CN107241192B - A method and device for logging in using a fingerprint key - Google Patents

Abstract

The invention discloses a method and device for logging in using a fingerprint key. The method includes: the device acquires a login verification method and returns it to the operating system; if the device obtains the login verification method in the third function parameter as an external verification method Obtain and save the login interface window handle in the third function parameter; the device pops up a fingerprint verification prompt box according to the saved login interface window handle, prompting the user to enter the fingerprint on the fingerprint key for verification; the device sends the data to be signed to the fingerprint key, such as If the current state of the fingerprint key is that the fingerprint verification has passed, use the parameters of the fifth function to locate the signature private key and signature algorithm, use the signature private key to perform calculations on the data to be signed according to the signature algorithm to generate the credential information required to log in to the operating system, and send it returned to the operating system. The technical scheme of the invention allows the fingerprint Key to be used normally in the Windows system directly, which is convenient for users to use.

Description

A method and device for logging in using a fingerprint key

technical field

The invention relates to the field of information security, in particular to a method and device for logging in using a fingerprint key.

Background technique

At present, when the application calls the Window function to use the USB Key, a PIN code input box will pop up, prompting the user to enter the PIN code for verification. After the PIN code verification is passed, the application can use the data stored in the USB Key to sign, encrypt and decrypt, and generate Key, import certificate and other operations.

In the prior art, the fingerprint Key is safer to operate than the ordinary USB Key, but the fingerprint Key cannot be used for verification through the PIN code, but can only be used for verification through the fingerprint. The current Window function does not support fingerprint verification, resulting in fingerprint Key can not be used. Therefore, how to enable the Window function to support the use of the fingerprint key is an urgent problem to be solved.

Contents of the invention

The object of the present invention is to provide a method and device for logging in using a fingerprint key in order to overcome the deficiencies of the prior art.

The invention provides a method for logging in using a fingerprint key, comprising:

When the second function is called, the device acquires a login verification method, and returns the login verification method to the operating system;

When the third function is called, the device obtains the login verification method in the third function parameter, and judges whether the login verification method is an external verification method, and if so, the device obtains the login verification method in the third function parameter. The login interface window handle and save, the third function returns a success message, otherwise the third function returns an error message;

When the fourth function is called, the device pops up a fingerprint verification prompt box according to the saved login interface window handle, prompting the user to input the fingerprint on the fingerprint key for verification, and if the verification is passed, the fingerprint key sets its current state as fingerprint verification Passed, if the verification fails, the fingerprint key sets its current state as fingerprint verification failed;

When the fifth function is called, the device sends the data to be signed to the fingerprint key, and the fingerprint key checks whether its current state is that the fingerprint verification has passed, and if so, uses the parameters of the fifth function to locate the signature private key. Key and signature algorithm, using the signature private key to perform operations on the data to be signed according to the signature algorithm to generate credential information required to log in to the operating system, and the fifth function returns the credential information to the operating system , otherwise end the operation.

Further, before the second function is called, it also includes:

When the operating system receives the login trigger information, it prompts the user to insert the fingerprint key; when the operating system detects that the fingerprint key is inserted, it obtains all user certificates in the fingerprint key and displays them, prompting the user to select the user certificate used for login. When the operating system receives the certificate selected by the user for logging in, the first function is invoked;

When the first function is called, the device returns the function address list to the operating system, and the operating system uses the address of the second function, the address of the third function, and the address of the fourth function in the list of function addresses respectively. The address and the fifth function address call the second function, the third function, the fourth function, and the fifth function.

Further, the acquisition of the login verification method by the device is specifically: the device sets the external PIN code verification method in the second function parameter as a first preset value.

Further, when the fourth function is called, the device pops up a fingerprint verification prompt box according to the saved login interface window handle, prompting the user to input the fingerprint on the fingerprint key for verification, and if the verification is passed, the fingerprint key sets itself The current state is that the fingerprint verification has passed. If the verification fails, the fingerprint key sets its current state as the fingerprint verification has not passed, specifically including:

Step A1: When the fourth function is called, the device judges whether it is necessary to generate a session PIN code, if yes, execute step A6, otherwise execute step A2;

Step A2: The device judges whether a session PIN code needs to be used for login, and if so, execute step A3, otherwise, the fourth function returns an error message;

Step A3: The device judges whether there is a legal session PIN code, if yes, execute step A4, otherwise the fourth function returns an error message;

Step A4: The device judges whether the fingerprint key is valid for login, if so, execute step A5, otherwise the fourth function returns an error message;

Step A5: The device sets the login status of the fingerprint key as logged in, and the fourth function returns success information;

Step A6: The device judges whether the conditions for generating the PIN code are legal, if so, execute step A7, otherwise the fourth function returns an error message;

Step A7: The device judges whether the login status of the fingerprint key is logged in, if yes, execute step A10, otherwise execute step A8;

Step A8: The device pops up a fingerprint verification prompt box according to the stored login interface window handle, prompting the user to input a fingerprint on the fingerprint key for verification, if the fingerprint key passes the input fingerprint verification, the fingerprint key Set its own current state as the fingerprint verification has passed, return verification success information to the device, if the fingerprint key does not pass the input fingerprint verification, then the fingerprint key sets its own current state as the fingerprint verification failed, and send the device Return verification failure information;

Step A9: The device judges whether the fingerprint key has been verified successfully according to the received information returned by the fingerprint key, if yes, set the login status of the fingerprint key as logged in, and execute step A10, otherwise the fourth function returns an error information;

Step A10: the device generates and saves the session PIN code, and saves the login time, and the fourth function returns success information.

Further, the device in the step A1 judging whether it is necessary to generate a session PIN code includes: the device judges whether the verification flag in the PIN code flag in the fourth function parameter is set, and if so, it needs to generate a session PIN code, otherwise no session PIN code needs to be generated.

Further, the step A2 includes: the device judges whether the login flag in the PIN code flag in the fourth function parameter is set, if yes, execute step A3, otherwise, the fourth function returns an error message.

Further, the step A3 includes: the device judges whether there is a session PIN code in the parameter of the fourth function and whether the length of the session PIN code in the parameter is equal to the preset length, if yes, execute step A4, otherwise, the The fourth function described above returns an error message.

Further, the step A4 includes: the device judges whether the current time minus the saved login time is less than a preset value, if yes, execute step A5, otherwise, the fourth function returns an error message.

Further, the step A5 includes: the device sets and saves the login identifier, and the fourth function returns success information.

Further, the step A6 includes: the device judges whether the session PIN code and the length of the session PIN code in the parameters of the fourth function are both empty, if yes, the fourth function returns an error message, otherwise, execute step A7 .

Further, the step A7 includes: the device judges whether the stored login flag is set, if yes, execute step A10, otherwise, execute step A8.

