CN107241192B - A kind of method and device logged in using fingerprint key - Google Patents
A kind of method and device logged in using fingerprint key Download PDFInfo
- Publication number
- CN107241192B CN107241192B CN201710389097.3A CN201710389097A CN107241192B CN 107241192 B CN107241192 B CN 107241192B CN 201710389097 A CN201710389097 A CN 201710389097A CN 107241192 B CN107241192 B CN 107241192B
- Authority
- CN
- China
- Prior art keywords
- fingerprint
- function
- key
- authentication
- login
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Storage Device Security (AREA)
- Collating Specific Patterns (AREA)
Abstract
The present invention discloses a kind of method and device logged in using fingerprint key, this method comprises: device obtains login authentication mode, and is returned to operating system;As device obtains the login interface window handle when login authentication mode in third function parameter is external certificate mode in acquisition third function parameter and saves;Device pops up fingerprint authentication prompting frame according to the login interface window handle of preservation, prompts user to input fingerprint on fingerprint key and verifies;Data to be signed are sent to fingerprint key by device, if the current state of fingerprint key is to have positioned signature private key and signature algorithm using the parameter of the 5th function if fingerprint authentication has passed through, authority information needed for operation generates register system is carried out to data to be signed according to signature algorithm using signature private key, and is returned to operating system.Technical solution of the present invention allow fingerprint Key directly in Windows system can normal use, it is user-friendly.
Description
Technical field
The present invention relates to information security field more particularly to a kind of method and devices logged in using fingerprint key.
Background technique
Currently, will pop up PIN code input frame when application call Window function uses USB Key, prompt user defeated
Enter PIN code to be verified, after PIN code is verified, application could use the data saved in USB Key, signed plus solved
The operations such as close, generation key, importing certificate.
In the prior art, fingerprint Key is compared with generic USB Key, and operation is safer, but fingerprint Key cannot pass through
PIN code carries out verifying use, and verifying use can only be carried out by fingerprint, and current Window function is not supported fingerprint authentication, led
Cause fingerprint Key that cannot use.Therefore, Window function how to be made to support to be a problem to be solved using fingerprint key.
Summary of the invention
The purpose of the invention is to overcome the deficiencies of the prior art and provide a kind of side logged in using fingerprint key
Method and device.
The present invention provides a kind of methods logged in using fingerprint key, comprising:
When second function is called, device obtains login authentication mode, and the login authentication mode is returned to behaviour
Make system;
When third function is called, described device obtains the login authentication mode in the third function parameter, and sentences
Whether the login authentication mode of breaking is external certificate mode, is, described device obtains the login in the third function parameter
Interfaces windows handle simultaneously saves, and the third function is return success, and otherwise the third function returns to error message;
When the 4th function is called, described device pops up fingerprint authentication according to the login interface window handle of preservation and prompts
Frame prompts user to input fingerprint on fingerprint key and verifies, and as being verified, itself current shape is arranged in the fingerprint key
State is that fingerprint authentication has passed through, and the fingerprint key as described in verifying not if is arranged itself current state and does not pass through for fingerprint authentication;
When the 5th function is called, data to be signed are sent to the fingerprint key, the fingerprint key by described device
Check whether itself current state is that fingerprint authentication has passed through, be then using the 5th function parameter positioning signature private key and
Signature algorithm carries out operation to the data to be signed according to the signature algorithm using the signature private key and generates register
The authority information is returned to the operating system by authority information needed for system, the 5th function, otherwise end operation.
Further, before the second function is called, further includes:
When the operating system receives login triggering information, user is prompted to be inserted into fingerprint key;Such as the operating system
It when detecting fingerprint key insertion, obtains all user certificates in the fingerprint key and shows, user's selection is prompted to step on
Record used in certificate, when the operating system receive user selection carry out log in used in certificate when call the first letter
Number;
When the first function is called, function address list is returned to the operating system by described device, described
Operating system respectively according in the function address list second function address, third function address, the 4th function address and
5th function address calls the second function, the third function, the 4th function and the 5th function.
Further, described device obtains login authentication mode specifically: described device will be in the second function parameter
External PIN code verification mode be set as the first preset value.
Further, when the 4th function is called, described device refers to according to the pop-up of the login interface window handle of preservation
Line verification tip frame prompts user to input fingerprint on the fingerprint key and verifies, fingerprint key as described in if being verified
It is that fingerprint authentication has passed through that itself current state, which is arranged, and the fingerprint key as described in verifying not if is arranged itself current state and is
Fingerprint authentication does not pass through, specifically includes:
Step A1: when the 4th function is called, described device judges whether to need to generate session PIN code, is to execute
Step A6, it is no to then follow the steps A2;
Step A2: described device judges whether to need to be logged in using session PIN code, is to then follow the steps A3, otherwise
4th function returns to error message;
Step A3: described device judges whether to preserve legal session PIN code, is to then follow the steps A4, otherwise described
4th function returns to error message;
Step A4: described device judges whether the fingerprint key logs in effectively, is to then follow the steps A5, otherwise described
Four functions return to error message;
Step A5: the logging state of described device setting fingerprint key is to have logged in, and the 4th function, which returns, successfully to be believed
Breath;
Step A6: described device judges whether the condition for generating PIN code is legal, is to then follow the steps A7, otherwise described the
Four functions return to error message;
Step A7: described device judges whether the logging state of the fingerprint key is to have logged in, and is to then follow the steps A10,
It is no to then follow the steps A8;
Step A8: described device pops up fingerprint authentication prompting frame according to the login interface window handle of preservation, prompts
User inputs fingerprint on the fingerprint key and verifies, and refers to as described in if fingerprint authentication of the fingerprint key to input passes through
It is that fingerprint authentication has passed through that itself current state, which is arranged, in line key, is proved to be successful information to described device return, such as fingerprint
Key does not pass through the fingerprint authentication of input, and it is that fingerprint authentication does not pass through that itself current state, which is arranged, in the fingerprint key, to described
Device returns to authentication failed information;
Step A9: described device judges whether the fingerprint key tests according to the information that the fingerprint Key received is returned
It demonstrate,proves successfully, is, the logging state that fingerprint key is arranged is to have logged in, and executes step A10, and otherwise the 4th function returns to mistake
Information;
Step A10: described device generates session PIN code and simultaneously saves, and saves login time, the 4th function return at
Function information.
Further, the described device in the step A1 judges whether that needing to generate session PIN code includes: described device
Judge that the verifying in the PIN code mark in the 4th function parameter identifies whether set, be to need to generate session PIN code,
Otherwise it does not need to generate session PIN code.
Further, the step A2 includes: in PIN code mark that described device judges in the 4th function parameter
Login banner whether set, be to then follow the steps A3, otherwise the 4th function returns to error message.
Further, the step A3 includes: that described device judges whether there is session PIN in the parameter of the 4th function
Whether the session PIN code length in code and the parameter is equal to preset length, is to then follow the steps A4, otherwise the 4th function
Return to error message.
Further, the step A4 include: described device judge current time subtract preservation login time it is whether small
It is to then follow the steps A5 in preset value, otherwise the 4th function returns to error message.
Further, the step A5 includes: described device for login banner set and saves, and the 4th function returns
Successful information.
Further, the step A6 include: described device judge session PIN code in the parameter of the 4th function and
Whether session PIN code length is sky, is that then the 4th function returns to error message, no to then follow the steps A7.
Further, the step A7 include: described device judge save login banner whether set, be to execute step
Rapid A10, it is no to then follow the steps A8.
Further, the step A8 includes: that described device refers to according to the pop-up of the login interface window handle of preservation
Line verification tip frame, and fingerprint authentication instruction is sent to the fingerprint key, when the fingerprint key receives the finger of user's input
When line, judge whether the fingerprint received is consistent with the fingerprint that inside saves, and is that itself current state is arranged in the fingerprint key
Pass through for fingerprint authentication, has been proved to be successful information to described device return, otherwise the fingerprint key is arranged itself current state and is
Fingerprint authentication does not pass through, returns to authentication failed information to described device.
