt the online PIN code using the public key of the managed device 20, and store the encrypted online PIN code ciphertext. By encrypting the online PIN code, even if the online PIN code ciphertext is illegally obtained by a third party, the third party cannot decrypt the online PIN code ciphertext to obtain the online PIN code plaintext because the third party does not have the private key of the managed equipment, so that the safety of the online PIN code is ensured. Of course, the wearable device 10 may also encrypt the online PIN code with another key, for example, the wearable device 10 may encrypt the online PIN code with a transmission key negotiated with the managed device 20, which is not limited in this embodiment.
As an optional implementation manner of the embodiment of the present invention, the wearable device 10 may obtain the online PIN code of the managed device in the following two ways:
the first method is as follows: the wearable device 10 receives an online PIN code entered by a user through an input device of the wearable device 10. The user may input the connection PIN code through a keyboard of the wearable device 10, may input the online PIN code through a touch screen of the wearable device 10, and may input the online PIN code in a voice form through an audio input device of the wearable device 10. The online PIN code is input through the input device of the wearable device 10, the wearable device 10 directly acquires the online PIN code, the risk that the online PIN code is hijacked in the transmission process is eliminated, and the safety of the online PIN code is guaranteed.
The second method comprises the following steps: the wearable device 10 receives the online PIN code sent by the managed device. The wearable device 10 receives an online PIN code input by a user through an input device of the managed device, or the wearable device 10 receives an online PIN code sent by other devices to the managed device. The wearable device 10 receives the online PIN code sent by the managed device, and an input device does not need to be additionally arranged on the wearable device 10, so that the structure of the wearable device 10 is simplified, and the cost of the wearable device 10 is saved.
As an optional implementation manner of the embodiment of the present invention, the wearable device 10 may store the authentication information and the online PIN code ciphertext in its RAM. In this embodiment, the verification information and the on-line PIN code ciphertext are stored in a Random Access Memory (RAM), so that the storing and reading operations can be completed quickly. In addition, when the power of the wearable device 10 is turned off, the verification information and the on-line PIN code ciphertext stored in the RAM are deleted, and the information safety is guaranteed.
The managed device 20 is used for sending a password acquisition request to the wearable device 10 when a password needs to be input; for example, when the managed device 20 is turned on or the screen is unlocked, the managed device 20 needs to input an offline PIN code, and sends a password acquisition request to the wearable device 10 to request to acquire the offline PIN code; alternatively, the managed device 20 may also need to enter an online PIN code during login or transaction, and send a password acquisition request to the wearable device 10.
In a specific application, when storing the verification information and the online PIN code ciphertext, the wearable device 10 may set an identification information for the verification information and the online PIN code ciphertext, respectively, and notify the managed device 20 of the identification information, and when requesting a password, the managed device 20 may send a corresponding password acquisition request according to the identification information.
In this embodiment, the wearable device 10 is further configured to: after receiving the password acquisition request sent by the managed device 20, determining a second number that meets a preset condition among N detection values currently detected by the N sensors; when the second number is smaller than Y, the wearable device 10 rejects the password acquisition request, where Y is an integer and is greater than or equal to 0 and less than or equal to X; in the case where the second number is greater than or equal to Y, the wearable device 10 determines the password requested by the password acquisition request; in the case where it is determined that the password requested by the password acquisition request is the offline PIN code, the wearable device 10 generates authentication information according to the verification information and the single authentication data, and transmits the authentication information to the managed device 20; in a case where it is determined that the password requested by the password acquisition request is the online PIN code, the wearable device 10 transmits the stored online PIN code ciphertext to the managed device 20.
That is, in this embodiment, when receiving the password acquisition request, the wearable device 10 does not directly send the corresponding information to the managed device 20, but first determines whether the wearable device 10 is in a worn state, and only sends the corresponding information to the managed device 20 when the wearable device 10 is in the worn state. In this embodiment, the wearable device 10 has a wider judgment condition when receiving the password acquisition request than when storing the verification information and the online PIN code ciphertext, that is, the principle of strict entry and exit is adopted, so that the information security can be ensured, and the use convenience of the user can be satisfied.
In an optional implementation of the embodiment of the present invention, the password obtaining request sent by the managed device 20 may also carry a signature value obtained by the managed device 20 signing the data to be signed; the wearable device 10 is further configured to perform signature verification on the signature value, and if the signature verification passes, perform the step of determining the password requested by the password acquisition request, and if the signature verification fails, reject the password acquisition request. For example, the managed device 20 may sign the data to be signed by using a private key of the managed device 20 to obtain a signature value, where the specific implementation of the signature is as follows: the managed device 20 calculates the data to be signed by using the HASH algorithm to obtain the digest of the data to be signed, and encrypts the digest of the data to be signed by using the private key of the managed device 20 to obtain a signature value. Before the wearable device 10 determines the password requested by the password acquisition request, the signature verification may be performed on the signature value by using the public key of the managed device 20, and the specific implementation of the signature verification may be: the wearable device 10 decrypts the received signature value by using the public key of the managed device 20 to obtain the digest of the data to be signed, calculates the received data to be signed by using the HASH algorithm to obtain the digest of the data to be signed, compares whether the decrypted digest of the data to be signed is the same as the calculated digest of the data to be signed, if so, verifies the signature of the signature value, executes the step of obtaining the password requested by the request, and if not, rejects the password obtaining request. The identity of the managed equipment sending the password acquisition request can be ensured by checking the signature value, and the information use safety is ensured.
In an alternative implementation of the embodiments of the present invention, the single authentication data includes, but is not limited to, one of: the current time of the clock of the wearable device 10, the current value of the counter of the wearable device 10, and the random number.
In the above optional embodiment, when the single authentication data is the current time of the clock of the wearable device, the single authentication data may have a validity period of a period of time, for example, the single authentication data may be accurate to 1 minute and valid within one minute, which not only avoids replay attack, but also avoids an increase in the failure rate of the single authentication data due to too short validity time of the single authentication data. When the wearable device authenticates the current value of the counter of the data bit wearable device once, the wearable device increments the counter once each time the wearable device performs the operation of the password obtaining response, for example, the wearable device generates a count value of 1 when the wearable device performs the password obtaining response for the first time, and generates a count value of 2 when the wearable device performs the password obtaining response for the next time, and so on, although the specific count value form is not limited thereto. When the single authentication data is a random factor, the random factor may be one or a string of random numbers, or may be one or a string of random characters, or any combination of a string of random numbers and random characters, in which case the wearable device may transmit the random factor to the managed device along with the authentication information. In the present embodiment, the single authentication data can be used only once, and therefore, replay attack can be prevented.
In an optional implementation of the embodiment of the present invention, the managed device 20 is further configured to output a prompt message to prompt the user to input the password in case the wearable device 10 rejects the password acquisition request. That is, in the present embodiment, if the wearable device 10 rejects the password acquisition request of the managed device 20, the managed device 20 may output prompt information, for example, display a password input box or the like, prompt the user to manually input the password, and ensure that the process currently performed by the managed device 20 can be continued.