Further, the step A8 includes: the device pops up a fingerprint verification prompt box according to the stored login interface window handle, and sends a fingerprint verification instruction to the fingerprint key, when the fingerprint key receives the fingerprint input by the user , to determine whether the received fingerprint is consistent with the internally stored fingerprint, if so, the fingerprint key sets its current state as fingerprint verification passed, and returns verification success information to the device, otherwise the fingerprint key sets its current state as fingerprint If the verification fails, return verification failure information to the device.

Further, the step A9 includes: the device judges whether the verification of the fingerprint key is successful according to the received information returned by the fingerprint key, if the received information is verification success information, the verification of the fingerprint key is successful, and the The login flag is set, and step A10 is executed, and if the received information is verification failure information, the fourth function returns error information.

Further, the step A10 includes: the device acquires a generating function according to the function pointer in the fourth function parameter, generates a corresponding session PIN code through the generating function, and saves the session PIN code and login time, so The fourth function described above returns success information.

Further, the fingerprint key using the parameters of the fifth function to locate the signature private key and the signature algorithm includes: the fingerprint key obtains the corresponding container index and signature algorithm identifier in the parameters of the fifth function respectively. Signature private key and signature algorithm.

Further, the method further includes: after the operating system receives the credential information, verifying the credential information with the certificate selected by the user, allowing login if the verification is successful, and rejecting the login if the verification fails.

Further, the verifying the credential information by using the certificate selected by the user includes: the operating system decrypts the credential information by using the signature public key in the certificate selected by the user, and performs Hash calculation, judging whether the hash calculation result is consistent with the decryption result, if yes, the verification succeeds, otherwise the verification fails.

The present invention further provides a device for logging in using a fingerprint key, including a second operation module, a third operation module, a fourth operation module and a fifth operation module;

The second operation module is configured to acquire a login verification method, and return the login verification method to the operating system;

The third operation module is used to obtain the login verification method in the third function parameter, and judge whether the login verification method is an external verification method, and if so, obtain the login interface window handle in the third function parameter And save, return a success message, otherwise return an error message;

The fourth operation module is used to pop up a fingerprint verification prompt box according to the login interface window handle saved by the third operation module, prompting the user to input the fingerprint on the fingerprint key for verification, such as the fingerprint key passing the input fingerprint verification Then described fingerprint key setting self current state is that fingerprint verification has passed, as described fingerprint key to the fingerprint verification of input not passing through then described fingerprint key setting self current state is that fingerprint verification has not passed;

The fifth operation module is used to send the data to be signed to the fingerprint key, and the fingerprint key checks whether its current state is that the fingerprint verification has passed, and if so, the fingerprint key uses the parameters of the fifth function to locate the signature private key. Key and signature algorithm, using the signature private key to perform operations on the data to be signed according to the signature algorithm to generate credential information required for logging into the operating system, and the fifth operation module is also used to return the credential information to the operating system, otherwise end the operation.

Further, the device also includes a first operating module;

When the operating system receives the login trigger information, it prompts the user to insert the fingerprint key; when the operating system detects that the fingerprint key is inserted, it obtains all user certificates in the fingerprint key and displays them, prompting the user to select the user certificate used for login. certificate, triggering the first operation module when the operating system receives the certificate selected by the user for logging in;

The first operation module is used to return the function address list to the operating system, and the operating system uses the second function address, the third function address, the fourth function address and the fifth function address in the function address list respectively. The address calls the second function, the third function, the fourth function, and the fifth function.

Further, the second operation module is specifically configured to set the external PIN code verification method in the second function parameter as a first preset value, and return the external PIN code verification method of the first preset value to the operating system described above.

Further, the fourth operation module includes:

A first judging unit, configured to judge whether a session PIN code needs to be generated when the fourth function is called;

The second judging unit is used to judge whether the session PIN code needs to be used to log in when the first judging unit judges no, and returns an error message when judging no;

The third judging unit is used to judge whether a legal session PIN code is saved when the second judging unit judges yes, and returns an error message when judging no;

The fourth judging unit is used to judge whether the fingerprint key is valid for logging in when the third judging unit judges yes, and returns an error message when judging no;

The first setting unit is used to set the login status of the fingerprint key as logged in when the fourth judging unit judges as yes, and return success information;

The fifth judging unit is used to judge whether the condition for generating the PIN code is legal when the first judging unit judges yes, and returns an error message when judging no;

The sixth judging unit is used to judge whether the login status of the fingerprint key is logged in when the fifth judging unit judges yes;

A pop-up prompt unit, configured to pop up a fingerprint verification prompt box according to the login interface window handle saved by the third operation module when the sixth judging unit judges as no, prompting the user to input the fingerprint on the fingerprint key for verification. Verification; if the fingerprint key to the input fingerprint verification is passed, then the fingerprint key sets its current state as the fingerprint verification has passed, and returns verification success information to the device, if the fingerprint key to the input fingerprint verification does not pass, then The current state of the fingerprint key setting itself is that the fingerprint verification has not passed, and the verification failure information is returned to the device;

A receiving unit, configured to receive verification success information or verification failure information returned by the fingerprint key;

The seventh judging unit is used to judge whether the fingerprint key is successfully verified according to the information returned by the fingerprint key received by the receiving unit, if yes, set the login status of the fingerprint key as logged in, otherwise return an error message;

A saving unit is generated, configured to generate and save the session PIN code when the sixth judging unit and/or the seventh unit judges yes, save the login time, and return success information.

Further, the first judging unit is specifically configured to judge whether the verification flag in the PIN code flag in the fourth function parameter is set, if yes, a session PIN code needs to be generated, otherwise, a session PIN code does not need to be generated.

Further, the second judging unit is specifically configured to judge whether the login flag in the PIN code flag in the fourth function parameter is set, and return an error message if the judging is no.

Further, the third judging unit is specifically used to judge whether there is a session PIN code in the parameter of the fourth function and whether the length of the session PIN code in the parameter is equal to a preset length, and returns an error message when the judgment is no .

Further, the fourth judging unit is specifically configured to judge whether the current time minus the saved login time is less than a preset value, and return an error message if the judgment is no.

Further, the first setting unit is specifically configured to set and save the login identifier, and return success information.

Further, the fifth judging unit is specifically configured to judge whether the session PIN code and the length of the session PIN code in the parameters of the fourth function are empty, and return an error message if yes.

Further, the sixth judging unit is specifically used to judge whether the saved login flag is set, if yes, the fingerprint key is in the logged-in state, otherwise, the fingerprint key is in the unlogged state.

Further, the pop-up prompt unit is specifically used to pop up a fingerprint verification prompt box according to the saved login interface window handle, and send a fingerprint verification instruction to the fingerprint key, and when the fingerprint key receives the fingerprint input by the user, judge whether to receive Whether the received fingerprint is consistent with the internally stored fingerprint, if so, the fingerprint key sets its current state as fingerprint verification passed, and returns verification success information to the device, otherwise the fingerprint key sets its current state as fingerprint verification failed , returning verification failure information to the device.