Further, the step A9 includes: that described device judges according to the information that the fingerprint Key received is returned
Whether the fingerprint key is proved to be successful, and fingerprint key as described in if the information received is to be proved to be successful information is proved to be successful, will
The login banner set executes step A10, and the 4th function as described in if the information received is authentication failed information returns wrong
False information.
Further, the step A10 includes: that described device is obtained according to the function pointer in the 4th function parameter
Generating function generates corresponding session PIN code by the generating function, saves the session PIN code and login time, described
4th function is return success.
Further, the fingerprint key positions signature private key using the parameter of the 5th function and signature algorithm includes:
The fingerprint key is respectively according in the container index and the corresponding container of signature algorithm identifier acquisition in the parameter of the 5th function
Signature private key and signature algorithm.
Further, the method also includes: after the operating system receives the authority information, selected using user
The certificate selected verifies the authority information, if being proved to be successful, allows to log in, refuses to log in if authentication failed.
Further, it includes: that the operation is that the certificate selected using user, which carries out verifying to the authority information,
The authority information is decrypted in the public signature key united in the certificate that is selected using the user, to the data to be signed into
Row Hash calculation judges that Hash calculation result with decryption is to be proved to be successful the result is that no consistent, otherwise authentication failed.
Invention further provides a kind of devices logged in using fingerprint key, including the second operation module, third to operate
Module, the 4th operation module and the 5th operation module;
Second operation module returns to operation for obtaining login authentication mode, and by the login authentication mode
System;
The third operation module, for obtaining the login authentication mode in the third function parameter, and described in judgement
Whether login authentication mode is external certificate mode, is to obtain login interface window handle in the third function parameter simultaneously
It saves, returns success, otherwise return to error message;
4th operation module, the login interface window handle pop-up for being saved according to the third operation module refer to
Line verification tip frame prompts user to input fingerprint on fingerprint key and verifies, such as fingerprint inspection of the fingerprint key to input
It is that fingerprint authentication has passed through that itself current state, which is arranged, by the then fingerprint key in card, such as fingerprint of the fingerprint key to input
It is that fingerprint authentication does not pass through that itself current state, which is not arranged, by the then fingerprint key in verifying;
5th operation module, for data to be signed to be sent to the fingerprint key, the fingerprint key is checked certainly
Whether body current state is that fingerprint authentication has passed through, and is that then fingerprint key uses the parameter positioning signature private key of the 5th function
And signature algorithm, operation is carried out to the data to be signed according to the signature algorithm using the signature private key and generates login behaviour
Authority information needed for making system, the 5th operation module are also used to the authority information returning to the operating system,
Otherwise end operation.
Further, described device further includes the first operation module;
When the operating system receives login triggering information, user is prompted to be inserted into fingerprint key;Such as the operating system
It when detecting fingerprint key insertion, obtains all user certificates in the fingerprint key and shows, user's selection is prompted to step on
Certificate used in recording, when the operating system receive user's selection log in used in certificate when trigger described the
One operation module;
First operation module is used to return to function address list the operating system, the operating system difference
According to second function address, third function address, the 4th function address and the 5th function address in the function address list
Call the second function, the third function, the 4th function and the 5th function.
Further, second operation module is specifically used for verifying the external PIN code in the second function parameter
Mode is set as the first preset value, and the external PIN code verification mode of the first preset value is returned to the operating system.
Further, the 4th operation module includes:
First judging unit, for judging whether to need to generate session PIN code when the 4th function is called;
Second judgment unit, for judging whether to need using session PIN when first judging unit is judged as NO
Code is logged in, and returns to error message when the judgment is no;
Third judging unit, for judging whether to preserve legal meeting when the second judgment unit is judged as YES
PIN code is talked about, returns to error message when the judgment is no;
4th judging unit, for judging whether the fingerprint key logs in when the third judging unit is judged as YES
Effectively, error message is returned when the judgment is no;
First setting unit, for when the 4th judging unit is judged as YES, the logging state of setting fingerprint key is
It has been logged in that, return success;
5th judging unit, for when first judging unit is judged as YES, judge generate PIN code condition whether
It is legal, error message is returned when the judgment is no;
6th judging unit, for judging the login shape of the fingerprint key when the 5th judging unit is judged as YES
Whether state is to have logged in;
Prompt unit is popped up, for being protected according to the third operation module when the 6th judging unit is judged as NO
Deposit the login interface window handle pop-up fingerprint authentication prompting frame, prompt user inputted on the fingerprint key fingerprint into
Row verifying;The fingerprint key to the fingerprint authentication of input if as described in fingerprint key be arranged itself current state be fingerprint inspection
Card has passed through, and information is proved to be successful to described device return, as described in if the fingerprint key does not pass through the fingerprint authentication of input
It is that fingerprint authentication does not pass through that itself current state, which is arranged, in fingerprint key, returns to authentication failed information to described device;
Receiving unit is proved to be successful information or authentication failed information for receive that the fingerprint key returns;
7th judging unit, the information that the fingerprint key for being received according to the receiving unit is returned judge institute
It states whether fingerprint key is proved to be successful, is, the logging state that fingerprint key is arranged is to have logged in, and otherwise returns to error message;
Storage unit is generated, for generating session PIN when the 6th judging unit and/or the 7th unit judges, which are, is
Code simultaneously saves, and saves login time, returns success.
Further, first judging unit is specifically used for judging in the PIN code mark in the 4th function parameter
Verifying identify whether set, be to need to generate session PIN code, otherwise do not need generate session PIN code.
Further, the second judgment unit is specifically used for judging in the PIN code mark in the 4th function parameter
Login banner whether set, return to error message when the judgment is no.
Further, the third judging unit is specifically used for whether having session in the parameter for judging the 4th function
Whether the session PIN code length in PIN code and the parameter is equal to preset length, returns to error message when the judgment is no.
Further, the 4th judging unit be specifically used for judge current time subtract preservation login time it is whether small
In preset value, error message is returned when the judgment is no.
Further, first setting unit is specifically used for login banner set and saves, and returns success.
Further, the 5th judging unit is specifically used for judging the session PIN code in the parameter of the 4th function
Whether it is sky with session PIN code length, is to return to error message.
Further, the 6th judging unit be specifically used for judge preservation login banner whether set, be then fingerprint
Key is in logging state, and otherwise fingerprint key is in and is not logged in state.
Further, the pop-up prompt unit is specifically used for popping up fingerprint inspection according to the login interface window handle of preservation
Prompting frame is demonstrate,proved, and sends fingerprint authentication instruction to the fingerprint key, when the fingerprint key receives the fingerprint of user's input,
Judge whether the fingerprint received is consistent with the fingerprint that inside saves, and is, itself current state is arranged to refer in the fingerprint key
Line verifying has passed through, and is proved to be successful information to described device return, and it is fingerprint that otherwise itself current state, which is arranged, in the fingerprint key
Verifying does not pass through, returns to authentication failed information to described device.
Further, the 7th judging unit is specifically used for the fingerprint key received according to the receiving unit
The information of return judges whether the fingerprint key is proved to be successful, by institute if the information received is proved to be successful information for as described in
Login banner set returns to error message if the information received is the authentication failed information.
Further, the generation storage unit is specifically used for being obtained according to the function pointer in the parameter of the 4th function
Generating function is taken, corresponding session PIN code is generated by the generating function, the session PIN code and login time is saved, returns
Return successful information.
Compared with prior art, the present invention having the advantage that
Technical solution provided by the invention, by using external certificate pin mode, uses fingerprint authentication in Window function
It is verified instead of PIN, it is only necessary to modify the Windows function of manufacturer to pop up fingerprint prompting frame without popping up PIN code frame, allow fingerprint
Key energy normal use directly in Windows system, it is user-friendly.