In an alternative implementation of the embodiment of the present invention, the managed device 20 is further configured to: under the condition that the wearable device 10 returns authentication information, a response value is generated according to the single authentication data and predetermined authentication information, whether the generated response value is matched with the received authentication information or not is judged, under the condition that the response value is matched with the authentication information, the managed device 20 determines that the local authentication password is successfully verified, and continues the subsequent process; in the case where it is judged that the response value does not match the authentication information, the managed apparatus 20 outputs prompt information prompting the user to input a local verification password; and under the condition that the wearable device 10 returns the online PIN cipher text, decrypting the online PIN cipher text to obtain the online PIN, and sending the online PIN to the remote terminal for verification. That is, in this embodiment, the managed device 20 may perform a password verification or acquisition operation corresponding to the current process according to the information returned by the wearable device 10, so that the managed device 20 may continue to perform the subsequent processes.
In this embodiment, the sensor disposed on the wearable device 10 may be a temperature sensor, a proximity sensor, a sensor capable of acquiring a biometric characteristic (e.g., pulse, heart rate, etc.), and accordingly, the detection value detected by the sensor may be a temperature of an object closest to the sensor, a distance between the object closest to the sensor and the sensor, biometric information, and the like, which is not limited in this embodiment. The corresponding preset threshold value may be set according to the type of the detection value. For example, if the sensor is a temperature sensor, and the detected value is the temperature of the object nearest to the sensor, the wearable device may determine whether the temperature detected by the temperature sensor is greater than a preset threshold, where the preset threshold may be set to a temperature value slightly lower than the average temperature of the body surface of the human body, for example, 36 degrees celsius, which is not limited in this embodiment. If the sensor is a proximity sensor, and the detection value of the sensor is the distance between the object closest to the sensor and the sensor, the wearable device determines whether the distance detected by the proximity sensor is smaller than a preset threshold, where the preset threshold may be set to a smaller distance value, for example, 5 mm, and is not limited in this embodiment. If the sensor is a sensor capable of acquiring a user biometric characteristic (e.g., pulse, heart rate, etc.), and the detection value of the sensor is biometric information, the wearable device determines whether the matching degree of the detected biometric information and the pre-stored user biometric information is greater than a preset threshold, where the preset threshold may be set as the matching degree of the detection value and the pre-stored user biometric information, for example, 90%, and is not particularly limited in this embodiment.
In the present embodiment, the plurality of sensors provided on the wearable device 10 may be the same or different. The threshold values corresponding to the respective sensors may be the same or different, and even if the same sensor is used, the threshold values corresponding to the sensors provided at different positions on the wearable device 10 may be the same or different. For example, for the bracelet, which is also a pressure sensor, when determining whether the wearable device 10 is in a wearing state, the pressure worn above the arm is greater than the pressure below the arm, and the threshold of the sensor at the corresponding position is correspondingly large.
In an optional implementation of the embodiment of the present invention, the wearable device 10 is further configured to receive the transaction information sent by the managed device 20; outputting prompt information to prompt a user that a transaction occurs; receiving a confirmation response input by a user; stores the transaction information and sends confirmation information to the managed device 20. That is, in this optional embodiment, when the managed device 20 generates the availability information after a transaction occurs, the managed device 20 may send transaction information of the current transaction to the wearable device 10, prompt the wearable device 10 whether to allow the current transaction, send confirmation information to the managed device 20 after receiving a confirmation response from the user, and perform a corresponding deduction operation after the managed device 20 receives the confirmation information. Through this optional implementation, the user can confirm the transaction when the transaction takes place, after forbidding to use wearable device 10 to realize automatic input to the offline PIN code and the online PIN code of managed device 20, the illegal transaction that the user is agnostic takes place, ensures the property safety of the user.
Or, in another optional implementation of this embodiment, the managed device 20 may also send a prompt message to the wearable device when a transaction occurs, and in this optional implementation, the wearable device 10 is further configured to receive the prompt message that the managed device 20 sends a current transaction occurrence; judging whether the transaction which occurs last time is confirmed; under the condition that the last transaction is not confirmed, outputting prompt information to prompt a user to confirm the last transaction; receiving a confirmation response input by a user; setting the state of the stored last transaction information as confirmed; a prompt is sent to the managed device 20 instructing the managed device to continue with the current transaction. In this alternative embodiment, if the wearable device 10 determines that the last transaction has been confirmed, a prompt message may be sent directly to the managed device 20 instructing the managed device to continue with the current transaction. With this optional embodiment, it is also possible to prohibit an illegal transaction unknown to the user from occurring after the offline PIN code and the online PIN code of the managed device 20 are automatically input using the wearable device 10, thereby ensuring the property security of the user.
Through the technical scheme provided by the embodiment of the invention, the wearable device stores the verification information and the on-line PIN code ciphertext of the managed device under the condition of being worn on the user, and when the password acquisition request of the managed device is received, the wearable device is still worn on the user. And, judge whether the wearable equipment is dressed the condition on user's body when the storage is strict in the condition of judging whether the wearable equipment is dressed the condition on user's body when acquireing to can improve the convenience that the user used when saving information security.
Example 2
The present embodiment provides a wearable device, which can be the wearable device 10 in the above-described embodiment.
Fig. 2 is a schematic structural diagram of the wearable device provided in this embodiment, and as shown in fig. 2, the wearable device mainly includes: a first obtaining module 201, configured to obtain authentication information of a managed device; a second obtaining module 202, configured to obtain an online PIN code of the managed device; the encryption module 203 is used for encrypting the online PIN code acquired by the second acquisition module; the storage module 204 is used for storing the verification information and the online PIN cipher text obtained by the encryption module through encryption; the receiving module 205 is configured to trigger the detecting module 206 every time a password obtaining request sent by the managed device is received after the verification information and the online PIN code ciphertext are stored; a detection module 206, configured to detect whether a circuit loop in an attachment of the wearable device is turned on; an execution module 207, configured to reject the password obtaining request when the circuit loop is not turned on; a third acquiring module 208, configured to acquire a detection value detected by a sensor provided on the accessory when the circuit loop is turned on; a first judging module 209, configured to judge whether the detection value obtained by the third obtaining module reaches a preset threshold; the execution module 207 is further configured to reject the password acquisition request by the wearable device when the first determination module 209 determines that the detection value does not reach the preset threshold; the second judging module 210 is configured to judge the password requested by the password obtaining request when the first judging module 209 judges that the detection value reaches the preset threshold; a response module 211, configured to, when the second determination module 210 determines that the password requested by the password acquisition request is the offline PIN code, generate authentication information according to the verification information and the single authentication data, and send the authentication information to the managed device; and under the condition that the password requested by the password acquisition request is judged to be the online PIN, sending the stored online PIN ciphertext to the managed device.
In an optional implementation of the embodiment of the present invention, the first obtaining module 201 may obtain the authentication information of the managed device by one of the following manners:
(1) negotiating with managed equipment to obtain an authentication key, and using the authentication key as verification information; alternatively, the authentication key may be calculated (for example, MAC calculation or hash calculation), and the calculation result may be used as the verification information.
(2) The off-line PIN code input by the user through the input device of the wearable device is received and used as the verification information, or the off-line PIN code may be calculated (for example, MAC calculation or hash calculation) and the calculation result may be used as the verification information.
(3) The offline PIN code transmitted by the managed apparatus is received and used as the authentication information, or the offline PIN code may be calculated (for example, MAC calculation or hash calculation) and the calculation result may be used as the authentication information.
In an optional implementation of the embodiment of the present invention, the second obtaining module 202 obtains the online PIN code of the managed device by:
(1) receiving an online PIN code input by a user through an input device of the wearable equipment; the user can input the connection PIN code through the keyboard of wearable equipment, also can input online PIN code through the touch-sensitive screen of wearable equipment, can also input the online PIN code of pronunciation form through the audio input device of wearable equipment. The online PIN code is input through the input device of the wearable device, the wearable device directly acquires the online PIN code, the risk that the online PIN code is hijacked in the transmission process is eliminated, and the safety of the online PIN code is guaranteed.