Further, the seventh judging unit is specifically configured to judge whether the fingerprint key is verified successfully according to the information returned by the fingerprint key received by the receiving unit, and if the received information is the verification success information, then the The login flag is set, and if the received information is the verification failure information, an error message is returned.

Further, the generation and storage unit is specifically configured to obtain a generation function according to the function pointer in the parameter of the fourth function, generate a corresponding session PIN code through the generation function, save the session PIN code and login time, and return success message.

Compared with the prior art, the present invention has the following advantages:

The technical scheme provided by the present invention uses the external verification password mode in the Window function, replaces the PIN verification with fingerprint verification, only needs to modify the Windows function of the manufacturer to pop up the fingerprint prompt box instead of popping up the PIN code box, so that the fingerprint key can be directly displayed on the Windows system. It can be used normally and is convenient for users to use.

Description of drawings

FIG. 1 is a flow chart of a method for logging in using a fingerprint key provided in Embodiment 2 of the present invention;

FIG. 2 is a flowchart of a specific implementation process of step 107 in Embodiment 2 of the present invention;

FIG. 3 is a block diagram of modules of a device for logging in using a fingerprint key provided by Embodiment 3 of the present invention.

Detailed ways

The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without making creative efforts belong to the protection scope of the present invention.

Embodiment one

Embodiment 1 of the present invention provides a method for logging in using a fingerprint key, including:

When the second function is called, the device obtains the login verification method, and returns the login verification method to the operating system;

Specifically, in this embodiment, when the second function is called by the operating system, it also includes: the operating system judges whether the acquisition of the login verification method is successful through the return value of the second function, and if the second function returns the login verification method, then the login verification method is obtained. The method is successful, otherwise, the login verification method fails to be obtained.

In this embodiment, the device obtains the login verification method specifically as follows: the device sets the external PIN code verification method in the second function parameter as the first preset value; preferably, the device sets the third data structure in the second function parameter The external PIN code verification method in is set to the first preset value.

When the third function is called, the device obtains the login verification method in the third function parameter, and judges whether the login verification method is an external verification method, if yes, the device obtains the login interface window handle in the third function parameter and saves it, and the third The function returns a success message, otherwise the third function returns an error message;

Preferably, the device in this embodiment saves the acquired login interface window handle in the second data structure;

Specifically, in this embodiment, when the third function is called by the operating system, it also includes: the operating system judges whether the login interface window handle is saved successfully through the return value of the third function, and if the third function returns success information, the login interface window The handle is saved successfully, otherwise the window handle of the login interface fails to be saved.

When the fourth function is called, the device pops up a fingerprint verification prompt box according to the saved login interface window handle, prompting the user to enter the fingerprint on the fingerprint key for verification. If the verification is passed, the fingerprint key sets its current state as the fingerprint verification has passed, such as If the verification fails, the fingerprint key sets its current status as fingerprint verification failed.

In this embodiment, when the fourth function is called, the steps performed by the device specifically include:

Step A1: When the fourth function is called, the device judges whether it is necessary to generate a session PIN code, if yes, execute step A6, otherwise execute step A2;

Specifically, in this embodiment, step A1 includes: the device judges whether the verification flag in the PIN code flag in the fourth function parameter is set, if yes, it needs to generate a session PIN code, otherwise, it does not need to generate a session PIN code.

Step A2: The device judges whether the session PIN code needs to be used for login, if yes, execute step A3, otherwise the fourth function returns an error message;

Specifically, in this embodiment, step A2 includes: the device judges whether the login flag in the PIN code flag in the fourth function parameter is set, if yes, it needs to use the session PIN code to log in, otherwise it does not need to use the session PIN code to log in; Log in.

Step A3: The device judges whether there is a legal session PIN code, if yes, execute step A4, otherwise the fourth function returns an error message;

Specifically, in this embodiment, step A3 includes: the device judges whether there is a session PIN code in the parameter of the fourth function and whether the length of the session PIN code in the parameter is equal to the preset length, if yes, execute step A4, otherwise the fourth function Return an error message.

Step A4: The device judges whether the fingerprint key is valid for login, if yes, execute step A5, otherwise the fourth function returns an error message;

Specifically, in this embodiment, step A4 includes: the device judges whether the current time minus the stored login time is less than a preset value, and if yes, execute step A5; otherwise, the fourth function returns an error message.

Step A5: The device sets the login status of the fingerprint key as logged in, and the fourth function returns success information;

Specifically, in this embodiment, step A5 includes: the device sets and saves the login identifier, and the fourth function returns success information.

Step A6: The device judges whether the conditions for generating the PIN code are legal, if so, execute step A7, otherwise the fourth function returns an error message;

Specifically, in this embodiment, step A6 includes: the device judges whether the session PIN code and the length of the session PIN code in the parameters of the fourth function are empty, if yes, it is invalid, otherwise, it is legal.

Step A7: The device judges whether the login status of the fingerprint key is logged in, if yes, execute step A10, otherwise execute step A8;

Specifically, in this embodiment, step A7 includes: the device judges whether the saved login flag is set, if yes, the fingerprint key is in the logged-in state, otherwise, the fingerprint key is in the unregistered state. Preferably, the login identifier is stored in the second data structure;

Step A8: The device pops up a fingerprint verification prompt box according to the saved login interface window handle, prompting the user to input the fingerprint on the fingerprint key for verification. If the fingerprint key passes the input fingerprint verification, the fingerprint key sets its current status as fingerprint verification passed. Return verification success information to the device. If the fingerprint key fails to pass the input fingerprint verification, the fingerprint key sets its current state as fingerprint verification failure, and returns verification failure information to the device;

Specifically, in this embodiment, step A8 includes: the device pops up a fingerprint verification prompt box according to the saved login interface window handle, and sends a fingerprint verification instruction to the fingerprint key, and when the fingerprint key receives the fingerprint input by the user, it judges that the If the fingerprint is consistent with the internally stored fingerprint, then the fingerprint key sets its current status as fingerprint verification passed, and returns a verification success message to the device; otherwise, the fingerprint key sets its current status as fingerprint verification failed, and returns a verification failure message to the device ;

Step A9: The device judges whether the verification of the fingerprint key is successful according to the information returned by the received fingerprint Key, and if so, sets the login status of the fingerprint key as logged in, and executes step A10, otherwise the fourth function returns an error message;

Specifically, in this embodiment, step A9 includes: the device judges whether the verification of the fingerprint key is successful according to the information returned by the received fingerprint Key, if the received information is verification success information, the verification of the fingerprint key is successful, and the login flag is set , execute step A10, and if the received information is verification failure information, the fourth function returns an error message.

