CN107241192A - The method and device that a kind of use fingerprint key is logged in - Google Patents
The method and device that a kind of use fingerprint key is logged in Download PDFInfo
- Publication number
- CN107241192A CN107241192A CN201710389097.3A CN201710389097A CN107241192A CN 107241192 A CN107241192 A CN 107241192A CN 201710389097 A CN201710389097 A CN 201710389097A CN 107241192 A CN107241192 A CN 107241192A
- Authority
- CN
- China
- Prior art keywords
- fingerprint
- function
- key
- authentication
- pin code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Collating Specific Patterns (AREA)
- Storage Device Security (AREA)
Abstract
The present invention discloses the method and device that a kind of use fingerprint key is logged in, and this method includes:Device obtains login authentication mode, and is returned to operating system;Obtained such as device when the login authentication mode in the 3rd function parameter is external certificate mode and obtain the login interface window handle in the 3rd function parameter and preserve;Device ejects fingerprint authentication prompting frame according to the login interface window handle of preservation, points out user to input fingerprint on fingerprint key and is verified;Data to be signed are sent to fingerprint key by device, current state such as fingerprint key has used the parameter positioning signature private key and signature algorithm of the 5th function for fingerprint authentication if, using authority information of the signature private key according to needed for signature algorithm carries out computing generation register system to data to be signed, and it is returned to operating system.Technical solution of the present invention allows fingerprint Key directly can normally be used in Windows systems, is user-friendly.
Description
Technical field
The present invention relates to information security field, more particularly to the method and device that a kind of use fingerprint key is logged in.
Background technology
At present, when application call Window functions use USB Key, PIN code input frame can be ejected, points out user defeated
Enter PIN code to be verified, after PIN code is verified, application could use the data preserved in USB Key, signed plus solution
The operations such as close, generation key, importing certificate.
In the prior art, fingerprint Key is compared with generic USB Key, and operation is safer, but fingerprint Key can not pass through
PIN code carries out checking and used, and can only carry out checking by fingerprint and use, current Window functions do not support fingerprint authentication, lead
Fingerprint Key is caused to use.Therefore, how to make Window functions support to use fingerprint key, be urgent problem to be solved.
The content of the invention
The invention aims to overcome the deficiencies in the prior art, there is provided the side that a kind of use fingerprint key is logged in
Method and device.
The invention provides a kind of method that use fingerprint key is logged in, including:
When second function is called, device obtains login authentication mode, and the login authentication mode is returned into behaviour
Make system;
When the 3rd function is called, described device obtains the login authentication mode in the 3rd function parameter, and sentences
Whether the login authentication mode of breaking is external certificate mode, is the login that then described device obtains in the 3rd function parameter
Interfaces windows handle is simultaneously preserved, and the 3rd function is return success, and otherwise the 3rd function returns to error message;
When the 4th function is called, described device ejects fingerprint authentication according to the login interface window handle of preservation and pointed out
Frame, points out user to input fingerprint on fingerprint key and verified, as being verified, described in fingerprint key itself current shape is set
State be fingerprint authentication passed through, such as checking not if as described in fingerprint key set itself current state be fingerprint authentication do not pass through;
When the 5th function is called, data to be signed are sent to the fingerprint key, the fingerprint key by described device
Check itself current state whether be that fingerprint authentication has passed through, be then using the 5th function parameter positioning signature private key and
The data to be signed are carried out computing generation register by signature algorithm using the signature private key according to the signature algorithm
The authority information is returned to the operating system by the authority information needed for system, the 5th function, otherwise end operation.
Further, before the second function is called, in addition to:
When the operating system receives login triggering information, user's insertion fingerprint key is pointed out;Operating system as described
When detecting fingerprint key insertions, obtain all user certificates in the fingerprint key and show, point out user's selection to be stepped on
Certificate used in record, the first letter is called when the progress that the operating system receives user's selection logs in used certificate
Number;
When the first function is called, function address list is returned to the operating system by described device, described
Operating system second function address respectively in the function address list, the 3rd function address, the 4th function address and
5th function address calls the second function, the 3rd function, the 4th function and the 5th function.
Further, described device acquisition login authentication mode is specially:Described device is by the second function parameter
Outside PIN code verification mode be set to the first preset value.
Further, when the 4th function is called, described device refers to according to the ejection of the login interface window handle of preservation
Line verification tip frame, points out user to input fingerprint on the fingerprint key and is verified, fingerprint key as described in if being verified
It is that fingerprint authentication has passed through to set itself current state, such as verify that fingerprint key as described in not if sets itself current state to be
Fingerprint authentication does not pass through, specifically includes:
Step A1:When the 4th function is called, described device judges whether to need to generate session PIN code, is to perform
Step A6, otherwise performs step A2;
Step A2:Described device judges whether to need to use session PIN code to be logged in, and is then to perform step A3, otherwise
4th function returns to error message;
Step A3:Described device judges whether to preserve legal session PIN code, is then to perform step A4, otherwise described
4th function returns to error message;
Step A4:Described device judges whether the fingerprint key logs in effectively, is then execution step A5, otherwise described the
Four functions return to error message;
Step A5:Described device sets fingerprint key logging status to have logged in, and the 4th function, which is returned, successfully to be believed
Breath;
Step A6:Described device judges whether the condition for generating PIN code is legal, is then execution step A7, otherwise described the
Four functions return to error message;
Step A7:Described device judges whether the logging status of the fingerprint key is to have logged in, and is then to perform step A10,
Otherwise step A8 is performed;
Step A8:Described device ejects fingerprint authentication prompting frame according to the login interface window handle of preservation, points out
User inputs fingerprint on the fingerprint key and verified, fingerprint key is referred to the fingerprint authentication of input by then described as described
Line key sets itself current state to pass through for fingerprint authentication, is returned to described device and is proved to be successful information, as described fingerprint
Key does not set itself current state not pass through for fingerprint authentication the fingerprint authentication of input by the then fingerprint key, to described
Device returns to authentication failed information;
Step A9:Described device judges whether the fingerprint key tests according to the fingerprint Key received the information returned
Demonstrate,prove successfully, be, set fingerprint key logging status to have logged in, perform step A10, otherwise the 4th function returns to mistake
Information;
Step A10:Described device generates session PIN code and preserved, and preserves login time, and the 4th function is returned into
Work(information.
Further, the described device in the step A1 judges whether to need generation session PIN code to include:Described device
Judge that the checking in the PIN code mark in the 4th function parameter identifies whether set, be to need to generate session PIN code,
Otherwise session PIN code need not be generated.
Further, the step A2 includes:Described device is judged in the PIN code mark in the 4th function parameter
Login banner whether set, be then execution step A3, otherwise the 4th function returns to error message.
Further, the step A3 includes:Described device judges whether there is session PIN in the parameter of the 4th function
Whether the session PIN code length in code and the parameter is equal to preset length, is then to perform step A4, otherwise the 4th function
Return to error message.
Further, the step A4 includes:Described device judge current time subtract preservation login time it is whether small
It is then to perform step A5, otherwise the 4th function returns to error message in preset value.
Further, the step A5 includes:Described device is by login banner set and preserves, and the 4th function is returned
Successful information.
Further, the step A6 includes:Described device judge session PIN code in the parameter of the 4th function and
Whether session PIN code length is sky, is that then the 4th function returns to error message, otherwise performs step A7.
Further, the step A7 includes:Described device judge preserve login banner whether set, be then to perform step
Rapid A10, otherwise performs step A8.
Further, the step A8 includes:Described device refers to according to the ejection of the login interface window handle of preservation
Line verification tip frame, and fingerprint authentication instruction is sent to the fingerprint key, when the fingerprint key receives the finger of user's input
During line, judge whether the fingerprint received is consistent with the fingerprint that inside is preserved, and is that the fingerprint key sets itself current state
Pass through for fingerprint authentication, returned to described device and be proved to be successful information, otherwise the fingerprint key sets itself current state to be
Fingerprint authentication does not pass through, and authentication failed information is returned to described device.