(2) And receiving the online PIN code sent by the managed device. For example, an online PIN code input by a user through an input device of the managed apparatus is received, or an online PIN code transmitted to the managed apparatus by another apparatus is received. By adopting the mode, an input device does not need to be additionally arranged on the wearable equipment, the structure of the wearable equipment is simplified, and the cost of the wearable equipment is saved.
In an optional implementation of the embodiment of the present invention, the password obtaining request carries a signature value obtained by the managed device signing the data to be signed; the wearable device may further include: and the signature verification module is used for verifying the signature of the signature value before the second judgment module judges the password requested by the password acquisition request, triggering the first judgment module under the condition that the signature verification passes, and triggering the execution module 207 to reject the password acquisition request under the condition that the signature verification does not pass.
In an optional implementation of the embodiment of the present invention, the storage module 204 stores the verification information and the online PIN code ciphertext by: and storing the verification information and the online PIN code ciphertext in a RAM of the wearable device. In this embodiment, the verification information and the on-line PIN code ciphertext are stored in a Random Access Memory (RAM), so that the storing and reading operations can be completed quickly. In addition, when the power of the wearable device is turned off, the verification information and the on-line PIN code ciphertext stored in the RAM are deleted, and the safety of the information is guaranteed.
In an optional implementation of the embodiment of the present invention, as shown in fig. 3, the wearable device may further include: a fourth obtaining module 212, configured to obtain a device identifier of the managed device; the storage module 204 may store the verification information and the online PIN code ciphertext in the following manner: and storing the verification information and the on-line PIN code ciphertext according to the equipment identification association.
The device identifier of the managed device may be a serial number of the managed device, and of course, the device identifier of the managed device is not limited to the serial number of the managed device as long as the device identifier can uniquely identify the managed device. The specific implementation of the storage module 204 storing the verification information and the online PIN code ciphertext according to the device identifier association of the managed device may be as follows: and establishing a mapping relation between the equipment identifier of the managed equipment and the verification information and the online PIN code ciphertext, and storing the verification information according to the mapping relation between the equipment identifier of the managed equipment and the verification information and the online PIN code ciphertext. The verification information and the online PIN code ciphertext are stored in an associated mode according to the equipment identification, when the password acquisition request of the managed equipment is received, the verification information and the online PIN code ciphertext can be searched according to the equipment identification, the response speed of the wearable equipment is increased, and the working efficiency of the wearable equipment is improved.
In an optional implementation of the embodiment of the present invention, as shown in fig. 3, the wearable device may further include: a third determining module 213, configured to determine a connection status or a number of times of use of the managed device and the wearable device; the execution module 207 is further configured to delete the stored verification information or online PIN code ciphertext associated with the device identifier of the wearable device, or set the stored verification information or online PIN code ciphertext associated with the device identifier of the wearable device as unavailable, when the connection state of the managed device and the wearable device is disconnected or the number of times of use exceeds a preset number of times. With this alternative embodiment, the use of the stored password of the managed device can be secured.
For example, the use identifier may be represented by a binary character, and when the use identifier is 1, it represents that the authentication information or the on-line PIN code ciphertext is available, and when the use identifier is 0, it represents that the authentication information or the on-line PIN code ciphertext is not available. Of course, the available or unavailable status of the usage flag may be set in other manners. Under the condition that the connection state of the managed device and the wearable device is disconnected or the use times of the managed device and the wearable device exceed the preset times, the verification information or the online PIN code ciphertext corresponding to the managed device can be identified as unavailable, and when the managed device is subsequently accessed or authenticated again, the verification information or the online PIN code ciphertext of the managed device 20 can be directly identified as available without acquiring and storing the verification information or the online PIN code ciphertext of the managed device 20 again, so that the time is saved, and the user experience is improved.
In this embodiment, the wearable device may set a preset number of times that the password response can be acquired, and when the number of times that the managed device acquires the password response exceeds the preset number of times, delete the stored verification information or online PIN code ciphertext associated with the device identifier of the wearable device, or set the stored verification information or online PIN code ciphertext associated with the device identifier of the wearable device as unavailable. By the implementation mode, the managed equipment can be prevented from obtaining the verification information and the on-line PIN code ciphertext without limitation, and the safety of the verification information and the on-line PIN code ciphertext is ensured.
In this embodiment, the sensor disposed on the wearable device may be a temperature sensor, a proximity sensor, a sensor capable of acquiring a biometric characteristic (e.g., pulse, heart rate, etc.) of the user, and accordingly, the detection value detected by the sensor may be a temperature of an object closest to the sensor, a distance between the object closest to the sensor and the sensor, biometric information, etc., which is not limited in this embodiment. The corresponding preset threshold value may be set according to the type of the detection value. For example, if the sensor is a temperature sensor, and the detected value is the temperature of the object nearest to the sensor, the wearable device may determine whether the temperature detected by the temperature sensor is greater than a preset threshold, where the preset threshold may be set to a temperature value slightly lower than the average temperature of the body surface of the human body, for example, 36 degrees celsius, which is not limited in this embodiment. If the sensor is a proximity sensor, and the detection value of the sensor is the distance between the object closest to the sensor and the sensor, the wearable device determines whether the distance detected by the proximity sensor is smaller than a preset threshold, where the preset threshold may be set to a smaller distance value, for example, 5 mm, and is not limited in this embodiment. If the sensor is a sensor capable of acquiring a user biometric characteristic (e.g., pulse, heart rate, etc.), and the detection value of the sensor is biometric information, the wearable device determines whether the matching degree of the detected biometric information and the pre-stored user biometric information is greater than a preset threshold, where the preset threshold may be set as the matching degree of the detection value and the pre-stored user biometric information, for example, 90%, and is not particularly limited in this embodiment.
In this embodiment, the plurality of sensors provided on the wearable device may be the same or different. In addition, the threshold values corresponding to the respective sensors may be the same or different, and even if the same sensor is used, the threshold values corresponding to the sensors provided at different positions on the wearable device may be the same or different. For example, for the bracelet, be pressure sensor simultaneously, when judging whether wearable equipment is in wearing state, the pressure of wearing above the arm is greater than the pressure of below, and the threshold value of the sensor of corresponding position is corresponding also big.
In an optional implementation of the embodiment of the present invention, the receiving module 205 is further configured to receive transaction information sent by the managed device; the wearable device may further include: the first prompting module is used for outputting prompting information and prompting a user that a transaction occurs; the receiving module 205 is further configured to receive a confirmation response input by the user; the storage module 204 is further configured to store transaction information; the response module 211 is further configured to send acknowledgement information to the managed device after the receiving module 205 receives the acknowledgement response. That is, in this optional embodiment, when a transaction occurs and the yield information is generated, the managed device sends transaction information of this transaction to the wearable device, after the receiving module 205 receives the transaction information, the first prompting module is triggered to prompt the user whether to allow this transaction, after the receiving module 205 receives a confirmation response from the user, the responding module 211 sends confirmation information to the managed device, and after the managed device receives the confirmation information, the managed device may perform a corresponding deduction operation. Through this optional implementation mode, the user can confirm the transaction when the transaction takes place, forbid using wearable equipment to realize the automatic input to the off-line PIN code and the online PIN code of managed equipment after, take place the illegal transaction of user agnostic, ensure user's property safety.
