CN111404688B - Portable authentication system and method - Google Patents
Portable authentication system and method Download PDFInfo
- Publication number
- CN111404688B CN111404688B CN201911136680.9A CN201911136680A CN111404688B CN 111404688 B CN111404688 B CN 111404688B CN 201911136680 A CN201911136680 A CN 201911136680A CN 111404688 B CN111404688 B CN 111404688B
- Authority
- CN
- China
- Prior art keywords
- authentication device
- password
- module
- portable authentication
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 238000004891 communication Methods 0.000 claims abstract description 19
- 230000007246 mechanism Effects 0.000 claims abstract description 15
- 238000012790 confirmation Methods 0.000 claims abstract description 13
- 238000012545 processing Methods 0.000 claims abstract description 8
- 210000003811 finger Anatomy 0.000 claims description 44
- 238000006073 displacement reaction Methods 0.000 claims description 27
- 230000006698 induction Effects 0.000 claims description 10
- 210000001015 abdomen Anatomy 0.000 claims description 4
- 210000004932 little finger Anatomy 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 4
- 210000003813 thumb Anatomy 0.000 description 7
- 238000012795 verification Methods 0.000 description 6
- 238000007792 addition Methods 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 210000005224 forefinger Anatomy 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a portable authentication system and a method, the system comprises a portable authentication device and a server, the portable authentication device comprises an authentication information acquisition mechanism, a display module, a processing module, a first password module, a network module, a communication module and a battery module, the portable authentication device is connected with a terminal which is to access the server through the network module and acquires network services through the terminal, and the portable authentication device is communicated with the server through the communication module. The method based on the system comprises the following steps: connecting a portable authentication device and a terminal; carrying out authentication device identity confirmation; inputting authentication information; sending the data to a server; matching the authentication information; displaying the password; the authentication password and the access terminal MAC address. The invention has the advantages that: triple authentication of a portable authentication device, an accessor and a terminal is carried out, so that the safety is high; the password returned to the terminal by the server is encrypted by the temporary key, so that the leakage of the secret file caused by the leakage of the key is avoided.
Description
Technical Field
The invention relates to the field of authentication, in particular to a portable authentication system.
Background
At present, the network security problem is increasingly concerned by people, wherein the advanced identity authentication technology is an effective means for guaranteeing the network security and is the first important defense line of the network security. When a user accesses a system, people often set a password for protecting some important confidential documents, which is the simplest and most traditional way, when the user wants to check the documents or access some important servers, the user needs to input the password for authentication, and the system is responsible for verifying the correctness of the password and judging the validity of the user. For such password authentication, anyone can access the file or the server as long as the specific password is known, and the security barrier is weak. On the other hand, the passwords are easy to spread to a remote network platform, any node on the network can monitor, and the risk of stealing the passwords is high. In addition, a common password with a smaller number length and a smaller number of bits is often used by a common person, which also increases the hidden danger of password leakage. Therefore, although the password authentication method mainly implemented by mathematical means is simple in configuration and convenient to use, the security is low, and many defects exist.
Disclosure of Invention
The invention mainly solves the problems and provides a portable authentication system and a portable authentication method which have triple authentication and are convenient to carry.
The technical scheme adopted by the invention for solving the technical problem is that the portable authentication system comprises a portable authentication device and a server, wherein the portable authentication device comprises an authentication information acquisition mechanism, a display module, a processing module, a first password module, a network module, a communication module and a battery module, the processing module is respectively connected with the authentication information acquisition mechanism, the display module, the first password module, the network module and the communication module, the portable authentication device is connected with a terminal which is to access the server through the network module and acquires network service through the terminal, and the portable authentication device is communicated with the server through the communication module.
The portable authentication device borrows the network service used by the terminal through the network module, communicates with the server through the network service acquired by the communication module through the network module, and when authentication is performed, first re-authentication is performed, namely the server performs authentication device identity confirmation on the portable authentication device, then second re-authentication is performed, namely the server performs authentication on authentication information of an accessor, and finally third re-authentication is performed, namely whether the terminal accessed by authentication is a terminal providing a network for the portable authentication device or not is performed, so that the condition that the counterfeit portable authentication device is used for authentication by other people is prevented through the triple authentication, and the condition that the password displayed by the portable authentication device is used by other people in advance can also be prevented.