Detailed description of the invention
Fig. 1 is a kind of method flow diagram logged in using fingerprint key provided by Embodiment 2 of the present invention;
Fig. 2 is the specific implementation process flow diagram flow chart of the step 107 in the embodiment of the present invention two;
Fig. 3 is a kind of module composition block diagram for device logged in using fingerprint key that the embodiment of the present invention three provides.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those skilled in the art's every other implementation obtained without making creative work
Example, shall fall within the protection scope of the present invention.
Embodiment one
The embodiment of the present invention one provides a kind of method logged in using fingerprint key, comprising:
When second function is called, device obtains login authentication mode, and login authentication mode is returned to operation system
System;
Specifically, in the present embodiment, when second function is called by the operating systems further include: operating system passes through second
The return value of function judges whether acquisition login authentication mode succeeds, and obtains login if second function returns to login authentication mode
Otherwise verification mode success obtains login authentication mode and fails.
In the present embodiment, device obtains login authentication mode specifically: device is by the external PIN in second function parameter
Code verification mode is set as the first preset value;Preferably, device is by the outside in the third data structure in second function parameter
PIN code verification mode is set as the first preset value.
When third function is called, device obtains the login authentication mode in third function parameter, and judges to log in and test
Whether card mode is external certificate mode, is, device obtains the login interface window handle in third function parameter and saves,
Third function is return success, and otherwise third function returns to error message;
Preferably, the login interface window handle that device will acquire in the present embodiment is saved in the second data structure;
Specifically, in the present embodiment, when third function is called by the operating systems further include: operating system passes through third
The return value of function judges whether login interface window handle saves success, the login interface if third function is return success
Window handle saves successfully, and otherwise login interface window handle saves failure.
When the 4th function is called, device pops up fingerprint authentication prompting frame according to the login interface window handle of preservation,
Prompt user inputs fingerprint on fingerprint key and verifies, and as being verified, it is fingerprint that itself current state, which is arranged, in fingerprint key
Verifying has passed through, and is that fingerprint authentication does not pass through as verified the fingerprint key not if itself current state is arranged.
In the present embodiment, when the 4th function is called, the step of device executes, is specifically included:
Step A1: when the 4th function is called, it is to then follow the steps that device, which judges whether to need to generate session PIN code,
A6, it is no to then follow the steps A2;
Specifically, in the present embodiment, step A1 includes: in the PIN code mark that device judges in the 4th function parameter
Verifying identifies whether set, is to need to generate session PIN code, does not otherwise need to generate session PIN code.
Step A2: device judges whether to need to be logged in using session PIN code, is to then follow the steps A3, and otherwise the 4th
Function returns to error message;
Specifically, in the present embodiment, step A2 includes: in the PIN code mark that device judges in the 4th function parameter
Login banner whether set, be to need to be logged in using session PIN code, otherwise do not need to be stepped on using session PIN code
Record.
Step A3: device judges whether to preserve legal session PIN code, is to then follow the steps A4, otherwise the 4th function
Return to error message;
Specifically, in the present embodiment, step A3 includes: that device judges whether there is session PIN in the parameter of the 4th function
Whether the session PIN code length in code and parameter is equal to preset length, is to then follow the steps A4, and otherwise the 4th function returns to mistake
Information.
Step A4: device judges whether fingerprint key logs in effectively, is to then follow the steps A5, and otherwise the 4th function returns wrong
False information;
Specifically, in the present embodiment, step A4 include: device judge current time subtract preservation login time whether
It is to then follow the steps A5 less than preset value, otherwise the 4th function returns to error message.
Step A5: the logging state of device setting fingerprint key is to have logged in, and the 4th function is return success;
Specifically, in the present embodiment, step A5 includes: device for login banner set and saves, the 4th function is returned
Successful information.
Step A6: device judges whether the condition for generating PIN code is legal, is to then follow the steps A7, otherwise the 4th function returns
Return error message;
Specifically, in the present embodiment, step A6 include: device judge session PIN code in the parameter of the 4th function and
Whether session PIN code length is sky, be it is then illegal, it is otherwise legal.
Step A7: device judges whether the logging state of fingerprint key is to have logged in, and is to then follow the steps A10, otherwise executes
Step A8;
Specifically, in the present embodiment, step A7 include: device judge the login banner saved whether set, be to refer to
Line key is in logging state, and otherwise fingerprint key is in and is not logged in state.Preferably, login banner is stored in the second data knot
In structure;
Step A8: device pops up fingerprint authentication prompting frame according to the login interface window handle of preservation, and user is prompted to refer to
It inputs fingerprint on line key to be verified, as to the fingerprint authentication of input, itself current shape is arranged in the fingerprint key if to fingerprint key
State is that fingerprint authentication has passed through, and is proved to be successful information to device return, if fingerprint authentication of the fingerprint key to input does not pass through, refers to
It is that fingerprint authentication does not pass through that itself current state, which is arranged, in line key, returns to authentication failed information to device;
Specifically, in the present embodiment, step A8 includes: device according to the login interface window handle of preservation pop-up fingerprint
Verification tip frame, and fingerprint authentication instruction is sent to fingerprint key, when fingerprint key receives the fingerprint of user's input, judgement is connect
Whether the fingerprint received is consistent with the fingerprint that inside saves, and is, it is that fingerprint authentication has led to that itself current state, which is arranged, in fingerprint key
It crosses, is proved to be successful information to device return, it is that fingerprint authentication does not pass through that otherwise itself current state, which is arranged, in fingerprint key, gives device
Return to authentication failed information;
Step A9: device judges whether fingerprint key is proved to be successful according to the information that the fingerprint Key received is returned, and is then
The logging state that fingerprint key is arranged is to have logged in, and executes step A10, and otherwise the 4th function returns to error message;
Specifically, in the present embodiment, step A9 includes: that device judges according to the information that the fingerprint Key received is returned
Whether fingerprint key is proved to be successful, and fingerprint key is proved to be successful if the information received is to be proved to be successful information, by login banner
Set executes step A10, and the 4th function returns to error message if the information received is authentication failed information.
Step A10: device generates session PIN code and saves, and saves login time, and the 4th function is return success;
Specifically, in the present embodiment, step A10 includes: that device is obtained according to the function pointer in the 4th function parameter
Generating function generates corresponding session PIN code by generating function, saves session PIN code and login time, and the 4th function returns
Successful information.Preferably, device obtains generating function according to the function pointer in the first data structure in the 4th function parameter;
In the present embodiment, when the 4th function is called by the operating systems further include: operating system passes through the 4th function
Return value judges whether fingerprint key is proved to be successful, and if the 4th function is return success, fingerprint key is proved to be successful, and is otherwise referred to
Line key authentication failed.
When the 5th function is called, data to be signed are sent to fingerprint key by device, and fingerprint key checks that itself is current
Whether state is that fingerprint authentication has passed through, and is parameter positioning signature private key and signature algorithm then using the 5th function, uses label
Name private key carries out authority information needed for operation generates register system to data to be signed according to signature algorithm and is returned
Back to operating system, otherwise end operation;
Wherein, fingerprint key positions signature private key using the parameter of the 5th function and signature algorithm includes: that fingerprint key distinguishes
It is calculated according to the signature private key in the container index and the corresponding container of signature algorithm identifier acquisition in the parameter of the 5th function with signature
Method;
Specifically, in the present embodiment, when the 5th function is called by the operating systems further include: operating system passes through the 5th
The return value of function judges whether calculate the signature succeeds, and calculate the signature success, is otherwise counted if the 5th function returns to authority information
Calculate signature failure;After operating system receives authority information, authority information is verified using the certificate that user selects, such as
It is proved to be successful, allows to log in, refuse to log in if authentication failed.Specifically, using user select certificate to signature result into
Row verifying includes: that signature result is decrypted in the public signature key in the certificate that operating system is selected using user, to be signed
Data carry out Hash calculation, judge that Hash calculation result and decryption the result is that no consistent, be to be proved to be successful, otherwise verify mistake
It loses.