Or, in another optional implementation manner of this embodiment, the receiving module 205 is further configured to receive a prompt message that the managed device sends that a transaction currently occurs; the wearable device may further include: the third judging module is used for judging whether the transaction which occurs last time is confirmed; the second prompting module is used for outputting prompting information to prompt a user to confirm the last transaction under the condition that the last transaction is not confirmed; the receiving module 205 is further configured to receive a confirmation response input by the user; the execution module 207 is further configured to set the state of the stored transaction information of the last time to confirmed; the response module 211 is further configured to send a prompt message to the managed device to prompt the managed device to continue the current transaction. In this alternative embodiment, if it is determined that the last transaction has been confirmed, a prompt message may be sent directly to the managed device instructing the managed device to continue with the current transaction. By adopting the optional implementation mode, after the wearable device is used for automatically inputting the offline PIN code and the online PIN code of the managed device, unknown illegal transactions of the user can be prohibited, and the property safety of the user is ensured.
Through the technical scheme provided by the embodiment, the wearable device stores the verification information and the online PIN code ciphertext of the managed device under the condition that the wearable device is worn on the user body, when the password acquisition request of the managed device is received, the wearable device is still worn on the user body, if the managed device requests the offline PIN code, the authentication information is generated according to the verification information, the authentication information is returned to the managed device, and if the managed device requests the online PIN code, the stored online PIN code ciphertext is sent to the managed device, so that the password safety can be ensured, the input times of the password can be reduced, and the user experience is improved. And, judge whether the wearable equipment is dressed the condition on user's body when the storage is strict in the condition of judging whether the wearable equipment is dressed the condition on user's body when acquireing to can improve the convenience that the user used when saving information security.
Example 3
The embodiment provides a method for password management through a wearable device.
Fig. 4 is a flowchart of a method for password management by a wearable device according to this embodiment, and as shown in fig. 4, the method mainly includes the following steps S401 to S409.
Step S401, the wearable device acquires verification information and an online PIN code of the managed device;
in this embodiment, before the wearable device acquires the verification information and the online PIN code of the managed device, the wearable device may authenticate the identity of the managed device, and the verification information is stored after the identity authentication is passed, so that the identity of the managed device may be ensured. The wearable device can store the verification information and the online PIN code ciphertext in a storage area which can only be safely accessed in the wearable device, and the safety of the verification information is guaranteed.
For example, the wearable device and the managed device may be mutually authenticated by: the method comprises the steps that a managed device generates first data to be signed, the first data to be signed can comprise random numbers and/or random events, the managed device signs the first data to be signed to generate first signature data, the managed device sends the first data to be signed to a wearable device together with the first signature data after encrypting the first data to be signed, the wearable device verifies the first signature data by using the first data to be signed and generates second data to be signed after the verification passes, the second data to be signed can comprise random numbers and/or random events, the wearable device signs the second data to be signed to generate second signature data, the wearable device sends the second data to be signed to the managed device together with the second signature data after encrypting the second data to be signed, and the managed device verifies the second signature data by using the second data to be signed, after the verification passes, mutual authentication passes, and therefore, the wearable device and the managed device can consider that the other party is a trusted device, the above-mentioned authentication mode is only one of a plurality of authentication modes, and other authentication modes are not excluded in the present embodiment.
As an optional implementation manner of the embodiment of the present invention, the wearable device may acquire the authentication information of the managed device in the following three ways:
in the first method, the wearable device negotiates with the managed device to obtain an authentication key, and the authentication key is used as the verification information, or the authentication key may be calculated (for example, MAC calculation or hash calculation) and the calculation result may be used as the verification information.
The wearable device and the managed device can negotiate after mutual authentication to obtain an authentication key, in addition, the wearable device and the managed device can also negotiate a transmission key at the same time, and in the subsequent communication process, both sides can encrypt and decrypt data transmitted in the communication process of both sides by using respective transmission keys, so that encrypted transmission is realized, and the safety of data transmission is ensured.
In this embodiment, after the wearable device and the managed device negotiate to obtain the authentication key, both the wearable device and the managed device can identify the authentication key, and after the wearable device obtains the authentication key, the authentication key can be stored as verification information. The authentication key is used as the verification information instead of the offline PIN code, so that the offline PIN code can be prevented from being leaked.
The wearable device receives an offline PIN code input by a user through an input device of the wearable device, and the offline PIN code is used as verification information, or the offline PIN code can be calculated (for example, MAC calculation or hash calculation), and the calculation result is used as verification information;
in this embodiment, the offline PIN code is a PIN code that can verify the correctness locally at the managed device, for example, a power-on password, an unlocking password, and the like. The user may input the offline PIN code through a keyboard of the wearable device, may also input the offline PIN code through a touch screen of the wearable device, and may also input the offline PIN code in a voice form through an audio input device of the wearable device, which is not limited in this embodiment. The off-line PIN code is input through the input device of the wearable device, the wearable device directly acquires the off-line PIN code, the risk that the off-line PIN code is hijacked in the transmission process is eliminated, and the safety of the off-line PIN code is guaranteed.
And in the third mode, the wearable device receives the offline PIN code sent by the managed device, and uses the offline PIN code as the verification information, or alternatively, the wearable device may perform calculation (for example, MAC calculation or hash calculation) on the offline PIN code, and use the calculation result as the verification information.
In this embodiment, the offline PIN code sent by the managed device may be the offline PIN code input by the user through an input device of the managed device, or may be the offline PIN code sent by another device to the managed device, and the managed device may send the offline PIN code to the wearable device after the offline PIN code is verified for the first time. The wearable device receives the offline PIN code sent by the managed device, an input device does not need to be additionally arranged on the wearable device, the structure of the wearable device is simplified, and the cost of the wearable device is saved.
In this embodiment, the online PIN code is a PIN code that cannot be locally verified in the managed device but can be verified only in the background server, for example, a login password. When the wearable device encrypts the online PIN code of the managed device, the online PIN code can be encrypted by using the public key of the managed device, and an online PIN code ciphertext obtained through encryption is stored. By encrypting the online PIN code, even if the online PIN code ciphertext is illegally obtained by a third party, the third party cannot decrypt the online PIN code ciphertext to obtain the online PIN code plaintext because the third party does not have the private key of the managed equipment, so that the safety of the online PIN code is ensured. Of course, the wearable device may also encrypt the online PIN code using another key, for example, the wearable device may encrypt the online PIN code using a transmission key negotiated with the managed device, and this embodiment is not limited in this embodiment.
As an optional implementation manner of the embodiment of the present invention, the wearable device may obtain the online PIN code of the managed device in the following two ways:
the first method is as follows: the wearable device receives an online PIN code entered by a user via an input device of the wearable device. The user can input the connection PIN code through the keyboard of wearable equipment, also can input online PIN code through the touch-sensitive screen of wearable equipment, can also input the online PIN code of pronunciation form through the audio input device of wearable equipment. The online PIN code is input through the input device of the wearable device, the wearable device directly acquires the online PIN code, the risk that the online PIN code is hijacked in the transmission process is eliminated, and the safety of the online PIN code is guaranteed.
The second method comprises the following steps: the wearable device receives the online PIN code sent by the managed device. The wearable device receives an online PIN code input by a user through an input device of the managed device, or the wearable device receives an online PIN code sent by other devices to the managed device. The wearable device receives the online PIN code sent by the managed device, an input device does not need to be additionally arranged on the wearable device, the structure of the wearable device is simplified, and the cost of the wearable device is saved.