Further, the step A9 includes:The information that described device is returned according to the fingerprint Key received judges
Whether the fingerprint key is proved to be successful, and fingerprint key as described in if the information received is to be proved to be successful information is proved to be successful, will
The login banner set, performs step A10, and the 4th function as described in if the information received is authentication failed information returns wrong
False information.
Further, the step A10 includes:Function pointer of the described device in the 4th function parameter is obtained
Generating function, corresponding session PIN code is generated by the generating function, preserves the session PIN code and login time, described
4th function is return success.
Further, the fingerprint key positions signature private key and signature algorithm using the parameter of the 5th function and included:
The container indexes of the fingerprint key respectively in the parameter of the 5th function with the corresponding container of signature algorithm identifier acquisition
Signature private key and signature algorithm.
Further, methods described also includes:After the operating system receives the authority information, selected using user
The certificate selected is verified to the authority information, as being proved to be successful, and allows to log in, and refuses to log in if authentication failed.
Further, the certificate of the use user selection carries out checking to the authority information includes:The operation system
The authority information is decrypted public signature key in the certificate that system is selected using the user, and the data to be signed are entered
Row Hash calculation, judges whether Hash calculation result is consistent with decrypted result, is, is proved to be successful, otherwise authentication failed.
Invention further provides the device that a kind of use fingerprint key is logged in, including the second operation module, the 3rd operation
Module, the 4th operation module and the 5th operation module;
Second operation module, operation is returned to for obtaining login authentication mode, and by the login authentication mode
System;
3rd operation module, for obtaining the login authentication mode in the 3rd function parameter, and judges described
Whether login authentication mode is external certificate mode, is to obtain login interface window handle in the 3rd function parameter simultaneously
Preserve, return success, otherwise return to error message;
4th operation module, the login interface window handle ejection for being preserved according to the 3rd operation module refers to
Line verification tip frame, points out user to input fingerprint on fingerprint key and is verified, as described fingerprint inspections of the fingerprint key to input
Card sets itself current state to pass through for fingerprint authentication by the then fingerprint key, as described fingerprints of the fingerprint key to input
Checking does not set itself current state not pass through for fingerprint authentication by the then fingerprint key;
5th operation module, for data to be signed to be sent into the fingerprint key, the fingerprint key is checked certainly
Whether body current state is that fingerprint authentication has passed through, and is that then fingerprint key positions signature private key using the parameter of the 5th function
And signature algorithm, computing generation is carried out to the data to be signed according to the signature algorithm using the signature private key and logs in behaviour
Make the authority information needed for system, the 5th operation module is additionally operable to the authority information returning to the operating system,
Otherwise end operation.
Further, described device also includes the first operation module;
When the operating system receives login triggering information, user's insertion fingerprint key is pointed out;Operating system as described
When detecting fingerprint key insertions, obtain all user certificates in the fingerprint key and show, point out user's selection to be stepped on
Certificate used in record, described the is triggered when certificate used in the progress that the operating system receives user's selection is logged in
One operation module;
First operation module is used to function address list returning to the operating system, the operating system difference
Second function address, the 3rd function address, the 4th function address and the 5th function address in the function address list
Call the second function, the 3rd function, the 4th function and the 5th function.
Further, second operation module is specifically for the outside PIN code in the second function parameter is verified
Mode is set to the first preset value, and the outside PIN code verification mode of the first preset value is returned into the operating system.
Further, the 4th operation module includes:
First judging unit, for when the 4th function is called, judging whether to need to generate session PIN code;
Second judging unit, for when first judging unit is judged as NO, judging whether to need to use session PIN
Code is logged in, and error message is returned when being judged as NO;
3rd judging unit, for when second judging unit is judged as YES, judging whether to preserve legal meeting
PIN code is talked about, error message is returned when being judged as NO;
4th judging unit, for when the 3rd judging unit is judged as YES, judging whether the fingerprint key logs in
Effectively, error message is returned to when being judged as NO;
First setting unit, for when the 4th judging unit is judged as YES, the logging status for setting fingerprint key is
It has been logged in that, return success;
5th judging unit, for when first judging unit is judged as YES, judge generate PIN code condition whether
It is legal, return to error message when being judged as NO;
6th judging unit, for when the 5th judging unit is judged as YES, judging the login shape of the fingerprint key
Whether state is to have logged in;
Tip element is ejected, for when the 6th judging unit is judged as NO, being protected according to the 3rd operation module
The login interface window handle ejection fingerprint authentication prompting frame deposited, points out user to input fingerprint on the fingerprint key and enters
Row checking;Fingerprint key sets itself current state to be fingerprint inspection the fingerprint authentication of input by the then fingerprint key as described
Card passed through, to described device return be proved to be successful information, as described fingerprint key to the fingerprint authentication of input not by then described
Fingerprint key sets itself current state not pass through for fingerprint authentication, and authentication failed information is returned to described device;
Receiving unit, information or authentication failed information are proved to be successful for receive that the fingerprint key returns;
7th judging unit, the information that the fingerprint key for being received according to the receiving unit is returned judges institute
State whether fingerprint key is proved to be successful, be, set fingerprint key logging status to have logged in, otherwise return to error message;
Storage unit is generated, generation session PIN during for being when the 6th judging unit and/or the 7th unit judges
Code is simultaneously preserved, and preserves login time, is return success.
Further, first judging unit is specifically for judging in the PIN code mark in the 4th function parameter
Checking identify whether set, be need generate session PIN code, otherwise need not generate session PIN code.
Further, second judging unit is specifically for judging in the PIN code mark in the 4th function parameter
Login banner whether set, return to error message when being judged as NO.
Further, whether there is session in parameter of the 3rd judging unit specifically for judging the 4th function
Whether the session PIN code length in PIN code and the parameter is equal to preset length, and error message is returned when being judged as NO.
Further, the 4th judging unit specifically for judge current time subtract preservation login time it is whether small
In preset value, error message is returned when being judged as NO.
Further, first setting unit is return success specifically for by login banner set and preserving.
Further, the session PIN code in parameter of the 5th judging unit specifically for judging the 4th function
Whether it is sky with session PIN code length, is to return to error message.
Further, the 6th judging unit specifically for the login banner that judges to preserve whether set, be then fingerprint
Key is in logging status, and otherwise fingerprint key is in and is not logged in state.
Further, the ejection Tip element according to the login interface window handle of preservation specifically for ejecting fingerprint inspection
Prompting frame is demonstrate,proved, and fingerprint authentication instruction is sent to the fingerprint key, when the fingerprint key receives the fingerprint of user's input,
Judge whether the fingerprint received is consistent with the fingerprint that inside is preserved, and is, the fingerprint key sets itself current state to be finger
Line checking has passed through, and is returned to described device and is proved to be successful information, and otherwise the fingerprint key sets itself current state to be fingerprint
Checking does not pass through, and authentication failed information is returned to described device.
Further, the 7th judging unit is specifically for the fingerprint key that is received according to the receiving unit
The information of return judges whether the fingerprint key is proved to be successful, by institute if the information received is proved to be successful information for as described in
Login banner set, error message is returned if the information authentication failed information for as described in received.
Further, the generation storage unit is obtained specifically for the function pointer in the parameter according to the 4th function
Generating function is taken, corresponding session PIN code is generated by the generating function, the session PIN code and login time is preserved, returns
Return successful information.
The present invention compared with prior art, with advantages below:
The technical scheme that the present invention is provided, by using external certificate pin mode, uses fingerprint authentication in Window functions
Verified instead of PIN, it is only necessary to change the Windows functions of manufacturer to eject fingerprint prompting frame without ejecting PIN code frame, allow fingerprint
Key directly can be used normally in Windows systems, is user-friendly.
Brief description of the drawings
Fig. 1 is the method flow diagram that a kind of use fingerprint key that the embodiment of the present invention two is provided is logged in;
Fig. 2 implements process flow diagram flow chart for the step 107 in the embodiment of the present invention two;
Fig. 3 is the module composition frame chart for the device that a kind of use fingerprint key that the embodiment of the present invention three is provided is logged in.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiment in the present invention, the every other implementation that those skilled in the art are obtained under the premise of creative work is not made
Example, belongs to the scope of protection of the invention.
