Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The invention relates to three fingerprint mouse keys: 1. fingerprint key. The method comprises the steps of generating in the process of registering a fingerprint by a fingerprint mouse, wherein a private key is stored in a trusted safety environment of equipment and is used for signing in an authentication flow; the public key is transmitted to the server for signature verification in the authentication process. 2. A device key. Preset in the fingerprint mouse device on the production line by the device manufacturer. In the fingerprint registration process, a private key is used for signing a public key of the fingerprint, and a public key certificate is used for verifying and signing by a server side. 3. Transaction key. The device manufacturer presets the device in the fingerprint mouse device on the production line, and neither the private key nor the public key can be read externally. In the process of binding and modifying the PIN code, the transaction code is generated by encrypting after the fingerprint is verified, and the code is decrypted and verified to be legal when the PIN code is input.
Fig. 1 is a flowchart of a fingerprint mouse-based authentication method according to an embodiment of the present invention, where the method may be performed by a fingerprint mouse-based authentication system, and the fingerprint mouse-based authentication system may be implemented in hardware and/or software, and the fingerprint mouse-based authentication system may be configured in an electronic device. For example, the electronic device may be a server or a cluster of servers, or the like.
As shown in fig. 1, the method includes:
step 110, obtaining a user fingerprint, and matching the user fingerprint with a pre-stored fingerprint record.
Wherein the user fingerprint may be characteristic information of the user fingerprint. The fingerprint record can be fingerprint association information which is collected and stored in advance by a fingerprint mouse and comprises a fingerprint ID, an account number and a fingerprint private key, wherein the fingerprint private key is generated according to the characteristic information of the user fingerprint. It should be noted that, after the fingerprint mouse collects the user fingerprint, a corresponding public and private key pair is generated according to the characteristic information of the user fingerprint.
Specifically, the fingerprint mouse collects the characteristic information of the user fingerprint through the fingerprint sensing area, performs matching calculation on the characteristic information of the user fingerprint and the fingerprint record stored locally in advance, and if matching is successful, executes step 120.
Before the user fingerprint is acquired and matched with the pre-stored fingerprint record, the method further comprises the following steps:
the client sends a first fingerprint registration request to the server; the server generates a verification record according to the first fingerprint registration request and sends first return information to the client; the client sends a second fingerprint registration request to the fingerprint mouse after receiving the first return information; the fingerprint mouse collects the user fingerprint after receiving the second fingerprint registration request, generates a fingerprint record according to the user fingerprint, stores the fingerprint record in a trusted environment of the equipment, and sends second return information to the client; the client sends the second return information to the server; and the server verifies the second returned information according to the verification record.
The first fingerprint registration request may include an account number and device information. The verification record may include a challenge value, an account number, and device information, where the challenge value is randomly generated by the server according to the first fingerprint registration request. The first return information may include a challenge value, an account number, servData. The second fingerprint registration request may include a challenge value, an account number, servData. The device trusted environment is that the fingerprint mouse is provided with SE and TPM safety chip has external unreadable memory space, and when the fingerprint mouse interacts with other device modules, the SE safety chip encrypts and transmits the key pair generated by specific fingerprint. The second return information comprises a fingerprint ID, a fingerprint public key, a challenge value, servData and a signature, wherein the signature is generated by using a device private key built in the device after other fields in the second return information execute hash.
Specifically, the user can log in the management background through any safe and reliable mode, and fingerprint input is performed through the client. And the client, the server and the fingerprint mouse can verify by sending request and return information, and if the verification is passed, the fingerprint input is successful.
The obtaining the user fingerprint, matching the user fingerprint with a pre-stored fingerprint record, includes:
The client sends a first fingerprint authentication request to the server; the server side sends third return information to the client side according to the first fingerprint authentication request; the client receives the third return information and then sends a second fingerprint authentication request to the fingerprint mouse; and the fingerprint mouse collects the user fingerprint after receiving the second fingerprint authentication request and performs matching calculation with a locally stored fingerprint record.