In the present embodiment, before second function is called, further includes:
When operating system receives login triggering information, user is prompted to be inserted into fingerprint key;As operating system detects finger
It when line key is inserted into, obtains all user certificates in fingerprint key and shows, user's selection is prompted to carry out logging in used card
Book, when operating system receive user selection carry out log in used in certificate when call first function;
When first function is called, function address list is returned to operating system by device, operating system basis respectively
Second function address, third function address, the 4th function address and the 5th function address in function address list call second
Function, third function, the 4th function and the 5th function;Specifically, it is specific to be returned to operating system by device for function address list
Are as follows: the first data structure of device initialization obtains second function pointer, third function pointer, the 4th function pointer, the 5th function
Pointer creates the second data structure and is saved into the first data structure;
Specifically, in the present embodiment, when first function is called by the operating systems further include: operating system passes through first
The return value of function judges whether initialization succeeds, and initializes success if first function return function address list, otherwise just
Beginningization failure.
Embodiment two
Second embodiment of the present invention provides a kind of methods logged in using fingerprint key, as shown in Figure 1, comprising:
When operating system receives login triggering information, user is prompted to be inserted into fingerprint key;Such as detect that fingerprint key is inserted
It is fashionable, it obtains all user certificates in fingerprint key and shows, user's selection is prompted to carry out logging in used certificate;Work as behaviour
As system receive user selection carry out log in used in certificate when call first function;
Step 101: when first function is called, function address list is returned to the operating system by device;
Specifically, in the present embodiment, first function CardAcquireContext, wherein incoming parameter includes:
First data structure;It includes: initialising first data structure that function address list is returned to the operating system by device, is obtained
Second function address, third function address, the 4th function address, the 5th function address create customized second data structure
And it is saved into the first data structure;Operating system can be according to second function address, third function address, the 4th function
Location, the 5th function address call corresponding function;Preferably, second function address, third function address, the 4th function address,
5th function address is second function pointer, third function pointer, the 4th function pointer, the 5th function pointer;
Step 102: operating system judge to initialize whether succeed by the return value of first function, is then operating system root
Corresponding second function is called according to second function pointer, step 103 is executed, otherwise terminates;
In the present embodiment, step 102 specifically: operating system judges the return value of first function, for example function address
List then initializes success, otherwise initialization failure;
Step 103: when second function is called, device obtains login authentication mode, and is returned to operating system;
Specifically, in the present embodiment, second function CardGetProperty, incoming parameter includes third data
Structure, device obtain login authentication mode specifically: set first for the external PIN code verification mode in third data structure
Preset value, expression login authentication mode are fingerprint authentication;
Step 104: operating system judges to obtain whether login authentication mode succeeds by the return value of second function, is then
Operating system calls corresponding third function according to third function pointer, executes step 105, otherwise terminates;
In the present embodiment, step 104 specifically: operating system judges the return value of second function, for example login authentication
Mode then obtains the success of login authentication mode, executes step 105;Otherwise it obtains login authentication mode to fail, terminate;
Step 105: when third function is called, device obtains the login authentication mode in third function parameter, judgement
Whether login authentication mode is external certificate mode, is the login interface window handle obtained in third function parameter, and will
Login interface window handle is saved in the second data structure, and third function is return success;Otherwise third function returns wrong
False information;
Specifically, in the present embodiment, third function is CardSetProperty, incoming parameter is the first data knot
Structure and login interface window handle, login interface window handle is saved in the second data structure specifically: device will log in
Interfaces windows handle is saved in the second data structure in the first data structure;
Step 106: operating system judges whether login interface window handle saves success by the return value of third function,
It is that then operating system executes step 107, otherwise terminate according to corresponding 4th function of the 4th function pointer calling;
In the present embodiment, step 106 specifically: operating system judges the return value of third function, for example successful information
Then login interface window handle saves successfully, executes step 107;For example then login interface window handle saves mistake to failure information
It loses, terminates;
Step 107: when the 4th function is called, device is according to the login interface window handle bullet in the second data structure
Fingerprint authentication prompting frame out prompts user to input fingerprint on fingerprint key and verifies, if fingerprint key is to the fingerprint inspection of input
It demonstrate,proves successfully that then the 4th function is return success, executes step 108, the 4th if fingerprint key is to the fingerprint authentication failure of input
Function returns to error message;
Specifically, in the present embodiment, the 4th function is CardAuthenticateEx, and incoming parameter includes: first
The specific implementation process of data structure, PIN code mark, session password, session Password Length, step 107 is as shown in Figure 2, comprising:
Step A1: when the 4th function is called, device judges whether to need to generate session PIN code according to PIN code mark,
It is to then follow the steps A6, it is no to then follow the steps A2;
Specifically, in the present embodiment, step A1 includes: when the 4th function is called, and device judges in PIN code mark
Verifying identify whether set, be to need to generate session PIN code, execute step A6;Otherwise it does not need to generate session PIN code,
Execute step A2.For example, the 8th value is that 1 expression needs to generate session PIN code in PIN code mark;
Step A2: device judges whether to need to be logged in using session PIN code, is to then follow the steps A3, and otherwise the 4th
Function returns to error message;
Specifically, in the present embodiment, step A2 include: device judge login banner in PIN code mark whether set,
It is to need to be logged in using session PIN code, executes step A3;Otherwise it does not need to be logged in using session PIN code, the 4th
Function returns to error message;Such as in PIN code mark the 7th or the 6th value be 1 indicate need using session PIN code into
Row logs in;
Step A3: device judges whether to preserve legal session PIN code, is to then follow the steps A4, otherwise the 4th function
Return to error message;
Specifically, in the present embodiment, step A3 includes: that device judges whether there is session PIN in the parameter of the 4th function
Whether the session PIN code length in code and parameter is equal to preset length, is to then follow the steps A4, and otherwise the 4th function returns to mistake
Information;
Step A4: device judges whether fingerprint key logs in effectively, is to then follow the steps A5, and otherwise the 4th function returns wrong
False information;
Specifically, in the present embodiment, step A4 includes: that device judges that current time subtracts stepping in the second data structure
Whether the record time is less than preset value, is to then follow the steps A5, and otherwise the 4th function returns to error message;
Step A5: the logging state of device setting fingerprint Key is to have logged in, and the 4th function is return success;
Specifically, in the present embodiment, device setting logging state be logged in include: device by login banner set simultaneously
It saves;Preferably, login banner is saved in the second data structure;
Step A6: device judges whether the condition for generating PIN code is legal, is to then follow the steps A7, otherwise the 4th function returns
Return error message;
Specifically, in the present embodiment, step A6 include: device judge session PIN code in the parameter of the 4th function and
Whether session PIN code length is sky, is then illegal, the 4th function return error message;Otherwise legal, execute step A7;
Step A7: device judges whether the logging state of fingerprint key is to have logged in, and is to then follow the steps A10, otherwise executes
Step A8;
Specifically, in the present embodiment, step A7 includes: that device judges that the login banner saved in the second data structure is
No set is that then fingerprint key is in logging state, executes step A10;Otherwise fingerprint key is in and is not logged in state, executes step
Rapid A8;
Step A8: device pops up fingerprint authentication prompting frame according to the login interface window handle in the first data structure, mentions
Show that user inputs fingerprint on fingerprint key and verifies, fingerprint key is arranged if fingerprint authentication of the fingerprint key to input passes through
Itself current state is that fingerprint authentication has passed through, and is proved to be successful information to device return;If fingerprint key is to the fingerprint authentication of input
It is that fingerprint authentication does not pass through that itself current state, which is not arranged, by then fingerprint key, returns to authentication failed information to device;
Specifically, in the present embodiment, step A8 specifically: device refers to according to the pop-up of the login interface window handle of preservation
Line verification tip frame, and fingerprint authentication instruction is sent to fingerprint key, when fingerprint key receives the fingerprint of user's input, judgement
Whether whether the fingerprint received identical as the fingerprint of inside preservation, is, it is fingerprint inspection that itself current state, which is arranged, in fingerprint key
Card has passed through, and returns to fingerprint authentication successful information to device, and it is that fingerprint authentication does not lead to that otherwise itself current state, which is arranged, in fingerprint key
It crosses, returns to fingerprint authentication failure information to device;
Step A9: device judges whether fingerprint key is proved to be successful according to the information that the fingerprint Key received is returned, and is then