Embodiment one
The embodiment of the present invention one provides a kind of method that use fingerprint key is logged in, including:
When second function is called, device obtains login authentication mode, and login authentication mode is returned into operation system
System;
Specifically, in the present embodiment, also including when second function is called by the operating systems:Operating system passes through second
The return value of function judges whether acquisition login authentication mode succeeds, and login is obtained if second function returns to login authentication mode
Verification mode success, otherwise obtains login authentication mode and fails.
In the present embodiment, device acquisition login authentication mode is specially:Device is by the outside PIN in second function parameter
Code verification mode is set to the first preset value;It is preferred that, device is by the outside in the 3rd data structure in second function parameter
PIN code verification mode is set to the first preset value.
When the 3rd function is called, device obtains the login authentication mode in the 3rd function parameter, and judges that login is tested
Whether card mode is external certificate mode, is, device obtains the login interface window handle in the 3rd function parameter and preserved,
3rd function is return success, and otherwise the 3rd function returns to error message;
It is preferred that, the login interface window handle of acquisition is saved in the second data structure by device in the present embodiment;
Specifically, in the present embodiment, also including when the 3rd function is called by the operating systems:Operating system passes through the 3rd
The return value of function judges whether login interface window handle preserves success, the login interface if the 3rd function is return success
Window handle is preserved successfully, and otherwise login interface window handle preserves failure.
When the 4th function is called, device ejects fingerprint authentication prompting frame according to the login interface window handle of preservation,
Prompting user inputs fingerprint on fingerprint key and verified, as being verified, and fingerprint key sets itself current state to be fingerprint
Checking has passed through, and such as checking, not if, fingerprint key sets itself current state not pass through for fingerprint authentication.
In the present embodiment, when the 4th function is called, the step of device is performed specifically includes:
Step A1:When the 4th function is called, device judges whether to need to generate session PIN code, is to perform step
A6, otherwise performs step A2;
Specifically, in the present embodiment, step A1 includes:Device is judged in the PIN code mark in the 4th function parameter
Checking identifies whether set, is to need to generate session PIN code, otherwise need not generate session PIN code.
Step A2:Device judges whether to need to use session PIN code to be logged in, and is then execution step A3, otherwise the 4th
Function returns to error message;
Specifically, in the present embodiment, step A2 includes:Device is judged in the PIN code mark in the 4th function parameter
Login banner whether set, be to need to use session PIN code to be logged in, otherwise session PIN code need not be used to be stepped on
Record.
Step A3:Device judges whether to preserve legal session PIN code, is then to perform step A4, otherwise the 4th function
Return to error message;
Specifically, in the present embodiment, step A3 includes:Device judges whether there is session PIN in the parameter of the 4th function
Whether the session PIN code length in code and parameter is equal to preset length, is then to perform step A4, otherwise the 4th function returns to mistake
Information.
Step A4:Device judges whether fingerprint key logs in effectively, is then to perform step A5, otherwise the 4th function returns wrong
False information;
Specifically, in the present embodiment, step A4 includes:Device judge current time subtract preservation login time whether
It is then to perform step A5, otherwise the 4th function returns to error message less than preset value.
Step A5:Device sets fingerprint key logging status to have logged in, and the 4th function is return success;
Specifically, in the present embodiment, step A5 includes:Device is by login banner set and preserves, and the 4th function is returned
Successful information.
Step A6:Device judges whether the condition for generating PIN code is legal, is then to perform step A7, otherwise the 4th function is returned
Return error message;
Specifically, in the present embodiment, step A6 includes:Device judge session PIN code in the parameter of the 4th function and
Whether session PIN code length is sky, be it is then illegal, it is otherwise legal.
Step A7:Device judges whether fingerprint key logging status is to have logged in, and is then to perform step A10, otherwise performs
Step A8;
Specifically, in the present embodiment, step A7 includes:Device judge preserve login banner whether set, be to refer to
Line key is in logging status, and otherwise fingerprint key is in and is not logged in state.It is preferred that, login banner is stored in the second data knot
In structure;
Step A8:Device ejects fingerprint authentication prompting frame according to the login interface window handle of preservation, points out user referring to
Fingerprint is inputted on line key and is verified that the fingerprint key if sets itself current shape to the fingerprint authentication of input such as fingerprint key
State is that fingerprint authentication has passed through, and is returned to device and is proved to be successful information, as fingerprint key does not refer to the fingerprint authentication of input if
Line key sets itself current state not pass through for fingerprint authentication, and authentication failed information is returned to device;
Specifically, in the present embodiment, step A8 includes:Device ejects fingerprint according to the login interface window handle of preservation
Verification tip frame, and fingerprint authentication instruction is sent to fingerprint key, when fingerprint key receives the fingerprint of user's input, judge to connect
Whether the fingerprint received is consistent with the fingerprint that inside is preserved, and is, fingerprint key sets itself current state to lead to for fingerprint authentication
Cross, returned to device and be proved to be successful information, otherwise fingerprint key sets itself current state not pass through for fingerprint authentication, to device
Return to authentication failed information;
Step A9:Device judges whether fingerprint key is proved to be successful according to the fingerprint Key received the information returned, is then
Set fingerprint key logging status to have logged in, perform step A10, otherwise the 4th function returns to error message;
Specifically, in the present embodiment, step A9 includes:The information that device is returned according to the fingerprint Key received judges
Whether fingerprint key is proved to be successful, and fingerprint key is proved to be successful if the information received is to be proved to be successful information, by login banner
Set, performs step A10, and the 4th function returns to error message if the information received is authentication failed information.
Step A10:Device generates session PIN code and preserved, and preserves login time, and the 4th function is return success;
Specifically, in the present embodiment, step A10 includes:Function pointer of the device in the 4th function parameter is obtained
Generating function, corresponding session PIN code is generated by generating function, preserves session PIN code and login time, and the 4th function is returned
Successful information.It is preferred that, the function pointer in the first data structure of the device in the 4th function parameter obtains generating function;
In the present embodiment, also include when the 4th function is called by the operating systems:Operating system passes through the 4th function
Return value judges whether fingerprint key is proved to be successful, and as the 4th function is return success, fingerprint key is proved to be successful, and is otherwise referred to
Line key authentication faileds.
When the 5th function is called, data to be signed are sent to fingerprint key by device, and fingerprint key checks that itself is current
Whether state is that fingerprint authentication has passed through, and is parameter positioning signature private key and signature algorithm then using the 5th function, uses label
Name private key carries out the authority information needed for computing generates register system according to signature algorithm and returned to data to be signed
Back to operating system, otherwise end operation;
Wherein, fingerprint key positions signature private key and signature algorithm using the parameter of the 5th function and included:Fingerprint key distinguishes
Container index in the parameter of the 5th function is calculated with the signature private key in the corresponding container of signature algorithm identifier acquisition and signature
Method;
Specifically, in the present embodiment, also including when the 5th function is called by the operating systems:Operating system passes through the 5th
The return value of function judges to calculate whether signature succeeds, calculates and signed successfully if the 5th function returns to authority information, otherwise counted
Calculate signature failure;After operating system receives authority information, the certificate selected using user is verified to authority information, such as
It is proved to be successful, allows to log in, refuses to log in if authentication failed.Specifically, the certificate selected using user is entered to signature result
Row checking includes:Signature result is decrypted public signature key in the certificate that operating system is selected using user, to be signed
Data carry out Hash calculation, judge whether Hash calculation result is consistent with decrypted result, is, is proved to be successful, and otherwise checking is lost
Lose.
In the present embodiment, before second function is called, in addition to:
When operating system receives login triggering information, user's insertion fingerprint key is pointed out;As operating system detects finger
When line key is inserted, obtain all user certificates in fingerprint key and show, point out user's selection progress to log in used card
Book, first function is called when the progress that operating system receives user's selection logs in used certificate;
When first function is called, function address list is returned to operating system by device, operating system basis respectively
Second function address, the 3rd function address, the 4th function address and the 5th function address in function address list call second
Function, the 3rd function, the 4th function and the 5th function;Specifically, that function address list is returned into operating system is specific for device
For:The data structure of device initialization first, obtains second function pointer, the 3rd function pointer, the 4th function pointer, the 5th function
Pointer, creates the second data structure and is saved into the first data structure;
Specifically, in the present embodiment, also including when first function is called by the operating systems:Operating system passes through first
The return value of function judges whether initialization succeeds, and success is initialized if first function return function address list, otherwise just
Beginningization fails.