Wherein the first fingerprint authentication request comprises an account number and device information. The third return information includes challenge value, account number, whether to verify PIN, and servData. The second fingerprint authentication request includes a challenge value, an account number, whether to verify the PIN, and servData.
Specifically, after the client acquires the device information from the fingerprint mouse, a fingerprint authentication request { account number, device information } is initiated to the server. The server generates a random number challenge value, performs hash on { challenge value, account number, equipment information, whether PIN code is verified }, generates servData by signature, and caches records: challenge value = > { account number, device information, whether PIN is verified }. The server returns { challenge value, account number, whether to verify PIN, servData }, to the client. And after receiving the return information, the client prompts the user to touch and press the fingerprint module of the mouse to verify the fingerprint. The client initiates a fingerprint authentication request { challenge value, account number, whether to verify PIN, servData } to the fingerprint mouse, the fingerprint mouse collects fingerprint feature information after receiving the request, searches all locally stored fingerprint records of the account number to perform matching calculation, if the matching fingerprint records are found, fingerprint authentication is passed, and step 120 is executed. If no matched fingerprint record is found, the client can prompt the user that the fingerprint matching fails and the fingerprint mouse reacquires the fingerprint.
Step 120, if the matching is successful, acquiring a mouse click signal of the user, and determining a PIN code input by the user according to the mouse click signal of the user and a PIN code encoding rule of a predefined mouse button.
The mouse click signal comprises a left key click, a left key long press, a left key double press, a right key click, a right key long press and a right key double press; the predefined PIN code coding rule of the mouse button comprises the corresponding relation between the mouse click signal and the code and the description of the mouse click signal. The PIN code may be represented by an arabic number, for example: 1,2,3, … ….
After the client sends the fingerprint authentication request to the server, the client receives the returned information about whether to verify the PIN code from the server, if yes, the PIN code is continuously verified.
Illustratively, the predefined PIN code encoding rules for mouse buttons may be as shown in table 1:
TABLE 1
As shown in table 1, the mouse click signals obtained by the user input are in turn: left key click, left key double click, right key long press, left key click, then the corresponding code is: 15641.
specifically, the user may input a mouse click signal after receiving the prompt from the client, and end the input by clicking the middle mouse button. The left and right mouse buttons define 6 different clicking behaviors, and the clicking combination length determines the complexity of the password, for example, the password formed by 6 clicking combinations is 6 in total6 = 46,656 combinations are possible.
If the matching is successful, acquiring a mouse click signal of a user, and determining the PIN code input by the user according to the mouse click signal of the user and a PIN code coding rule of a predefined mouse button, wherein the method further comprises the following steps:
the client sends a first fingerprint binding PIN code request to the server; the server side sends fourth return information to the client side according to the first fingerprint binding PIN code request; the client receives the fourth return information and then sends a third fingerprint authentication request to the fingerprint mouse; the fingerprint mouse collects the user fingerprint after receiving the third fingerprint authentication request and performs matching calculation, and if matching is successful, a mouse click signal is obtained; and the client sends a second fingerprint binding PIN code request to the fingerprint mouse, the fingerprint mouse verifies the second fingerprint binding PIN code request, and if the second fingerprint binding PIN code request passes the verification, the PIN code of the user fingerprint and the modification check code of the PIN code of the user fingerprint are generated according to the mouse click signal.
Wherein the first fingerprint-binding PIN code request includes a fingerprint ID and device information. The fourth return information comprises a challenge value, a fingerprint ID and a server public key, wherein the server public key is a key stored in the server. The third fingerprint authentication request comprises a fingerprint ID. The second fingerprint-binding PIN code request includes a transaction code and a server public key. The modification check code of the PIN code of the user fingerprint is a check code for modifying the PIN code, and may be a 32-bit random number.