The logging state that fingerprint key is arranged is to have logged in, and executes step A10, and otherwise the 4th function returns to error message;
Specifically, in the present embodiment, step A9 include: device according to the information received judge fingerprint authentication whether at
Function, fingerprint key is proved to be successful if the information received is fingerprint authentication successful information, by the login mark in the second data structure
Know set, executes step A10, the fingerprint key authentication failed if the information received is fingerprint authentication failure information, the 4th function
Return to error message;
Step A10: device generates session PIN code and saves, and saves login time, and the 4th function is return success;
Specifically, in the present embodiment, step A10 includes: device according to the first data knot in the parameter of the 4th function
Function pointer in structure obtains generating function, generates corresponding session PIN code by generating function, saves the session PIN of generation
Code and this login time, the 4th function are return success;Preferably, by the session PIN code of generation and this login time
It is stored in the second data structure;
Step 108: operating system judges whether fingerprint key is proved to be successful by the return value of the 4th function, is, operates
System calls corresponding 5th function according to the 5th function pointer, executes step 109, otherwise terminates;
Specifically, in the present embodiment, if the 4th function is return success, fingerprint key is proved to be successful, otherwise fingerprint
Key authentication failed;
In the present embodiment, device calls the 5th letter using container index, signature algorithm identifier, data to be signed as parameter
Number;
Step 109: when the 5th function is called, data to be signed are sent to fingerprint key by device, and fingerprint key is used
The parameter positioning signature private key and signature algorithm of 5th function carry out data to be signed according to signature algorithm using signature private key
Authority information is returned to operating system by authority information needed for operation generates register system, the 5th function;
Specifically, in the present embodiment, wherein fingerprint key positions signature private key and signature using the parameter of the 5th function
Algorithm includes: fingerprint key respectively according to the container index and the corresponding container of signature algorithm identifier acquisition in the parameter of the 5th function
In signature private key and signature algorithm;Signature failure information, the 5th letter are returned to operating system if fingerprint key signature is unsuccessful
Number returns to error message;
For example, the data to be signed in the present embodiment may include: user name, domain name, random number etc.;
Step 110: operating system judges whether calculate the signature succeeds by the return value of the 5th function, is to then follow the steps
111, otherwise terminate;
Specifically, in the present embodiment, calculate the signature is successful if the 5th function returns to authority information, otherwise calculate the signature
Failure;
Step 111: the certificate that operating system is selected using user verifies authority information, if being proved to be successful, allows
It logs in, refuses to log in if authentication failed;
Specifically, in the present embodiment, signature result is verified using the certificate that user selects, specifically: operation
Signature result is decrypted in the public signature key in certificate that system is selected using user, carries out Hash meter to data to be signed
It calculates, judge Hash calculation result and decrypts the result is that no consistent, be to be proved to be successful, otherwise authentication failed.
Embodiment three
The embodiment of the present invention three provides a kind of device logged in using fingerprint key, as shown in figure 3, including the second behaviour
Make module 302, third operation module 303, the 4th operation module 304 and the 5th operation module 305;
Second operation module 302 returns to operating system for obtaining login authentication mode, and by login authentication mode;
In the present embodiment, the second operation module 302 is specifically used for the external PIN code authentication in second function parameter
Formula is set as the first preset value, and the external PIN code verification mode of the first preset value is returned to operating system;Preferably,
Two operation modules 302 are specifically used for for the external PIN code verification mode in the third data structure in second function parameter being arranged
For the first preset value, and the external PIN code verification mode of the first preset value is returned into operating system;
Third operation module 303 for obtaining the login authentication mode in third function parameter, and judges login authentication side
Whether formula is external certificate mode, is the login interface window handle obtained in third function parameter and saves, returns successfully
Otherwise information returns to error message;
4th operation module 304, the login interface window handle for being saved according to third operation module 303 pop up fingerprint
Verification tip frame prompts user to input fingerprint on fingerprint key and verifies, as fingerprint authentication of the fingerprint key to input passes through
It is that fingerprint authentication has passed through that then itself current state, which is arranged, in fingerprint key, if fingerprint authentication of the fingerprint key to input does not pass through, is referred to
It is that fingerprint authentication does not pass through that itself current state, which is arranged, in line key;
Specifically, in the present embodiment, the 4th operation module 304 includes:
First judging unit, for judging whether to need to generate session PIN code when the 4th function is called;
In the present embodiment, the first judging unit is specifically used for judging testing in the PIN code mark in the 4th function parameter
Card identifies whether set, is to need to generate session PIN code, does not otherwise need to generate session PIN code;
Second judgment unit, for when the first judging unit is judged as NO, judge whether to need using session PIN code into
Row logs in, and returns to error message when the judgment is no;
In the present embodiment, second judgment unit is specifically used for judging stepping in the PIN code mark in the 4th function parameter
Record identifies whether set, returns to error message when the judgment is no;
Third judging unit preserves legal session PIN for judging whether when second judgment unit is judged as YES
Code, returns to error message when the judgment is no;
In the present embodiment, third judging unit is specifically used for whether having session PIN code in the parameter for judging the 4th function
And whether the session PIN code length in parameter is equal to preset length, returns to error message when the judgment is no;
4th judging unit, for when third judging unit is judged as YES, judge fingerprint key whether log in effectively, when
Error message is returned when being judged as NO;
In the present embodiment, the 4th judging unit be specifically used for judge current time subtract preservation login time it is whether small
In preset value, error message is returned when the judgment is no;Preferably, login time is stored in the second data structure;
First setting unit, for when the 4th judging unit is judged as YES, the logging state of setting fingerprint key to be to have stepped on
Record, returns success;
In the present embodiment, the first setting unit is specifically used for login banner set and saves, and returns success;It is excellent
Choosing, login banner is saved in into the second data structure;
5th judging unit, for when the first judging unit is judged as YES, judging whether the condition for generating PIN code closes
Method returns to error message when the judgment is no;
In the present embodiment, the 5th judging unit is specifically used for judging session PIN code and the meeting in the parameter of the 4th function
It talks about whether PIN code length is sky, is to return to error message;
6th judging unit, for when the 5th judging unit is judged as YES, judge fingerprint key logging state whether be
It has logged in;
In the present embodiment, whether the 6th judging unit is specifically used for the login banner for judging to save in the second data structure
Set is that then fingerprint key is in logging state, and otherwise fingerprint key is in and is not logged in state;
Prompt unit is popped up, the login for being saved according to third operation module when the 6th judging unit is judged as NO
Interfaces windows handle pops up fingerprint authentication prompting frame, prompts user to input fingerprint on fingerprint key and verifies;Such as fingerprint key
It is that fingerprint authentication has passed through that itself current state, which is arranged, by then fingerprint key to the fingerprint authentication of input, returns and verifies to device
Successful information;If fingerprint authentication of the fingerprint key to input does not pass through, fingerprint key be arranged itself current state be fingerprint authentication not
Pass through, returns to authentication failed information to device;
In the present embodiment, pop-up prompt unit is specifically used for popping up fingerprint inspection according to the login interface window handle of preservation
Prompting frame is demonstrate,proved, and sends fingerprint authentication instruction to fingerprint key, when fingerprint key receives the fingerprint of user's input, judges to receive
Whether the fingerprint arrived is consistent with the fingerprint that inside saves, and is, it is that fingerprint authentication has passed through that itself current state, which is arranged, in fingerprint key,
Information is proved to be successful to device return;Otherwise it is that fingerprint authentication does not pass through that itself current state, which is arranged, in fingerprint key, is returned to device
Authentication failed information;
Receiving unit, for receive fingerprint key return be proved to be successful information or authentication failed information;
Whether 7th judging unit, the information that the fingerprint key for being received according to receiving unit is returned judge fingerprint key
It is proved to be successful, is, the logging state that fingerprint key is arranged is to have logged in, and otherwise returns to error message;
In the present embodiment, the 7th judging unit is specifically used for the letter that the fingerprint key received according to receiving unit is returned
Breath judges whether fingerprint key is proved to be successful, and by login banner set if the information received is to be proved to be successful information, such as receives
To information be authentication failed information then return to error message;Preferably, the login banner in the present embodiment is stored in the second number
According in structure;
Storage unit is generated, for generating session PIN code simultaneously when the 6th judging unit and/or the 7th unit judges, which are, is
It saves, and saves login time, return success.