As a preferred scheme of the above scheme, the authentication information acquisition mechanism comprises a base, a plurality of slide rails arranged on the base and a plurality of slide blocks arranged on the slide rails, and each slide block is provided with a fingerprint sensor and a displacement sensor. The fingerprint sensor is used for collecting fingerprint and finger belly line information, and the displacement sensor detects the displacement information of slider for obtain finger length difference.
As a preferable scheme of the above scheme, the slider includes an induction portion for installing the fingerprint sensor and the displacement sensor and a supporting portion for supporting the palm, a supporting plate is fixedly disposed on the base, and a cavity for placing the slider is formed by the supporting plate and the base.
As a preferable scheme of the above scheme, a supporting plate is fixedly arranged on the base, and the supporting plate and the base form a cavity for placing the supporting part of the slider.
As a preferable scheme of the above scheme, the first cryptographic module obtains an MAC address of the terminal and an MAC address of the portable authentication device, generates a character string, encrypts the character string using a pre-stored private key, and sends the encrypted character string to the server through the communication module, and generates a temporary private key and a temporary public key according to a preset key generation rule using the MAC address of the terminal. And after receiving the information sent by the first cryptographic module, the server decrypts the information by using a preset public key to realize public key authentication, and meanwhile, the server can acquire the MAC addresses of the terminal and the portable authentication device.
As a preferable scheme of the foregoing scheme, the server includes a memory, a password generator, and a second cryptographic module, where the memory stores authentication information, protected secret information, and MAC addresses of the respective portable authentication devices, the second cryptographic module receives the information sent by the first cryptographic module, decrypts the information by using a pre-stored public key, obtains the MAC address of the portable authentication device and the MAC address of the terminal, searches for the MAC address of the portable authentication device in the server, and generates a temporary private key and a temporary public key according to a preset key generation rule by using the MAC address of the terminal after determining that the authentication information sent by the portable authentication device matches the authentication information in the server. Different temporary public keys and temporary private keys are generated according to different terminal MAC addresses, the temporary public keys and the temporary private keys are used for primary encryption, and then secondary encryption is carried out by using the temporary public keys and the temporary private keys, so that the security of the password returned by the server to the portable authentication device is improved.
The invention also provides a portable authentication method, which adopts the portable authenticator system and comprises the following steps:
s1: connecting a portable authentication device and a terminal;
s2: the portable authentication device performs authentication device identity confirmation by using the network of the terminal and the server, and if the authentication device identity confirmation is successful, the step S3 is performed; otherwise, returning the authentication device identity confirmation failure information to the portable authentication device;
s3: the server visitor inputs authentication information to the portable authentication device by using an authentication information acquisition mechanism of the portable authentication device;
s4: the portable authentication device encrypts the authentication information to obtain a ciphertext and sends the ciphertext to the server;
s5, the server decrypts the ciphertext and matches the decrypted authentication information with the authentication information in the memory, if the matching is successful, the password generator randomly generates a password, the second password module generates a temporary key, the temporary key is used for encrypting the password, the password ciphertext is obtained and sent to the portable authentication device, and the step S6 is entered; if the matching fails, returning matching failure information to the portable authentication device;
s6: the portable authentication device receives the password ciphertext, decrypts the password ciphertext by using the temporary secret key generated by the first password module, and displays the password on the display module;
s7: the server visitor accesses the server by using the password, and if the password is the same as the password generated by the server and the MAC address of the terminal for sending the password to the server is the same as the MAC address of the terminal sent by the portable authentication device, the authentication is successful; otherwise, the authentication fails.
As a preferable scheme of the above scheme, the authentication device identity confirmation in step S2 includes the following steps:
s21: the method comprises the steps that a first password module obtains an MAC address of a terminal and an MAC address of a portable authentication device to generate a character string;
s22: the first password module encrypts the character string by using a prestored private key and sends the encrypted character string to the server through the communication module;
s23: a second cryptographic module in the server receives the information sent by the first cryptographic module, decrypts the information by using a prestored official business, and acquires the MAC address of the portable authentication device and the MAC address of the terminal;
s24: and if the MAC address of the portable authentication device is not found, the identity of the authentication device fails.