Step A10: The device generates and saves the session PIN code, and saves the login time, and the fourth function returns success information;

Specifically, in this embodiment, step A10 includes: the device obtains the generation function according to the function pointer in the fourth function parameter, generates the corresponding session PIN code through the generation function, saves the session PIN code and login time, and the fourth function returns success information. Preferably, the device acquires the generation function according to the function pointer in the first data structure in the fourth function parameter;

In this embodiment, when the fourth function is called by the operating system, it also includes: the operating system judges whether the fingerprint key verification is successful through the return value of the fourth function. If the fourth function returns success information, the fingerprint key verification is successful, otherwise the fingerprint key verification is successful. verification failed.

When the fifth function is called, the device sends the data to be signed to the fingerprint key. The fingerprint key checks whether its current status is that the fingerprint verification has passed. If so, use the parameters of the fifth function to locate the signature private key and signature algorithm. The key performs operations on the data to be signed according to the signature algorithm to generate the credential information required to log in to the operating system and returns it to the operating system, otherwise the operation ends;

Wherein, the fingerprint key uses the parameters of the fifth function to locate the signature private key and the signature algorithm, including: the fingerprint key obtains the signature private key and the signature algorithm in the corresponding container according to the container index and the signature algorithm identifier in the parameters of the fifth function;

Specifically, in this embodiment, when the fifth function is called by the operating system, it also includes: the operating system judges whether the signature calculation is successful through the return value of the fifth function. If the fifth function returns credential information, the signature calculation is successful; otherwise, the calculation The signature fails; when the operating system receives the credential information, it uses the certificate selected by the user to verify the credential information. If the verification is successful, the login is allowed, and if the verification fails, the login is refused. Specifically, using the certificate selected by the user to verify the signature result includes: the operating system uses the signature public key in the certificate selected by the user to decrypt the signature result, performs hash calculation on the data to be signed, and determines whether the hash calculation result and the decrypted result are If they are consistent, the verification is successful, otherwise the verification fails.

In this embodiment, before the second function is called, it also includes:

When the operating system receives the login trigger information, it prompts the user to insert the fingerprint key; if the operating system detects that the fingerprint key is inserted, it obtains all user certificates in the fingerprint key and displays them, prompting the user to select the certificate used for login. When the operating system The first function is called when the certificate used for login selected by the user is received;

When the first function is called, the device returns the function address list to the operating system, and the operating system calls the second function according to the second function address, the third function address, the fourth function address and the fifth function address in the function address list respectively , the third function, the fourth function, and the fifth function; specifically, the device returns the function address list to the operating system as follows: the device initializes the first data structure, obtains the second function pointer, the third function pointer, and the fourth function pointer , the fifth function pointer, creating a second data structure and storing it in the first data structure;

Specifically, in this embodiment, when the first function is called by the operating system, it also includes: the operating system judges whether the initialization is successful through the return value of the first function. If the first function returns a function address list, the initialization is successful; otherwise, the initialization fails. .

Embodiment two

Embodiment 2 of the present invention provides a method for logging in using a fingerprint key, as shown in FIG. 1 , including:

When the operating system receives the login trigger information, it prompts the user to insert the fingerprint key; if it detects that the fingerprint key is inserted, it obtains all user certificates in the fingerprint key and displays them, prompting the user to select the certificate used for login; when the operating system receives The first function is called when the user selects the certificate used for login;

Step 101: when the first function is called, the device returns the function address list to the operating system;

Specifically, in this embodiment, the first function is CardAcquireContext, wherein the parameters passed in include: the first data structure; the device returning the function address list to the operating system includes: initializing the first data structure, obtaining the second Function address, third function address, fourth function address, fifth function address, create a custom second data structure and save it in the first data structure; the operating system will use the second function address, third function address , the fourth function address, and the fifth function address call the corresponding function; preferably, the second function address, the third function address, the fourth function address, and the fifth function address are the second function pointer, the third function pointer, the fourth function pointer, fifth function pointer;

Step 102: the operating system judges whether the initialization is successful through the return value of the first function, if yes, the operating system calls the corresponding second function according to the second function pointer, and executes step 103, otherwise ends;

In this embodiment, step 102 is specifically: the operating system judges the return value of the first function, if it is a function address list, the initialization is successful; otherwise, the initialization fails;

Step 103: When the second function is called, the device obtains the login verification method and returns it to the operating system;

Specifically, in this embodiment, the second function is CardGetProperty, the incoming parameters include the third data structure, and the device obtains the login verification method specifically as follows: setting the external PIN code verification method in the third data structure to the first predetermined Set the value to indicate that the login verification method is fingerprint verification;

Step 104: the operating system judges whether the acquisition of the login verification method is successful through the return value of the second function, if yes, the operating system calls the corresponding third function according to the third function pointer, and executes step 105, otherwise ends;

In this embodiment, step 104 is specifically: the operating system judges the return value of the second function, if it is a login verification method, the login verification method is obtained successfully, and step 105 is performed; otherwise, the login verification method fails to be obtained, and ends;

Step 105: When the third function is called, the device obtains the login verification method in the third function parameter, judges whether the login verification method is an external verification method, and if so, obtains the login interface window handle in the third function parameter, and logs in The interface window handle is stored in the second data structure, and the third function returns a success message; otherwise, the third function returns an error message;

Specifically, in this embodiment, the third function is CardSetProperty, and the parameters passed in are the first data structure and the handle of the login interface window, and saving the handle of the login interface window into the second data structure is specifically: the device saves the handle of the login interface window saving the handle to the second data structure in the first data structure;

Step 106: the operating system judges whether the login interface window handle is saved successfully by the return value of the third function, if yes, the operating system calls the corresponding fourth function according to the fourth function pointer, and executes step 107, otherwise ends;

In the present embodiment, step 106 is specifically: the operating system judges the return value of the third function, if it is a success message, then the login interface window handle is saved successfully, and step 107 is performed; if it is a failure message, then the login interface window handle fails to be saved, and ends ;

Step 107: When the fourth function is called, the device pops up a fingerprint verification prompt box according to the login interface window handle in the second data structure, prompting the user to input the fingerprint on the fingerprint key for verification, if the fingerprint key verifies the input fingerprint successfully, then The fourth function returns success information, and executes step 108, if the fingerprint key fails to verify the input fingerprint, then the fourth function returns an error message;

Specifically, in the present embodiment, the fourth function is CardAuthenticateEx, and the incoming parameters include: the first data structure, the PIN code sign, the session password, and the length of the session password. The specific implementation process of step 107 is shown in Figure 2, including :

Step A1: When the fourth function is called, the device judges whether a session PIN code needs to be generated according to the PIN code flag, if yes, execute step A6, otherwise execute step A2;

Specifically, in this embodiment, step A1 includes: when the fourth function is called, the device judges whether the verification flag in the PIN code flag is set, if yes, it needs to generate a session PIN code, and executes step A6; otherwise, it does not need to generate Session PIN code, go to step A2. For example, if the value of the eighth bit in the PIN code flag is 1, it means that a session PIN code needs to be generated;