Step S402, the wearable device determines a first number of N detection values detected by N sensors of the wearable device, where the first number meets a preset condition, where the preset condition is: the ith detection value detected by the ith sensor reaches the ith preset threshold value, i is 1,2,3, … …, N-1, N, N is not less than 4, and N is a positive integer; under the condition that the first number is larger than or equal to X, the wearable device encrypts the online PIN code to obtain an online PIN code ciphertext, and stores the verification information and the online PIN code ciphertext, wherein X is a positive integer and is more than or equal to 3 and less than or equal to N;
as an optional implementation manner of the embodiment of the present invention, the wearable device 10 may store the authentication information and the online PIN code ciphertext in its RAM. In this embodiment, the verification information and the on-line PIN code ciphertext are stored in a Random Access Memory (RAM), so that the storing and reading operations can be completed quickly. In addition, when the power of the wearable device 10 is turned off, the verification information and the on-line PIN code ciphertext stored in the RAM are deleted, and the information safety is guaranteed.
In this embodiment, before storing the verification information and the online PIN code ciphertext of the managed device 20, the wearable device 10 first determines whether the wearable device 10 is worn on the user, and only when the wearable device 10 is worn on the user, the verification information and the online PIN code ciphertext of the managed device 20 are stored, so that the secure use of the password is ensured.
In step S403, the wearable device detects whether a password acquisition request sent by the managed device is received, and if so, executes step S404:
for example, when the managed device is turned on or the screen is unlocked, the managed device needs to input an offline PIN code, and sends a password acquisition request to the wearable device 10 to request to acquire the offline PIN code; alternatively, the managed device may also need to input an online PIN code during login or transaction, and send a password acquisition request to the wearable device.
In a specific application, when storing the verification information and the online PIN code ciphertext, the wearable device 10 may set an identification information for the verification information and the online PIN code ciphertext, respectively, and notify the managed device 20 of the identification information, and when requesting a password, the managed device 20 may send a corresponding password acquisition request according to the identification information.
Step S404, judging a second number meeting the preset condition in the N detection values currently detected by the N sensors, executing step S407 when the second number is smaller than Y, and executing step S405 when the second number is larger than or equal to Y, wherein Y is an integer and is more than or equal to 0 and less than or equal to X;
that is, in this embodiment, when the wearable device receives the password obtaining request, the wearable device does not directly send the corresponding information to the managed device, but first determines whether the wearable device is in a worn state, and only if the wearable device is in the worn state, step S404 is executed. In this embodiment, the wearable device determines that the condition is wider than the condition when receiving the password acquisition request, namely, the principle of strict entering and exiting is adopted, so that the safety of the information can be ensured, and the use convenience of the user can be met.
In an optional implementation of the embodiment of the present invention, the password acquisition request sent by the managed device may further carry a signature value obtained by the managed device signing the data to be signed; the wearable device checks the signature value before executing step S404, and if the signature passes, the wearable device executes a step of determining the password requested by the password acquisition request, and if the signature does not pass, the wearable device rejects the password acquisition request. For example, the managed device may sign the data to be signed by using a private key of the managed device to obtain a signature value, where a specific implementation of the signature is as follows: the managed device calculates the data to be signed by using a HASH algorithm to obtain the abstract of the data to be signed, and encrypts the abstract of the data to be signed by using a private key of the managed device to obtain a signature value. Before the wearable device performs step S404, the wearable device may check the signature value by using the public key of the managed device, and a specific implementation of the check may be: the wearable device decrypts the received signature value by using the public key of the managed device to obtain the abstract of the data to be signed, calculates the received data to be signed by using a HASH algorithm to obtain the abstract of the data to be signed, compares whether the decrypted abstract of the data to be signed is the same as the calculated abstract of the data to be signed or not, if yes, verifies the signature of the signature value, executes the step of obtaining the password requested by the request, and if not, rejects the password obtaining request. The identity of the managed equipment sending the password acquisition request can be ensured by checking the signature value, and the information use safety is ensured.
Step S405, the wearable device judges the password requested by the password acquisition request; if it is determined that the password requested by the password acquisition request is the offline PIN code, step S406 is performed, and if it is determined that the password requested by the password acquisition request is the online PIN code, step S407 is performed.
Step S406, the wearable device generates authentication information according to the verification information and the single authentication data, and sends the authentication information to the managed device;
in an alternative implementation of the embodiments of the present invention, the single authentication data includes, but is not limited to, one of: a current time of a clock of the wearable device, a current value of a counter of the wearable device, and a nonce.
In the above optional embodiment, when the single authentication data is the current time of the clock of the wearable device, the single authentication data may have a validity period of a period of time, for example, the single authentication data may be accurate to 1 minute and valid within one minute, which not only avoids replay attack, but also avoids an increase in the failure rate of the single authentication data due to too short validity time of the single authentication data. When the wearable device authenticates the current value of the counter of the data bit wearable device once, the wearable device increments the counter once each time the wearable device performs the operation of the password obtaining response, for example, the wearable device generates a count value of 1 when the wearable device performs the password obtaining response for the first time, and generates a count value of 2 when the wearable device performs the password obtaining response for the next time, and so on, although the specific count value form is not limited thereto. When the single authentication data is a random factor, the random factor may be one or a string of random numbers, or may be one or a string of random characters, or any combination of a string of random numbers and random characters, in which case the wearable device may transmit the random factor to the managed device along with the authentication information. In the present embodiment, the single authentication data can be used only once, and therefore, replay attack can be prevented.
In an optional implementation of the embodiment of the present invention, before acquiring the verification information of the offline PIN code and acquiring the online PIN code, the wearable device acquires the device identifier of the managed device; the wearable device stores the verification information and the online PIN code ciphertext in the following mode: and storing the verification information and the on-line PIN code ciphertext according to the equipment identification association. That is, in this embodiment, the wearable device may manage a plurality of managed devices simultaneously, and each managed device is distinguished by a device identifier.
The device identifier of the managed device may be a serial number of the managed device, and of course, the device identifier of the managed device is not limited to the serial number of the managed device as long as the device identifier can uniquely identify the managed device. The specific implementation of the wearable device storing the verification information in association with the device identifier of the managed device may be: and establishing a mapping relation between the equipment identifier of the managed equipment and the verification information, and storing the verification information according to the mapping relation between the equipment identifier of the managed equipment and the verification information. The specific implementation of the wearable device storing the online PIN code ciphertext according to the device identifier association of the managed device may be: and establishing a mapping relation between the equipment identifier of the managed equipment and the online PIN code ciphertext, and storing the verification information according to the mapping relation between the equipment identifier of the managed equipment and the online PIN code ciphertext. The verification information and the online PIN code ciphertext are stored in an associated mode according to the equipment identification, when the password acquisition request of the managed equipment is received, the verification information and the online PIN code ciphertext can be searched according to the equipment identification, the response speed of the wearable equipment is increased, and the working efficiency of the wearable equipment is improved.