Embodiment two
The embodiment of the present invention two provides a kind of method that use fingerprint key is logged in, as shown in figure 1, including:
When operating system receives login triggering information, user's insertion fingerprint key is pointed out;Fingerprint key is such as detected to insert
It is fashionable, obtain all user certificates in fingerprint key and show, point out user's selection progress to log in used certificate;Work as behaviour
The progress for receiving user's selection as system calls first function when logging in used certificate;
Step 101:When first function is called, function address list is returned to the operating system by device;
Specifically, in the present embodiment, first function is CardAcquireContext, wherein, incoming parameter includes:
First data structure;Function address list is returned to the operating system by device to be included:Initialising first data structure, is obtained
Second function address, the 3rd function address, the 4th function address, the 5th function address, create customized second data structure
And be saved into the first data structure;Operating system can be according to second function address, the 3rd function address, the 4th function
Location, the 5th function address call corresponding function;It is preferred that, second function address, the 3rd function address, the 4th function address,
5th function address is second function pointer, the 3rd function pointer, the 4th function pointer, the 5th function pointer;
Step 102:Operating system judges whether initialization succeeds by the return value of first function, is then operating system root
Corresponding second function is called according to second function pointer, step 103 is performed, otherwise terminates;
In the present embodiment, step 102 is specially:Operating system judges the return value of first function, is such as function address
List then initializes success, otherwise initialization failure;
Step 103:When second function is called, device obtains login authentication mode, and is returned to operating system;
Specifically, in the present embodiment, second function is CardGetProperty, incoming parameter includes the 3rd data
Structure, device obtains login authentication mode and is specially:Outside PIN code verification mode in 3rd data structure is set to first
Preset value, it is fingerprint authentication to represent login authentication mode;
Step 104:Operating system judges to obtain whether login authentication mode succeeds by the return value of second function, is then
Operating system calls corresponding 3rd function according to the 3rd function pointer, performs step 105, otherwise terminates;
In the present embodiment, step 104 is specially:Operating system judges the return value of second function, is such as login authentication
Mode then obtains the success of login authentication mode, performs step 105;Otherwise obtain login authentication mode to fail, terminate;
Step 105:When the 3rd function is called, device obtains the login authentication mode in the 3rd function parameter, judges
Whether login authentication mode is external certificate mode, is then to obtain the login interface window handle in the 3rd function parameter, and will
Login interface window handle is saved in the second data structure, and the 3rd function is return success;Otherwise the 3rd function returns wrong
False information;
Specifically, in the present embodiment, the 3rd function is CardSetProperty, incoming parameter is the first data knot
Structure and login interface window handle, login interface window handle is saved in the second data structure specially:Device will be logged in
Interfaces windows handle is saved in the second data structure in the first data structure;
Step 106:Operating system judges whether login interface window handle preserves success by the return value of the 3rd function,
It is that operating system calls corresponding 4th function according to the 4th function pointer, performs step 107, otherwise terminate;
In the present embodiment, step 106 is specially:Operating system judges the return value of the 3rd function, is such as successful information
Then login interface window handle is preserved successfully, performs step 107;Login interface window handle, which is preserved, if for failure information loses
Lose, terminate;
Step 107:When the 4th function is called, login interface window handle bullet of the device in the second data structure
Go out fingerprint authentication prompting frame, point out user to input fingerprint on fingerprint key and verified, such as fingerprint inspections of the fingerprint key to input
Demonstrate,prove successfully that then the 4th function is return success, perform step 108, such as fingerprint key to the fingerprint authentication of input unsuccessfully if the 4th
Function returns to error message;
Specifically, in the present embodiment, the 4th function is CardAuthenticateEx, incoming parameter includes:First
Data structure, PIN code mark, session password, session Password Length, step 107 implement process as shown in Fig. 2 including:
Step A1:When the 4th function is called, device judges whether to need to generate session PIN code according to PIN code mark,
It is then to perform step A6, otherwise performs step A2;
Specifically, in the present embodiment, step A1 includes:When the 4th function is called, device is judged in PIN code mark
Checking identify whether set, be to need to generate session PIN code, perform step A6;Otherwise session PIN code need not be generated,
Perform step A2.For example, the value of the 8th represents to need to generate session PIN code for 1 in PIN code mark;
Step A2:Device judges whether to need to use session PIN code to be logged in, and is then execution step A3, otherwise the 4th
Function returns to error message;
Specifically, in the present embodiment, step A2 includes:Device judge login banner in PIN code mark whether set,
It is to need to use session PIN code to be logged in, performs step A3;Otherwise session PIN code need not be used to be logged in, the 4th
Function returns to error message;For example in PIN code mark the value of the 7th or the 6th is that 1 expression needs to use session PIN code to enter
Row is logged in;
Step A3:Device judges whether to preserve legal session PIN code, is then to perform step A4, otherwise the 4th function
Return to error message;
Specifically, in the present embodiment, step A3 includes:Device judges whether there is session PIN in the parameter of the 4th function
Whether the session PIN code length in code and parameter is equal to preset length, is then to perform step A4, otherwise the 4th function returns to mistake
Information;
Step A4:Device judges whether fingerprint key logs in effectively, is then to perform step A5, otherwise the 4th function returns wrong
False information;
Specifically, in the present embodiment, step A4 includes:Device judges that current time subtracts stepping in the second data structure
Whether the record time is less than preset value, is then to perform step A5, otherwise the 4th function returns to error message;
Step A5:Device sets fingerprint Key logging status to have logged in, and the 4th function is return success;
Specifically, in the present embodiment, device logging status is set for logged in including:Device by login banner set simultaneously
Preserve;It is preferred that, login banner is saved in the second data structure;
Step A6:Device judges whether the condition for generating PIN code is legal, is then to perform step A7, otherwise the 4th function is returned
Return error message;
Specifically, in the present embodiment, step A6 includes:Device judge session PIN code in the parameter of the 4th function and
Whether session PIN code length is sky, is then illegal, the 4th function returns to error message;Otherwise it is legal, perform step A7;
Step A7:Device judges whether fingerprint key logging status is to have logged in, and is then to perform step A10, otherwise performs
Step A8;
Specifically, in the present embodiment, step A7 includes:Device judges that the login banner preserved in the second data structure is
No set, is that then fingerprint key is in logging status, performs step A10;Otherwise fingerprint key is in and is not logged in state, performs step
Rapid A8;
Step A8:Login interface window handle ejection fingerprint authentication prompting frame of the device in the first data structure, is carried
Show that user inputs fingerprint on fingerprint key and verified, the fingerprint key if is set to the fingerprint authentication of input such as fingerprint key
Itself current state is that fingerprint authentication has passed through, and is returned to device and is proved to be successful information;Such as fingerprint authentications of the fingerprint key to input
Do not set itself current state not pass through for fingerprint authentication by then fingerprint key, authentication failed information is returned to device;
Specifically, in the present embodiment, step A8 is specially:Device refers to according to the ejection of the login interface window handle of preservation
Line verification tip frame, and fingerprint authentication instruction is sent to fingerprint key, when fingerprint key receives the fingerprint of user's input, judge
Whether whether the fingerprint received identical with the fingerprint of inside preservation, is that fingerprint key sets itself current state to be fingerprint inspection
Card has passed through, and fingerprint authentication successful information is returned to device, and otherwise fingerprint key sets itself current state not lead to for fingerprint authentication
Cross, fingerprint authentication failure information is returned to device;
Step A9:Device judges whether fingerprint key is proved to be successful according to the fingerprint Key received the information returned, is then
Set fingerprint key logging status to have logged in, perform step A10, otherwise the 4th function returns to error message;
Specifically, in the present embodiment, step A9 includes:Device according to the information received judge fingerprint authentication whether into
Work(, fingerprint key is proved to be successful if the information received is fingerprint authentication successful information, by the login mark in the second data structure
Know set, perform step A10, fingerprint key authentication faileds, the 4th function if the information received is fingerprint authentication failure information
Return to error message;