Step A2: The device judges whether the session PIN code needs to be used for login, if yes, execute step A3, otherwise the fourth function returns an error message;

Specifically, in this embodiment, step A2 includes: the device judges whether the login flag in the PIN code flag is set, if yes, it needs to use the session PIN code to log in, and executes step A3; otherwise, it does not need to use the session PIN code to log in, The fourth function returns an error message; for example, if the value of the 7th or 6th bit in the PIN code flag is 1, it means that the session PIN code is required to log in;

Step A3: The device judges whether there is a legal session PIN code, if yes, execute step A4, otherwise the fourth function returns an error message;

Specifically, in this embodiment, step A3 includes: the device judges whether there is a session PIN code in the parameter of the fourth function and whether the length of the session PIN code in the parameter is equal to the preset length, if yes, execute step A4, otherwise the fourth function return an error message;

Step A4: The device judges whether the fingerprint key is valid for login, if yes, execute step A5, otherwise the fourth function returns an error message;

Specifically, in this embodiment, step A4 includes: the device judges whether the current time minus the login time in the second data structure is less than the preset value, if yes, execute step A5, otherwise, the fourth function returns an error message;

Step A5: The device sets the login status of the fingerprint Key as logged in, and the fourth function returns success information;

Specifically, in this embodiment, setting the login status of the device as logged in includes: the device sets and saves the login identifier; preferably, saves the login identifier into the second data structure;

Step A6: The device judges whether the conditions for generating the PIN code are legal, if so, execute step A7, otherwise the fourth function returns an error message;

Specifically, in this embodiment, step A6 includes: the device judges whether the session PIN code and the length of the session PIN code in the parameters of the fourth function are empty, if yes, it is invalid, and the fourth function returns an error message; otherwise, it is legal, Execute step A7;

Step A7: The device judges whether the login status of the fingerprint key is logged in, if yes, execute step A10, otherwise execute step A8;

Specifically, in this embodiment, step A7 includes: the device judges whether the login flag stored in the second data structure is set, if yes, the fingerprint key is in the logged-in state, and then executes step A10; otherwise, the fingerprint key is in the unregistered state, executes Step A8;

Step A8: The device pops up a fingerprint verification prompt box according to the login interface window handle in the first data structure, prompting the user to input the fingerprint on the fingerprint key for verification. If the fingerprint key passes the verification of the input fingerprint, the fingerprint key sets its current state as fingerprint If the verification has passed, the verification success information is returned to the device; if the fingerprint key fails to pass the input fingerprint verification, the fingerprint key sets its current state as the fingerprint verification failed, and the verification failure information is returned to the device;

Specifically, in this embodiment, step A8 is specifically: the device pops up a fingerprint verification prompt box according to the saved login interface window handle, and sends a fingerprint verification instruction to the fingerprint key. Whether the received fingerprint is the same as the internally saved fingerprint, if yes, the fingerprint key sets its current status as fingerprint verification passed, and returns the fingerprint verification success message to the device, otherwise, the fingerprint key sets its current status as fingerprint verification failed, and returns to the device Fingerprint verification failure information;

Step A9: The device judges whether the verification of the fingerprint key is successful according to the information returned by the received fingerprint Key, and if so, sets the login status of the fingerprint key as logged in, and executes step A10, otherwise the fourth function returns an error message;

Specifically, in this embodiment, step A9 includes: the device judges whether the fingerprint verification is successful according to the received information, if the received information is the fingerprint verification success information, then the fingerprint key verification is successful, and the login identification in the second data structure Set, execute step A10, if the received information is the fingerprint verification failure information, then the fingerprint key verification fails, and the fourth function returns an error message;

Step A10: The device generates and saves the session PIN code, and saves the login time, and the fourth function returns success information;

Specifically, in this embodiment, step A10 includes: the device obtains the generation function according to the function pointer in the first data structure in the parameter of the fourth function, generates the corresponding session PIN code through the generation function, and saves the generated session PIN code and this login time, the fourth function returns success information; preferably, the generated session PIN code and this login time are stored in the second data structure;

Step 108: the operating system judges whether the fingerprint key has been verified successfully by the return value of the fourth function, if so, the operating system calls the corresponding fifth function according to the fifth function pointer, and executes step 109, otherwise ends;

Specifically, in this embodiment, if the fourth function returns success information, the fingerprint key verification is successful, otherwise the fingerprint key verification fails;

In this embodiment, the device uses the container index, signature algorithm identifier, and data to be signed as parameters to call the fifth function;

Step 109: When the fifth function is called, the device sends the data to be signed to the fingerprint key, and the fingerprint key uses the parameters of the fifth function to locate the signature private key and signature algorithm, and uses the signature private key to perform operations on the data to be signed according to the signature algorithm to generate Credential information required to log in to the operating system, the fifth function returns the credential information to the operating system;

Specifically, in this embodiment, wherein the fingerprint key uses the parameters of the fifth function to locate the signature private key and signature algorithm includes: the fingerprint key obtains the corresponding container index and signature algorithm identifier in the parameters of the fifth function respectively. Signature private key and signature algorithm; if the fingerprint key signature is unsuccessful, the signature failure message will be returned to the operating system, and the fifth function will return an error message;

For example, the data to be signed in this embodiment may include: user name, domain name, random number, etc.;

Step 110: The operating system judges whether the calculation signature is successful through the return value of the fifth function, if yes, execute step 111, otherwise end;

Specifically, in this embodiment, if the fifth function returns credential information, the calculation of the signature is successful; otherwise, the calculation of the signature fails;

Step 111: the operating system uses the certificate selected by the user to verify the credential information, if the verification is successful, the login is allowed, and if the verification fails, the login is refused;

Specifically, in this embodiment, the certificate selected by the user is used to verify the signature result, specifically: the operating system uses the signature public key in the certificate selected by the user to decrypt the signature result, performs hash calculation on the data to be signed, and determines Whether the hash calculation result is consistent with the decryption result, if yes, the verification succeeds, otherwise the verification fails.