In the present embodiment, storage unit is generated to be specifically used for obtaining life according to the function pointer in the parameter of the 4th function
At function, corresponding session PIN code is generated by generating function, session PIN code and login time is saved, returns success;
Preferably, it generates storage unit session PIN code and login time are stored in the second data structure;
5th operation module 305, for data to be signed to be sent to fingerprint key, fingerprint key checks itself current state
Whether it is that fingerprint authentication has passed through, is that then fingerprint key is used using the parameter positioning signature private key and signature algorithm of the 5th function
Signature private key carries out authority information needed for operation generates register system, the 5th behaviour to data to be signed according to signature algorithm
It is also used to authority information returning to operating system as module;Otherwise end operation.
Device in the present embodiment can also include the first operation module, when operating system receives login triggering information
When, prompt user to be inserted into fingerprint key;When detecting fingerprint key insertion such as operating system, all users in fingerprint key are obtained
Certificate is simultaneously shown, user's selection is prompted to carry out logging in used certificate, when operating system receives stepping on for user's selection
The first operation module is triggered when certificate used in recording;First operation module is used to returning to function address list into operation system
System, operating system is respectively according to the second function address in function address list, third function address, the 4th function address and the
Five function addresses call second function, third function, the 4th function and the 5th function.In the present embodiment, the first operation module
Specifically for initialising first data structure, second function address, third function address, the 4th function address, the 5th letter are obtained
Number address creates the second data structure and the second data structure is saved in the first data structure.Preferably, second function
Location, third function address, the 4th function address, the 5th function address are second function pointer, third function pointer, the 4th function
Pointer, the 5th function pointer.
Technical solution of the present invention, by using external certificate pin mode, is replaced in Window function with fingerprint authentication
PIN verifying, it is only necessary to modify the Windows function of manufacturer to pop up fingerprint prompting frame without popping up PIN code frame, allow fingerprint Key
Energy normal use, user-friendly directly in Windows system.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto,
Anyone skilled in the art is in technical scope disclosed by the invention, and any changes or substitutions that can be easily thought of,
It should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with scope of protection of the claims
Subject to.
Claims (29)
1. a kind of method logged in using fingerprint key characterized by comprising
When second function is called, device obtains login authentication mode, and the login authentication mode is returned to operation system
System;
When third function is called, described device obtains the login authentication mode in the third function parameter, and judges institute
State whether login authentication mode is external certificate mode, be, described device obtains the login interface in the third function parameter
Window handle simultaneously saves, and the third function is return success, and otherwise the third function returns to error message;
When the 4th function is called, described device pops up fingerprint authentication prompting frame according to the login interface window handle of preservation,
Prompt user inputs fingerprint on fingerprint key and verifies, and as being verified, the fingerprint key is arranged itself current state and is
Fingerprint authentication has passed through, and the fingerprint key as described in verify not by if is arranged itself current state and does not pass through for fingerprint authentication;
When the 5th function is called, data to be signed are sent to the fingerprint key by described device, and the fingerprint key is checked
Whether itself current state is that fingerprint authentication has passed through, and is parameter positioning signature private key and signature then using the 5th function
Algorithm carries out operation to the data to be signed according to the signature algorithm using the signature private key and generates register system
The authority information is returned to the operating system by required authority information, the 5th function, otherwise end operation;
When the 4th function is called, described device pops up fingerprint authentication prompting frame according to the login interface window handle of preservation,
Prompt user inputs fingerprint on the fingerprint key and verifies, and as being verified, itself current shape is arranged in the fingerprint key
State is that fingerprint authentication has passed through, and the fingerprint key as described in verifying not if is arranged itself current state and does not pass through for fingerprint authentication,
It specifically includes:
Step A1: when the 4th function is called, it is to then follow the steps that described device, which judges whether to need to generate session PIN code,
A6, it is no to then follow the steps A2;
Step A2: described device judges whether to need to be logged in using session PIN code, is to then follow the steps A3, otherwise described
4th function returns to error message;
Step A3: described device judges whether to preserve legal session PIN code, is to then follow the steps A4, otherwise the described 4th
Function returns to error message;
Step A4: described device judges whether the fingerprint key logs in effectively, is to then follow the steps A5, otherwise the 4th letter
Number returns to error message;
Step A5: the logging state of described device setting fingerprint key is to have logged in, and the 4th function is return success;
Step A6: described device judges whether the condition for generating PIN code is legal, is to then follow the steps A7, otherwise the 4th letter
Number returns to error message;
Step A7: described device judges whether the logging state of the fingerprint key is to have logged in, and is to then follow the steps A10, otherwise
Execute step A8;
Step A8: described device pops up fingerprint authentication prompting frame according to the login interface window handle of preservation, prompts user
It inputs fingerprint on the fingerprint key to be verified, fingerprint as described in if fingerprint authentication of the fingerprint key to input passes through
It is that fingerprint authentication has passed through that itself current state, which is arranged, in key, is proved to be successful information to described device return, such as fingerprint key
The fingerprint authentication of input is not passed through, it is that fingerprint authentication does not pass through that itself current state, which is arranged, in the fingerprint key, gives the dress
It sets and returns to authentication failed information;
Step A9: described device judges whether the fingerprint key verifies into according to the information that the fingerprint Key received is returned
Function is that the logging state of fingerprint key is arranged to have logged in, and executes step A10, otherwise the 4th function returns to mistake letter
Breath;
Step A10: described device generates session PIN code and saves, and saves login time, and the 4th function, which returns, successfully to be believed
Breath.
2. the method as described in claim 1, which is characterized in that before the second function is called, further includes:
When the operating system receives login triggering information, user is prompted to be inserted into fingerprint key;As the operating system detects
To when fingerprint key insertion, obtains all user certificates in the fingerprint key and show, user's selection is prompted to carry out login institute
The certificate used, when the operating system receive user selection carry out log in used in certificate when call first function;
When the first function is called, function address list is returned to the operating system, the operation by described device
System is respectively according to the second function address in the function address list, third function address, the 4th function address and the 5th
Function address calls the second function, the third function, the 4th function and the 5th function.
3. the method as described in claim 1, which is characterized in that described device obtains login authentication mode specifically: the dress
It sets and sets the first preset value for the external PIN code verification mode in the second function parameter.
4. the method as described in claim 1, which is characterized in that the described device in the step A1 judges whether to need to generate
Session PIN code includes: that described device judges that the verifying in PIN code mark in the 4th function parameter identifies whether set,
It is to need to generate session PIN code, does not otherwise need to generate session PIN code.
5. the method as described in claim 1, which is characterized in that the step A2 includes: that described device judges the 4th letter
The login banner in PIN code mark in number parameters whether set, be to then follow the steps A3, otherwise the 4th function returns wrong
False information.