Specifically, the user can click the fingerprint binding PIN code operation in the management background on the basis of finishing fingerprint input. After the client acquires the device information from the fingerprint mouse, a fingerprint binding PIN code request { fingerprint ID, device information } is initiated to the server, and the server returns { challenge value, fingerprint ID, server public key }. After receiving the returned information, the client prompts the user to touch and press the fingerprint module of the mouse to verify the fingerprint, and initiates a fingerprint verification request { fingerprint ID } to the fingerprint mouse. And after the fingerprint mouse receives the request, acquiring the user fingerprint and carrying out matching calculation, and after the user fingerprint passes the matching, encrypting { fingerprint ID, generating time (current time) } by using a transaction public key built in the device, and returning the encrypted { fingerprint ID as a transaction code to the client.
The client prompts the user to use left and right mouse keys to input a series of PIN codes by using arbitrary single click, double click and long press signals, and initiates a request { code, server public key } for binding the PIN codes to the fingerprint mouse after the input is completed. The fingerprint mouse decrypts the code by using a transaction private key built in the device to obtain { fingerprint ID, generation time }, and the timeliness of the generation time is checked. After verification, the fingerprint mouse identifies the mouse clicking operation of the user, generates a PIN code of the user fingerprint according to the PIN code coding rule, takes the 32-bit random number as the PINToken, namely the modified verification code of the PIN code of the user fingerprint, and stores the PIN code record { fingerprint ID, PIN code and PINToken } in the equipment trusted environment. The fingerprint mouse sends { fingerprint ID, PINToken, sign } encrypted by the server public key to the client, wherein sign is signed by other fields of the message using the fingerprint private key. The client side transmits the returned information to the server side. The server uses the fingerprint public key to check the signature, then uses the private key of the server to decrypt to obtain the PINToken, and updates the record { fingerprint ID, fingerprint public key, account number, PINToken }. The server returns the successful binding PIN code.
And 130, matching the PIN code input by the user with the PIN code of the user fingerprint, and if the matching is successful, passing the authentication.
The PIN code of the user fingerprint refers to the PIN code corresponding to the fingerprint ID in the local storage.
The matching the PIN code input by the user with the PIN code of the user fingerprint comprises the following steps:
and the client sends a first PIN code authentication request to the fingerprint mouse, the fingerprint mouse verifies the received first PIN code authentication request, and if the verification is passed, the PIN code input by the user is obtained, and the PIN code input by the user is matched with the PIN code of the fingerprint of the user.
The first PIN code authentication request comprises a code, a challenge value, an account number, whether to verify PIN and servData.
Specifically, a fingerprint private key is used to generate a signature sign for a hash { challenge value, account number, whether to verify PIN, servData }. Then, the { fingerprint ID, the generation time (current time), sign } encryption is returned as a transaction code using the transaction public key pair built in the device. The client prompts the user to input the PIN code by using the mouse and ends with the middle key. The client initiates a PIN code authentication request { code, challenge value, account number, whether to verify PIN, servData } to the fingerprint mouse. The fingerprint mouse decrypts the code by using a transaction private key built in the device to obtain { fingerprint ID, generation time, sign }, and verifies the timeliness of the generation time, for example: whether or not more than one minute. For the input parameters { challenge value, account number, whether to verify PIN, servData } use fingerprint public key to verify signature. And finally, the fingerprint mouse collects the input PIN code and matches the PIN code corresponding to the fingerprint ID.
If the user forgets the PIN code, the user can execute modification operation on the PIN code after logging in the management background. The management background authenticates the identity of the operator, namely the fingerprint and the PIN code owner, in a trusted and safe mode such as face brushing authentication, and requests the fingerprint mouse to modify the PIN code by taking PINToken returned by the fingerprint mouse when the PIN code is bound as a modification certificate. The specific method comprises the following steps:
the client sends a first fingerprint PIN code modification request to the server; the server side sends fifth return information to the client side according to the first fingerprint PIN code modification request; the client receives the fifth return information and then sends a fourth fingerprint authentication request to the fingerprint mouse; the fingerprint mouse collects the user fingerprint and performs matching calculation after receiving a fourth fingerprint authentication request, and if matching is successful, a new mouse click signal is obtained; and the client sends a second fingerprint PIN code modification request to the fingerprint mouse, the fingerprint mouse verifies the received second fingerprint PIN code modification request, and if the verification is passed, the fingerprint mouse generates a PIN code of a new user fingerprint and a modification check code of the PIN code of the new user fingerprint according to the new mouse click signal.