As a preferable scheme of the above scheme, when the authentication information is input in step S3, the middle finger contacts with part of the sensing part of one of the sliders of the portable authentication device, the palm is moved forward, the slider where the middle finger is located slides out of the cavity under the drive of the middle finger, so that the middle finger fully contacts with the sensing part of the slider where the middle finger is located, the index finger, the ring finger and the little finger sequentially contact with the rest sliders according to the length sequence and drive the sliders to slide out of the cavity until the slider where the middle finger is located slides out of the head of the portable authentication device, in this process, the displacement sensor and the fingerprint sensor of each slider acquire the slider displacement information and the fingerprint and finger-belly information for multiple times, the length difference of each finger is calculated by using the displacement information, and the displacement information of the other three sliders is acquired when the displacement of the slider where the middle finger is located reaches the maximum.
As a preferable scheme of the foregoing scheme, the temporary keys generated by the first cryptographic module and the second cryptographic module are the same and are both generated according to the MAC address and the same key generation rule.
As a preferable mode of the above mode, the authentication information includes fingerprint information, finger belly information, and finger length difference information.
The invention has the advantages that: by implementing triple security authentication of portable authentication device identity confirmation, visitor authentication information and access terminal, various illegal and malicious authentication behaviors are effectively prevented; the password returned to the terminal by the server is encrypted by the temporary key, so that the leakage of confidential files caused by the leakage of the key is effectively avoided; different temporary public keys and temporary private keys are generated by different terminal MAC addresses, and the password has high encryption.
Drawings
Fig. 1 is a block diagram of an embodiment.
Fig. 2 is a schematic top view of the portable authentication device according to the embodiment.
Fig. 3 is a schematic front view of the portable authentication device according to the embodiment.
Fig. 4 is a schematic longitudinal sectional structure of the portable authentication device according to the embodiment.
Fig. 5 is a flowchart illustrating a portable authentication method according to an embodiment of the present invention.
Fig. 6 is a schematic flow chart illustrating authentication device identity verification according to an embodiment of the present invention.
The authentication system comprises a portable authentication device 1, a server 2, a server 3, an authentication information acquisition mechanism 4, a display module 5, a processing module 6, a first password module 7, a network module 8, a communication module 9, a battery module 10, a terminal 11, a base 12, a sliding rail 13, a sliding block 14, an induction part 15, a supporting part 16, a supporting plate 17, a thumb support 18, a memory 19, a password generator 20, a second password module 21, a short baffle 22 and a long baffle.
Detailed Description
The technical scheme of the invention is further explained by the embodiments and the accompanying drawings.
Example (b):
a portable authentication system of this embodiment, as shown in fig. 1, includes a portable authentication device 1 and a server 2, the portable authentication device includes an authentication information acquisition mechanism 3, a display module 4, a processing module 5, a first cryptographic module 6, a network module 7, a communication module 8 and a battery module 9, the processing module is respectively connected to the authentication information acquisition mechanism, the display module, the first cryptographic module, the network module and the communication module, the portable authentication device is connected to a terminal 10 that is to access the server through the network module, and obtains a network service through the terminal, and the portable authentication device communicates with the server through the communication module. The network module is a USB interface, the terminal is a PC, the USB interface of the portable authentication device is connected with the PC, and the network of the PC is borrowed to communicate with the server. The server comprises a memory 18 in which authentication information, protected secret information and the MAC address of each portable authentication device are stored, a password generator 19 and a second cryptographic module 20.
The first password module acquires the MAC address of the terminal and the MAC address of the portable authentication device, generates a character string, encrypts the character string by using a pre-stored private key and sends the encrypted character string to the server through the communication module, and meanwhile, the first password module generates a temporary private key and a temporary public key according to a preset key generation rule by using the MAC address of the terminal. The second password module receives the information sent by the first password module, after decryption is carried out by utilizing a prestored public key, the MAC address of the portable authentication device and the MAC address of the terminal are obtained, the MAC address of the portable authentication device is searched in the server, after the authentication information sent by the portable authentication device is determined to be matched with the authentication information in the server, the second password module generates a temporary private key and a temporary public key according to a preset key generation rule by utilizing the MAC address of the terminal, meanwhile, the password generator randomly generates a password, after the generated password is encrypted by utilizing the temporary public key, the password is sent to the portable authentication device, the portable authentication device decrypts the password by utilizing the temporary private key, and then the password is displayed on the display module.