6. the method as described in claim 1, which is characterized in that the step A3 includes: that described device judges the 4th letter
Whether have whether the session PIN code length in session PIN code and the parameter is equal to preset length in several parameters, is to execute
Step A4, otherwise the 4th function returns to error message.
7. the method as described in claim 1, which is characterized in that the step A4 includes: that described device judges that current time subtracts
It goes whether the login time saved is less than preset value, is to then follow the steps A5, otherwise the 4th function returns to error message.
8. the method as described in claim 1, which is characterized in that the step A5 includes: described device by login banner set
And save, the 4th function is return success.
9. the method as described in claim 1, which is characterized in that the step A6 includes: that described device judges the 4th letter
Whether session PIN code and session PIN code length in several parameters are sky, are that then the 4th function returns to error message,
It is no to then follow the steps A7.
10. the method as described in claim 1, which is characterized in that the step A7 includes: the login that described device judgement saves
It identifies whether set, is to then follow the steps A10, it is no to then follow the steps A8.
11. the method as described in claim 1, which is characterized in that the step A8 includes: described device according to preservation
Login interface window handle pops up fingerprint authentication prompting frame, and sends fingerprint authentication instruction to the fingerprint key, when the fingerprint
When key receives the fingerprint of user's input, judge whether the fingerprint received is consistent with the fingerprint that inside saves, and is the then finger
It is that fingerprint authentication has passed through that itself current state, which is arranged, in line key, is proved to be successful information to described device return, otherwise the fingerprint
It is that fingerprint authentication does not pass through that itself current state, which is arranged, in key, returns to authentication failed information to described device.
12. the method as described in claim 1, which is characterized in that the step A9 includes: described device according to the institute received
The information for stating fingerprint Key return judges whether the fingerprint key is proved to be successful, if the information received is to be proved to be successful information
The fingerprint key is proved to be successful, and by login banner set, executes step A10, if the information received is authentication failed information
4th function returns to error message.
13. the method as described in claim 1, which is characterized in that the step A10 includes: described device according to the described 4th
Function pointer in function parameter obtains generating function, corresponding session PIN code is generated by the generating function, described in preservation
Session PIN code and login time, the 4th function are return success.
14. the method as described in claim 1, which is characterized in that the fingerprint key is positioned using the parameter of the 5th function
Signature private key and signature algorithm include: the fingerprint key respectively according to the container index and label in the parameter of the 5th function
Name algorithm mark obtains signature private key and signature algorithm in corresponding container.
15. the method as described in claim 1, which is characterized in that the method also includes: when the operating system receives institute
After stating authority information, the authority information is verified using the certificate that user selects, if being proved to be successful, allows to log in, such as
Authentication failed is then refused to log in.
16. method as claimed in claim 15, which is characterized in that the certificate selected using user is to the authority information
Carrying out verifying includes: that the public signature key in certificate that the operating system is selected using the user carries out the authority information
Decryption carries out Hash calculation to the data to be signed, judges Hash calculation result and decrypts the result is that no consistent, is to verify
Succeed, otherwise authentication failed.
17. a kind of device logged in using fingerprint key, which is characterized in that operate mould including the second operation module, third
Block, the 4th operation module and the 5th operation module;
Second operation module returns to operating system for obtaining login authentication mode, and by the login authentication mode;
The third operation module for obtaining the login authentication mode in third function parameter, and judges the login authentication
Whether mode is external certificate mode, is the login interface window handle obtained in the third function parameter and saves, returns
Successful information is returned, error message is otherwise returned;
4th operation module, the login interface window handle for being saved according to the third operation module pop up fingerprint inspection
Prompting frame is demonstrate,proved, prompts user to input fingerprint on fingerprint key and verifies, such as fingerprint key is logical to the fingerprint authentication of input
It crosses, it is that fingerprint authentication has passed through that itself current state, which is arranged, in the fingerprint key, such as fingerprint authentication of the fingerprint key to input
It is that fingerprint authentication does not pass through that itself current state, which is not arranged, by the then fingerprint key;
5th operation module, for data to be signed to be sent to the fingerprint key, the fingerprint key checks that itself works as
Whether preceding state is that fingerprint authentication has passed through, and is that then fingerprint key is calculated using the parameter positioning signature private key and signature of the 5th function
Method carries out operation to the data to be signed according to the signature algorithm using the signature private key and generates register system institute
The authority information needed, the 5th operation module are also used to the authority information returning to the operating system, otherwise terminate
Operation;
4th operation module includes:
First judging unit, for judging whether to need to generate session PIN code when the 4th function is called;
Second judgment unit, for when first judging unit is judged as NO, judge whether to need using session PIN code into
Row logs in, and returns to error message when the judgment is no;
Third judging unit preserves legal session PIN for judging whether when the second judgment unit is judged as YES
Code, returns to error message when the judgment is no;
4th judging unit, for judging whether the fingerprint key is logged in when the third judging unit is judged as YES
Effect, returns to error message when the judgment is no;
First setting unit, for when the 4th judging unit is judged as YES, the logging state of setting fingerprint key to be to have stepped on
Record, returns success;
5th judging unit, for when first judging unit is judged as YES, judging whether the condition for generating PIN code closes
Method returns to error message when the judgment is no;
6th judging unit, for when the 5th judging unit is judged as YES, judging that the logging state of the fingerprint key is
No is to have logged in;
Prompt unit is popped up, for being saved according to the third operation module when the 6th judging unit is judged as NO
The login interface window handle pops up fingerprint authentication prompting frame, prompts user to input fingerprint on the fingerprint key and tests
Card;The fingerprint key to the fingerprint authentication of input if as described in fingerprint key be arranged itself current state be fingerprint authentication
Pass through, is proved to be successful information to described device return, fingerprint as described in if the fingerprint key does not pass through the fingerprint authentication of input
It is that fingerprint authentication does not pass through that itself current state, which is arranged, in key, returns to authentication failed information to described device;
Receiving unit is proved to be successful information or authentication failed information for receive that the fingerprint key returns;
7th judging unit, the information that the fingerprint key for being received according to the receiving unit is returned judge the finger
Whether line key is proved to be successful, and is, the logging state that fingerprint key is arranged is to have logged in, and otherwise returns to error message;
Storage unit is generated, for generating session PIN when the 6th judging unit and/or the 7th judging unit are judged as YES
Code simultaneously saves, and saves login time, returns success.
18. device as claimed in claim 17, which is characterized in that further include the first operation module;
When the operating system receives login triggering information, user is prompted to be inserted into fingerprint key;As the operating system detects
To when fingerprint key insertion, obtains all user certificates in the fingerprint key and show, user's selection is prompted to carry out login institute
The certificate used, when the operating system receive user selection carry out log in used in certificate when trigger it is described first behaviour
Make module;
First operation module is used to function address list returning to the operating system, operating system basis respectively
Second function address, third function address, the 4th function address and the 5th function address in the function address list are called
The second function, the third function, the 4th function and the 5th function.
19. device as claimed in claim 17, which is characterized in that second operation module is specifically used for joining second function
External PIN code verification mode in number is set as the first preset value, and the external PIN code verification mode of the first preset value is returned
To the operating system.
20. device as claimed in claim 17, which is characterized in that first judging unit is specifically used for judging the described 4th
The verifying in PIN code mark in function parameter identifies whether set, is to need to generate session PIN code, does not otherwise need to give birth to
At session PIN code.
21. device as claimed in claim 17, which is characterized in that the second judgment unit is specifically used for judging the described 4th
The login banner in PIN code mark in function parameter whether set, return to error message when the judgment is no.
22. device as claimed in claim 17, which is characterized in that the third judging unit is specifically used for judging the described 4th
Whether have whether the session PIN code length in session PIN code and the parameter is equal to preset length in the parameter of function, works as judgement
Error message is returned when being no.