As an optional implementation manner of the embodiment of the present invention, in order to ensure password security, after the verification information and the online PIN code ciphertext are saved, the wearable device is further configured to determine a connection state or a number of times of use of the managed device and the wearable device, and if the connection state of the managed device and the wearable device is disconnected or the number of times of use exceeds a preset number of times, delete the stored verification information or the online PIN code ciphertext associated with the device identifier of the wearable device, or set the stored verification information or the stored use identifier of the online PIN code ciphertext associated with the device identifier of the wearable device as unavailable. With this alternative embodiment, the use of the stored password of the managed device can be secured.
In this embodiment, the specific manner that the identification is used to indicate that the verification information or the online PIN code ciphertext is available or unavailable may be: the use identifier is represented by a binary character, and when the use identifier is 1, the verification information or the on-line PIN code ciphertext is available, and when the use identifier is 0, the verification information or the on-line PIN code ciphertext is unavailable. Of course, the available or unavailable status of the usage flag may be set in other manners. Under the condition that the connection state of the managed device and the wearable device is disconnected or the use times of the managed device and the wearable device exceed the preset times, the verification information or the online PIN code ciphertext corresponding to the managed device can be marked as unavailable, and when the managed device is subsequently accessed or authenticated again, the verification information or the online PIN code ciphertext of the managed device can be directly marked as available without obtaining and storing the verification information or the online PIN code ciphertext of the managed device again, so that the time is saved, and the user experience is improved.
In this embodiment, the wearable device may set a preset number of times that the password response can be acquired, and when the number of times that the managed device acquires the password response exceeds the preset number of times, delete the stored verification information or online PIN code ciphertext associated with the device identifier of the wearable device, or set the stored verification information or online PIN code ciphertext associated with the device identifier of the wearable device as unavailable. By the implementation mode, the managed equipment can be prevented from obtaining the verification information and the on-line PIN code ciphertext without limitation, and the safety of the verification information and the on-line PIN code ciphertext is ensured.
Step S407, the wearable device sends the stored online PIN code ciphertext to the managed device.
In step S408, the wearable device rejects the password acquisition request sent by the managed device.
The managed device generates a response value according to the single authentication data and the predetermined authentication information under the condition that the wearable device returns the authentication information, judges whether the generated response value is matched with the received authentication information or not, determines that the local authentication password is successfully verified by the managed device under the condition that the response value is matched with the authentication information, and continues the subsequent process; under the condition that the response value is judged not to be matched with the authentication information, the managed equipment outputs prompt information to prompt a user to input a local verification password; and under the condition that the wearable device returns the online PIN cipher text, decrypting the online PIN cipher text to obtain the online PIN, and sending the online PIN to the remote terminal for verification. That is, in this embodiment, the managed device may perform password authentication or acquisition operation corresponding to the current process according to the information returned by the wearable device, so that the managed device may continue to perform subsequent processes.
In this embodiment, the sensor disposed on the wearable device may be a temperature sensor, a proximity sensor, a sensor capable of acquiring a biometric characteristic (e.g., pulse, heart rate, etc.) of the user, and accordingly, the detection value detected by the sensor may be a temperature of an object closest to the sensor, a distance between the object closest to the sensor and the sensor, biometric information, etc., which is not limited in this embodiment. The corresponding preset threshold value may be set according to the type of the detection value. For example, if the sensor is a temperature sensor, and the detected value is the temperature of the object nearest to the sensor, the wearable device may determine whether the temperature detected by the temperature sensor is greater than a preset threshold, where the preset threshold may be set to a temperature value slightly lower than the average temperature of the body surface of the human body, for example, 36 degrees celsius, which is not limited in this embodiment. If the sensor is a proximity sensor, and the detection value of the sensor is the distance between the object closest to the sensor and the sensor, the wearable device determines whether the distance detected by the proximity sensor is smaller than a preset threshold, where the preset threshold may be set to a smaller distance value, for example, 5 mm, and is not limited in this embodiment. If the sensor is a sensor capable of acquiring a user biometric characteristic (e.g., pulse, heart rate, etc.), and the detection value of the sensor is biometric information, the wearable device determines whether the matching degree of the detected biometric information and the pre-stored user biometric information is greater than a preset threshold, where the preset threshold may be set as the matching degree of the detection value and the pre-stored user biometric information, for example, 90%, and is not particularly limited in this embodiment.
In this embodiment, the plurality of sensors provided on the wearable device may be the same or different. In addition, the threshold values corresponding to the respective sensors may be the same or different, and even if the same sensor is used, the threshold values corresponding to the sensors provided at different positions on the wearable device may be the same or different. For example, for the bracelet, be pressure sensor simultaneously, when judging whether wearable equipment is in wearing state, the pressure of wearing above the arm is greater than the pressure of below, and the threshold value of the sensor of corresponding position is corresponding also big.
In an alternative implementation of the embodiments of the present invention, the method may further comprise: the wearable device receives transaction information sent by the managed device; the wearable device outputs prompt information to prompt the user that a transaction occurs; the wearable device receives a confirmation response input by the user; the wearable device stores the transaction information and sends confirmation information to the managed device 20. That is, in this optional embodiment, when a transaction occurs and the yield information is generated, the managed device sends the transaction information of this transaction to the wearable device, the wearable device prompts the user whether to allow this transaction, after receiving the confirmation response of the user, the managed device sends the confirmation information to the managed device, and after receiving the confirmation information, the managed device may perform a corresponding deduction operation. Through this optional implementation, the user can confirm the transaction when the transaction takes place, after forbidding to use wearable device to realize automatic input to the offline PIN code and the online PIN code of managed device 20, the illegal transaction that the user is agnostic takes place, ensures user's property safety.
Or, in another optional implementation of this embodiment, the managed device may also send a prompt message to the wearable device when a transaction occurs, and in this optional implementation, the method further includes: the wearable device receives prompt information that the managed device sends a current transaction; the wearable device judges whether the last transaction is confirmed; under the condition that the last transaction is not confirmed, the wearable device outputs prompt information to prompt a user to confirm the last transaction; the wearable device receives a confirmation response input by the user; setting the state of the stored last transaction information as confirmed; and sending prompt information to the managed equipment to instruct the managed equipment to continue the current transaction. In this optional embodiment, if the wearable device determines that the last transaction has been confirmed, a prompt message may be sent directly to the managed device instructing the managed device to continue with the current transaction. By adopting the optional implementation mode, after the wearable device is used for automatically inputting the offline PIN code and the online PIN code of the managed device, unknown illegal transactions of the user can be prohibited, and the property safety of the user is ensured.
In the above-described alternative embodiment, the wearable device may determine whether the last transaction occurred was confirmed according to whether the status of the last transaction information stored locally is confirmed.
Through the technical scheme provided by the embodiment of the invention, the wearable device stores the verification information and the on-line PIN code ciphertext of the managed device under the condition of being worn on the user, and when the password acquisition request of the managed device is received, the wearable device is still worn on the user. And, judge whether the wearable equipment is dressed the condition on user's body when the storage is strict in the condition of judging whether the wearable equipment is dressed the condition on user's body when acquireing to can improve the convenience that the user used when saving information security.
Any process or system descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, various steps or systems may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those of ordinary skill in the art that all or part of the steps carried by the system implementing the above embodiments may be implemented by hardware associated with instructions of a program, which may be stored in a computer-readable storage medium, and when executed, includes one or a combination of the steps of the system embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (9)