Step A10:Device generates session PIN code and preserved, and preserves login time, and the 4th function is return success;
Specifically, in the present embodiment, step A10 includes:Device is according to the first data knot in the parameter of the 4th function
Function pointer in structure obtains generating function, and corresponding session PIN code is generated by generating function, preserves the session PIN of generation
Code and this login time, the 4th function are return success;It is preferred that, by the session PIN code of generation and this login time
It is stored in the second data structure;
Step 108:Operating system judges whether fingerprint key is proved to be successful by the return value of the 4th function, is, operates
System calls corresponding 5th function according to the 5th function pointer, performs step 109, otherwise terminates;
Specifically, in the present embodiment, as the 4th function is return success, fingerprint key is proved to be successful, otherwise fingerprint
Key authentication faileds;
In the present embodiment, device regard container index, signature algorithm identifier, data to be signed as the letter of parameter call the 5th
Number;
Step 109:When the 5th function is called, data to be signed are sent to fingerprint key by device, and fingerprint key is used
Data to be signed are carried out by the parameter positioning signature private key and signature algorithm of the 5th function using signature private key according to signature algorithm
Authority information is returned to operating system by the authority information needed for computing generation register system, the 5th function;
Specifically, in the present embodiment, wherein, fingerprint key positions signature private key and signature using the parameter of the 5th function
Algorithm includes:The container indexes of fingerprint key respectively in the parameter of the 5th function and the corresponding container of signature algorithm identifier acquisition
In signature private key and signature algorithm;If fingerprint key signatures are unsuccessful signature failure information, the 5th letter are returned to operating system
Number returns to error message;
For example, the data to be signed in the present embodiment can include:User name, domain name, random number etc.;
Step 110:Operating system judges to calculate whether signature succeeds by the return value of the 5th function, is to perform step
111, otherwise terminate;
Specifically, in the present embodiment, calculating and being signed successfully if the 5th function returns to authority information, otherwise calculate signature
Failure;
Step 111:The certificate that operating system is selected using user is verified to authority information, as being proved to be successful, is allowed
Log in, refuse to log in if authentication failed;
Specifically, in the present embodiment, the certificate selected using user is verified to signature result, is specially:Operation
Signature result is decrypted public signature key in the certificate that system is selected using user, and Hash meter is carried out to data to be signed
Calculate, judge whether Hash calculation result is consistent with decrypted result, is, is proved to be successful, otherwise authentication failed.
Embodiment three
The embodiment of the present invention three provides the device that a kind of use fingerprint key is logged in, as shown in figure 3, including the second behaviour
Make module 302, the 3rd operation module 303, the 4th operation module 304 and the 5th operation module 305;
Second operation module 302, operating system is returned to for obtaining login authentication mode, and by login authentication mode;
In the present embodiment, the second operation module 302 is specifically for by the outside PIN code authentication in second function parameter
Formula is set to the first preset value, and the outside PIN code verification mode of the first preset value is returned into operating system;It is preferred that, the
Two operation modules 302 are specifically for the outside PIN code verification mode in the 3rd data structure in second function parameter is set
For the first preset value, and the outside PIN code verification mode of the first preset value is returned into operating system;
3rd operation module 303, for obtaining the login authentication mode in the 3rd function parameter, and judges login authentication side
Whether formula is external certificate mode, is, obtains the login interface window handle in the 3rd function parameter and preserves, returns successfully
Information, otherwise returns to error message;
4th operation module 304, the login interface window handle for being preserved according to the 3rd operation module 303 ejects fingerprint
Verification tip frame, points out user to input fingerprint on fingerprint key and is verified that such as fingerprint key passes through to the fingerprint authentication of input
Then fingerprint key sets itself current state to pass through for fingerprint authentication, as fingerprint key does not refer to the fingerprint authentication of input if
Line key sets itself current state not pass through for fingerprint authentication;
Specifically, in the present embodiment, the 4th operation module 304 includes:
First judging unit, for when the 4th function is called, judging whether to need to generate session PIN code;
In the present embodiment, the first judging unit is specifically for judging testing in the PIN code mark in the 4th function parameter
Card identifies whether set, is to need to generate session PIN code, otherwise need not generate session PIN code;
Second judging unit, for when the first judging unit is judged as NO, judging whether to need to use session PIN code to enter
Row is logged in, and error message is returned when being judged as NO;
In the present embodiment, the second judging unit is specifically for judging stepping in the PIN code mark in the 4th function parameter
Record identifies whether set, and error message is returned when being judged as NO;
3rd judging unit, for when the second judging unit is judged as YES, judging whether to preserve legal session PIN
Code, error message is returned when being judged as NO;
In the present embodiment, whether there is session PIN code in parameter of the 3rd judging unit specifically for judging the 4th function
And whether the session PIN code length in parameter is equal to preset length, and error message is returned when being judged as NO;
4th judging unit, for when the 3rd judging unit is judged as YES, judge fingerprint key whether log in effectively, when
Error message is returned when being judged as NO;
In the present embodiment, the 4th judging unit specifically for judge current time subtract preservation login time it is whether small
In preset value, error message is returned when being judged as NO;It is preferred that, login time is stored in the second data structure;
First setting unit, the logging status for when the 4th judging unit is judged as YES, setting fingerprint key is to have stepped on
Record, returns success;
In the present embodiment, the first setting unit is return success specifically for by login banner set and preserving;It is excellent
Choosing, login banner is saved in into the second data structure;
Whether the 5th judging unit, the condition for when the first judging unit is judged as YES, judging to generate PIN code closes
Method, error message is returned when being judged as NO;
In the present embodiment, the session PIN code in parameter of the 5th judging unit specifically for judging the 4th function and meeting
Talk about whether PIN code length is sky, be to return to error message;
6th judging unit, for when the 5th judging unit is judged as YES, judge fingerprint key logging status whether be
Log in;
In the present embodiment, the 6th judging unit specifically for the login banner that judges to preserve in the second data structure whether
Set, is that then fingerprint key is in logging status, otherwise fingerprint key is in and is not logged in state;
Tip element is ejected, for when the 6th judging unit is judged as NO, according to the login of the 3rd operation module preservation
Interfaces windows handle ejects fingerprint authentication prompting frame, points out user to input fingerprint on fingerprint key and is verified;Such as fingerprint key
Set itself current state to pass through for fingerprint authentication by then fingerprint key the fingerprint authentication of input, give device to return to checking
Successful information;As fingerprint key to the fingerprint authentication of input not if fingerprint key set itself current state for fingerprint authentication not
Pass through, authentication failed information is returned to device;
In the present embodiment, ejection Tip element according to the login interface window handle of preservation specifically for ejecting fingerprint inspection
Prompting frame is demonstrate,proved, and fingerprint authentication instruction is sent to fingerprint key, when fingerprint key receives the fingerprint of user's input, judges to receive
Whether the fingerprint arrived is consistent with the fingerprint that inside is preserved, and is, fingerprint key sets itself current state to pass through for fingerprint authentication,
Returned to device and be proved to be successful information;Otherwise fingerprint key sets itself current state not pass through for fingerprint authentication, is returned to device
Authentication failed information;
Receiving unit, for receive fingerprint key return be proved to be successful information or authentication failed information;
Whether 7th judging unit, the information that the fingerprint key for being received according to receiving unit is returned judges fingerprint key
It is proved to be successful, is, sets fingerprint key logging status to have logged in, otherwise return to error message;
In the present embodiment, the 7th judging unit is specifically for the letter of the fingerprint key returns received according to receiving unit
Breath judges whether fingerprint key is proved to be successful, and by login banner set if the information received is to be proved to be successful information, such as receives
To information then return to error message for authentication failed information;It is preferred that, the login banner in the present embodiment is stored in the second number
According in structure;
Storage unit is generated, generation session PIN code is simultaneously during for being when the 6th judging unit and/or the 7th unit judges
Preserve, and preserve login time, return success.
In the present embodiment, generation storage unit is obtained specifically for the function pointer in the parameter according to the 4th function and given birth to
Into function, corresponding session PIN code is generated by generating function, session PIN code and login time is preserved, returns success;
It is preferred that, session PIN code and login time are stored in the second data structure by generation storage unit;
5th operation module 305, for data to be signed to be sent into fingerprint key, fingerprint key checks itself current state
Whether it is that fingerprint authentication has passed through, is that then fingerprint key, using the parameter positioning signature private key and signature algorithm of the 5th function, is used
Authority information of the signature private key according to needed for signature algorithm carries out computing generation register system to data to be signed, the 5th behaviour
It is additionally operable to authority information returning to operating system as module;Otherwise end operation.
Device in the present embodiment can also include the first operation module, when operating system receives login triggering information
When, point out user's insertion fingerprint key;When detecting fingerprint key insertions such as operating system, all users in fingerprint key are obtained
Certificate is simultaneously shown, points out user's selection progress to log in used certificate, when the progress that operating system receives user's selection is stepped on
Used in record the first operation module is triggered during certificate;First operation module is used to function address list returning to operation system
System, operating system second function address respectively in function address list, the 3rd function address, the 4th function address and the
Five function addresses call second function, the 3rd function, the 4th function and the 5th function.In the present embodiment, the first operation module
Specifically for initialising first data structure, second function address, the 3rd function address, the 4th function address, the 5th letter are obtained
Number address, creates the second data structure and the second data structure is saved in the first data structure.It is preferred that, second function
Location, the 3rd function address, the 4th function address, the 5th function address are second function pointer, the 3rd function pointer, the 4th function
Pointer, the 5th function pointer.
Technical solution of the present invention, by using external certificate pin mode, is replaced in Window functions with fingerprint authentication
PIN is verified, it is only necessary to is changed the Windows functions of manufacturer to eject fingerprint prompting frame without ejecting PIN code frame, is allowed fingerprint Key
It directly can normally use, be user-friendly in Windows systems.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto,
Any one skilled in the art is in technical scope disclosed by the invention, the change or replacement that can be readily occurred in,
It should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims
It is defined.
Claims (31)
1. a kind of method that use fingerprint key is logged in, it is characterised in that including:
When second function is called, device obtains login authentication mode, and the login authentication mode is returned into operation system
System;
When the 3rd function is called, described device obtains the login authentication mode in the 3rd function parameter, and judges institute
Whether be external certificate mode, be the login interface that then described device obtains in the 3rd function parameter if stating login authentication mode
Window handle is simultaneously preserved, and the 3rd function is return success, and otherwise the 3rd function returns to error message;
When the 4th function is called, described device ejects fingerprint authentication prompting frame according to the login interface window handle of preservation,
Prompting user inputs fingerprint on fingerprint key and verified, as being verified, described in fingerprint key set itself current state to be
Fingerprint authentication has passed through, fingerprint key as described in checking is not if sets itself current state not pass through for fingerprint authentication;
When the 5th function is called, data to be signed are sent to the fingerprint key by described device, and the fingerprint key is checked
Whether itself current state is that fingerprint authentication has passed through, and is parameter positioning signature private key and signature then using the 5th function
The data to be signed are carried out computing generation register system by algorithm using the signature private key according to the signature algorithm
The authority information is returned to the operating system by required authority information, the 5th function, otherwise end operation.
2. the method as described in claim 1, it is characterised in that before the second function is called, in addition to:
When the operating system receives login triggering information, user's insertion fingerprint key is pointed out;Operating system is detected as described
When being inserted to fingerprint key, obtain all user certificates in the fingerprint key and show, point out user's selection to carry out login institute
The certificate used, first function is called when the progress that the operating system receives user's selection logs in used certificate;
When the first function is called, function address list is returned to the operating system, the operation by described device
System second function address respectively in the function address list, the 3rd function address, the 4th function address and the 5th
Function address calls the second function, the 3rd function, the 4th function and the 5th function.
3. the method as described in claim 1, it is characterised in that described device obtains login authentication mode and is specially:The dress
Put and the outside PIN code verification mode in the second function parameter is set to the first preset value.
4. the method as described in claim 1, it is characterised in that when the 4th function is called, described device is according to preservation
Login interface window handle ejects fingerprint authentication prompting frame, points out user to input fingerprint on the fingerprint key and is verified, such as
Be verified, the fingerprint key sets itself current state to pass through for fingerprint authentication, such as verify fingerprint as described in not if
Key sets itself current state not pass through for fingerprint authentication, specifically includes:
Step A1:When the 4th function is called, described device judges whether to need to generate session PIN code, is to perform step
A6, otherwise performs step A2;
Step A2:Described device judges whether to need to use session PIN code to be logged in, and is then to perform step A3, otherwise described
4th function returns to error message;
Step A3:Described device judges whether to preserve legal session PIN code, is then execution step A4, otherwise the described 4th
Function returns to error message;
Step A4:Described device judges whether the fingerprint key logs in effectively, is then to perform step A5, otherwise the 4th letter
Number returns to error message;
Step A5:Described device sets fingerprint key logging status to have logged in, and the 4th function is return success;
Step A6:Described device judges whether the condition for generating PIN code is legal, is then to perform step A7, otherwise the 4th letter
Number returns to error message;
Step A7:Described device judges whether the logging status of the fingerprint key is to have logged in, and is then to perform step A10, otherwise
Perform step A8;
Step A8:Described device ejects fingerprint authentication prompting frame according to the login interface window handle of preservation, points out user
Fingerprint is inputted on the fingerprint key and is verified that fingerprint key passes through the then fingerprint to the fingerprint authentication of input as described
Key sets itself current state to pass through for fingerprint authentication, is returned to described device and is proved to be successful information, as described fingerprint key
Itself current state is not set not pass through for fingerprint authentication by the then fingerprint key fingerprint authentication of input, to the dress
Put return authentication failed information;
Step A9:Described device judges whether the fingerprint key verifies into according to the fingerprint Key received the information returned
Work(, is to set fingerprint key logging status to have logged in, performs step A10, otherwise the 4th function returns to mistake letter
Breath;
Step A10:Described device generates session PIN code and preserved, and preserves login time, and the 4th function, which is returned, successfully to be believed
Breath.
5. method as claimed in claim 4, it is characterised in that the described device in the step A1 judges whether to need generation
Session PIN code includes:Described device judges that the checking in the PIN code mark in the 4th function parameter identifies whether set,
It is to need to generate session PIN code, otherwise need not generates session PIN code.
6. method as claimed in claim 4, it is characterised in that the step A2 includes:Described device judges the 4th letter
The login banner in PIN code mark in number parameters whether set, be then execution step A3, otherwise the 4th function returns wrong
False information.
7. method as claimed in claim 4, it is characterised in that the step A3 includes:Described device judges the 4th letter
Whether have whether the session PIN code length in session PIN code and the parameter is equal to preset length in several parameters, be to perform
Step A4, otherwise the 4th function return error message.
8. method as claimed in claim 4, it is characterised in that the step A4 includes:Described device judges that current time subtracts
Go whether the login time preserved is less than preset value, be then to perform step A5, otherwise the 4th function returns to error message.
9. method as claimed in claim 4, it is characterised in that the step A5 includes:Described device is by login banner set
And preserve, the 4th function is return success.
10. method as claimed in claim 4, it is characterised in that the step A6 includes:Described device judges the 4th letter
Whether session PIN code and session PIN code length in several parameters are sky, are that then the 4th function returns to error message,
Otherwise step A7 is performed.
11. method as claimed in claim 4, it is characterised in that the step A7 includes:Described device judges the login preserved
Set is identified whether, is then to perform step A10, otherwise performs step A8.
12. method as claimed in claim 4, it is characterised in that the step A8 includes:Described device is according to preservation
Login interface window handle ejects fingerprint authentication prompting frame, and sends fingerprint authentication instruction to the fingerprint key, when the fingerprint
When key receives the fingerprint of user's input, judge whether the fingerprint received is consistent with the fingerprint that inside is preserved, be then described refer to
Line key sets itself current state to pass through for fingerprint authentication, is returned to described device and is proved to be successful information, otherwise the fingerprint
Key sets itself current state not pass through for fingerprint authentication, and authentication failed information is returned to described device.