Embodiment three

Embodiment 3 of the present invention provides a device for logging in using a fingerprint key, as shown in FIG. 3 , including a second operating module 302, a third operating module 303, a fourth operating module 304, and a fifth operating module 305;

The second operation module 302 is configured to obtain a login verification method, and return the login verification method to the operating system;

In this embodiment, the second operation module 302 is specifically configured to set the external PIN code verification method in the second function parameter to the first preset value, and return the external PIN code verification method of the first preset value to the operation System; preferably, the second operation module 302 is specifically configured to set the external PIN code verification method in the third data structure in the second function parameter as the first preset value, and set the external PIN code of the first preset value The verification method is returned to the operating system;

The third operation module 303 is used to obtain the login verification method in the third function parameter, and judge whether the login verification method is an external verification method, if yes, obtain the login interface window handle in the third function parameter and save it, and return success information, Otherwise return an error message;

The fourth operation module 304 is used for popping up a fingerprint verification prompt box according to the login interface window handle saved by the third operation module 303, prompting the user to input a fingerprint on the fingerprint key for verification, and if the fingerprint key passes the input fingerprint verification, then the fingerprint key is set The current state of itself is that the fingerprint verification has passed. If the fingerprint key fails to pass the input fingerprint verification, the fingerprint key sets its current state as the fingerprint verification failed;

Specifically, in this embodiment, the fourth operation module 304 includes:

The first judging unit is used to judge whether a session PIN code needs to be generated when the fourth function is called;

In this embodiment, the first judging unit is specifically used to judge whether the verification flag in the PIN code flag in the fourth function parameter is set, if yes, a session PIN code needs to be generated, otherwise, a session PIN code does not need to be generated;

The second judging unit is used to judge whether the session PIN code needs to be used to log in when the first judging unit judges no, and returns an error message when judging no;

In this embodiment, the second judgment unit is specifically used to judge whether the login flag in the PIN code flag in the fourth function parameter is set, and return an error message when the judgment is no;

The third judging unit is used to judge whether a legal session PIN code is stored when the second judging unit judges yes, and returns an error message when judging no;

In this embodiment, the third judging unit is specifically used to judge whether there is a session PIN code in the parameter of the fourth function and whether the length of the session PIN code in the parameter is equal to the preset length, and returns an error message when the judgment is no;

The fourth judging unit is used for judging whether the fingerprint key is valid for logging in when the third judging unit judges yes, and returns an error message when judging no;

In this embodiment, the fourth judging unit is specifically used to judge whether the current time minus the stored login time is less than a preset value, and return an error message when the judgment is no; preferably, the login time is stored in the second data structure;

The first setting unit is used to set the login status of the fingerprint key as logged in when the fourth judging unit judges as yes, and return success information;

In this embodiment, the first setting unit is specifically configured to set and save the login identifier, and return success information; preferably, save the login identifier into the second data structure;

The fifth judging unit is used to judge whether the condition for generating the PIN code is legal when the first judging unit judges yes, and returns an error message when judging no;

In this embodiment, the fifth judging unit is specifically used to judge whether the session PIN code and the length of the session PIN code in the parameters of the fourth function are empty, and if so, return an error message;

The sixth judging unit is used to judge whether the login status of the fingerprint key is logged in when the fifth judging unit judges yes;

In this embodiment, the sixth judging unit is specifically used to judge whether the login flag stored in the second data structure is set, if yes, the fingerprint key is in the logged-in state, otherwise the fingerprint key is in the unregistered state;

A pop-up prompt unit is used to pop up a fingerprint verification prompt box according to the login interface window handle saved by the third operation module when the sixth judging unit judges as No, prompting the user to input the fingerprint on the fingerprint key for verification; If the fingerprint verification is passed, the fingerprint key sets its current state as fingerprint verification passed, and returns verification success information to the device; if the fingerprint key fails to pass the input fingerprint verification, the fingerprint key sets its current state as fingerprint verification failed, and returns verification to the device failure message;

In this embodiment, the pop-up prompt unit is specifically used to pop up a fingerprint verification prompt box according to the saved login interface window handle, and send a fingerprint verification instruction to the fingerprint key, and when the fingerprint key receives the fingerprint input by the user, judge the received fingerprint Whether it is consistent with the internally stored fingerprint, if so, the fingerprint key sets its current status as fingerprint verification passed, and returns verification success information to the device; otherwise, the fingerprint key sets its current status as fingerprint verification failed, and returns verification failure information to the device;

The receiving unit is used to receive the verification success information or the verification failure information returned by the fingerprint key;

The seventh judging unit is used to judge whether the verification of the fingerprint key is successful according to the information returned by the fingerprint key received by the receiving unit, if so, the login status of the fingerprint key is set as logged in, otherwise an error message is returned;

In this embodiment, the seventh judging unit is specifically used to judge whether the fingerprint key is verified successfully according to the information returned by the fingerprint key received by the receiving unit. If the information is verification failure information, an error message is returned; preferably, the login ID in this embodiment is stored in the second data structure;

A saving unit is generated, configured to generate and save the session PIN code when the sixth judging unit and/or the seventh unit judges yes, save the login time, and return success information.

In this embodiment, the generation and storage unit is specifically used to obtain the generation function according to the function pointer in the parameter of the fourth function, generate a corresponding session PIN code through the generation function, save the session PIN code and login time, and return success information; preferably , generating a saving unit to save the session PIN code and login time in the second data structure;

The fifth operation module 305 is used to send the data to be signed to the fingerprint key. The fingerprint key checks whether its current state is that the fingerprint verification has passed. If so, the fingerprint key uses the parameters of the fifth function to locate the signature private key and signature algorithm, and uses the The private key performs operations on the data to be signed according to the signature algorithm to generate credential information required for logging in to the operating system, and the fifth operation module is also used to return the credential information to the operating system; otherwise, end the operation.

The device in this embodiment may also include a first operating module, which prompts the user to insert the fingerprint key when the operating system receives the login trigger information; if the operating system detects that the fingerprint key is inserted, obtains all user certificates in the fingerprint key and display, prompting the user to select the certificate used for login, and triggering the first operation module when the operating system receives the certificate used for login selected by the user; the first operation module is used to return the function address list to the operating system, and the operating system The second function, the third function, the fourth function and the fifth function are respectively called according to the second function address, the third function address, the fourth function address and the fifth function address in the function address list. In this embodiment, the first operation module is specifically used to initialize the first data structure, obtain the address of the second function, the address of the third function, the address of the fourth function, and the address of the fifth function, create the second data structure and store the second data The structure is saved into the first data structure. Preferably, the second function address, the third function address, the fourth function address, and the fifth function address are the second function pointer, the third function pointer, the fourth function pointer, and the fifth function pointer.

In the technical solution of the present invention, by using the external verification password mode in the Window function, the fingerprint verification is used instead of the PIN verification, and only the Windows function of the manufacturer needs to be modified to pop up the fingerprint prompt box instead of the PIN code box, so that the fingerprint Key can be used directly in the Windows system. Normal use, user-friendly.

The above is only a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto, any changes or variations that can be easily conceived by those skilled in the art within the technical scope disclosed in the present invention Replacement should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.