1. A system for password management by a wearable device, comprising: a wearable device and a managed device, wherein,
the wearable device is to:
acquiring verification information and an online PIN of the managed device;
judging a first number of N detection values detected by N sensors of the wearable device, wherein the first number meets a preset condition, and the preset condition is as follows: the ith detection value detected by the ith sensor reaches the ith preset threshold value, i is 1,2,3, … …, N-1, N, N is not less than 4, and N is a positive integer;
encrypting the online PIN code under the condition that the first number is larger than or equal to X to obtain an online PIN code ciphertext, and storing the verification information and the online PIN code ciphertext, wherein X is a positive integer and is more than or equal to 3 and less than or equal to N;
the managed device is used for sending a password acquisition request to the wearable device when a password needs to be input;
the wearable device is further to:
after receiving a password acquisition request sent by the managed device, judging a second number meeting the preset condition in N detection values currently detected by the N sensors;
when the second number is smaller than Y, the wearable device rejects the password acquisition request, wherein Y is an integer and is greater than or equal to 0 and less than or equal to X;
when the second number is greater than or equal to Y, the wearable device judges the password requested by the password acquisition request;
under the condition that the password requested by the password acquisition request is judged to be an offline PIN, the wearable device generates authentication information according to the verification information and single authentication data, and sends the authentication information to the managed device; wherein the single authentication data comprises one of: a current time of a clock of the wearable device, a current value of a counter of the wearable device, and a nonce;
under the condition that the password requested by the password acquisition request is judged to be the online PIN, the wearable device sends the stored online PIN ciphertext to the managed device;
the wearable device acquires the authentication information of the managed device by one of the following modes:
negotiating with the managed equipment to obtain an authentication key, and using the authentication key as the verification information;
receiving the offline PIN code input by a user through an input device of the wearable device, and using the offline PIN code as the verification information;
and receiving the offline PIN code sent by the managed device, and using the offline PIN code as the verification information.
2. The system of claim 1, wherein the wearable device obtains the online PIN of the managed device by:
receiving the online PIN code input by a user through an input device of the wearable device; alternatively, the first and second electrodes may be,
and receiving the online PIN code sent by the managed device.
3. The system according to claim 1 or 2,
the password obtaining request carries a signature value obtained by signing the data to be signed by the managed device;
the wearable device is further used for verifying the signature of the signature value, executing the step of judging the password requested by the password acquisition request under the condition that the signature verification is passed, and rejecting the password acquisition request under the condition that the signature verification is not passed.
4. The system of claim 1 or 2, wherein the wearable device stores the authentication information and the online PIN cipher text by: and storing the verification information and the on-line PIN code ciphertext in a RAM.
5. The system according to claim 1 or 2,
the wearable device is further used for acquiring verification information of the offline PIN code and acquiring a device identifier of the managed device before acquiring the online PIN code;
the wearable device stores the verification information and the online PIN code ciphertext in the following manner: and storing the verification information and the on-line PIN code ciphertext according to the equipment identification association.
6. The system of claim 5,
the wearable device is further used for judging the connection state or the use times of the managed device and the wearable device, and if the connection state of the managed device and the wearable device is disconnected or the use times exceed a preset number, deleting the stored verification information or online PIN code ciphertext of the managed device, or setting the use identifier of the stored verification information or online PIN code ciphertext of the managed device as unavailable.
7. The system according to claim 1 or 2,
the managed device is further to:
under the condition that the wearable device returns the authentication information, generating a response value according to single authentication data and predetermined authentication information, judging whether the generated response value is matched with the received authentication information or not, under the condition that the response value is matched with the authentication information, the managed device determines that the local authentication password is successfully verified, and continuing the subsequent process; under the condition that the response value is judged not to be matched with the authentication information, the managed equipment outputs prompt information to prompt a user to input the local verification password;
and under the condition that the wearable device returns the online PIN cipher text, decrypting the online PIN cipher text to obtain the online PIN, and sending the online PIN to a remote terminal for verification.
8. The system according to claim 1 or 2,
the wearable device is further to: receiving transaction information sent by managed equipment; outputting prompt information to prompt a user that a transaction occurs; receiving a confirmation response input by a user; storing the transaction information and sending confirmation information to the managed device.
9. The system according to claim 1 or 2,
the wearable device is further to: receiving prompt information that the managed equipment sends that a transaction occurs currently; judging whether the transaction which occurs last time is confirmed; under the condition that the last transaction is not confirmed, outputting prompt information to prompt a user to confirm the last transaction; receiving a confirmation response input by a user; setting the state of the stored last transaction information as confirmed; and sending prompt information to the managed equipment to instruct the managed equipment to continue the current transaction.
CN201610067583.9A 2016-01-29 2016-01-29 System for managing passwords through wearable equipment Active CN107026737B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610067583.9A CN107026737B (en) 2016-01-29 2016-01-29 System for managing passwords through wearable equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610067583.9A CN107026737B (en) 2016-01-29 2016-01-29 System for managing passwords through wearable equipment