13. method as claimed in claim 4, it is characterised in that the step A9 includes:Described device is according to the institute received
The information for stating fingerprint Key returns judges whether the fingerprint key is proved to be successful, if the information received is if being proved to be successful information
The fingerprint key is proved to be successful, by the login banner set, performs step A10, and the information such as received is believed for authentication failed
Then the 4th function returns to error message to breath.
14. method as claimed in claim 4, it is characterised in that the step A10 includes:Described device is according to the described 4th
Function pointer in function parameter obtains generating function, and corresponding session PIN code is generated by the generating function, preserves described
Session PIN code and login time, the 4th function are return success.
15. the method as described in claim 1, it is characterised in that the fingerprint key is positioned using the parameter of the 5th function
Signature private key and signature algorithm include:The container indexes and label of the fingerprint key respectively in the parameter of the 5th function
Name algorithm mark obtains signature private key and signature algorithm in correspondence container.
16. the method as described in claim 1, it is characterised in that methods described also includes:When the operating system receives institute
State after authority information, the certificate selected using user is verified to the authority information, as being proved to be successful, allow to log in, such as
Authentication failed is then refused to log in.
17. method as claimed in claim 16, it is characterised in that the certificate of the use user selection is to the authority information
Carrying out checking includes:Public signature key in the certificate that the operating system is selected using the user is carried out to the authority information
The data to be signed are carried out Hash calculation, judge whether Hash calculation result is consistent with decrypted result, is, verifies by decryption
Succeed, otherwise authentication failed.
18. the device that a kind of use fingerprint key is logged in, it is characterised in that including the second operation module, the 3rd operation mould
Block, the 4th operation module and the 5th operation module;
Second operation module, operating system is returned to for obtaining login authentication mode, and by the login authentication mode;
3rd operation module, for obtaining the login authentication mode in the 3rd function parameter, and judges the login
Whether verification mode is external certificate mode, is the login interface window handle obtained in the 3rd function parameter and protects
Deposit, return success, otherwise return to error message;
4th operation module, the login interface window handle for being preserved according to the 3rd operation module ejects fingerprint inspection
Prompting frame is demonstrate,proved, points out user to input fingerprint on fingerprint key and is verified, fingerprint key leads to the fingerprint authentication of input as described
Cross, the fingerprint key sets itself current state to pass through for fingerprint authentication, as described fingerprint authentications of the fingerprint key to input
Itself current state is not set not pass through for fingerprint authentication by the then fingerprint key;
5th operation module, for data to be signed to be sent into the fingerprint key, the fingerprint key checks that itself works as
Whether preceding state is that fingerprint authentication has passed through, and is that then fingerprint key positions signature private key and label using the parameter of the 5th function
The data to be signed are carried out computing generation register system by name algorithm using the signature private key according to the signature algorithm
Authority information needed for system, the 5th operation module is additionally operable to the authority information returning to the operating system, otherwise
End operation.
19. device as claimed in claim 18, it is characterised in that also including the first operation module;
When the operating system receives login triggering information, user's insertion fingerprint key is pointed out;Operating system is detected as described
When being inserted to fingerprint key, obtain all user certificates in the fingerprint key and show, point out user's selection to carry out login institute
The certificate used, first behaviour is triggered when the progress that the operating system receives user's selection logs in used certificate
Make module;
First operation module is used to function address list returning to the operating system, operating system basis respectively
Second function address, the 3rd function address, the 4th function address and the 5th function address in the function address list are called
The second function, the 3rd function, the 4th function and the 5th function.
20. device as claimed in claim 18, it is characterised in that second operation module is specifically for by second letter
Outside PIN code verification mode in number parameters is set to the first preset value, and by the outside PIN code verification mode of the first preset value
Return to the operating system.
21. device as claimed in claim 18, it is characterised in that the 4th operation module includes:
First judging unit, for when the 4th function is called, judging whether to need to generate session PIN code;
Second judging unit, for when first judging unit is judged as NO, judging whether to need to use session PIN code to enter
Row is logged in, and error message is returned when being judged as NO;
3rd judging unit, for when second judging unit is judged as YES, judging whether to preserve legal session PIN
Code, error message is returned when being judged as NO;
4th judging unit, for when the 3rd judging unit is judged as YES, judging whether the fingerprint key is logged in
Effect, error message is returned when being judged as NO;
First setting unit, the logging status for when the 4th judging unit is judged as YES, setting fingerprint key is to have stepped on
Record, returns success;
Whether the 5th judging unit, the condition for when first judging unit is judged as YES, judging to generate PIN code closes
Method, error message is returned when being judged as NO;
6th judging unit, for when the 5th judging unit is judged as YES, judging the logging status of the fingerprint key to be
No is to have logged in;
Tip element is ejected, for when the 6th judging unit is judged as NO, being preserved according to the 3rd operation module
The login interface window handle ejects fingerprint authentication prompting frame, points out user to input fingerprint on the fingerprint key and is tested
Card;As described fingerprint key to the fingerprint authentication of input by the then fingerprint key set itself current state for fingerprint authentication
Pass through, returned to described device and be proved to be successful information, fingerprint key does not pass through the then fingerprint to the fingerprint authentication of input as described
Key sets itself current state not pass through for fingerprint authentication, and authentication failed information is returned to described device;
Receiving unit, information or authentication failed information are proved to be successful for receive that the fingerprint key returns;
7th judging unit, the information that the fingerprint key for being received according to the receiving unit is returned judges described refer to
Whether line key is proved to be successful, and is, sets fingerprint key logging status to have logged in, otherwise returns to error message;
Storage unit is generated, generation session PIN code is simultaneously during for being when the 6th judging unit and/or the 7th unit judges
Preserve, and preserve login time, return success.
22. device as claimed in claim 21, it is characterised in that first judging unit is specifically for judging the described 4th
The checking in PIN code mark in function parameter identifies whether set, is to need to generate session PIN code, otherwise need not give birth to
Into session PIN code.
23. device as claimed in claim 21, it is characterised in that second judging unit is specifically for judging the described 4th
The login banner in PIN code mark in function parameter whether set, return to error message when being judged as NO.
24. device as claimed in claim 21, it is characterised in that the 3rd judging unit is specifically for judging the described 4th
Whether have whether the session PIN code length in session PIN code and the parameter is equal to preset length in the parameter of function, work as judgement
For it is no when return to error message.
25. device as claimed in claim 21, it is characterised in that the 4th judging unit is specifically for judging current time
Whether the login time for subtracting preservation is less than preset value, and error message is returned when being judged as NO.
26. device as claimed in claim 21, it is characterised in that first setting unit is specifically for login banner is put
Position is simultaneously preserved, and is return success.
27. device as claimed in claim 21, it is characterised in that the 5th judging unit is specifically for judging the described 4th
Whether session PIN code and session PIN code length in the parameter of function are sky, are to return to error message.
28. device as claimed in claim 21, it is characterised in that the 6th judging unit is specifically for judging that what is preserved steps on
Record identifies whether set, is that then fingerprint key is in logging status, otherwise fingerprint key is in and is not logged in state.
29. device as claimed in claim 21, it is characterised in that the ejection Tip element is specifically for stepping on according to preservation
Interfaces windows handle ejection fingerprint authentication prompting frame is recorded, and fingerprint authentication instruction is sent to the fingerprint key, when the fingerprint
When key receives the fingerprint of user's input, judge whether the fingerprint received is consistent with the fingerprint that inside is preserved, be then described refer to
Line key sets itself current state to pass through for fingerprint authentication, is returned to described device and is proved to be successful information, otherwise the fingerprint
Key sets itself current state not pass through for fingerprint authentication, and authentication failed information is returned to described device.
30. device as claimed in claim 21, it is characterised in that the 7th judging unit according to described specifically for receiving
The information that the fingerprint key that unit is received is returned judges whether the fingerprint key is proved to be successful, and the information such as received is
It is described to be proved to be successful information then by institute's login banner set, return to mistake if the information authentication failed information for as described in received
Information.
