[go: up one dir, main page]

CN101019366A - Method for realizing volatile secret key and separated verification module by collecting human body characteristics - Google Patents

Method for realizing volatile secret key and separated verification module by collecting human body characteristics Download PDF

Info

Publication number
CN101019366A
CN101019366A CN 200580030854 CN200580030854A CN101019366A CN 101019366 A CN101019366 A CN 101019366A CN 200580030854 CN200580030854 CN 200580030854 CN 200580030854 A CN200580030854 A CN 200580030854A CN 101019366 A CN101019366 A CN 101019366A
Authority
CN
China
Prior art keywords
human body
password
key
unit
code data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 200580030854
Other languages
Chinese (zh)
Other versions
CN100583734C (en
Inventor
王锐勋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Nano Science And Technology Co Ltd
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CNB2004100516793A external-priority patent/CN1272519C/en
Application filed by Individual filed Critical Individual
Publication of CN101019366A publication Critical patent/CN101019366A/en
Application granted granted Critical
Publication of CN100583734C publication Critical patent/CN100583734C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Alarm Systems (AREA)
  • Lock And Its Accessories (AREA)

Abstract

A method for realizing a volatile secret key and a separated control module by collecting human body characteristics comprises the following steps: a human body characteristic sensor (11) and a control module (30) are arranged on the handheld device (10); firstly, human body characteristic information of each user is collected by a human body characteristic sensor (11), transmitted to a control module (30) and stored in a user database (32); after the human body characteristic sensor (11) leaves the human body of the user or the password is successfully transmitted, the password temporary storage unit (14) is emptied; when the registered user holds the handheld device (10) for operation again, the control unit (31) searches the user database (32) for the password data and compares whether the same record exists; if the same record exists in the database (32), the control unit (31) sends an instruction to the next-level controlled object (40); if the same record does not exist in the database after comparison, the control unit (31) sends out warning information and stores an error record; therefore, potential safety hazards caused by the loss of the handheld equipment are avoided, one handheld equipment can be shared by multiple users and multiple tasks, and the system cost is reduced.

Description

Method for realizing volatile secret key and separated checking module by collecting human characteristic
By gathering the method that characteristics of human body realizes volatile secret key and separated checking module
Technical field
The present invention relates to secrecy or safety communicating method, more particularly to for checking system user identity or voucher method and apparatus, more particularly, to read identification printing, the method and apparatus of written character or graphical user.Background technology
In the prior art by verifying the method that user identity carries out next step operation, it is to be realized with various forms of IC-cards mostly, recently collection characteristics of human body's information realizes the technical scheme of above-mentioned purpose again, such as Chinese invention patent application number 99815820, PCT US99/29036, disclosed is a kind of entitled《By the use of human body continuous-changing features as key security system》Technical scheme, what is said is a kind of key of the consecutive variations dependent on user's body part, system obtains the image Yong Hu Zhi Pattern and is incorporated into according to randomizer, image only a fraction and not all be transmitted, random segmentation ensures that the image section sent is continually changing, therefore the recipient ^ of unauthorized receives a part rather than whole image, and fingerprint image is verified by remote agent person.
For another example Chinese invention patent application number 98812158, PCT US98/23327, public Jian's is entitled《Cryptographic key is generated using biometric data》Technical scheme, the program provides the method and apparatus that a kind of utilization biometric data generates cryptographic key.Receive fingerprint and from fingerprint extraction feature group.These feature groups may include one or more of following characteristics:Set up according to this feature of fingerprint and found a message.For embodiment one, the message is to include a model of this feature group.For embodiment two, the message is the character subset not included in the model.Message digestion operation is imposed to the message to set up a cryptographic key.Another embodiment is to generate a digital certificate using the feature group of finger print image.Public key used in digital certificate is based on Zhi Pattern images.
Above-mentioned two technical scheme is all that each final authentication module will configure corresponding characteristics of human body's collecting device, causes the waste of resource, and the password in handheld device is preserved once setting, is unfavorable for safety.The content of the invention
The technical problems to be solved by the invention are proposed a kind of by gathering the method that characteristics of human body realizes volatile secret key and separated checking module in order to avoid the deficiencies in the prior art part, the present invention sets characteristics of human body's sensor on a handheld device, when being operated every time using handheld device, all by the sensor in the characteristics of human body's Data Enter of oneself to handheld device, by the algorithm of accidental enciphering, it is subject to composite clock data, additional password, unique equipment ID (sequence numbers)Cryptographic calculation is done etc. information, and, generates code data by the formula of AES together.So, even the same human body of same people, the code data generated every time is all differed, after the transmission of code data is completed every time, immediately it will be stored in the physical characteristic data gathered in handheld device and relevant information removed, after the code data is delivered in authentication module, decoded, first extraction equipment ID codes and additional password, device id code and additional password are compared with black list database in authentication module, such as device id code and additional password are in black list database, all operations will be refused and alarmed, or storage warning message is for future reference simultaneously.If not in black list database, then Check looks for registration device id code and additional password database to confirm the legitimacy of the key, and such device id code is unregistered, it is necessary to verify additional password code, by then continuing subsequent operation, otherwise alarms;Such device id code and additional password are registered, just decode data, and the data of characteristics of human body are compared together with the data of clock, and due to the impossible Complete Synchronization of clock, when comparing, corresponding tolerance limit should be set for clock.After biological attribute data is verified, clock data has also been verified in setting tolerance limit accordingly and has just gone to perform operational order, if authorized user, is carried out subsequent operation, otherwise just alarms.If same ID key is continuous for several times, the ID data are then stored in black list database by such as three times alarms.Due to introducing the information of clock, therefore data have been intercepted by people in transmission, while this data is cloned, also clock information has been cloned, when the data transfer cloned again with this is given than opposite end, the clock of clock and present comparison during due to interception is inconsistent, this data cannot pass through checking than opposite end, decode the data of this clone, must be known by clock information is how to be carried in Data-Link, what kind of AES is again, decrypt difficulty high, it is hardly possible to be cracked, so as to the data transmission for further ensuring this system and the safety finally operated.There are device id code and additional password, also further ensure the safety finally operated.Unique device id code even can be used as the tracking and management to user in some particular applications, such as banking and insurance business cabinet and its operator, the control of dangerous goods and management, military use, national security need to increase have sent the unique device id code of the key simultaneously when Unique Device ID code identification functions, i.e. password are sent.When a certain key is continuously refused for several times(Such as three times)Afterwards, the ID is stored in black list database by the actuating station authentication module, and forever refuses the key, until power user is deleted the ID by operating from black list database.Additional password is used for using in the handheld device using other people.Because other people handheld device ID is unregistered, so the additional Password Input just known of the person that needs valid operation is to confirm the interim operation validity of the handheld device.
The present invention is realized by using following technical scheme:
Implement a kind of by gathering the method that characteristics of human body realizes volatile secret key and separated checking module, based on handheld device, signal transmission channels, methods described includes step:
A., characteristics of human body's sensor, key microprocessor unit, password generation unit, password temporary storage location and key code data transmitting element are set on a handheld device; B set code data receiving unit, and the authentication module including authentication unit and customer data base;
C set the handheld device of the fixation of a wired connection, are above provided with characteristics of human body's sensor, key microprocessor, keyboard when applied to special place;
D first, using or (:Characteristics of human body's sensor individually gather characteristics of human body's information of each user, corresponding password is generated as in password generation unit, it is temporarily stored among password temporary storage location, and code data receiving unit is transferred to through signal transmission channels by key code data transmitting element, then the password is stored in customer data base through accreditation verification;Characteristics of human body's sensor leaves after user's human body in certain time or password is transmitted successfully, and password temporary storage location is emptied;
E are when user holds the handheld device operation with characteristics of human body's sensor, the characteristics of human body's information of oneself is gathered by characteristics of human body's sensor, password generation unit generates corresponding password, and be temporarily stored among password temporary storage location, then code data is transferred to code data receiving unit by registered user by key code data transmitting element through signal transmission channels, authentication unit retrieves customer data base with regard to the code data, and whether comparison has identical record;Compare operation to carry out in authentication unit, the authentication unit or be independently arranged in authentication module, or be embedded among next stage controll plant
F are through comparing, if there is identical record in database, authentication unit then issues instructions to next stage controll plant;If through not having identical record in comparison data storehouse, authentication unit gives a warning information, or stores an error logging simultaneously.
Here is the refinement description to such scheme:
Also include clock unit, key button group, display unit, main crypto-operation device, device id and additional encryption memory in the handheld device, when performing the generation of the password described in step d and step e with verification operation, operation-a are first as follows, main crypto-operation device is handled characteristics of human body's information, forms the main password of multibyte;B by equipment dispatch from the factory ID, present clock, additional password together formed by the additional password of input through keyboard be stored in additional encryption memory;
Then, key microprocessor unit recalls the additional password in additional encryption memory to c, and main password is synthesized with additional password, and synthesis password is temporarily stored among password temporary storage location, then sends data to authentication module;D keys microprocessor units are according to the progress of operating procedure, detect whether user's human body departs from characteristics of human body's sensor, determine again after delay how long, the successful information of transmission that password temporary storage location is emptied or returned by Transfer pipe empties password temporary storage location.
Key button group and key display screen are also set up in the handheld device, the key button group is by key microprocessor unit The additional password of typing and the interim ID codes of typing are controlled, is then stored among additional encryption memory, key display screen is shown operation information by the control of key microprocessor unit.
When encryption data is sent into different purpose terminals, there are word, graphic display mode selective on key display screen.
The present invention can also further be implemented by following technical scheme:
Manufacture and design a kind of by gathering volatile secret key and authentication module that characteristics of human body realizes, including handheld device, letter
Also include characteristics of human body's sensor, key microprocessor unit, password generation unit, password temporary storage location and key code data transmitting element in number transmission channels, code data receiving unit and authentication module, especially described handheld device;Characteristics of human body's sensor connection key microprocessor unit and password generation unit, the password temporary storage location connection password generation unit and key code data transmitting element;Characteristics of human body's sensor gathers characteristics of human body's information of each user, corresponding password is generated as in password generation unit, it is temporarily stored among password temporary storage location, and code data receiving unit is transferred to through signal transmission channels by key code data transmitting element, then the password is stored in customer data base through accreditation verification;Characteristics of human body's sensor leaves after user's human body or password is transmitted successfully, and password temporary storage location is emptied.' described device is described in further detail:
The authentication module includes code data receiving unit, authentication unit, customer data base;The authentication module is to separate with handheld device, middle physical link is to set up connection by wired or wireless mode, the authentication unit connection code data receiving unit simultaneously connects customer data base, it is also connected with output interface, receive the data that handheld device is sent, authentication unit it is compared operation, the authentication unit or is independently arranged in authentication module, or is embedded among next stage controll plant.
Compared with prior art, the present invention is provided with characteristics of human body's sensor on a handheld device, different human body informations are gathered to different users, so as to form different code datas, the code data in advance registered by the database in authentication module, and when operating every time later, the code data in handheld device is transferred in authentication module and is compared with the record in database, there are identical recordings to be carried out subsequent operation, can not find registered record and just alarm.The code data of the invention generated every time in handheld device, removed automatically after human body leaves characteristics of human body's sensor certain time, or data send successfully after it is automatic remove or do not send automatic ^ within the time limit of setting remove, so avoid the potential safety hazard that handheld device is lost and caused.Moreover, a handheld device can reduce system cost with Multi-User Multi-Task application.The present invention has warning function when user is forced, such as can be by the particularity of operation, and such as order of Duo Zhi Pattern certifications or the specific code of extra-code section realize the warning function under stress state. Brief description of the drawings
Fig. 1 is the functional-block diagram that the present invention realizes volatile secret key and separated checking module method by gathering characteristics of human body;
Fig. 2 is the block diagram of authentication module embodiment two in the method for the invention;
Fig. 3 is the method flow diagram authorized to user in the method for the invention;
Fig. 4 is the method flow diagram to logging off users in the method for the invention;
Fig. 5 is the schematic diagram that user applies in banking system in the method for the invention;
Fig. 6 is the schematic diagram that user applies in entry and exit identity management system in the method for the invention.Embodiment
The present invention is further described in detail referring to each accompanying drawing and most preferred embodiment.
As shown in Figure 1, implement a kind of by gathering the method that characteristics of human body realizes volatile secret key and authentication module, based on handheld device 10, signal transmission channels 20, methods described preferred forms set characteristics of human body's sensor 11, key microprocessor unit 12, password generation unit including step-a. in handheld device 10
13rd, password temporary storage location 14, clock unit 19 and key code data transmitting element 18;
B set code data receiving unit 38, and the authentication module 30 including authentication unit 31, customer data base 32;C is in the occasion of special applications, and handheld device 10 is connected with code data receiving unit 38 using wired mode;D characteristics of human body's sensors 11 first gather characteristics of human body's information of each user, corresponding password is generated as in password generation unit 13, it is temporarily stored among password temporary storage location 14, and code data receiving unit 38 is transferred to through signal transmission channels .20 by key code data transmitting element 18, then the password is stored in customer data base 32 through accreditation verification;Characteristics of human body's sensor 11 leaves after user's human body or password is transmitted successfully, and password temporary storage location 14 is emptied;.
E pass through characteristics of human body's sensor when user holds the handheld device 10 with characteristics of human body's sensor 11 and operated
11 gather the characteristics of human body's information of oneself, password generation unit 13 generates corresponding password again, and be temporarily stored among password temporary storage location 14, then code data is transferred to code data receiving unit 38 by user by key code data transmitting element 18 through signal transmission channels 20, authentication unit 31 retrieves customer data base 32 with regard to the code data, and whether comparison has identical record;Compare operation to carry out in authentication unit 31, the authentication unit 31 or be independently arranged in authentication module 30, or be embedded among next stage controll plant 40;
F through compare, if there is identical record in database 32, authentication unit 31 then issue instructions to next stage by Control object 40;If through not having identical record in comparison data storehouse, authentication unit 31 gives a warning information, or stores an error logging simultaneously.
Also include in the handheld device 10, main crypto-operation device 131, device id 134 and additional encryption memory 133, when performing the password generation operation described in step d and step e, run as follows:
First, main crypto-operation device 131 is handled characteristics of human body's information to a, forms the main password of multibyte;B by equipment dispatch from the factory ID, current time, additional password together formed by the additional password of input through keyboard be stored in additional encryption memory 133;
Then, key microprocessor unit 12 recalls the additional password in additional encryption memory 133 to c, and main password is synthesized with additional password, and synthesis password is temporarily stored among password temporary storage location 14, then sends data to authentication module 30;
' d. keys microprocessor unit 12 is according to the progress of operating procedure, after confirming that data are sent, whether detection user human body departs from, then determine after delay how long with characteristics of human body's sensor n, password temporary storage location 14 is emptied, or emptied after the confirmation of reception authentication module 30.
In the above method, key button group 15 and key display screen 16 are also set up in the handheld device 10, the key button group 15 is controlled the additional password of typing by key microprocessor unit 12, then it is stored among additional encryption memory 133, key display screen 16 is shown operation information by the control of key microprocessor unit 12.
In the above method, authentication module 30 also includes authentication module clock unit 36 and black list database 37, ask described in step e through Check, if there is no identical record through inquiring about in database, or receive temporal information in data and exceed allowed band, then authentication unit 31 gives a warning information, or after storing an error logging simultaneously, when the same ID double above of code data is alarmed, then the ID data are stored in black list database 37.
The signal transmission channels 20 include wire transmission by connection, are wirelessly transferred and infrared transmission etc.;What described key code data transmitting element 18, code data receiving unit 38 also included being mutually matched has contact transmission, is wirelessly transferred and infrared transmission unit.
2nd, the next stage controll plant 40 includes all types of locksets, computer, mobile phone, electronic identity authentication, information management entrance, passage gate inhibition, financial transaction, network firewall, safety management, Authorized operation.The handheld device 10 includes the embedded handheld device and single handheld device together such as mobile phone, PDA, POS, mobile storage disc, and is fixed on the fixing equipment in a someone or unattended place.
Characteristics of human body's sensor 11 includes Zhi Pattern classified sensors or palmmprint, palm shape, face shape, DNA, sonic sensor or iris sensor or its combination.
The present invention can also further be realized by using following technical scheme. As shown in Figure 1, 2, manufacture and design a kind of by gathering volatile secret key and authentication module that characteristics of human body realizes, including handheld device 10, signal transmission channels 20 and authentication module 30, also include characteristics of human body's sensor 11, key microprocessor unit 12, password generation unit 13, password temporary storage location 14 and key code data transmitting element 18 in especially described handheld device 10;The connection key of characteristics of human body's sensor 11 microprocessor unit 12 and password generation unit 13, the connection password generation unit 13 of password temporary storage location 14 and key code data transmitting element 18;
Characteristics of human body's sensor 11 gathers characteristics of human body's information of each user, corresponding password is generated as in password generation unit 13, it is temporarily stored among password temporary storage location 14, and authentication module 30 is transferred to through signal transmission channels 20 by key code data transmitting element 18, then the password is stored in customer data base 32 through accreditation verification;Characteristics of human body's sensor 11 leaves after user's human body or password is transmitted successfully, and password temporary storage location 14 is emptied.
Code data receiving unit 38 is independently arranged or is embedded among authentication module 30, and the authentication module 30 includes authentication unit 31, customer data base 32;The connection code data of authentication unit 31 receiving unit 38 simultaneously connects customer data base 32, is also connected with output interface 39;The authentication module 30 receives the data that handheld device 10 is sent, and authentication unit 31 it is compared operation.
The authentication unit 31 is independently arranged in authentication module 30, or is embedded among next stage controll plant 40.
Also include key button group 15 and key display screen 16, the additional password of typing of the connection key of key button group 15 microprocessor unit 12 in the handheld device 10;And it is stored in the additional encryption memory 133 of the connection of key microprocessor unit 12;The connection key of key display screen 16 microprocessor unit 12 shows operation information.
Also include time quantum 19, main crypto-operation device 131, equipment in the handheld device 10 to dispatch from the factory ID134 and additional encryption memory 133, main crypto-operation device 131 is handled characteristics of human body's information, form the main password of multibyte, with equipment dispatch from the factory ID, current time, by additional (interim) ID of input through keyboard-with forming additional encryption yard.
The signal transmission channels 20 include contact transmission, are wirelessly transferred and infrared transmission;Described key password number
There is contact transmission according to transmitting element 18, code data receiving unit -38 for what is be mutually matched, or to be wirelessly transferred and or being infrared transmission pattern.
Characteristics of human body's sensor 11 includes Zhi Pattern classified sensor Huo Zhang Pattern, palm shape, face shape, DNA, sonic sensor or iris sensor or its combination.
As shown in Figure 2:Among the embodiment of the present invention two, authentication module button group 33, authentication module display 34 and authentication module alarm 35 are also set up on the authentication module 30, the connectivity verification unit 31 of authentication module button group 33, for entering the operating instructions;The authentication module display 34 is also controlled by authentication unit 31, is used for Operating result, warning message are shown, in this embodiment, the driver of liquid crystal display selects EA V- D2004 OAR, there can be the selection of different displays and driver in other implementations certainly.The authentication module alarm 35 is also sent audible warning by the control of authentication unit 31.
Authentication module 30 also includes authentication module clock unit 36 and black list database 37, not with receiving data identical record in database after inquiry, or temporal information exceeds allowed band in reception data, then authentication unit 31 gives a warning information, or stores an error logging simultaneously;In continuous three alarms of a code data, then the code data is stored in black list database 37.
The authentication module 30, can be physically single module, can also be realized by operation computer program.The output interface 39 is controlled by authentication unit 31, communication with next stage controll plant 40 can be using RS485 communications, it would however also be possible to employ CAN mode or other bus modes, can also be LAN, internet, wired connection can be used, or is wirelessly transferred.And after network control is formed, each next stage controll plant 40 receives the control instruction of network system, and this device data is transferred into the master computer that network is controlled.
In the preferred embodiment, characteristics of human body's sensor Π uses fingerprint verification sensor.In other embodiments can be using DNA sensor, face shape, palm shape or other biology sensors.
As shown in figure 3, the present invention has password authorization function and licencing key management function.The storage of password, using the method for encryption storage, i.e., decipherment algorithm must be used, which to read the decrypted algorithm of the data of correct password or reading, can just revert to correct password.Password can be divided into three-level:Super code(One-level), administrator's password(Two grades), user cipher(Three-level).Authentication module 30 does not possess any password in an initial condition, and what is used for the first time has the super code of the acquiescence of a default, and it is oneself setting that the super code of this acquiescence is changed when using first time.In non-group in use, the setting of other passwords must also have the combinations two or more in the case where being not carried out mode of operation in addition to having super code, further to improve the security of password authorization.
Wherein, super code can authorize or nullify administrator's password, user cipher, can perform next step operation;If it is necessary, super code can authorize multiple super codes as it.
Administrator's password can be authorized or logging off users password, can perform next step operation, but cannot authorize or nullify super code, administrator's password;User cipher may only perform next step operation.
Authentication module 30 when not needing networking, can ' not set administrator's password.Super code and administrator's password can see the user name of list of authorized users with Check, and all operations are all unable to Check and see user cipher.
As shown in figure 4, when nullifying a certain user, by diagram flow operations.
By network interface, there can be many station terminals to manage jointly, or even realize that strange land is managed by Internet or dedicated network.Server or integrated terminal can be realized with coupling for terminal by known technology, such as using being based on The various buses and network technology of twisted-pair feeder(Such as RS485, CAN, Ethernet etc.).Such system, which is generally used for hotel etc., needs the field of group management, and family can also be used if needed, such as realizes each door lock in family, the centralized management of furniture lock and alarm etc..
Authentication module 30 itself can have authentication module alarm 35, can also be not provided with, and this alarm can be realized by port, such as be called by an interface come automatic at owner or mansion/cell management or public security department.
Yet another embodiment of the present invention combines the handheld device 10 of mobile phone, additional password can easily be set by the button of mobile phone, for different operation objects, code data directly can be directly passed to authentication module by wired or wireless way, verifying end to can also be sent code data transfer by the GSM or cdma network of mobile phone, by the fingerprint detection area for authorizing finger during setting to be put in characteristics of human body's sensor 11, and input after corresponding additional information by Send button, if being transmitted directly to authentication module closely, it is accomplished by pressing close to key code data transmitting element 18 acceptor site of code data receiving unit 38 of authentication module 30, code data is after feeding confirms, password is removed automatically, wait next operation.Alignment system positioning etc. can also be coordinated by ad hoc site for service to commission user's 24 hours anti-thefting monitorings on duty of offer, the anti-thefting monitoring of such as automobile and by authorizing break to alarming vehicle remote control Jian circuits, oil circuit.When in use, the Zhi Pattern comparings of customer data base 32 that code data receiving unit 38 in automobile is decoded the data transfer received to authentication unit 31, decoded finger print data is registered with typing, when consistent when, extra-code is decoded again, the data of decoding are compared with code table, gone to drive corresponding circuit to go execution according to comparison result, the authentication of motor vehicle operators can be such as completed, opening and closing, the start-stop of air-conditioning, temperature adjustment so as to control automotive lock etc..
Because handheld device 10 itself is without any password, therefore, the loss of handheld device 10 mean onlys that the loss of the economic value of handheld device 10 itself, without having other disastrous effects.Any one handheld device 10 of the present invention need to be only found, such as borrows and takes from neighbours, security personnel etc., you can perform the operation of oneself.By by means of take people be not required to worry the password of oneself leak, by means of take people without worry the password of oneself leak.As the presentation mode of service, at building management, security personnel and other service departments public key facility service can be provided.
Mobile electricity is living to be used as the payment expense of handheld device 10 and the embodiment paid out:User Zhi Pattern are registered in bank first, then connected with the account of user, record is formed in database.During transaction, at the POS ends of trader, the modes such as short message mode or GPRS modes or CDMA1X with mobile phone are by the information transmission of spending amount and POS in terms of bank, when transmission in the fingerprint capturer of mobile phone Shu Ru Zhi Pattern, now, in terms of the spending amount and finger print information of user's input have been sent to bank in the lump, wired collecting device either by being located at trader, by the finger print information of client be transferred to bank carry out authentication, verifying end be stored with client Zhi Pattern letter Breath, after checking is errorless, corresponding payment for goods to the successful voucher of printing transaction in the POS of the trader and is given trader by feedback information in terms of bank, and transaction is to accuse to complete.The function can not only be brought convenience for the consumption of oneself, or other people consumption is paid.
Yet another embodiment of the present invention, bank's system is as shown in figure 5, signal transmission channels 20 now belong to wire transmission, and the password input device that handheld device 10 is similar to POS is connected with computer, for carrying out user's registration, its registration process is identical with using the handheld device 10 separated.After information data deposit database, encrypted message is not preserved in handheld device 10.The code data receiving unit 38 being wirelessly transferred can also be set within this equipment, the operation of the handheld device 10 separated for wireless receiving, this embodiment can also be applied to Automatic Teller Machine ATM or market cash register POS.Bank with system 200 by network 500 can with third party's network information operator or with more systems exchange informations, extend more functions.
Yet another embodiment of the present invention, entry-exit management system are as shown in fig. 6, signal transmission channels 20 now fall within wire transmission, and handheld device 10 is connected with computer, for carrying out immigrant's registration.Its registration process is identical with using the handheld device 10 separated.After information data deposit database, encrypted message is not preserved in handheld device 10.Entry-exit management system 300 exchanges information by network 500 with bank with system 200 and other security systems, can monitor whether immigrant has contraband and record, to realize safe management and monitoring.
Present invention can also apply to authentication, booting computer and digital signature.
It facts have proved, the present invention is provided with characteristics of human body's sensor on a handheld device, different human body informations are gathered to different users, so as to form different code datas, the code data is registered in the database of authentication module in advance, later each in use, the code data in handheld device is transferred in authentication module is compared with the record in database, there are identical recordings to be carried out respective operations, can not find registered record and just alarm.The code data of the invention generated every time in handheld device and human body biological characteristic information, are all removed automatically when human body leaves handheld device, so avoid the potential safety hazard that handheld device is lost and caused.Moreover, handheld device can many many places of people it is general, reduce system cost, be conducive to extending and more use function.

Claims (17)

  1. Claim
    1. it is a kind of by gathering the method that characteristics of human body realizes volatile secret key and separated checking module, based on handheld device (10), signal transmission channels(20), it is characterised in that methods described includes step: '
    A. in handheld device(10) characteristics of human body's sensor is set on(11), key microprocessor unit(12), password generation unit(13), password temporary storage location(14) with key code data transmitting element(18);
    B., code data receiving unit is set(38), and including authentication unit(31), customer data base(32) authentication module(30);
    C is when applied to special place, handheld device(10) it is connected using wired mode with code data receiving unit (38);
    D. characteristics of human body's sensor first(11) when individually gathering characteristics of human body's information of each user, in password generation unit(13) corresponding password is generated as, password temporary storage location is temporarily stored into(14) among, and key code data transmitting element is passed through(18) through signal transmission channels(20) code data receiving unit (38) is transferred to, then the password is stored in customer data base through accreditation verification(32);Characteristics of human body's sensor (11) leaves certain time or password after user's human body and transmitted successfully, password temporary storage location(14) empty;
    E. when user is held with characteristics of human body's sensor(11) handheld device(10) when operating, characteristics of human body's sensor is passed through(11) the characteristics of human body's information of oneself, password generation unit are gathered(13) corresponding password is generated, and is temporarily stored into password temporary storage location(14) among, then code data is passed through key code data transmitting element by the user(18) through signal transmission channels(20) it is transferred to code data receiving unit(38), authentication unit(31) customer data base is retrieved with regard to the code data(32), compare whether have identical record;Operation is compared in authentication unit(31) carried out in, the authentication unit(31) or in authentication module(30) it is independently arranged in, or is embedded into next stage controll plant(40) among;
    F. through comparing, if database(32) there is identical record in, then it is registered user, authentication unit to confirm the user(31) next stage controll plant is then issued instructions to(40);If through there is no identical record, authentication unit in comparison data storehouse(31) give a warning information, or stores an error logging simultaneously.
    2. according to claim 1 by gathering the method that characteristics of human body realizes volatile secret key and separated checking module, it is characterised in that:The handheld device(10) clock unit is also included on(19), password generation unit(13), main crypto-operation device(131), device id (134) and additional encryption memory(133), exist When performing the password generation operation described in step d, run as follows:
    A first, main crypto-operation device(131) characteristics of human body's information is handled, forms the main password of multibyte;B. by equipment dispatch from the factory ID, current time, additional password together formed by the additional password of input through keyboard be stored in additional encryption memory(133 );
    C then, key microprocessor unit(12) by additional encryption memory(133) the additional password in is recalled, and main password is synthesized with additional password, and synthesis password is temporarily stored into password temporary storage location(1 Φ) among, then to authentication module(30) data are sent;
    D. key microprocessor unit(12) according to the progress of operating procedure, after confirming that data send, detection user human body whether with characteristics of human body's sensor(11) depart from, then determine after delay how long, by password temporary storage location(14) empty, or receive authentication module(30) emptied after confirmation.
    3. volatile secret key is realized Ji the method for Fen Wan formula authentication modules by gathering characteristics of human body according to claim 1, it is characterised in that:In the handheld device(10) key button group is also set up on(5) and key display screen 1
    (16), the key button group(15) it is used as the additional password of typing, then by key microprocessor unit(12) the additional encryption memory of control deposit(133) among, key display screen(16) by key microprocessor unit(12) control shows operation information.
    4. according to claim 1 by gathering the method that characteristics of human body realizes volatile secret key and separated checking module, it is characterised in that:Authentication module(30) authentication module clock unit is also included(And black list database 36)(37) temporal information in identical record, or reception data is not had to exceed allowed band after, being compared described in step e in database, then authentication unit(31) give a warning information, or stores an error logging simultaneously;During double or more the alarm of same ID code data, then the ID data are stored in black list database
    (37) in.
    5. according to claim 1 by gathering the method that characteristics of human body realizes volatile secret key and separated checking module, it is characterised in that:The signal transmission channels(20) include connected by contact wire transmission, be wirelessly transferred and infrared transmission;Described key code data transmitting element(18), code data receiving unit (38) also has contact to transmit, be wirelessly transferred and infrared transmission unit including what is be mutually matched.
    6. volatile secret key is realized Ji the method for Fen Wan formula authentication modules by gathering characteristics of human body according to claim 1, it is characterised in that:The next stage controll plant(40) all types of locksets, computer, mobile phone, electronic identity authentication, information management entrance, passage gate inhibition, financial transaction, network firewall, safety management, Authorized operation are included.
    7. realize volatile secret key and separated checking module by gathering characteristics of human body according to claim 1 Method, it is characterised in that:The handheld device(10) include the embedded handheld device or a single handheld device together such as mobile phone, PDA, POS, mobile storage disc, and be fixed on the fixing equipment in a someone or unattended place.
    8. according to claim 1 by gathering the method that characteristics of human body realizes volatile secret key and separated checking module, it is characterised in that:Characteristics of human body's sensor(11) fingerprint verification sensor or palmmprint, palm shape, face shape, DNA, sonic sensor or perspiration sensor or iris sensor or its combination are included.
    9. according to claim 1 by gathering the method that characteristics of human body realizes volatile secret key and separated checking module, it is characterised in that:The comparison for gathering the biological characteristic and data message of human body is completed by physically separate two or more equipment.
    10.-kind by gathering volatile secret key and separated checking module that characteristics of human body realizes, including handheld device
    (10), signal transmission channels(20), code data receiving unit(And authentication module 38)(30), it is characterised in that:The handheld device(10) characteristics of human body's sensor is also included on(11), key microprocessor unit
    (12), password generation unit(13), password temporary storage location(14), key code data transmitting element(18) with key power supply(19) ;The key microprocessor unit(12) characteristics of human body's sensor is connected(And password generation unit 11)(13), the password temporary storage location(14) password generation unit is connected(13) with key code data transmitting element(18 ) ;Characteristics of human body's sensor(11) characteristics of human body's information of each user is gathered, in password generation unit(13) corresponding password is generated as, password temporary storage location is temporarily stored into(14) among, and key code data transmitting element is passed through(18) through signal transmission channels(20) it is transferred to code data receiving unit(38), then the password, through accreditation verification, is stored in customer data base(32);Characteristics of human body's sensor(11) leave certain time or password after user's human body to transmit successfully, password temporary storage location(14) empty;
    The authentication module(30) authentication unit is included(31), customer data base(32);The authentication unit (32) connects code data receiving unit(38) and customer data base is connected(32), it is also connected with output interface(39);The code data receiving unit(38) handheld device is received(10) data sent, are transferred to authentication unit(31), by authentication unit(31) operation it is compared.
    11. the volatile secret key and separated checking module by gathering characteristics of human body's realization according to claim 10, it is characterised in that:The code data receiving unit(38) or it is independently arranged, or is embedded among authentication module (30).
    12. the volatile secret key and separated checking module by gathering characteristics of human body's realization according to claim 10, it is characterised in that:The authentication unit(31) or in authentication module(30) it is independently arranged in, or is embedded into next stage controll plant(40) among.
    13. the volatile secret key and separated checking module by gathering characteristics of human body's realization according to claim 10, it is characterised in that:In the handheld device(10) key button group is also included on(15) with key display screen(16), the key button group(15) key microprocessor unit is connected(12) the additional password of typing;And it is stored in key microprocessor unit(12) the additional encryption memory of connection(133);Key display screen(16) key microprocessor unit is connected(12) operation information is shown.
    14. the volatile secret key and separated checking module by gathering characteristics of human body's realization according to claim 13, it is characterised in that:In the handheld device(10) clock unit is also included on(19), main crypto-operation device(131), equipment is dispatched from the factory ID (134) and additional encryption memory(133), main crypto-operation device(131) characteristics of human body's information is handled, forms the main password of multibyte, with equipment dispatch from the factory ID, current time, by additional (interim) ID of input through keyboard-with forming additional encryption yard.
    15. the volatile secret key and separated checking module by gathering characteristics of human body's realization according to claim 10, it is characterised in that:The signal transmission channels(20) include contact transmission, be wirelessly transferred and infrared transmission;Described key code data transmitting element(18), code data receiving unit(38) there is contact transmission for what is be mutually matched, or to be wirelessly transferred and or being infrared transmission pattern.
    16. it is according to claim 10 by gathering volatile secret key and separated checking module that characteristics of human body realizes, it is characterised in that:Characteristics of human body's sensor(11) Zhi Pattern classified sensor Huo Zhang Pattern, palm shape, face shape, DNA, sonic sensor or iris sensor or its combination are included.
    17. the volatile secret key and separated checking module by gathering characteristics of human body's realization according to claim 10, it is characterised in that:Authentication module(30) authentication module clock unit is also included(And black list database 36)(37), allowed band is not exceeded with receiving temporal information in data identical record, or reception data in database after inquiry, then authentication unit(31) give a warning information, or stores an error logging simultaneously;When the same ID double above of code data is alarmed, then the ID data are stored in black list database (37).
CN200580030854A 2004-09-22 2005-08-29 Method for realizing volatile secret key and separated checking module by collecting human characteristic Expired - Fee Related CN100583734C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN200410051679.3 2004-09-22
CNB2004100516793A CN1272519C (en) 2004-09-22 2004-09-22 Instant clearing electronic lock system after key cipher use and realizing method
PCT/CN2005/001348 WO2006032186A1 (en) 2004-09-22 2005-08-29 Interleaving and deinterleaving method for preventing periodic position interference