Wherein the first fingerprint PIN code modification request comprises a fingerprint ID and device information. The fifth return information includes challenge value, fingerprint ID, server public key, pinkey encrypted by fingerprint public key. The fourth fingerprint authentication request comprises a fingerprint ID. The second fingerprint PIN code modification request comprises a code, a server public key and a PINToken encrypted by the fingerprint public key.
Specifically, the user logs in the management background by using a trusted and safe mode such as face brushing fingerprint and the like, clicks and selects the fingerprint bound with the PIN code in the management background, and initiates the operation of modifying the PIN code. And the client initiates a fingerprint PIN code modification request { fingerprint ID and equipment information } to the server after acquiring the equipment information from the fingerprint mouse. The server returns { challenge value, fingerprint ID, server public key, fingerprint public key encrypted PINToken }, to the client. After receiving the return information, the client prompts the user to touch and press a fingerprint module of the mouse to verify the fingerprint, initiates a fingerprint verification request { fingerprint ID } to the fingerprint mouse, collects the user fingerprint and completes matching calculation, and after the user passes the matching calculation, the transaction public key built in the device is used for encrypting { fingerprint ID, and the generated time (current time) } is used as the transaction code to return.
The client prompts the user to use the left and right mouse keys to input a PIN code with the length of 6 bits by combination of single click, double click and long press, and after the input is finished, the client initiates a request { code, a server public key and a fingerprint public key encrypted PINToken } to the fingerprint mouse. The fingerprint mouse decrypts the code by using a transaction private key built in the device to obtain { fingerprint ID, generation time }, and the timeliness of the generation time is checked. And decrypting by using the fingerprint private key to obtain the PINToken, and confirming the PINToken to be consistent with the PINToken stored by the PINToken. The fingerprint mouse identifies the mouse clicking operation of the user, generates a PIN code of the fingerprint and a 32-bit random number as a new PINToken according to the PIN code coding rule, and stores the PIN code record { fingerprint ID, PIN code, PINToken } in the equipment trusted environment. And returning { fingerprint ID, encrypted PINToken, sign }, wherein PINToken is encrypted by using a public key of a server side, and sign is signed by other fields of the message by using a fingerprint private key. The client side transmits the returned information to the server side. The server uses the public key of the fingerprint mouse to verify the signature, then uses the private key of the server to decrypt to obtain the PINToken, and updates the record { account number, fingerprint ID, PINToken }. And the server returns success of modifying the PIN code.
In the embodiment, a user fingerprint is obtained and matched with a pre-stored fingerprint record; if the matching is successful, acquiring a mouse click signal of a user, and determining a PIN code input by the user according to the mouse click signal of the user and a PIN code coding rule of a predefined mouse button; and matching the PIN code input by the user with the PIN code of the user fingerprint, and if the matching is successful, passing the authentication. According to the technical scheme, the PIN code is added to serve as double-factor authentication on the basis of fingerprint authentication, so that the fingerprint can be prevented from being falsely used, the PIN code is input by the mouse instead of being input by the keyboard without an external operation system, trojan monitoring can be effectively prevented, the PIN code is stored in the fingerprint mouse instead of the server, loss caused by the fact that a database is broken can be effectively avoided, and the fingerprint mouse is guaranteed by a TEE, SE, TPM and other security chips from hardware, so that the fingerprint key pair and the PIN code can not be read and broken. Meanwhile, the PIN code is stored in the fingerprint mouse, so that the link of transmitting the PIN code to a server is omitted, and the risk of theft of the PIN code in the transmission process is avoided. In addition, the problem that fingerprint authentication cannot be completed when the server is unavailable because the PIN code is stored in the server can be avoided.
In one embodiment, a process for fingerprint entry is provided. Fig. 2 is a flowchart of fingerprint input provided in an embodiment of the present invention, where the fingerprint mouse-based authentication method is further refined based on the above embodiment. As shown in fig. 2, before the acquiring the user fingerprint and matching the user fingerprint with the pre-stored fingerprint record, the method further includes:
step 201, the client acquires device information from the fingerprint mouse.
Step 202, the fingerprint mouse returns the device information to the client.
Step 203, the client sends a first fingerprint registration request { account number, device information } to the server.
Step 204, the server generates a random challenge value, generates a signature servData using a key pair { account number, device information } built in the server, and caches the record: challenge value = > { servData }.
Step 205, the server sends first return information { challenge value, account number, servData } to the client.
Step 206, the client prompts the user to touch and press the mouse to input the fingerprint.
Step 207, the client sends a second fingerprint registration request { challenge value, account number, servData } to the fingerprint mouse.
And step 208, the fingerprint mouse completes fingerprint characteristic information acquisition and calculation, and a fingerprint public and private key pair is generated.
Step 209, the fingerprint mouse stores the fingerprint record { fingerprint ID, account number, fingerprint private key } in the trusted environment of the device.
Step 210, the fingerprint mouse sends second return information { fingerprint ID, fingerprint public key, challenge value, account number, servData, device information, signature }, wherein the signature is generated by using a device private key built in the device after performing hash for other fields in the return message.
Step 211, the client forwards the second return information to the server as a fingerprint registration completion request.
Step 212, the server uses the certificate public key of the fingerprint mouse to verify and sign the second returned information.
Step 213, the server loads the record from the cache: challenge value= > { servData }, comparing whether cached servData is consistent with servData of request parameters, then using a built-in key of a server to check whether the request parameters { account number, device information } are consistent with servData, and deleting the cache after the check passes. The relation between the record { fingerprint ID, fingerprint public key, account } is saved.
It should be noted that, the signature verification includes four aspects: verifying whether the device information is consistent, namely ensuring that the registration request and the actually executed device are the same fingerprint mouse; verifying whether the challenge values are consistent, namely ensuring that the challenge values are responses corresponding to the requests; verifying whether parameters (account numbers) are consistent, namely ensuring that the account numbers of the fingerprint binding request issued by the server are consistent with the account numbers of the actual binding execution of the mouse; verifying whether the servData of the challenge value cache is consistent with the response to prevent the parameter from being tampered with.
Step 214, the server returns the successful fingerprint input to the client.
In one embodiment, a PIN code entry process for a user fingerprint is provided. Fig. 3 is a flowchart of PIN code entry of a user fingerprint according to an embodiment of the present invention, where the authentication method based on a fingerprint mouse is further refined based on the above embodiment. As shown in fig. 3, before the user's mouse click signal is obtained if the matching is successful and the PIN code input by the user is determined according to the user's mouse click signal and the predefined PIN code encoding rule of the mouse button, the method further includes:
step 301, the client acquires device information from the fingerprint mouse.
Step 302, the fingerprint mouse returns the device information to the client.
Step 303, the client initiates a first fingerprint binding PIN code request { fingerprint ID, device information } to the server.
Step 304, the server sends fourth return information { challenge value, fingerprint ID, server public key }, to the client.
In step 305, the client prompts the user to press the mouse to verify the fingerprint.
Step 306, the client sends a third fingerprint authentication request { fingerprint ID } to the fingerprint mouse.
Step 307, the fingerprint mouse collects the user fingerprint and completes the matching calculation, after the matching is successful, the transaction public key built in the device is used for encrypting { fingerprint ID, generating time (current time) } as a transaction code and returning the transaction code to the client.
Step 308, the fingerprint mouse returns the code to the client.
Step 309, the client prompts the user to input a string of PIN codes by using left and right mouse keys, and ends with a middle key.
Step 310, the client initiates a second fingerprint binding PIN code request { code, server public key } to the fingerprint mouse.
And 311, decrypting the code by using a transaction private key built in the device by the fingerprint mouse to obtain { fingerprint ID, generation time }, and checking the timeliness of the generation time.
Step 312, after verification, the fingerprint mouse recognizes the mouse click signal input by the user, and generates a PIN code of the user fingerprint and a 32-bit random number as the pinkey, i.e. the PIN code of the user fingerprint modifies the verification code. And stores the PIN record { fingerprint ID, PIN code, pintken }, in the trusted environment of the device.
Step 313, the fingerprint mouse returns a message { fingerprint ID, a server public key encrypted pinkey, sign }, to the client, where sign is signed by other fields of the message using a fingerprint private key.
Step 314, the client transmits the returned message to the server.
Step 315, the server uses the fingerprint public key to verify the signature, then uses the private key of the server to decrypt to obtain the PINToken, and updates the record { fingerprint ID, fingerprint public key, account number, PINToken }.
Step 316, the server returns the successful binding PIN code to the client.
In one embodiment, a PIN code modification procedure for a user fingerprint is provided. Fig. 4 is a flowchart of PIN code modification of a user fingerprint according to an embodiment of the present invention, where the authentication method based on a fingerprint mouse is further refined based on the above embodiment. As shown in fig. 4, the method further includes:
step 401, the client acquires device information from the fingerprint mouse.
Step 402, the fingerprint mouse returns device information to the client.
Step 403, the client sends a first fingerprint PIN code modification request { fingerprint ID, device information }, to the server.
Step 404, the server sends fifth return information { challenge value, fingerprint ID, server public key, fingerprint public key encrypted pinkey }, to the client.
Step 405, the client prompts the user to touch and press the mouse to verify the fingerprint.
Step 406, the client sends a fourth fingerprint authentication request { fingerprint ID } to the fingerprint mouse.
Step 407, the fingerprint mouse collects the user fingerprint and completes the matching calculation, and after the matching is successful, the transaction public key built in the device is used for encrypting { fingerprint ID, generating time (current time) } as a transaction code.
Step 408, the fingerprint mouse returns the code to the client.
Step 409, the client prompts the user to input a string of PIN codes by using left and right mouse keys, and ends with a middle key.
In step 410, the client sends a first PIN code modification request { code, server public key, fingerprint public key encrypted pinkey } to the fingerprint mouse.
Step 411, the fingerprint mouse decrypts the code by using the transaction private key built in the device to obtain { fingerprint ID, generation time }, and verifies the timeliness of the generation time.
And 412, the fingerprint mouse decrypts the fingerprint private key to obtain the PINToken, and the PINToken is compared with the PINToken stored by the fingerprint mouse to confirm consistency.
Step 413, the fingerprint mouse recognizes the mouse click signal of the user to generate a new PIN code and a 32-bit random number of the user fingerprint as a new PINToken, namely the PIN code of the new user fingerprint modifies the check code, and stores the PIN code record { fingerprint ID, PIN code, PINToken } in the trusted environment of the device.
In step 414, the fingerprint mouse returns a message { fingerprint ID, encrypted pinkey, sign }, where the pinkey is encrypted using the server public key and the sign is signed by other fields of the message using the fingerprint private key.
Step 415, the client transmits the returned message to the server.
Step 416, the server uses the public key of the fingerprint mouse to verify the signature, then uses the private key of the server to decrypt to obtain the PINToken, and updates the record { account number, fingerprint ID, PINToken }
In step 417, the server returns success of modifying the PIN code to the client.
In one embodiment, a fingerprint mouse-based authentication procedure is provided. Fig. 5 is a flowchart of another authentication method based on a fingerprint mouse according to an embodiment of the present invention. As shown in fig. 5, the method includes:
step 501, the client acquires device information from the fingerprint mouse.
Step 502, the fingerprint mouse returns device information to the client.
Step 503, the client sends a first fingerprint authentication request { account number, device information } -to the server
Step 504, the server generates a random challenge value, uses a built-in key pair parameter { account number, device information, whether to verify PIN } of the server to generate a signature servData, and caches the record: challenge value
=>{servData}。
Step 505, the server sends third return information { challenge value, account number, whether to verify PIN, servData } to the client.
Step 506, the client prompts the user to touch and press the mouse to verify the fingerprint.
Step 507, the client sends a second fingerprint authentication request { challenge value, account number, whether to verify PIN, servData } to the fingerprint mouse.
And 508, collecting fingerprint characteristic information by a fingerprint mouse, searching all locally stored fingerprint records of the account, performing matching calculation, and finding matched fingerprint records.
Step 509, if the PIN needs to be verified, generating a signature sign on the hash { challenge value, account number, whether to verify the PIN, servData } by using the fingerprint private key. Then, the { fingerprint ID, the generation time (current time), sign } is encrypted as a transaction code using the transaction public key built in the device.
Step 510, the fingerprint mouse returns the code to the client.
Step 511, the client prompts the user to input the PIN code using the mouse, and ends with the middle key.
Step 512, the client sends a first PIN authentication request { code, challenge value, account number, whether to verify PIN, servData } to the fingerprint mouse.
And 513, decrypting the code by using a transaction private key built in the device by the fingerprint mouse to obtain { fingerprint ID, generation time, sign }, and checking the timeliness of the generation time.
Step 514, the fingerprint mouse verifies the input parameter { challenge value, account number, whether to verify PIN, servData } using the fingerprint public key.
Step 515, the fingerprint mouse generates a PIN code according to a mouse click signal input by the user and matches the PIN code of the user fingerprint stored in advance.
Step 516, if the matching is successful, the fingerprint mouse returns a message { fingerprint ID, verification pass, challenge value, account number, whether to verify PIN, device information, servData, sign } to the page/client, where sign is generated by using the fingerprint private key after hash is performed for other fields in the returned message.
Step 517, the client transmits the returned message to the server.
Step 518, the service end uses the fingerprint public key to sign and check; the server loads records from the cache: challenge value = > { servData }. And comparing whether the responding servData is consistent with the cached servData, and then using a built-in key of the server to check whether the request parameters { account number, equipment information, PIN code are consistent with the servData.
Step 519, the server returns authentication pass to the client.
Fig. 6 is a schematic structural diagram of an authentication system based on a fingerprint mouse according to an embodiment of the present invention. The fingerprint mouse-based authentication system may be implemented in hardware and/or software, and may be used to perform the fingerprint mouse-based authentication method of any of the embodiments described above. As shown in fig. 6, the fingerprint mouse-based authentication system comprises:
The client 610 is configured to send a first fingerprint authentication request to a server, obtain third return information sent by the server, and send a second fingerprint authentication request to a fingerprint mouse.
And the server 620 is configured to generate third return information according to the first fingerprint authentication request, and send the third return information to the client.
The fingerprint mouse 630 includes a fingerprint authentication module 631, a PIN code determination module 632, and a PIN code authentication module 633.
The fingerprint authentication module 631 is configured to obtain a user fingerprint, and match the user fingerprint with a pre-stored fingerprint record.
The PIN code determining module 632 is configured to obtain a mouse click signal of a user if the matching is successful, and determine a PIN code input by the user according to the mouse click signal of the user and a predefined PIN code encoding rule of a mouse button.
And the PIN code authentication module 633 is configured to match the PIN code input by the user with the PIN code of the fingerprint of the user, and if the matching is successful, the authentication is passed.
In the embodiment, a user fingerprint is obtained and matched with a pre-stored fingerprint record; if the matching is successful, acquiring a mouse click signal of a user, and determining a PIN code input by the user according to the mouse click signal of the user and a PIN code coding rule of a predefined mouse button; and matching the PIN code input by the user with the PIN code of the user fingerprint, and if the matching is successful, passing the authentication. According to the technical scheme, the PIN code is added to serve as double-factor authentication on the basis of fingerprint authentication, so that the fingerprint can be prevented from being falsely used, the PIN code is input by the mouse instead of being input by the keyboard without an external operation system, trojan monitoring can be effectively prevented, the PIN code is stored in the fingerprint mouse instead of the server, loss caused by the fact that a database is broken can be effectively avoided, and the fingerprint mouse is guaranteed by a TEE, SE, TPM and other security chips from hardware, so that the fingerprint key pair and the PIN code can not be read and broken. Meanwhile, the PIN code is stored in the fingerprint mouse, so that the link of transmitting the PIN code to a server is omitted, and the risk of theft of the PIN code in the transmission process is avoided. In addition, the problem that fingerprint authentication cannot be completed when the server is unavailable because the PIN code is stored in the server can be avoided.
Optionally, before the acquiring the user fingerprint and matching the user fingerprint with the pre-stored fingerprint record, the method further includes:
the client 610 is configured to send a first fingerprint registration request to a server, send a second fingerprint registration request to the fingerprint mouse after receiving the first return information, and send the second return information to the server.
The server 620 is configured to generate a verification record according to the first fingerprint registration request, send first return information to the client, and verify the second return information according to the verification record.
The fingerprint mouse 630 is configured to collect the user fingerprint after receiving the second fingerprint registration request, generate a fingerprint record according to the user fingerprint, store the fingerprint record in a trusted device environment, and send second return information to the client.
Optionally, the fingerprint authentication module 601 includes:
and the matching calculation sub-module is used for collecting the user fingerprint after the fingerprint mouse receives the second fingerprint authentication request and carrying out matching calculation with the locally stored fingerprint record.
Optionally, before the step of obtaining the mouse click signal of the user if the matching is successful and determining the PIN code input by the user according to the mouse click signal of the user and the predefined PIN code encoding rule of the mouse button, the method further includes:
The client 610 is configured to send a first fingerprint binding PIN code request to a server and send a second fingerprint binding PIN code request to the fingerprint mouse.
The server 620 is configured to send a fourth return message to the client according to the first fingerprint binding PIN code request, and send a third fingerprint authentication request to the fingerprint mouse after receiving the fourth return message.
The fingerprint mouse 630 is configured to collect the user fingerprint after receiving the third fingerprint authentication request and perform matching calculation, if matching is successful, obtain a mouse click signal and verify the second fingerprint binding PIN code request, and if verification is passed, generate a PIN code of the user fingerprint and a modification check code of the PIN code of the user fingerprint according to the mouse click signal.
Optionally, the mouse click signal includes a left click, a long click on a left key, a double click on a left key, a single click on a right key, a long click on a right key, and a double click on a right key; the predefined PIN code encoding rule of the mouse button comprises the corresponding relation between the mouse click signal and the code and the description of the mouse click signal.
Optionally, the system further comprises:
the client 610 is configured to send a first fingerprint PIN code modification request to a server; after receiving the fifth return information, sending a fourth fingerprint authentication request to the fingerprint mouse; sending a second fingerprint PIN code modification request to the fingerprint mouse;
The server 620 is configured to send fifth return information to the client according to the first fingerprint PIN code modification request;
the fingerprint mouse 630 further comprises a PIN code changing module;
the PIN code changing module is used for collecting the user fingerprint after receiving the fourth fingerprint authentication request and carrying out matching calculation, and if matching is successful, a new mouse click signal is obtained; and verifying the received second fingerprint PIN code modification request, and if the verification is passed, generating a PIN code of a new user fingerprint and a modification check code of the PIN code of the new user fingerprint by the fingerprint mouse according to the new mouse click signal.
The authentication system based on the fingerprint mouse provided by the embodiment of the invention can execute the method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, fingerprint mice, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 7, the electronic device 10 includes at least one processor 11, and a memory, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, etc., communicatively connected to the at least one processor 11, in which the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data required for the operation of the electronic device 10 may also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
Various components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, etc.; in the case that the electronic device is a fingerprint mouse, the input unit may further include a fingerprint acquisition module. Optionally, an output unit 17 may also be included, such as various types of displays, speakers, etc.; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 11 performs the various methods and processes described above, such as a fingerprint mouse based authentication method.
In some embodiments, the fingerprint mouse-based authentication method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of the fingerprint mouse-based authentication method described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the fingerprint mouse-based authentication method in any other suitable way (e.g. by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.