23. device as claimed in claim 17, which is characterized in that the 4th judging unit is specifically used for judging current time
Whether the login time for subtracting preservation is less than preset value, returns to error message when the judgment is no.
24. device as claimed in claim 17, which is characterized in that first setting unit is specifically used for setting login banner
Position simultaneously saves, and returns success.
25. device as claimed in claim 17, which is characterized in that the 5th judging unit is specifically used for judging the described 4th
Whether session PIN code and session PIN code length in the parameter of function are sky, are to return to error message.
26. device as claimed in claim 17, which is characterized in that the 6th judging unit is specifically used for stepping on for judgement preservation
Record identifies whether set, is that then fingerprint key is in logging state, otherwise fingerprint key is in and is not logged in state.
27. device as claimed in claim 17, which is characterized in that the pop-up prompt unit is specifically used for stepping on according to preservation
It records interfaces windows handle and pops up fingerprint authentication prompting frame, and send fingerprint authentication instruction to the fingerprint key, when the fingerprint
When key receives the fingerprint of user's input, judge whether the fingerprint received is consistent with the fingerprint that inside saves, and is the then finger
It is that fingerprint authentication has passed through that itself current state, which is arranged, in line key, is proved to be successful information to described device return, otherwise the fingerprint
It is that fingerprint authentication does not pass through that itself current state, which is arranged, in key, returns to authentication failed information to described device.
28. device as claimed in claim 17, which is characterized in that the 7th judging unit is specifically used for according to the reception
The information that the fingerprint key that unit receives is returned judges whether the fingerprint key is proved to be successful, and the information such as received is
It is described to be proved to be successful information then for login banner set, wrong letter is returned if the information received is the authentication failed information
Breath.
29. device as claimed in claim 17, which is characterized in that the generation storage unit is specifically used for according to the described 4th
Function pointer in the parameter of function obtains generating function, generates corresponding session PIN code by the generating function, saves institute
Session PIN code and login time are stated, is return success.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710389097.3A CN107241192B (en) | 2017-05-27 | 2017-05-27 | A kind of method and device logged in using fingerprint key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710389097.3A CN107241192B (en) | 2017-05-27 | 2017-05-27 | A kind of method and device logged in using fingerprint key |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107241192A CN107241192A (en) | 2017-10-10 |
CN107241192B true CN107241192B (en) | 2019-08-30 |
Family
ID=59984664
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710389097.3A Active CN107241192B (en) | 2017-05-27 | 2017-05-27 | A kind of method and device logged in using fingerprint key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107241192B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107808082B (en) * | 2017-10-13 | 2021-08-24 | 平安科技(深圳)有限公司 | Electronic device, data access verification method, and computer-readable storage medium |
CN107609362B (en) * | 2017-10-19 | 2020-02-11 | 飞天诚信科技股份有限公司 | Method for logging in Windows system by smart card and private credential providing device |
CN108256309B (en) | 2018-01-10 | 2020-01-03 | 飞天诚信科技股份有限公司 | Method and device for realizing system logging in windows10 or above |
CN109391615A (en) * | 2018-09-27 | 2019-02-26 | 深圳互联先锋科技有限公司 | A kind of server exempts from close login method and system |
CN110460965B (en) * | 2019-06-27 | 2021-09-07 | 星贝瑞有限公司 | System for dynamically identifying mobile device responding by radio signal and method thereof |
CN111563247A (en) * | 2020-07-14 | 2020-08-21 | 飞天诚信科技股份有限公司 | Method and device for logging in system by intelligent key equipment |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1556449A (en) * | 2004-01-08 | 2004-12-22 | 中国工商银行 | Device and method for proceeding encryption and identification of network bank data |
CN101430808A (en) * | 2007-11-09 | 2009-05-13 | 王巍 | Fingerprint credit pen payment system, method and apparatus |
CN101447010A (en) * | 2008-12-30 | 2009-06-03 | 北京飞天诚信科技有限公司 | Login system and method for logging in |
CN101587519A (en) * | 2008-05-21 | 2009-11-25 | 北京飞天诚信科技有限公司 | System and method for realizing multifunctional information security device |
CN101662469A (en) * | 2009-09-25 | 2010-03-03 | 浙江维尔生物识别技术股份有限公司 | Method and system based on USBKey online banking trade information authentication |
CN103186736A (en) * | 2013-04-01 | 2013-07-03 | 深圳市亚略特生物识别科技有限公司 | Fingerprint key device |
CN104239762A (en) * | 2014-09-16 | 2014-12-24 | 浪潮电子信息产业股份有限公司 | Method for realizing secure login in Windows system |
-
2017
- 2017-05-27 CN CN201710389097.3A patent/CN107241192B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1556449A (en) * | 2004-01-08 | 2004-12-22 | 中国工商银行 | Device and method for proceeding encryption and identification of network bank data |
CN101430808A (en) * | 2007-11-09 | 2009-05-13 | 王巍 | Fingerprint credit pen payment system, method and apparatus |
CN101587519A (en) * | 2008-05-21 | 2009-11-25 | 北京飞天诚信科技有限公司 | System and method for realizing multifunctional information security device |
CN101447010A (en) * | 2008-12-30 | 2009-06-03 | 北京飞天诚信科技有限公司 | Login system and method for logging in |
CN101662469A (en) * | 2009-09-25 | 2010-03-03 | 浙江维尔生物识别技术股份有限公司 | Method and system based on USBKey online banking trade information authentication |
CN103186736A (en) * | 2013-04-01 | 2013-07-03 | 深圳市亚略特生物识别科技有限公司 | Fingerprint key device |
CN104239762A (en) * | 2014-09-16 | 2014-12-24 | 浪潮电子信息产业股份有限公司 | Method for realizing secure login in Windows system |
Non-Patent Citations (1)
Title |
---|
基于指纹加密保护的USB Key安全方案;王明波 等;《微计算机信息》;20090927;第25卷(第7-3期);30-31 |
Also Published As
Publication number | Publication date |
---|---|
CN107241192A (en) | 2017-10-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107241192B (en) | A kind of method and device logged in using fingerprint key | |
CN107733852B (en) | A kind of auth method and device, electronic equipment | |
CN106487511B (en) | Identity authentication method and device | |
CN104660416B (en) | A kind of working method of voice authentication system and equipment | |
CN101350723B (en) | USB Key equipment and method for implementing verification thereof | |
CN105119901B (en) | A kind of detection method and system of fishing hot spot | |
CN106464673A (en) | Enhanced security for registration of authentication devices | |
CN106603234A (en) | Method, device and system for device identity authentication | |
CN105139204B (en) | A kind of method and system carrying out safety certification | |
CN104199657B (en) | The call method and device of open platform | |
CN104113411B (en) | A kind of IC-card off line PIN verification methods and IC-card certified offline system | |
CN106453422B (en) | Dynamic authentication method and system based on mobile terminal | |
CN102281138A (en) | Method and system for improving safety of verification code | |
CN103607281A (en) | Safety device unlocking method and system | |
CN106911725A (en) | A kind of multiple-factor authentication method and device | |
CN104935548B (en) | Auth method, apparatus and system based on intelligent equipment of tatooing | |
CN105868975A (en) | Electronic finance account management method and system, and mobile terminal | |
CN104853030B (en) | The method and mobile terminal of a kind of information processing | |
CN109886662A (en) | Block chain wallet application method and system, terminal and computer readable storage medium | |
CN108809982A (en) | It is a kind of that close authentication method and system is exempted from based on credible performing environment | |
CN102045170B (en) | Method and system for protecting safety of password | |
KR101243101B1 (en) | Voice one-time password based user authentication method and system on smart phone | |
CN110166471A (en) | A kind of portal authentication method and device | |
CN101854357B (en) | Method and system for monitoring network authentication | |
CN105631666B (en) | Secure mobile payment method, secure mobile payment system and terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |