[go: up one dir, main page]

CN103886233A - Method, device and system for improving device security by binding hardware - Google Patents

Method, device and system for improving device security by binding hardware Download PDF

Info

Publication number
CN103886233A
CN103886233A CN201410145855.3A CN201410145855A CN103886233A CN 103886233 A CN103886233 A CN 103886233A CN 201410145855 A CN201410145855 A CN 201410145855A CN 103886233 A CN103886233 A CN 103886233A
Authority
CN
China
Prior art keywords
hardware
user
binding
features
device security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410145855.3A
Other languages
Chinese (zh)
Other versions
CN103886233B (en
Inventor
王艺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
I Patrol Technology Ltd
Original Assignee
I Patrol Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by I Patrol Technology Ltd filed Critical I Patrol Technology Ltd
Priority to CN201410145855.3A priority Critical patent/CN103886233B/en
Publication of CN103886233A publication Critical patent/CN103886233A/en
Priority to PCT/CN2014/081356 priority patent/WO2015154341A1/en
Application granted granted Critical
Publication of CN103886233B publication Critical patent/CN103886233B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1015Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to users
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method, a device and a system for improving equipment security by binding hardware. The method for improving the equipment safety by binding hardware comprises the following steps: acquiring biological characteristics of a user and acquiring hardware characteristics of hardware to be bound; binding the biological characteristics with the hardware characteristics according to set rules; when a user enters the equipment, comparing the acquired biological characteristics and hardware characteristics with the biological characteristics and hardware characteristics stored in the equipment to obtain a comparison result; and controlling the equipment according to the comparison result.

Description

Improve method, the Apparatus and system of device security by binding hardware
Technical field
The present invention relates to device security field, be specifically related to a kind of method, Apparatus and system that improves device security by binding hardware.
Background technology
The safety of electronic product and communication apparatus is more and more important now, and each manufacturer also at device security this part painstakingly.Utilize human body biological characteristics, such as fingerprint, vocal print or iris etc., be widely used as system access module, and iphone5 as up-to-date in Apple has just utilized fingerprint module to enter system.
The safety of existing electronic product and communication apparatus is mainly protected by numerical ciphers, security hardware or human body biological characteristics.Numerical ciphers is simple and easy to use, and user only need to carry out simple setting and can be encrypted equipment; Security hardware, for example U shield, be the cipher mode that numerical ciphers and hardware are bound, but this is only simple stack; Human body biological characteristics; because the simulating signal feature in these simulated worlds of people can be used as unique feature of identifying people; thereby biological characteristic, such as people's fingerprint, iris, one's voice in speech or shape of face can be used for protecting user's exclusive use and privacy.
But, because numerical ciphers ratio is easier to crack, thereby can not ensure the safety of electronic product and communication apparatus; For security hardware, owing to being only numerical ciphers and hardware simple superposition, in the time that security hardware is lost or attacked by more powerful and expensive hardware device, be just easy to be broken; Although and biological characteristic has its uniqueness, biological characteristic may be replicated, as copying of fingerprint, once user's biological characteristic is replicated, user's equipment just may be invaded, and the data in subscriber equipment will expose and come.Because the selections such as present more and more users' means of communication, shopping tool or the means of payment are associated with communication apparatus, therefore subscriber equipment is invaded probably can bring huge loss to user.
Summary of the invention
The invention provides a kind of method, Apparatus and system that improves device security by binding hardware, by by user biological feature and external hardware or internal hardware binding, and utilize hardware physical features function can not duplication characteristic mode, the security of equipment be can increase substantially, and then user's privacy and interests ensured.
What the embodiment of the present invention provided pass through, and binding hardware improves the method for device security, comprising:
Gather user's biological characteristic and obtain the hardware characteristics of hardware to be bound;
By setting rule by described biological characteristic and the binding of described hardware characteristics;
In the time of user's access arrangement, biological characteristic and hardware characteristics comparison that the biological characteristic getting and hardware characteristics and equipment have been stored, and obtain comparative result;
According to equipment described in described comparative result control.
Alternatively,
Described biological characteristic comprises fingerprint characteristic and/or face characteristic and/or iris feature and/or vocal print feature.
Alternatively,
Described collection user's biological characteristic comprises:
Gather user's fingerprint characteristic by fingerprint module,
And/or
By camera collection user's face characteristic and/or iris feature,
And/or
Gather user's vocal print feature by microphone.
Alternatively,
Hardware described to be bound comprises external hardware or described device interior hardware.
Alternatively,
Hardware described to be bound is external hardware;
The hardware characteristics that described external hardware is corresponding is hardware data or parameter;
Described external hardware is third party's granting or certification.
Alternatively,
Described method also comprises:
Provide user related information data to licensed-in four directions.
Alternatively,
Described user related information data provides use by described licensed-in fourth direction application or service provider.
Alternatively,
Before providing user related information data to licensed-in four directions, step also comprises:
Described user related information data is encrypted.
Alternatively,
Hardware described to be bound is device interior hardware;
The physics that the hardware characteristics that described device interior hardware is corresponding is this internal hardware can not copy function (Physically Un-clonable Function, PUF).
Alternatively,
The internal memory that described device interior hardware is equipment.
Alternatively,
Described equipment comprises: mobile phone or panel computer.
What the embodiment of the present invention provided pass through, and binding hardware improves the device of device security, comprising:
Gather acquisition module, for gathering user's biological characteristic and obtaining the hardware characteristics of hardware to be bound;
Binding module, for binding described biological characteristic and described hardware characteristics by setting rule;
Comparison module, for when user's access arrangement, biological characteristic and hardware characteristics comparison that the biological characteristic getting and hardware characteristics and equipment have been stored, and obtain comparative result;
Control module, for according to equipment described in described comparative result control.
Alternatively,
Described collection acquisition module comprises collecting unit and acquiring unit;
Described collecting unit is for gathering user's biological characteristic;
Described acquiring unit is for obtaining the hardware characteristics of hardware to be bound.
Alternatively,
Described collecting unit comprises:
Fingerprint module and/or camera and/or microphone, wherein,
Described fingerprint module is for gathering user's fingerprint characteristic;
Described camera is for gathering user's face characteristic and/or iris feature;
Described microphone is for gathering user's vocal print feature.
What the embodiment of the present invention provided pass through, and binding hardware improves the system of device security, comprising:
At least two passing through binding hardware as described in claim 12 to 14 improve the device of device security;
User and described device have mutual mapping relations, described device and application or service binding;
Between at least two described users,
Or
Between at least two described devices,
Or
Between at least two described users and at least two described devices,
Or
Between a described user and at least two described devices, realize binding by the binding of described mutual mapping relations.
In the embodiment of the present invention, first gather user's biological characteristic and obtain the hardware characteristics of hardware to be bound; Then by setting rule by described biological characteristic and the binding of described hardware characteristics; Then in the time of user's access arrangement, biological characteristic and hardware characteristics comparison that the biological characteristic getting and hardware characteristics and equipment have been stored, and obtain comparative result; Finally according to equipment described in described comparative result control.By by the mode of user biological feature and external hardware or internal hardware binding, method of the present invention, Apparatus and system have the following advantages:
1, utilize hardware and user's biological characteristic binding, and hardware physical features function can not duplication characteristic mode, can increase substantially the security of equipment, and then guarantee user's privacy and interests;
2,, because hardware and user's biological characteristic is bound mutually, therefore can conveniently realize the secure binding between multi-user, thereby be facilitating alternately between multi-user.
Brief description of the drawings
Fig. 1 is the present invention improves device security method the first embodiment process flow diagram by binding hardware;
Fig. 2 is the present invention improves device security method the second embodiment process flow diagram by binding hardware;
Fig. 3 is the present invention improves device security method the 3rd embodiment process flow diagram by binding hardware;
Fig. 4 is the present invention improves device security device example structure schematic diagram by binding hardware.
Embodiment
The invention provides a kind of method, Apparatus and system that improves device security by binding hardware, by by user biological feature and external hardware or internal hardware binding, and utilize hardware physical features function can not duplication characteristic mode, the security of equipment be can increase substantially, and then user's privacy and interests ensured.
Refer to Fig. 1, method the first embodiment that improves device security in the embodiment of the present invention by binding hardware comprises:
101, gather user's biological characteristic and obtain the hardware characteristics of hardware to be bound;
Before equipment is by user's biological characteristic and hardware binding, can first gathers user's biological characteristic and obtain the hardware characteristics of hardware to be bound.
Above-mentioned biological characteristic specifically can comprise one or more in fingerprint characteristic, face characteristic, iris feature and vocal print feature, above-mentioned collection user's biological characteristic specifically can comprise: the fingerprint characteristic that gathers user by fingerprint module, and/or pass through camera collection user's face characteristic and/or iris feature, and/or gather user's vocal print feature by microphone.
Hardware above-mentioned to be bound can comprise external hardware or device interior hardware, and said external hardware specifically can comprise U shield or the La Kala etc. that bank provides, and the said equipment internal hardware specifically can comprise device memory, loudspeaker or CPU etc.
102, by setting rule by biological characteristic and hardware characteristics binding;
After gathering user's biological characteristic and obtaining the hardware characteristics of hardware to be bound, can be by setting rule by biological characteristic and hardware characteristics binding.
103, in the time of user's access arrangement, biological characteristic and hardware characteristics comparison that the biological characteristic getting and hardware characteristics and equipment have been stored, and obtain comparative result;
By setting after rule binds biological characteristic and hardware characteristics, if user need to enter or access means, biological characteristic and hardware characteristics comparison that this equipment can have been stored the biological characteristic getting and hardware characteristics and equipment, and obtain comparative result.
104, according to comparative result opertaing device.
If the biological characteristic that comparative result is the biological characteristic got have been stored with equipment with hardware characteristics is with hardware characteristics coupling or conform to, user can access arrangement, otherwise equipment can be to field feedback.Above-mentionedly specifically can comprise feedback error reason and solution etc. to field feedback.
By by user biological feature and external hardware or internal hardware binding, and utilize hardware physical features function can not duplication characteristic mode, the method that the embodiment of the present invention improves device security by binding hardware can increase substantially the security of equipment, and then ensures user's privacy and interests.
Introduce the present invention improves device security method the first embodiment by binding hardware above, introduce the second embodiment that improves the method for device security by binding hardware below, refer to Fig. 2, the second embodiment that improves the method for device security in the embodiment of the present invention by binding hardware comprises:
201, gather user's biological characteristic and obtain the external hardware feature of external hardware to be bound;
Before equipment is by the binding of user's biological characteristic and external hardware, can first gathers user's biological characteristic and obtain the hardware characteristics of external hardware to be bound.
Above-mentioned biological characteristic specifically can comprise one or more in fingerprint characteristic, face characteristic, iris feature and vocal print feature, above-mentioned collection user's biological characteristic specifically can comprise: the fingerprint characteristic that gathers user by fingerprint module, and/or pass through camera collection user's face characteristic and/or iris feature, and/or gather user's vocal print feature by microphone.
Said external hardware is third party's granting or certification, and its corresponding external hardware is characterized as hardware data or parameter, for example, can be U shield or the La Kala etc. that bank provides.
It should be noted that; above-mentioned external hardware is in the process being used by the equipment of use; may there is the behavior of collecting the relevant use habit of user or application data information; this behavior is general only to be used the publisher who provides this external hardware; after by external hardware and user's biological characteristic binding; user can limit this behavior, can further protect user's privacy.
202, by setting rule by biological characteristic and the binding of external hardware feature;
After gathering user's biological characteristic and obtaining the external hardware feature of external hardware to be bound, can be by setting rule by biological characteristic and the binding of external hardware feature.
Above-mentioned setting rule can be specifically: external hardware feature is done after proper transformation, bound with user biological feature.
203, in the time of user's access arrangement, biological characteristic and the comparison of external hardware feature that the biological characteristic getting and external hardware feature and equipment have been stored, and obtain comparative result;
By setting rule by after biological characteristic and the binding of external hardware feature, if user need to enter or access means, biological characteristic and the comparison of external hardware feature that this equipment can have been stored the biological characteristic getting and external hardware feature and equipment, and obtain comparative result.
204, according to comparative result opertaing device;
If the biological characteristic that comparative result is the biological characteristic got have been stored with equipment with external hardware feature is with external hardware characteristic matching or conform to, user can access arrangement, otherwise equipment can be to field feedback.Above-mentionedly specifically can comprise feedback error reason and solution etc. to field feedback.
By user biological feature and external hardware are bound, and utilize hardware physical features function can not duplication characteristic mode, the method that the embodiment of the present invention improves device security by binding external hardware can increase substantially the security of equipment, and then ensures user's privacy and interests.
205, user related information data is encrypted;
User related information data can be that external hardware is collected, also can leave device interior in, these user related information data are owing to relating to user's privacy and safety, therefore before user related information data being transmitted or used, can be encrypted user related information data.
206, provide user related information data to licensed-in four directions.
User related information data, can be specifically user's webpage goods browse vestige, locating information or Download History etc., because these information are reflections of user habit and hobby, therefore can provide guide for businessman or application service provider, thereby these information are to belong to valuable information.Licensed-in four directions, the user related information data can equipment providing, then four directions can provide use to application or service provider by user related information data, and the benefit that four directions can produce according to this user related information data is provided and is divided into or preferential to user.
It should be noted that, user related information data is being provided in the process of use through licensed-in fourth direction application or service provider, can be to occur in encryption channel, that is subscriber equipment directly provides user related information data through encryption channel to application or service provider, can ensure that like this user related information data can not divulge a secret to four directions.
The application process of the embodiment of the present invention is described with an instantiation below:
Equipment in this example is mobile phone, and user biological is characterized as iris feature, and external hardware is the payment verification device that third party provides, and when above-mentioned payment verification device access mobile phone, can realize and exempt from password direct payment.Mobile phone of the present invention is by iris feature and the binding of payment verification device, when user uses, payment verification device, by earphone interface, Micro interface or particular interface access mobile phone, is then had to mobile phone typing iris feature, after being verified, user can realize and exempt from password direct payment.Because mobile phone is by the binding of iris feature and payment verification device, even if therefore also cannot use and exempt from password direct payment function except obtain mobile phone and payment verification device with other people of open air simultaneously, thereby can ensure user's account safety.In addition in the process that payment verification device uses user, can collect user's use information, above-mentioned use information can comprise commodity, the positional information that user pays and browse vestige, these information are general is only secret use of issuer of payment verification device, in the present invention, can, by the mode of authorizing, provide user related information to licensed-in third party cubic or granting payment verification device.It should be noted that, above-mentioned four directions user related information can be offered to service by paid mode or application developers is used, and by paid gained by being divided into or providing preferential mode to return the user that user related information is provided, above-mentioned service or application developers can be directly by encrypted tunnel from subscriber equipment, it in this example, is mobile phone, middle reception user related information, and needn't be through four directions, the method can reduce the risk that user related information is revealed.
By user biological feature and external hardware are bound, and the user profile license that external hardware is collected or the mode of licensing, the method that the embodiment of the present invention improves device security by binding external hardware can increase substantially the security of equipment, when guarantee user's privacy and interests, can be by being divided into or providing preferential mode to increase user's income.
Introduce the present invention improves device security method the second embodiment by binding hardware above, introduce the 3rd embodiment that improves the method for device security by binding hardware below, refer to Fig. 3, the 3rd embodiment that improves the method for device security in the embodiment of the present invention by binding hardware comprises:
301, gather user's biological characteristic and obtain the internal hardware feature of internal hardware to be bound;
Before equipment is by the binding of user's biological characteristic and internal hardware, can first gathers user's biological characteristic and obtain the internal hardware feature of internal hardware to be bound.
Above-mentioned biological characteristic specifically can comprise one or more in fingerprint characteristic, face characteristic, iris feature and vocal print feature, above-mentioned collection user's biological characteristic specifically can comprise: the fingerprint characteristic that gathers user by fingerprint module, and/or pass through camera collection user's face characteristic and/or iris feature, and/or gather user's vocal print feature by microphone.
The internal hardware that device interior hardware is corresponding is characterized as the physics of this internal hardware can not copy function (Physically Un-clonable Function, PUF), and the said equipment internal hardware is specifically as follows the internal memory of equipment.
It should be noted that, if the internal memory that device interior hardware is equipment, the PUF of internal memory can obtain in the following way: because single internal storage location is under physical boundary conditions (under non-normal use condition, in initial phase or processing physical stimulation situation), can there is with certain probability 0 or 1 result, but in statistics, under the common boundary condition of an abundant internal storage location, the result of its statistics there will be consistent characteristic, therefore can obtain by the method the PUF of internal memory, on internal memory, choose at random internal storage location, utilize error correction on the internal storage location of choosing, to produce unified result can to obtain the PUF of internal memory.
302, by setting rule by biological characteristic and the binding of internal hardware feature;
After gathering user's biological characteristic and obtaining the internal hardware feature of internal hardware to be bound, can be by setting rule by biological characteristic and the binding of internal hardware feature.
303, in the time of user's access arrangement, biological characteristic and the comparison of internal hardware feature that the biological characteristic getting and internal hardware feature and equipment have been stored, and obtain comparative result;
By setting rule by after biological characteristic and the binding of internal hardware feature, if user need to enter or access means, biological characteristic and the comparison of internal hardware feature that this equipment can have been stored the biological characteristic getting and internal hardware feature and equipment, and obtain comparative result.
304, according to comparative result opertaing device.
If the biological characteristic that comparative result is the biological characteristic got have been stored with equipment with hardware characteristics is with hardware characteristics coupling or conform to, user can access arrangement, otherwise equipment can be to field feedback.Above-mentionedly specifically can comprise feedback error reason and solution etc. to field feedback.
The application process of the embodiment of the present invention is described with an instantiation below:
Suppose to exist several by the subscriber equipment of user biological feature and the binding of internal hardware feature, between each subscriber equipment, can mutually bind, for the subscriber equipment of having bound, because each subscriber equipment self exists open service or application, therefore can reach by the binding of subscriber equipment the binding of service or application, and binding between service and application is due to taking subscriber equipment as basis, thereby there is very high security, and bring very large facility can to user's use.
The equipment of describing in the inventive method specifically can comprise: mobile phone or panel computer.
By user biological feature and internal hardware are bound, and utilize internal hardware physical features function can not duplication characteristic mode, the method that the embodiment of the present invention improves device security by binding internal hardware can increase substantially the security of equipment, and then ensures user's privacy and interests.
Introduce the present invention improves device security method the 3rd embodiment by binding hardware above, introduce the device embodiment that improves device security by binding hardware below, refer to Fig. 4, the device embodiment that improves device security in the embodiment of the present invention by binding hardware comprises:
Gather acquisition module 401, for gathering user's biological characteristic and obtaining the hardware characteristics of hardware to be bound;
Binding module 402, for binding biological characteristic and hardware characteristics by setting rule;
Comparison module 403, for when user's access arrangement, biological characteristic and hardware characteristics comparison that the biological characteristic getting and hardware characteristics and equipment have been stored, and obtain comparative result;
Control module 404, for according to comparative result opertaing device.
Alternatively,
Gather acquisition module 401 and comprise collecting unit 4011 and acquiring unit 4012;
Collecting unit 4011 is for gathering user's biological characteristic;
Acquiring unit 4012 is for obtaining the hardware characteristics of hardware to be bound.
Alternatively,
Collecting unit 4011 comprises:
Fingerprint module and/or camera and/or microphone, wherein,
Fingerprint module is for gathering user's fingerprint characteristic;
Camera is for gathering user's face characteristic and/or iris feature;
Microphone is for gathering user's vocal print feature.
In the embodiment of the present invention, gather the hardware characteristics that first acquisition module 401 gathers user's biological characteristic and obtain hardware to be bound; Then binding module 402 is by setting rule by described biological characteristic and the binding of described hardware characteristics; Then in the time of user's access arrangement, biological characteristic and hardware characteristics comparison that comparison module 403 has been stored the biological characteristic getting and hardware characteristics and equipment, and obtain comparative result; Last control module 404 is according to equipment described in described comparative result control; Wherein gather acquisition module 401 and comprise collecting unit 4011 and acquiring unit 4012; Collecting unit 4011 is for gathering user's biological characteristic; Acquiring unit 4012 is for obtaining the hardware characteristics of hardware to be bound.By by the mode of user biological feature and external hardware or internal hardware binding, method and apparatus of the present invention has the following advantages:
1, utilize hardware and user's biological characteristic binding, and hardware physical features function can not duplication characteristic mode, can increase substantially the security of equipment, and then guarantee user's privacy and interests;
2,, because hardware and user's biological characteristic is bound mutually, therefore can conveniently realize the secure binding between multi-user, thereby be facilitating alternately between multi-user.
Introduce the present invention improves device security device embodiment by binding hardware above, introduce the system embodiment that improves device security by binding hardware below, the system that improves device security in the embodiment of the present invention by binding hardware, comprising:
At least two as improved the device of device security by binding hardware in the embodiment of the present invention;
User and described device have mutual mapping relations, described device and application or service binding;
Between at least two described users,
Or
Between at least two described devices,
Or
Between at least two described users and at least two described devices,
Or
Between a described user and at least two described devices, realize binding by the binding of described mutual mapping relations.
The system of the embodiment of the present invention, due to the device that comprises the embodiment of the present invention, therefore also specifically has the advantage of embodiment of the present invention device, is not repeated herein.The major advantage that it should be noted that system of the present invention is also: between multiple users, or a user and multiple equipment, or can realize binding by the binding of its mutual mapping relations between multiple users and multiple equipment, like this, can improve significantly the convenience that user uses, for example between two equipment, bind, and between two users corresponding to this equipment, need to carry out can think and bind between two users when mutual, and do not need to carry out again extra judgement or binding procedure.
In the several embodiment that provide in the application, should be understood that, disclosed apparatus and method can realize by another way.For example, device embodiment described above is only schematic, for example, the division of described unit, be only that a kind of logic function is divided, when actual realization, can have other dividing mode, for example multiple unit or assembly can in conjunction with or can be integrated into another system, or some features can ignore, or do not carry out.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, indirect coupling or the communication connection of device or unit can be electrically, machinery or other form.
The described unit as separating component explanation can or can not be also physically to separate, and the parts that show as unit can be or can not be also physical locations, can be positioned at a place, or also can be distributed in multiple network element.Can select according to the actual needs some or all of unit wherein to realize the object of the present embodiment scheme.
In addition, the each functional unit in each embodiment of the present invention can be integrated in a processing unit, can be also that the independent physics of unit exists, and also can be integrated in a unit two or more unit.Above-mentioned integrated unit both can adopt the form of hardware to realize, and also can adopt the form of SFU software functional unit to realize.
If described integrated unit is realized and during as production marketing independently or use, can be stored in a computer read/write memory medium using the form of SFU software functional unit.Based on such understanding, the all or part of of the part that technical scheme of the present invention contributes to prior art in essence in other words or this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprise that some instructions (can be personal computers in order to make a computer equipment, server, or the network equipment etc.) carry out all or part of step of method described in each embodiment of the present invention.And aforesaid storage medium comprises: various media that can be program code stored such as USB flash disk, portable hard drive, ROM (read-only memory) (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CDs.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, any be familiar with those skilled in the art the present invention disclose technical scope in; can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should described be as the criterion with the protection domain of claim.

Claims (15)

1.一种通过绑定硬件来提高设备安全性的方法,其特征在于,包括:1. A method for improving device security by binding hardware, comprising: 采集用户的生物特征及获取待绑定硬件的硬件特征;Collect the user's biological characteristics and obtain the hardware characteristics of the hardware to be bound; 按设定规则将所述生物特征与所述硬件特征绑定;Binding the biometric feature with the hardware feature according to set rules; 当用户进入设备时,将获取到的生物特征与硬件特征与设备已存储的生物特征与硬件特征比较,并得到比较结果;When the user enters the device, compare the obtained biometric and hardware features with the stored biometric and hardware features of the device, and obtain the comparison result; 根据所述比较结果控制所述设备。The device is controlled based on the comparison result. 2.根据权利要求1所述的通过绑定硬件来提高设备安全性的方法,其特征在于,2. The method for improving device security by binding hardware according to claim 1, characterized in that, 所述生物特征包括指纹特征和/或人脸特征和/或虹膜特征和/或声纹特征。The biometric features include fingerprint features and/or facial features and/or iris features and/or voiceprint features. 3.根据权利要求2所述的通过绑定硬件来提高设备安全性的方法,其特征在于,所述采集用户的生物特征包括:3. The method for improving device security by binding hardware according to claim 2, wherein said collection of user's biometric features comprises: 通过指纹模块采集用户的指纹特征,Collect the user's fingerprint features through the fingerprint module, 和/或and / or 通过摄像头采集用户的人脸特征和/或虹膜特征,Collect the user's facial features and/or iris features through the camera, 和/或and / or 通过麦克风采集用户的声纹特征。The user's voiceprint characteristics are collected through the microphone. 4.根据权利要求1所述的通过绑定硬件来提高设备安全性的方法,其特征在于,4. The method for improving device security by binding hardware according to claim 1, characterized in that, 所述待绑定硬件包括外部硬件或所述设备内部硬件。The hardware to be bound includes external hardware or internal hardware of the device. 5.根据权利要求4所述的通过绑定硬件来提高设备安全性的方法,其特征在于,5. The method for improving device security by binding hardware according to claim 4, characterized in that, 所述待绑定硬件为外部硬件;The hardware to be bound is external hardware; 所述外部硬件对应的硬件特征为硬件数据或参数;The hardware feature corresponding to the external hardware is hardware data or parameters; 所述外部硬件为第三方发放或认证。The external hardware is issued or certified by a third party. 6.根据权利要求5所述的通过绑定硬件来提高设备安全性的方法,其特征在于,所述方法还包括:6. The method for improving device security by binding hardware according to claim 5, characterized in that the method further comprises: 向得到许可的第四方提供用户相关信息资料。Provide user-related information to authorized fourth parties. 7.根据权利要求6所述的通过绑定硬件来提高设备安全性的方法,其特征在于,7. The method for improving device security by binding hardware according to claim 6, characterized in that, 所述用户相关信息资料由所述得到许可的第四方向应用或服务商提供使用。The user-related information is provided for use by the permitted fourth party to the application or service provider. 8.根据权利要求6所述的通过绑定硬件来提高设备安全性的方法,其特征在于,在步骤向得到许可的第四方提供用户相关信息资料之前还包括:8. The method for improving device security by binding hardware according to claim 6, characterized in that before the step of providing user-related information to a permitted fourth party, the method further includes: 对所述用户相关信息资料进行加密。The user-related information is encrypted. 9.根据权利要求4所述的通过绑定硬件来提高设备安全性的方法,其特征在于,9. The method for improving device security by binding hardware according to claim 4, characterized in that, 所述待绑定硬件为设备内部硬件;The hardware to be bound is the internal hardware of the device; 所述设备内部硬件对应的硬件特征为该内部硬件的物理不可复制函数(Physically Un-clonable Function,PUF)。The hardware feature corresponding to the internal hardware of the device is a Physically Unclonable Function (PUF) of the internal hardware. 10.根据权利要求9所述的通过绑定硬件来提高设备安全性的方法,其特征在于,10. The method for improving device security by binding hardware according to claim 9, characterized in that, 所述设备内部硬件为设备的内存。The internal hardware of the device is the memory of the device. 11.根据权利要求1至10中任一项所述的通过绑定硬件来提高设备安全性的方法,其特征在于,所述设备包括:手机或平板电脑。11. The method for improving device security by binding hardware according to any one of claims 1 to 10, wherein the device comprises: a mobile phone or a tablet computer. 12.一种通过绑定硬件来提高设备安全性的装置,其特征在于,包括:12. A device for improving device security by binding hardware, characterized in that it comprises: 采集获取模块,用于采集用户的生物特征及获取待绑定硬件的硬件特征;The collection and acquisition module is used to collect the biological characteristics of the user and obtain the hardware characteristics of the hardware to be bound; 绑定模块,用于按设定规则将所述生物特征与所述硬件特征绑定;A binding module, configured to bind the biometric feature with the hardware feature according to set rules; 比较模块,用于当用户进入设备时,将获取到的生物特征与硬件特征与设备已存储的生物特征与硬件特征比较,并得到比较结果;A comparison module, configured to compare the acquired biometric and hardware characteristics with the stored biometric and hardware characteristics of the device when the user enters the device, and obtain a comparison result; 控制模块,用于根据所述比较结果控制所述设备。A control module, configured to control the device according to the comparison result. 13.根据权利要求12所述的通过绑定硬件来提高设备安全性的装置,其特征在于,13. The device for improving device security by binding hardware according to claim 12, characterized in that, 所述采集获取模块包括采集单元和获取单元;The collection and acquisition module includes a collection unit and an acquisition unit; 所述采集单元用于采集用户的生物特征;The collection unit is used to collect the biological characteristics of the user; 所述获取单元用于获取待绑定硬件的硬件特征。The obtaining unit is used to obtain hardware features of the hardware to be bound. 14.根据权利要求13所述的通过多指纹识别提高设备安全性的装置,其特征在于,所述采集单元包括:14. The device for improving device security through multi-fingerprint identification according to claim 13, wherein the acquisition unit comprises: 指纹模块和/或摄像头和/或麦克风,其中,fingerprint module and/or camera and/or microphone, wherein, 所述指纹模块用于采集用户的指纹特征;The fingerprint module is used to collect the fingerprint characteristics of the user; 所述摄像头用于采集用户的人脸特征和/或虹膜特征;The camera is used to collect facial features and/or iris features of the user; 所述麦克风用于采集用户的声纹特征。The microphone is used to collect the voiceprint features of the user. 15.一种通过绑定硬件来提高设备安全性的系统,其特征在于,包括:15. A system for improving device security by binding hardware, characterized in that it comprises: 至少两个如权利要求12至14所述的通过绑定硬件来提高设备安全性的装置;At least two devices for improving device security by binding hardware as claimed in claims 12 to 14; 用户与所述装置具有相互映射关系,所述装置与应用或服务绑定;The user and the device have a mutual mapping relationship, and the device is bound to an application or service; 至少两个所述用户之间,between at least two of said users, or 至少两个所述装置之间,between at least two of said means, or 至少两个所述用户与至少两个所述装置之间,between at least two of said users and at least two of said devices, or 一个所述用户与至少两个所述装置之间通过所述相互映射关系的绑定而实现绑定。The binding between one user and at least two devices is realized through the binding of the mutual mapping relationship.
CN201410145855.3A 2014-04-11 2014-04-11 Method, device and system for improving equipment security by binding hardware Active CN103886233B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201410145855.3A CN103886233B (en) 2014-04-11 2014-04-11 Method, device and system for improving equipment security by binding hardware
PCT/CN2014/081356 WO2015154341A1 (en) 2014-04-11 2014-07-01 Method, device and system for improving device security by hardware binding