31. device as claimed in claim 21, it is characterised in that the generation storage unit is specifically for according to the described 4th
Function pointer in the parameter of function obtains generating function, and corresponding session PIN code is generated by the generating function, preserves institute
Session PIN code and login time are stated, is return success.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710389097.3A CN107241192B (en) | 2017-05-27 | 2017-05-27 | A kind of method and device logged in using fingerprint key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710389097.3A CN107241192B (en) | 2017-05-27 | 2017-05-27 | A kind of method and device logged in using fingerprint key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107241192A true CN107241192A (en) | 2017-10-10 |
| CN107241192B CN107241192B (en) | 2019-08-30 |
Family
ID=59984664
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710389097.3A Active CN107241192B (en) | 2017-05-27 | 2017-05-27 | A kind of method and device logged in using fingerprint key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107241192B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107609362A (en) * | 2017-10-19 | 2018-01-19 | 飞天诚信科技股份有限公司 | A kind of smart card logs in the method for Windows systems and privately owned authority provides device |
| CN107808082A (en) * | 2017-10-13 | 2018-03-16 | 平安科技(深圳)有限公司 | Electronic installation, data access verification method and computer-readable recording medium |
| CN108256309A (en) * | 2018-01-10 | 2018-07-06 | 飞天诚信科技股份有限公司 | Hardware logs in the implementation method and device of windows10 system above |
| CN109391615A (en) * | 2018-09-27 | 2019-02-26 | 深圳互联先锋科技有限公司 | A kind of server exempts from close login method and system |
| CN110460965A (en) * | 2019-06-27 | 2019-11-15 | 智声创科有限公司 | System and method for dynamically identifying mobile devices eliciting responses from radio signals |
| CN111563247A (en) * | 2020-07-14 | 2020-08-21 | 飞天诚信科技股份有限公司 | Method and device for logging in system by intelligent key equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1556449A (en) * | 2004-01-08 | 2004-12-22 | 中国工商银行 | Device and method for proceeding encryption and identification of network bank data |
| CN101430808A (en) * | 2007-11-09 | 2009-05-13 | 王巍 | Fingerprint credit pen payment system, method and apparatus |
| CN101447010A (en) * | 2008-12-30 | 2009-06-03 | 北京飞天诚信科技有限公司 | Login system and method for logging in |
| CN101587519A (en) * | 2008-05-21 | 2009-11-25 | 北京飞天诚信科技有限公司 | System and method for realizing multifunctional information security device |
| CN101662469A (en) * | 2009-09-25 | 2010-03-03 | 浙江维尔生物识别技术股份有限公司 | Method and system based on USBKey online banking trade information authentication |
| CN103186736A (en) * | 2013-04-01 | 2013-07-03 | 深圳市亚略特生物识别科技有限公司 | Fingerprint key device |
| CN104239762A (en) * | 2014-09-16 | 2014-12-24 | 浪潮电子信息产业股份有限公司 | Method for realizing secure login in Windows system |
-
2017
- 2017-05-27 CN CN201710389097.3A patent/CN107241192B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1556449A (en) * | 2004-01-08 | 2004-12-22 | 中国工商银行 | Device and method for proceeding encryption and identification of network bank data |
| CN101430808A (en) * | 2007-11-09 | 2009-05-13 | 王巍 | Fingerprint credit pen payment system, method and apparatus |
| CN101587519A (en) * | 2008-05-21 | 2009-11-25 | 北京飞天诚信科技有限公司 | System and method for realizing multifunctional information security device |
| CN101447010A (en) * | 2008-12-30 | 2009-06-03 | 北京飞天诚信科技有限公司 | Login system and method for logging in |
| CN101662469A (en) * | 2009-09-25 | 2010-03-03 | 浙江维尔生物识别技术股份有限公司 | Method and system based on USBKey online banking trade information authentication |
| CN103186736A (en) * | 2013-04-01 | 2013-07-03 | 深圳市亚略特生物识别科技有限公司 | Fingerprint key device |
| CN104239762A (en) * | 2014-09-16 | 2014-12-24 | 浪潮电子信息产业股份有限公司 | Method for realizing secure login in Windows system |
Non-Patent Citations (1)
| Title |
|---|
| 王明波 等: "基于指纹加密保护的USB Key安全方案", 《微计算机信息》 * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107808082A (en) * | 2017-10-13 | 2018-03-16 | 平安科技(深圳)有限公司 | Electronic installation, data access verification method and computer-readable recording medium |
| CN107808082B (en) * | 2017-10-13 | 2021-08-24 | 平安科技(深圳)有限公司 | Electronic device, data access verification method, and computer-readable storage medium |
| CN107609362A (en) * | 2017-10-19 | 2018-01-19 | 飞天诚信科技股份有限公司 | A kind of smart card logs in the method for Windows systems and privately owned authority provides device |
| CN107609362B (en) * | 2017-10-19 | 2020-02-11 | 飞天诚信科技股份有限公司 | Method for logging in Windows system by smart card and private credential providing device |
| CN108256309A (en) * | 2018-01-10 | 2018-07-06 | 飞天诚信科技股份有限公司 | Hardware logs in the implementation method and device of windows10 system above |
| CN108256309B (en) * | 2018-01-10 | 2020-01-03 | 飞天诚信科技股份有限公司 | Method and device for realizing system logging in windows10 or above |
| US11314853B2 (en) | 2018-01-10 | 2022-04-26 | Feitian Technologies Co., Ltd. | Method and apparatus for implementing logging-on of hardware to windows system with version 10 or higher |
| CN109391615A (en) * | 2018-09-27 | 2019-02-26 | 深圳互联先锋科技有限公司 | A kind of server exempts from close login method and system |
| CN110460965A (en) * | 2019-06-27 | 2019-11-15 | 智声创科有限公司 | System and method for dynamically identifying mobile devices eliciting responses from radio signals |
| CN110460965B (en) * | 2019-06-27 | 2021-09-07 | 星贝瑞有限公司 | System and method for dynamically identifying mobile devices responding by radio signals |
| CN111563247A (en) * | 2020-07-14 | 2020-08-21 | 飞天诚信科技股份有限公司 | Method and device for logging in system by intelligent key equipment |
| WO2022012080A1 (en) * | 2020-07-14 | 2022-01-20 | 飞天诚信科技股份有限公司 | Method and apparatus for logging into system using smart key device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107241192B (en) | 2019-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107241192A (en) | The method and device that a kind of use fingerprint key is logged in | |
| CN106487511B (en) | Identity authentication method and device | |
| CN105162785B (en) | A kind of method and apparatus registered based on authenticating device | |
| CN103795724B (en) | Method for protecting account security based on asynchronous dynamic password technology | |
| CN106101136B (en) | A kind of authentication method and system of biological characteristic comparison | |
| CN108881310A (en) | A kind of Accreditation System and its working method | |
| CN106453205B (en) | identity verification method and device | |
| CN105405185B (en) | Safe verification method and device | |
| CN102281138B (en) | Method and system for improving safety of verification code | |
| CN106549973A (en) | A kind of client and its method of work based on living things feature recognition | |
| CN103458407B (en) | A kind of Internet account number login management system and method based on note | |
| CN105450665B (en) | Safe login method and device, terminal | |
| CN104506321B (en) | A kind of method of seed data in renewal dynamic token | |
| CN108023873A (en) | channel establishing method and terminal device | |
| CN106713370A (en) | Identity authentication method, server and mobile terminal | |
| CN102279915A (en) | Privacy protection method and device | |
| CN108156601A (en) | A kind of method and device of locking SIM card | |
| CN108390884A (en) | A kind of identity identifying method and device | |
| CN102456102A (en) | Method for carrying out identity recertification on particular operation of information system by using Usb key technology | |
| CN104935548B (en) | Auth method, apparatus and system based on intelligent equipment of tatooing | |
| CN105868975A (en) | Electronic finance account management method and system, and mobile terminal | |
| CN107196914A (en) | Identity identifying method and device | |
| CN106599843A (en) | Fingerprint authentication method and device | |
| CN108769981A (en) | A kind of a kind of personal information protecting method for after the encryption SIM card of terminal device and SIM card loss based on encryption | |
| CN105069361A (en) | Safety access method and system for privacy space |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| OL01 | Intention to license declared | ||
| OL01 | Intention to license declared |