Claims (29)

1. a kind of method logged in using fingerprint key characterized by comprising

When second function is called, device obtains login authentication mode, and the login authentication mode is returned to operation system System；

When third function is called, described device obtains the login authentication mode in the third function parameter, and judges institute State whether login authentication mode is external certificate mode, be, described device obtains the login interface in the third function parameter Window handle simultaneously saves, and the third function is return success, and otherwise the third function returns to error message；

When the 4th function is called, described device pops up fingerprint authentication prompting frame according to the login interface window handle of preservation, Prompt user inputs fingerprint on fingerprint key and verifies, and as being verified, the fingerprint key is arranged itself current state and is Fingerprint authentication has passed through, and the fingerprint key as described in verify not by if is arranged itself current state and does not pass through for fingerprint authentication；

When the 5th function is called, data to be signed are sent to the fingerprint key by described device, and the fingerprint key is checked Whether itself current state is that fingerprint authentication has passed through, and is parameter positioning signature private key and signature then using the 5th function Algorithm carries out operation to the data to be signed according to the signature algorithm using the signature private key and generates register system The authority information is returned to the operating system by required authority information, the 5th function, otherwise end operation；

When the 4th function is called, described device pops up fingerprint authentication prompting frame according to the login interface window handle of preservation, Prompt user inputs fingerprint on the fingerprint key and verifies, and as being verified, itself current shape is arranged in the fingerprint key State is that fingerprint authentication has passed through, and the fingerprint key as described in verifying not if is arranged itself current state and does not pass through for fingerprint authentication, It specifically includes:

Step A1: when the 4th function is called, it is to then follow the steps that described device, which judges whether to need to generate session PIN code, A6, it is no to then follow the steps A2；

Step A2: described device judges whether to need to be logged in using session PIN code, is to then follow the steps A3, otherwise described 4th function returns to error message；

Step A3: described device judges whether to preserve legal session PIN code, is to then follow the steps A4, otherwise the described 4th Function returns to error message；

Step A4: described device judges whether the fingerprint key logs in effectively, is to then follow the steps A5, otherwise the 4th letter Number returns to error message；

Step A5: the logging state of described device setting fingerprint key is to have logged in, and the 4th function is return success；

Step A6: described device judges whether the condition for generating PIN code is legal, is to then follow the steps A7, otherwise the 4th letter Number returns to error message；

Step A7: described device judges whether the logging state of the fingerprint key is to have logged in, and is to then follow the steps A10, otherwise Execute step A8；

Step A8: described device pops up fingerprint authentication prompting frame according to the login interface window handle of preservation, prompts user It inputs fingerprint on the fingerprint key to be verified, fingerprint as described in if fingerprint authentication of the fingerprint key to input passes through It is that fingerprint authentication has passed through that itself current state, which is arranged, in key, is proved to be successful information to described device return, such as fingerprint key The fingerprint authentication of input is not passed through, it is that fingerprint authentication does not pass through that itself current state, which is arranged, in the fingerprint key, gives the dress It sets and returns to authentication failed information；

Step A9: described device judges whether the fingerprint key verifies into according to the information that the fingerprint Key received is returned Function is that the logging state of fingerprint key is arranged to have logged in, and executes step A10, otherwise the 4th function returns to mistake letter Breath；

Step A10: described device generates session PIN code and saves, and saves login time, and the 4th function, which returns, successfully to be believed Breath.

2. the method as described in claim 1, which is characterized in that before the second function is called, further includes:

When the operating system receives login triggering information, user is prompted to be inserted into fingerprint key；As the operating system detects To when fingerprint key insertion, obtains all user certificates in the fingerprint key and show, user's selection is prompted to carry out login institute The certificate used, when the operating system receive user selection carry out log in used in certificate when call first function；

When the first function is called, function address list is returned to the operating system, the operation by described device System is respectively according to the second function address in the function address list, third function address, the 4th function address and the 5th Function address calls the second function, the third function, the 4th function and the 5th function.

3. the method as described in claim 1, which is characterized in that described device obtains login authentication mode specifically: the dress It sets and sets the first preset value for the external PIN code verification mode in the second function parameter.

4. the method as described in claim 1, which is characterized in that the described device in the step A1 judges whether to need to generate Session PIN code includes: that described device judges that the verifying in PIN code mark in the 4th function parameter identifies whether set, It is to need to generate session PIN code, does not otherwise need to generate session PIN code.

5. the method as described in claim 1, which is characterized in that the step A2 includes: that described device judges the 4th letter The login banner in PIN code mark in number parameters whether set, be to then follow the steps A3, otherwise the 4th function returns wrong False information.

6. the method as described in claim 1, which is characterized in that the step A3 includes: that described device judges the 4th letter Whether have whether the session PIN code length in session PIN code and the parameter is equal to preset length in several parameters, is to execute Step A4, otherwise the 4th function returns to error message.

7. the method as described in claim 1, which is characterized in that the step A4 includes: that described device judges that current time subtracts It goes whether the login time saved is less than preset value, is to then follow the steps A5, otherwise the 4th function returns to error message.

8. the method as described in claim 1, which is characterized in that the step A5 includes: described device by login banner set And save, the 4th function is return success.

9. the method as described in claim 1, which is characterized in that the step A6 includes: that described device judges the 4th letter Whether session PIN code and session PIN code length in several parameters are sky, are that then the 4th function returns to error message, It is no to then follow the steps A7.

10. the method as described in claim 1, which is characterized in that the step A7 includes: the login that described device judgement saves It identifies whether set, is to then follow the steps A10, it is no to then follow the steps A8.

11. the method as described in claim 1, which is characterized in that the step A8 includes: described device according to preservation Login interface window handle pops up fingerprint authentication prompting frame, and sends fingerprint authentication instruction to the fingerprint key, when the fingerprint When key receives the fingerprint of user's input, judge whether the fingerprint received is consistent with the fingerprint that inside saves, and is the then finger It is that fingerprint authentication has passed through that itself current state, which is arranged, in line key, is proved to be successful information to described device return, otherwise the fingerprint It is that fingerprint authentication does not pass through that itself current state, which is arranged, in key, returns to authentication failed information to described device.

12. the method as described in claim 1, which is characterized in that the step A9 includes: described device according to the institute received The information for stating fingerprint Key return judges whether the fingerprint key is proved to be successful, if the information received is to be proved to be successful information The fingerprint key is proved to be successful, and by login banner set, executes step A10, if the information received is authentication failed information 4th function returns to error message.

13. the method as described in claim 1, which is characterized in that the step A10 includes: described device according to the described 4th Function pointer in function parameter obtains generating function, corresponding session PIN code is generated by the generating function, described in preservation Session PIN code and login time, the 4th function are return success.

14. the method as described in claim 1, which is characterized in that the fingerprint key is positioned using the parameter of the 5th function Signature private key and signature algorithm include: the fingerprint key respectively according to the container index and label in the parameter of the 5th function Name algorithm mark obtains signature private key and signature algorithm in corresponding container.

15. the method as described in claim 1, which is characterized in that the method also includes: when the operating system receives institute After stating authority information, the authority information is verified using the certificate that user selects, if being proved to be successful, allows to log in, such as Authentication failed is then refused to log in.