As shown in fig. 2 and 3, the authentication information collecting mechanism includes a base 11, four slide rails 12 are arranged on the base, a slide block 13 is arranged on each slide rail, the slide block can slide along the slide rail, thumb supports 17 are arranged on two sides of the base, a thumb is placed on each thumb support, a support plate 16 is further arranged on the authentication information collecting mechanism, the support plate is connected with the upper ends of the two thumb supports, a cavity is formed between the support plate and the base, and the cavity can just accommodate the four slide blocks.
As shown in fig. 4, the left end of the slider is a sensing portion 14, the right end of the slider is a supporting portion 15, and the sensing portion is provided with a fingerprint sensor and a displacement sensor for acquiring fingerprint information and displacement information, and the finger length difference of the authenticated person is obtained by comparing the displacement information of the displacement sensors. The base both ends are equipped with long baffle 22 and short baffle 21 respectively, and the base left end is located to long baffle, prevents the slider roll-off base, and the base right-hand member is located to the short baffle, prevents that the slider is too much to slide into in the cavity.
In the initial state of the authentication device, the supporting part and part of the induction part are positioned in the cavity, when the authentication device is used for authentication, the left hand or the right hand is placed on the supporting plate, the finger tip of the middle finger is contacted with the induction part of one of the two middle sliders outside the cavity, if the left hand is used, the middle finger of the left hand is contacted with the induction part of the right middle slider, if the right hand is used, the middle finger of the right hand is contacted with the induction part of the left middle slider, and the thumb is placed on the thumb support, in the embodiment, the right hand is used for identity authentication, four sliders are respectively a first slider, a second slider, a third slider and a third slider from left to right, the palm is moved forwards, only the middle finger is contacted with the part of the induction part of the second slider in the initial stage, the second slider slides out of the cavity under the driving of the middle finger, so that the middle finger is fully contacted with the induction part of the second slider, the palm continues to move, the forefinger, the ring finger and the little finger are sequentially contacted with the sliding block according to the length sequence and drive the sliding block to slide out of the cavity. When the little finger is contacted with the full induction part of the fourth sliding block, the palm continues to be moved until the second sliding block is contacted with the long baffle, in the process, the displacement sensor of each sliding block collects displacement information for multiple times, the length difference of each finger is calculated by utilizing the displacement information, the displacement information of the other three sliding blocks is collected when the displacement of the second sliding block reaches the maximum, the fingerprint of the four fingers, the finger bellied lines of the four fingers, the length difference of the four fingers and the displacement of the other sliding blocks except the second sliding block are used as verification information, and when the four verification information are the same as the verification information in the memory and are the same person, the authentication is passed.