Publications (2)

Publication Number Publication Date
CN107026737A CN107026737A (en) 2017-08-08
CN107026737B true CN107026737B (en) 2021-02-09

Family

ID=59524026

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610067583.9A Active CN107026737B (en) 2016-01-29 2016-01-29 System for managing passwords through wearable equipment

Country Status (1)

Country Link
CN (1) CN107026737B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110263521A (en) * 2019-06-24 2019-09-20 深圳市商汤科技有限公司 Login guard method and device, system, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103745142A (en) * 2014-01-24 2014-04-23 周怡 Information processing method and device for wearable devices
CN103929307A (en) * 2014-04-02 2014-07-16 天地融科技股份有限公司 Password input method, intelligent secret key device and client device
CN104092550A (en) * 2014-07-23 2014-10-08 三星电子(中国)研发中心 Password protection method, system and device
CN105167761A (en) * 2015-09-22 2015-12-23 深圳市元征科技股份有限公司 Wearing state detecting method and device for intelligent wearable equipment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243165A (en) * 2014-08-28 2014-12-24 电子科技大学 Intelligent movable terminal privacy protection system and method based on intelligent bracelet
CN104794381A (en) * 2015-03-24 2015-07-22 百度在线网络技术(北京)有限公司 Method, device, equipment and system used for authentication
US9860243B2 (en) * 2015-07-29 2018-01-02 International Business Machines Corporation Authenticating applications using a temporary password

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103745142A (en) * 2014-01-24 2014-04-23 周怡 Information processing method and device for wearable devices
CN103929307A (en) * 2014-04-02 2014-07-16 天地融科技股份有限公司 Password input method, intelligent secret key device and client device
CN104092550A (en) * 2014-07-23 2014-10-08 三星电子(中国)研发中心 Password protection method, system and device
CN105167761A (en) * 2015-09-22 2015-12-23 深圳市元征科技股份有限公司 Wearing state detecting method and device for intelligent wearable equipment

Also Published As

Publication number Publication date
CN107026737A (en) 2017-08-08

Similar Documents

Publication Publication Date Title
US20210350013A1 (en) Security systems and methods for continuous authorized access to restricted access locations
US11153076B2 (en) Secure communication for medical devices
TWI667585B (en) Method and device for safety authentication based on biological characteristics
EP1360568B1 (en) Method and system for securing a computer network and personal identification device used therein for controlling access to network components
US20150172920A1 (en) System for proximity based encryption and decryption
KR20160129839A (en) An authentication apparatus with a bluetooth interface
KR101758990B1 (en) Receiving fingerprints through touch screen of ce device
CN105389500A (en) Method of using one device to unlock another device
CN108322310B (en) Card reading login method and security login system by using security equipment
AU2002226231A1 (en) Method and system for securing a computer network and personal identification device used therein for controlling access to network components
KR20160035548A (en) Messaging customer mobile device when electronic bank card used
CN108322507B (en) Method and system for executing security operation by using security device
US11868169B2 (en) Enabling access to data
CN108337235B (en) Method and system for executing security operation by using security device
CN108322440B (en) Card reading login method and security login system by using security equipment
CN107026735A (en) Method and managed devices that a kind of password is automatically entered
CN107026737B (en) System for managing passwords through wearable equipment
CN107026817B (en) System for automatically inputting password
CN107026734A (en) A kind of method and system that Password Management is carried out using certification lasting effectiveness
CN107026732A (en) A kind of system that Password Input number of times is reduced by wearable device
CN107292611B (en) Transaction method and system
CN107026733A (en) A kind of wearable device and the method that Password Management is carried out by it
CN108322439B (en) Registration method and registration system by using security equipment
TWI633231B (en) Smart lock and smart lock control method
CN107026736A (en) A kind of wearable device and the method that Password Input number of times is reduced by it

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220412

Address after: Tiantianrong building, No. 1, Zhongguancun, Beiqing Road, Haidian District, Beijing 100094

Patentee after: TENDYRON Corp.

Address before: 100086 room 603, building 12, taiyueyuan, Haidian District, Beijing

Patentee before: Li Ming