16. method as claimed in claim 15, which is characterized in that the certificate selected using user is to the authority information Carrying out verifying includes: that the public signature key in certificate that the operating system is selected using the user carries out the authority information Decryption carries out Hash calculation to the data to be signed, judges Hash calculation result and decrypts the result is that no consistent, is to verify Succeed, otherwise authentication failed.

17. a kind of device logged in using fingerprint key, which is characterized in that operate mould including the second operation module, third Block, the 4th operation module and the 5th operation module；

Second operation module returns to operating system for obtaining login authentication mode, and by the login authentication mode；

The third operation module for obtaining the login authentication mode in third function parameter, and judges the login authentication Whether mode is external certificate mode, is the login interface window handle obtained in the third function parameter and saves, returns Successful information is returned, error message is otherwise returned；

4th operation module, the login interface window handle for being saved according to the third operation module pop up fingerprint inspection Prompting frame is demonstrate,proved, prompts user to input fingerprint on fingerprint key and verifies, such as fingerprint key is logical to the fingerprint authentication of input It crosses, it is that fingerprint authentication has passed through that itself current state, which is arranged, in the fingerprint key, such as fingerprint authentication of the fingerprint key to input It is that fingerprint authentication does not pass through that itself current state, which is not arranged, by the then fingerprint key；

5th operation module, for data to be signed to be sent to the fingerprint key, the fingerprint key checks that itself works as Whether preceding state is that fingerprint authentication has passed through, and is that then fingerprint key is calculated using the parameter positioning signature private key and signature of the 5th function Method carries out operation to the data to be signed according to the signature algorithm using the signature private key and generates register system institute The authority information needed, the 5th operation module are also used to the authority information returning to the operating system, otherwise terminate Operation；

4th operation module includes:

First judging unit, for judging whether to need to generate session PIN code when the 4th function is called；

Second judgment unit, for when first judging unit is judged as NO, judge whether to need using session PIN code into Row logs in, and returns to error message when the judgment is no；

Third judging unit preserves legal session PIN for judging whether when the second judgment unit is judged as YES Code, returns to error message when the judgment is no；

4th judging unit, for judging whether the fingerprint key is logged in when the third judging unit is judged as YES Effect, returns to error message when the judgment is no；

First setting unit, for when the 4th judging unit is judged as YES, the logging state of setting fingerprint key to be to have stepped on Record, returns success；

5th judging unit, for when first judging unit is judged as YES, judging whether the condition for generating PIN code closes Method returns to error message when the judgment is no；

6th judging unit, for when the 5th judging unit is judged as YES, judging that the logging state of the fingerprint key is No is to have logged in；

Prompt unit is popped up, for being saved according to the third operation module when the 6th judging unit is judged as NO The login interface window handle pops up fingerprint authentication prompting frame, prompts user to input fingerprint on the fingerprint key and tests Card；The fingerprint key to the fingerprint authentication of input if as described in fingerprint key be arranged itself current state be fingerprint authentication Pass through, is proved to be successful information to described device return, fingerprint as described in if the fingerprint key does not pass through the fingerprint authentication of input It is that fingerprint authentication does not pass through that itself current state, which is arranged, in key, returns to authentication failed information to described device；

Receiving unit is proved to be successful information or authentication failed information for receive that the fingerprint key returns；

7th judging unit, the information that the fingerprint key for being received according to the receiving unit is returned judge the finger Whether line key is proved to be successful, and is, the logging state that fingerprint key is arranged is to have logged in, and otherwise returns to error message；

Storage unit is generated, for generating session PIN when the 6th judging unit and/or the 7th judging unit are judged as YES Code simultaneously saves, and saves login time, returns success.

18. device as claimed in claim 17, which is characterized in that further include the first operation module；

When the operating system receives login triggering information, user is prompted to be inserted into fingerprint key；As the operating system detects To when fingerprint key insertion, obtains all user certificates in the fingerprint key and show, user's selection is prompted to carry out login institute The certificate used, when the operating system receive user selection carry out log in used in certificate when trigger it is described first behaviour Make module；

First operation module is used to function address list returning to the operating system, operating system basis respectively Second function address, third function address, the 4th function address and the 5th function address in the function address list are called The second function, the third function, the 4th function and the 5th function.

19. device as claimed in claim 17, which is characterized in that second operation module is specifically used for joining second function External PIN code verification mode in number is set as the first preset value, and the external PIN code verification mode of the first preset value is returned To the operating system.

20. device as claimed in claim 17, which is characterized in that first judging unit is specifically used for judging the described 4th The verifying in PIN code mark in function parameter identifies whether set, is to need to generate session PIN code, does not otherwise need to give birth to At session PIN code.

21. device as claimed in claim 17, which is characterized in that the second judgment unit is specifically used for judging the described 4th The login banner in PIN code mark in function parameter whether set, return to error message when the judgment is no.

22. device as claimed in claim 17, which is characterized in that the third judging unit is specifically used for judging the described 4th Whether have whether the session PIN code length in session PIN code and the parameter is equal to preset length in the parameter of function, works as judgement Error message is returned when being no.

23. device as claimed in claim 17, which is characterized in that the 4th judging unit is specifically used for judging current time Whether the login time for subtracting preservation is less than preset value, returns to error message when the judgment is no.

24. device as claimed in claim 17, which is characterized in that first setting unit is specifically used for setting login banner Position simultaneously saves, and returns success.

25. device as claimed in claim 17, which is characterized in that the 5th judging unit is specifically used for judging the described 4th Whether session PIN code and session PIN code length in the parameter of function are sky, are to return to error message.

26. device as claimed in claim 17, which is characterized in that the 6th judging unit is specifically used for stepping on for judgement preservation Record identifies whether set, is that then fingerprint key is in logging state, otherwise fingerprint key is in and is not logged in state.

27. device as claimed in claim 17, which is characterized in that the pop-up prompt unit is specifically used for stepping on according to preservation It records interfaces windows handle and pops up fingerprint authentication prompting frame, and send fingerprint authentication instruction to the fingerprint key, when the fingerprint When key receives the fingerprint of user's input, judge whether the fingerprint received is consistent with the fingerprint that inside saves, and is the then finger It is that fingerprint authentication has passed through that itself current state, which is arranged, in line key, is proved to be successful information to described device return, otherwise the fingerprint It is that fingerprint authentication does not pass through that itself current state, which is arranged, in key, returns to authentication failed information to described device.

28. device as claimed in claim 17, which is characterized in that the 7th judging unit is specifically used for according to the reception The information that the fingerprint key that unit receives is returned judges whether the fingerprint key is proved to be successful, and the information such as received is It is described to be proved to be successful information then for login banner set, wrong letter is returned if the information received is the authentication failed information Breath.

29. device as claimed in claim 17, which is characterized in that the generation storage unit is specifically used for according to the described 4th Function pointer in the parameter of function obtains generating function, generates corresponding session PIN code by the generating function, saves institute Session PIN code and login time are stated, is return success.