The corresponding implementation also provides a portable authentication method, which adopts the portable authentication system, as shown in fig. 5, and includes the following steps:
s1: connecting a portable authentication device and a terminal;
s2: the portable authentication apparatus performs authentication apparatus identity verification by using a network of a terminal and a server, and as shown in fig. 5, the authentication apparatus identity verification method includes the steps of:
s21: the first password module acquires the MAC address of the terminal and the MAC address of the portable authentication device to generate a character string;
s22: the first password module encrypts the character string by using a prestored private key and sends the encrypted character string to the server through the communication module;
s23: a second password module in the server receives the information sent by the first password module, and after decryption is carried out by utilizing a prestored official business, the MAC address of the portable authentication device and the MAC address of the terminal are obtained;
s24: and if the MAC address of the portable authentication device is not found, the identity of the authentication device fails. If the authentication device is successfully authenticated, the process proceeds to step S3; otherwise, returning the authentication device identity confirmation failure information to the portable authentication device, and displaying the identity confirmation failure by a display module of the portable authentication device;
s3: the server visitor inputs authentication information to the portable authentication device by using an authentication information acquisition mechanism of the portable authentication device; the authentication information comprises fingerprint information, finger belly information, finger length difference information and displacement of the sliders except the slider where the middle finger is located;
s4: the portable authentication device encrypts authentication information by using a preset public key to obtain a ciphertext and sends the ciphertext to the server;
s5, the server decrypts the cipher text, matches the decrypted authentication information with the authentication information in the memory, if the matching is successful, the password generator randomly generates a password, the second password module generates a temporary key, the temporary key is used for encrypting the password to obtain a password cipher text, the password cipher text is sent to the portable authentication device, and the step S6 is entered; if the matching fails, returning matching failure information to the portable authentication device, and displaying the matching failure of the authentication information by a display module of the portable authentication device; the temporary keys generated by the first cryptographic module and the second cryptographic module are the same and are generated according to the MAC address of the terminal and the same key generation rule;
s6: the portable authentication device receives the password ciphertext, decrypts the password ciphertext by using the temporary secret key generated by the first password module, and displays the password on the display module;
s7: the server visitor accesses the server by using the password, and if the password is the same as the password generated by the server and the MAC address of the terminal for sending the password to the server is the same as the MAC address of the terminal sent by the portable authentication device, the authentication is successful; otherwise, the authentication fails.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications, additions and substitutions for the specific embodiments described may occur to those skilled in the art without departing from the spirit of the invention or exceeding the scope of the invention as defined in the accompanying claims.
Claims (8)
1. A portable authentication system, characterized by: the portable authentication device comprises a portable authentication device (1) and a server (2), wherein the portable authentication device comprises an authentication information acquisition mechanism (3), a display module (4), a processing module (5), a first password module (6), a network module (7), a communication module (8) and a battery module (9), the processing module is respectively connected with the authentication information acquisition mechanism, the display module, the first password module, the network module and the communication module, the portable authentication device is connected with a terminal (10) which is to access the server through the network module and acquires network services through the terminal, and the portable authentication device is communicated with the server through the communication module; a portable authentication method is adopted, and the method comprises the following steps:
s1: connecting a portable authentication device and a terminal;
s2: the portable authentication device performs authentication device identity confirmation by using the network of the terminal and the server, and if the authentication device identity confirmation is successful, the step S3 is performed; otherwise, returning the authentication device identity confirmation failure information to the portable authentication device;
s3: the server visitor inputs the authentication information to the portable authentication device by using the authentication information acquisition mechanism of the portable authentication device; when the authentication information is input in the step S3, the middle finger contacts with part of the sensing part of one of the sliders of the portable authentication device, the palm is moved forward, the slider where the middle finger is located slides out of the cavity under the drive of the middle finger, so that the middle finger and the slider sensing part where the middle finger is located are fully contacted, the index finger, the ring finger and the little finger sequentially contact with the rest sliders and drive the sliders to slide out of the cavity along with the continuous movement of the palm, until the slider where the middle finger is located slides on the head of the portable authentication device, in the process, the displacement sensor and the fingerprint sensor of each slider collect slider displacement information and fingerprint and finger pad pattern information for multiple times, the length difference of each finger is calculated by using the displacement information, and displacement information of the other three sliders is collected when the displacement of the slider where the middle finger is located reaches the maximum;
s4: the portable authentication device encrypts the authentication information to obtain a ciphertext and sends the ciphertext to the server;
s5, the server decrypts the ciphertext and matches the decrypted authentication information with the authentication information in the memory, if the matching is successful, the password generator randomly generates a password, the second password module generates a temporary key, the temporary key is used for encrypting the password, the password ciphertext is obtained and sent to the portable authentication device, and the step S6 is entered; if the matching fails, returning matching failure information to the portable authentication device;
s6: the portable authentication device receives the password ciphertext, decrypts the password ciphertext by using the temporary secret key generated by the first password module, and displays the password on the display module;
s7: the server visitor accesses the server by using the password, if the password is the same as the password generated by the server, and the terminal MAC address for sending the password to the server is the same as the terminal MAC address sent by the portable authentication device, the authentication is successful; otherwise, the authentication fails.
2. A portable authentication system according to claim 1, wherein: the authentication information acquisition mechanism comprises a base (11), a plurality of sliding rails (12) arranged on the base and a plurality of sliding blocks (13) arranged on the sliding rails, and each sliding block is provided with a fingerprint sensor and a displacement sensor.
3. A portable authentication system according to claim 2, wherein: the slider is including induction part (14) and the supporting part (15) that are used for supporting the palm that are used for installing fingerprint sensor and displacement sensor, fixed backup pad (16) that is provided with on the base, the backup pad forms a cavity that is used for placing the slider with the base.
4. A portable authentication system according to claim 1, wherein: the first password module acquires the MAC address of the terminal and the MAC address of the portable authentication device to generate a character string, the character string is encrypted by using a prestored private key and then sent to the server through the communication module, and the temporary private key and the temporary public key are generated according to a preset key generation rule by using the MAC address of the terminal.
5. A portable authentication system according to claim 4, wherein: the server comprises a memory (18), a password generator (19) and a second password module (20), authentication information, protected secret information and MAC addresses of all portable authentication devices are stored in the memory, the second password module receives the information sent by the first password module, decrypts the information by using a prestored public key to obtain the MAC addresses of the portable authentication devices and the MAC address of the terminal, searches the MAC address of the portable authentication device in the server, and generates a temporary private key and a temporary public key according to a preset secret key generation rule by using the MAC address of the terminal after determining that the authentication information sent by the portable authentication device is matched with the authentication information in the server.
6. A portable authentication system according to claim 1, wherein: the authentication device identity confirmation in step S2 includes the following steps:
s21: the first password module acquires the MAC address of the terminal and the MAC address of the portable authentication device to generate a character string;
s22: the first password module encrypts the character string by using a prestored private key and sends the encrypted character string to the server through the communication module;
s23: a second cryptographic module in the server receives the information sent by the first cryptographic module, decrypts the information by using a prestored public key, and acquires an MAC address of the portable authentication device and an MAC address of the terminal;
s24: and if the MAC address of the portable authentication device is not found, the identity of the authentication device fails.
7. A portable authentication system according to claim 1, wherein: the temporary keys generated by the first cryptographic module and the second cryptographic module are the same and are generated according to the MAC address and the same key generation rule.
8. A portable authentication system according to claim 1, wherein: the authentication information includes fingerprint information, finger belly information, and finger length difference information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911136680.9A CN111404688B (en) | 2019-11-19 | 2019-11-19 | Portable authentication system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911136680.9A CN111404688B (en) | 2019-11-19 | 2019-11-19 | Portable authentication system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111404688A CN111404688A (en) | 2020-07-10 |
| CN111404688B true CN111404688B (en) | 2022-06-17 |
Family
ID=71430266
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911136680.9A Active CN111404688B (en) | 2019-11-19 | 2019-11-19 | Portable authentication system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111404688B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101631020A (en) * | 2008-07-16 | 2010-01-20 | 上海方立数码科技有限公司 | Identity authentication system combining fingerprint identification and PKI system |
| CN103001773A (en) * | 2012-11-28 | 2013-03-27 | 鹤山世达光电科技有限公司 | Fingerprint authentication system and fingerprint authentication method based on near field communication (NFC) |
| CN104394531A (en) * | 2014-10-08 | 2015-03-04 | 无锡指网生物识别科技有限公司 | Wireless network connecting method of a terminal device |
| CN107292155A (en) * | 2017-06-26 | 2017-10-24 | 北京小米移动软件有限公司 | Verification method, device and the computer-readable recording medium of finger print information |
| CN108108977A (en) * | 2017-12-28 | 2018-06-01 | 广州品唯软件有限公司 | Fingerprint method of payment, device, system and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8953853B2 (en) * | 2013-03-15 | 2015-02-10 | Google Technology Holdings LLC | Sensing characteristics of adjacent fingers for user authentication |
| JP6197345B2 (en) * | 2013-04-22 | 2017-09-20 | 富士通株式会社 | Biometric authentication device, biometric authentication system, and biometric authentication method |
-
2019
- 2019-11-19 CN CN201911136680.9A patent/CN111404688B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101631020A (en) * | 2008-07-16 | 2010-01-20 | 上海方立数码科技有限公司 | Identity authentication system combining fingerprint identification and PKI system |
| CN103001773A (en) * | 2012-11-28 | 2013-03-27 | 鹤山世达光电科技有限公司 | Fingerprint authentication system and fingerprint authentication method based on near field communication (NFC) |
| CN104394531A (en) * | 2014-10-08 | 2015-03-04 | 无锡指网生物识别科技有限公司 | Wireless network connecting method of a terminal device |
| CN107292155A (en) * | 2017-06-26 | 2017-10-24 | 北京小米移动软件有限公司 | Verification method, device and the computer-readable recording medium of finger print information |
| CN108108977A (en) * | 2017-12-28 | 2018-06-01 | 广州品唯软件有限公司 | Fingerprint method of payment, device, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111404688A (en) | 2020-07-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3435591B1 (en) | 1:n biometric authentication, encryption, signature system | |
| EP1489551B1 (en) | Biometric authentication system employing various types of biometric data | |
| CN100533456C (en) | Security code production method and methods of using the same, and programmable device therefor | |
| US8365262B2 (en) | Method for automatically generating and filling in login information and system for the same | |
| KR20210091155A (en) | Biocrypt Digital Wallet | |
| JP2009510644A (en) | Method and configuration for secure authentication | |
| US20150113283A1 (en) | Protecting credentials against physical capture of a computing device | |
| CN103929308B (en) | Information Authentication method applied to rfid card | |
| WO2014141263A1 (en) | Asymmetric otp authentication system | |
| CN111739200B (en) | Fingerprint electronic lock and encryption and decryption authentication method thereof | |
| US20100005519A1 (en) | System and method for authenticating one-time virtual secret information | |
| WO2017050152A1 (en) | Password security system adopted by mobile apparatus and secure password entering method thereof | |
| CN104639528A (en) | DBA (database administrator) mobile client counterattack method and DBA mobile client counterattack device | |
| CN108667801A (en) | A kind of Internet of Things access identity safety certifying method and system | |
| KR100974815B1 (en) | System for Authenticating a Living Body Doubly | |
| CN112329004A (en) | Method and device for face recognition and face password | |
| CN107733936A (en) | A kind of encryption method of mobile data | |
| CN111404688B (en) | Portable authentication system and method | |
| Itakura et al. | Proposal on a multifactor biometric authentication method based on cryptosystem keys containing biometric signatures | |
| US10771970B2 (en) | Method of authenticating communication of an authentication device and at least one authentication server using local factor | |
| Edwards et al. | FFDA: A novel four-factor distributed authentication mechanism | |
| KR101473576B1 (en) | Method for Offline Login based on SW Token and Mobile Device using the same | |
| Johnson et al. | With vaulted voice verification my voice is my key | |
| CN105227562A (en) | The key business data transmission mediation device of identity-based checking and using method thereof | |
| CN101933287B (en) | The encrypting and authenticating apparatus and method of the disposable one time key of antagonism wooden horse formula |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230414 Address after: Room 801, 85 Kefeng Road, Huangpu District, Guangzhou City, Guangdong Province Patentee after: Guangzhou Dayu Chuangfu Technology Co.,Ltd. Address before: 310000 No. 528, binwen Road, Puyan street, Binjiang District, Hangzhou City, Zhejiang Province Patentee before: ZHEJIANG INSTITUTE OF MECHANICAL & ELECTRICAL ENGINEERING |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240404 Address after: Room 24, Floor 2, Unit 1, Building 1, No. 73, Section 2, Second Ring Road West, Qingyang District, Chengdu, 610000, Sichuan Patentee after: Chengdu Puji Enterprise Management Center (Limited Partnership) Country or region after: China Patentee after: Wang Cheng Patentee after: Chengdu Shengcheng Enterprise Management Center (L.P.) Address before: Room 801, 85 Kefeng Road, Huangpu District, Guangzhou City, Guangdong Province Patentee before: Guangzhou Dayu Chuangfu Technology Co.,Ltd. Country or region before: China |
|
| TR01 | Transfer of patent right |