Publications (2)

Publication Number Publication Date
CN101019366A true CN101019366A (en) 2007-08-15
CN100583734C CN100583734C (en) 2010-01-20

Family

ID=38727292

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200580030854A Expired - Fee Related CN100583734C (en) 2004-09-22 2005-08-29 Method for realizing volatile secret key and separated checking module by collecting human characteristic

Country Status (1)

Country Link
CN (1) CN100583734C (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938558A (en) * 2010-08-30 2011-01-05 宇龙计算机通信科技(深圳)有限公司 Mode switching method and system for mobile terminal and mobile terminal
CN103538561A (en) * 2012-07-12 2014-01-29 鸿富锦精密工业(深圳)有限公司 Automobile starting control system and method
CN105719131A (en) * 2016-01-27 2016-06-29 努比亚技术有限公司 Server, client and paying-for-another method of e-payment
CN110443699A (en) * 2018-05-03 2019-11-12 阿里巴巴集团控股有限公司 Method for processing resource and system
CN111489474A (en) * 2020-04-07 2020-08-04 科莱因(苏州)智能科技有限公司 Intelligent visual tracking permission system
CN108512657B (en) * 2017-02-28 2021-05-14 中兴通讯股份有限公司 Password generation method and device

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103366423B (en) * 2012-03-31 2015-09-09 深圳光启创新技术有限公司 Based on the light-operated gate control system of mobile fingerprint identification
CN104952135B (en) * 2015-07-10 2018-04-20 徐林 A kind of intelligent terminal Light-control door lock system and application method
CN105427418A (en) * 2015-11-11 2016-03-23 张时春 Human body biological information identification laser encryption verification system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938558A (en) * 2010-08-30 2011-01-05 宇龙计算机通信科技(深圳)有限公司 Mode switching method and system for mobile terminal and mobile terminal
CN101938558B (en) * 2010-08-30 2014-11-19 宇龙计算机通信科技(深圳)有限公司 Mode switching method and system for mobile terminal and mobile terminal
CN103538561A (en) * 2012-07-12 2014-01-29 鸿富锦精密工业(深圳)有限公司 Automobile starting control system and method
CN105719131A (en) * 2016-01-27 2016-06-29 努比亚技术有限公司 Server, client and paying-for-another method of e-payment
CN108512657B (en) * 2017-02-28 2021-05-14 中兴通讯股份有限公司 Password generation method and device
CN110443699A (en) * 2018-05-03 2019-11-12 阿里巴巴集团控股有限公司 Method for processing resource and system
CN111489474A (en) * 2020-04-07 2020-08-04 科莱因(苏州)智能科技有限公司 Intelligent visual tracking permission system

Also Published As

Publication number Publication date
CN100583734C (en) 2010-01-20

Similar Documents

Publication Publication Date Title
US12015913B2 (en) Security system for handheld wireless devices using time-variable encryption keys
US8340286B2 (en) Interleaving and deinterleaving method for preventing periodic position interference
US10614650B2 (en) System and method for managing distributed encrypted combination over-locks from a remote location
US8275995B2 (en) Identity authentication and secured access systems, components, and methods
US6157722A (en) Encryption key management system and method
US11232513B2 (en) System and method for securing and removing over-locks
US10475115B2 (en) System and method for managing distributed encrypted combination over-locks from a remote location
CN106682903B (en) A kind of feedback validation method of bank paying Licensing Authority information
CN109151012A (en) A kind of push mode runs program technic and its application method, correlation technique
JP2002073563A (en) Device and method for providing safe access to service facility, and program product
CN102880955A (en) Highly-safe fingerprint payment method
CN107864124A (en) A kind of end message method for security protection, terminal and bluetooth lock
CN101019366A (en) Method for realizing volatile secret key and separated verification module by collecting human body characteristics
CN104135480A (en) Entrance guard authorization system and entrance guard authorization method
CN112446982A (en) Method, device, computer readable medium and equipment for controlling intelligent lock
KR20020091418A (en) System for operation and management of water supply facilities
KR20170082307A (en) System and method for Notifying Certificate Authentication Use through Multiple Agencies
EP4307258A1 (en) System and method for randomly generating and associating unlock codes and lock identifiers
CN119067650A (en) Offline payment method, system, device and storage medium
AR et al. SIXTH SENSE IMAGE PROCESSING ATM USING COLOR RECOGNITION AND GESTURE RECOGNITION

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: SHENZHEN WEINA SCIENCE AND TECHNOLOGY CO., LTD.

Free format text: FORMER OWNER: WANG RUIXUN

Effective date: 20150626

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150626

Address after: Baoan District Songgang Yanchuan Street Chaoyang Road Shenzhen city in Guangdong province 518105 Industrial Park B District No. 4 North Yongfa Technology Park Building

Patentee after: Shenzhen nano science and Technology Co., Ltd.

Address before: 553000 room 82, No. 501 West Zhongshan Road, Zhongshan District, Guizhou, Liupanshui

Patentee before: Wang Ruixun

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100120

Termination date: 20190829

CF01 Termination of patent right due to non-payment of annual fee