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410145855.3A CN103886233B (en) 2014-04-11 2014-04-11 Method, device and system for improving equipment security by binding hardware

Publications (2)

Publication Number Publication Date
CN103886233A true CN103886233A (en) 2014-06-25
CN103886233B CN103886233B (en) 2017-08-04

Family

ID=50955122

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410145855.3A Active CN103886233B (en) 2014-04-11 2014-04-11 Method, device and system for improving equipment security by binding hardware

Country Status (2)

Country Link
CN (1) CN103886233B (en)
WO (1) WO2015154341A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015154341A1 (en) * 2014-04-11 2015-10-15 快车科技有限公司 Method, device and system for improving device security by hardware binding
CN116244757A (en) * 2023-03-15 2023-06-09 武汉天楚云计算有限公司 Computer equipment monitoring alarm method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1869999A (en) * 2006-06-28 2006-11-29 北京飞天诚信科技有限公司 Protection method and device for opening computer
CN103152157A (en) * 2013-02-04 2013-06-12 快车科技有限公司 A kind of security secret protection method and related device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007108895A (en) * 2005-10-12 2007-04-26 Dainippon Printing Co Ltd Atm and biometrics method by atm
CN202650013U (en) * 2012-04-28 2013-01-02 鹤山世达光电科技有限公司 Bank USB key-based fingerprint adapter and system
CN203311420U (en) * 2013-04-18 2013-11-27 杨德贵 Intelligent control USB key
CN103324879B (en) * 2013-07-05 2016-08-10 公安部第三研究所 Mobile device is based on recognition of face and the authentication system of smart card and method
CN103886233B (en) * 2014-04-11 2017-08-04 快车科技有限公司 Method, device and system for improving equipment security by binding hardware

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1869999A (en) * 2006-06-28 2006-11-29 北京飞天诚信科技有限公司 Protection method and device for opening computer
CN103152157A (en) * 2013-02-04 2013-06-12 快车科技有限公司 A kind of security secret protection method and related device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015154341A1 (en) * 2014-04-11 2015-10-15 快车科技有限公司 Method, device and system for improving device security by hardware binding
CN116244757A (en) * 2023-03-15 2023-06-09 武汉天楚云计算有限公司 Computer equipment monitoring alarm method

Also Published As

Publication number Publication date
CN103886233B (en) 2017-08-04
WO2015154341A1 (en) 2015-10-15

Similar Documents

Publication Publication Date Title
JP6239788B2 (en) Fingerprint authentication method, apparatus, intelligent terminal, and computer storage medium
TWI728261B (en) Query system, method and non-transitory machine-readable medium to determine authentication capabilities
CN105429761B (en) A kind of key generation method and device
EP3937040B1 (en) Systems and methods for securing login access
JP7309261B2 (en) Authentication method for biometric payment device, authentication device for biometric payment device, computer device, and computer program
CN106022157A (en) Cloud and local secure storage method and device
CN104794388B (en) application program access protection method and application program access protection device
CN102045367A (en) Registration method and authentication server of real-name authentication
CN108763917A (en) A kind of data encryption/decryption method and device
CN101595488A (en) Method and apparatus for binding content to separate storage devices
US11681787B1 (en) Ownership validation for cryptographic asset contracts using irreversibly transformed identity tokens
US12028458B2 (en) Systems and methods for user identity
CN112636914B (en) Identity verification method, identity verification device and smart card
CN104166824B (en) The USB memory device of sandwich construction
CN107066868A (en) A kind of data guard method and device of identity-based certification
CN107770155A (en) A kind of short-message verification method and mobile terminal
CN103886233A (en) Method, device and system for improving device security by binding hardware
CN106971092A (en) USB encryption card management systems based on cloud platform
CN108122108A (en) Mobile device authentication system and mobile equipment authentication method
CN106355112A (en) Method of destructing data in encrypted mobile storage device and server
CN105574429A (en) Method, device and terminal for file data encryption and decryption processing
CN110738499A (en) User identity authentication method and device, computer equipment and storage medium
KR101679183B1 (en) Server and method for electronic signature
CN103870736A (en) Personal information security protection device for Internet access control and access method
RU2633186C1 (en) Personal device for authentication and data protection

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant