公开(公告)号：US08707049B2

公开(公告)日：2014-04-22

申请号：US12191332

申请日：2008-08-14

申请人： Zhou Lu ,  Huazhang Yu

发明人： Zhou Lu ,  Huazhang Yu

IPC分类号： G06F21/00

CPC分类号： H04L9/3226

摘要： The present invention discloses an authentication method and a key device and relates to the information security field. The authentication method comprises initiating user authentication, generating a dynamic code and then a first verification code on the basis of the dynamic code, and outputting the dynamic code, by a key device; and receiving a second verification code entered by a user via a host, and collating the second verification code with the first verification code, by the key device, and if a match is found, the user access is authorized to the key device; otherwise, the user access is prohibited. The key device comprises a trigger module, a generator module, an output module, a communication module, a collator module, a controller module and a security module. According to the present invention, better security is achieved by reducing the possibility of sensitive information disclosure and misuse in case of password theft for the key device.

摘要翻译： 本发明公开了一种认证方法和关键装置，涉及信息安全领域。 认证方法包括启动用户认证，基于动态代码生成动态代码，然后生成第一验证码，并通过密钥设备输出动态代码; 并且通过主机接收用户输入的第二验证码，并且通过密钥装置对第二验证码和第一验证码进行核对，并且如果发现匹配，则向密钥装置授权用户访问; 否则禁止用户访问。 关键装置包括触发模块，发生器模块，输出模块，通信模块，整理器模块，控制器模块和安全模块。 根据本发明，通过减少在关键设备的密码盗窃的情况下敏感的信息泄露和滥用的可能性来实现更好的安全性。

公开(公告)号：US08701207B2

公开(公告)日：2014-04-15

申请号：US12866940

申请日：2010-06-25

申请人： Zhou Lu ,  Huazhang Yu

发明人： Zhou Lu ,  Huazhang Yu

IPC分类号： G06F21/00

CPC分类号： G06F1/14 ,  G06F21/10 ,  G06F2221/0711

摘要： The invention, related to information security field, discloses a method for protecting software, and device and system thereof. The method includes that a security device is connected with a terminal device; the security device receives service instruction, determines whether the clock inside the security device is activated, reads the current time of the clock and determines whether the current time is valid; if so, the security device executes the service instruction and returns the executing result to the terminal device; otherwise, the security device returns false result to the terminal device. The invention provides more secure service to the protected software, meanwhile, extends lifetime of the security device.

摘要翻译： 本发明涉及信息安全领域，公开了一种保护软件的方法及其装置和系统。 该方法包括：安全装置与终端装置连接; 安全设备接收服务指令，确定安全设备内的时钟是否被激活，读取当前时钟的时间，并确定当前时间是否有效; 如果是，则安全装置执行服务指令并将执行结果返回到终端装置; 否则，安全设备向终端设备返回虚假结果。 本发明为受保护的软件提供更安全的服务，同时延长安全设备的寿命。

公开(公告)号：US20140082710A1

公开(公告)日：2014-03-20

申请号：US13824666

申请日：2012-12-21

申请人： Feitian Technologies Co., Ltd.

发明人： Zhou Lu ,  Huazhang Yu

IPC分类号： H04L29/06

CPC分类号： H04L63/0838 ,  G06F21/31 ,  H04L9/3228

摘要： A method for authenticating an OTP (one time password) and an instrument therefor, in which the method includes determining whether the OTP token is authenticated successfully, if the OTP token is not authenticated successfully, setting size of an authentication window to be a first predetermined time length and authenticating the obtained OTP according to the authentication window; if the OTP token is authenticated successfully, determining whether the interval between the authentication success time and the current system time is longer than a second predetermined time length, if yes, setting size of the authentication window to be a third predetermined time length and authenticating the obtained OTP according to the authentication window and the authentication success time, in which the third predetermined time length is shorter than the first predetermined time length; otherwise, setting size of the authentication window to be a fourth predetermined time length and authenticating the obtained OTP according to the authentication window and the authentication success time, in which the fourth time length is shorter than the third predetermined time length. The invention can ensure both the authentication success rate and the authentication security.

摘要翻译： 一种用于验证OTP（一次密码）及其工具的方法，其中该方法包括确定OTP令牌是否被成功认证，如果OTP令牌未成功认证，则将认证窗口的大小设置为第一预定 时间长度，并根据认证窗口认证获取的OTP; 如果OTP令牌成功认证，则确定认证成功时间与当前系统时间之间的间隔是否长于第二预定时间长度，如果是，认证窗口的设置大小为第三预定时间长度，并认证 根据认证窗口和认证成功时间获得OTP，其中第三预定时间长度小于第一预定时间长度; 否则，将认证窗口的大小设定为第四预定时间长度，并且根据第四时间长度短于第三预定时间长度的认证窗口和认证成功时间认证所获得的OTP。 本发明可以确保认证成功率和认证安全性。

公开(公告)号：US20130110846A1

公开(公告)日：2013-05-02

申请号：US13808972

申请日：2011-09-21

申请人： Zhou Lu ,  Huazhang Yu

发明人： Zhou Lu ,  Huazhang Yu

IPC分类号： G06F17/30

CPC分类号： G06F16/22 ,  H04L9/3239

摘要： The present invention relates to the field of data processing, and specifically to a method and device for data processing. The method comprises: preprocessing an array-to-be-processed; carrying out by means of a predetermined processing method secondary processing on the array-to-be-processed so as to obtain secondary processing results; acquiring an index number from a predetermined place in the secondary processing results; acquiring from the secondary processing results data from predetermined digits on the basis of the index number; converting the acquired data into decimal data; determining whether the bit length of the decimal data is shorter than a second predetermined length; if shorter, adding zeros in front of the high-order bit of the decimal data until reaching the second predetermined length, and regarding the decimal data thereof as processed data; if not shorter, continuously acquiring data from the second predetermined length starting from the low-order bit of the decimal data and regarding said data as processed data. The processing method is simple, and the processed data is irreversible and therefore can be applied to forms of identification.

摘要翻译： 本发明涉及数据处理领域，具体涉及用于数据处理的方法和装置。 该方法包括：对待处理的数组进行预处理; 通过预定的处理方法对待处理的阵列进行二次处理，以获得二次处理结果; 从二次处理结果中的预定位置获取索引号; 根据索引号从二次处理获得来自预定数字的数据; 将获取的数据转换为十进制数据; 确定十进制数据的位长度是否短于第二预定长度; 如果较短，则在十进制数据的高位位置之前添加零，直到达到第二预定长度，并将其十进制数据作为处理数据; 如果不是更短的话，从十进制数据的低位开始从第二预定长度连续获取数据，并将所述数据作为处理数据。 处理方法简单，处理后的数据是不可逆的，因此可以应用于识别的形式。

公开(公告)号：US20130097419A1

公开(公告)日：2013-04-18

申请号：US13806336

申请日：2012-04-27

申请人： Zhou Lu ,  Huazhang Yu

发明人： Zhou Lu ,  Huazhang Yu

IPC分类号： H04L9/08

CPC分类号： H04L63/08 ,  H04L9/08 ,  H04L63/0435 ,  H04L2463/103

摘要： Provided is a method for accessing e-book data, including: step A: e-book hardware establishes a connection with an electronic device and negotiates a reading key; step B: the electronic device downloads e-book data via a client, specifically is: firstly, the electric device establishes a connection with the client; the client sends a connection establishment request to a server; the server verifies the identification of the electronic device via the client; if the verification is not passed, then the access will be refused; if the verification is passed, then the server uses a downloaded key to encrypt the e-book data and sends the encrypted e-book data to the electronic device via the client; and step C: the electronic hardware establishes a connection with the electronic device, processes the encrypted e-book data using the downloaded key and/or the reading key, and the e-book hardware displays the e-book data. The method provided in the present embodiment not only enables the download and reading of the e-book to be more rapid but also protects the copyright of the e-book.

摘要翻译： 提供了一种用于访问电子书数据的方法，包括：步骤A：电子书硬件建立与电子设备的连接并协商读取密钥; 步骤B：电子设备通过客户端下载电子书数据，具体是：首先，电气设备建立与客户端的连接; 客户端向服务器发送连接建立请求; 服务器通过客户端验证电子设备的标识; 如果验证未通过，则拒绝访问; 如果验证通过，则服务器使用下载的密钥加密电子书数据，并通过客户端将加密的电子书数据发送到电子设备; 步骤C：电子硬件建立与电子设备的连接，使用下载的密钥和/或读取密钥处理加密的电子书数据，并且电子书硬件显示电子书数据。 本实施例中提供的方法不仅可以使电子书的下载和阅读更加快速，而且可以保护电子书的版权。

公开(公告)号：US20130031277A1

公开(公告)日：2013-01-31

申请号：US13640997

申请日：2011-09-15

申请人： Zhou Lu ,  Huazhang Yu

发明人： Zhou Lu ,  Huazhang Yu

IPC分类号： G06F3/00

CPC分类号： G06F9/4411

摘要： The invention provides a method for identifying version type of a Windows operating system on a host by USB device, relating to operating system field and including steps: A, USB device is powered on and initialized; B, the USB device performs USB enumeration, determines whether a first predetermined instruction is received in process of USB enumeration, if yes, determines the operating system is a first operating system and goes to Step D, if no, goes to C; C, the USB device determines the device type returned in process of USB enumeration, if it is a CCID device, determines whether the received instruction includes a second predetermined instruction, if yes, determines the operating system is a second operating system, if no, determines the operating system is a third operating system; when the device is an SCSI device, the USB device determines whether the second received SCSI instruction is a third predetermined instruction or fourth predetermined instruction, if it is the third predetermined instruction, determines that the operating system is a second operating system, if it is the fourth predetermined instruction, determines that the operating system is a third operating system; D, the USB device establishes communication with the host, waits for instruction sent by the host and returns related information to the host according to the determined type of the host operating system.

摘要翻译： 本发明提供了一种用于通过USB设备识别主机上的Windows操作系统的版本类型的方法，涉及操作系统领域并且包括以下步骤：A，USB设备被通电和初始化; B，USB设备执行USB枚举，确定在USB枚举过程中是否接收到第一预定指令，如果是，则确定操作系统是第一操作系统，并且如果否，则转到步骤D; 如图C所示，USB设备确定USB枚举过程中返回的设备类型，如果是CCID设备，则确定接收到的指令是否包含第二预定指令，如果是，则确定操作系统是第二操作系统，如果否， 确定操作系统是第三个操作系统; 当设备是SCSI设备时，USB设备确定第二接收到的SCSI指令是否是第三预定指令或第四预定指令，如果它是第三预定指令，则确定操作系统是第二操作系统，如果是 第四预定指令确定操作系统是第三操作系统; D，USB设备与主机建立通信，等待主机发送的指令，并根据主机操作系统的确定类型向主机返回相关信息。

公开(公告)号：US20130013095A1

公开(公告)日：2013-01-10

申请号：US13519783

申请日：2012-06-04

申请人： Zhou Lu ,  Huazhang Yu

发明人： Zhou Lu ,  Huazhang Yu

IPC分类号： G06F17/00

CPC分类号： H04L9/0877 ,  H04L9/3231 ,  H04L9/3247

摘要： An audio communication based electronic signature system and a method thereof are provided. The system includes: an audio smart key device including an interface module, a data processing module, a smart key module and a power module; and a terminal including an audio output interface, an audio input interface and an application unit. The interface module of the audio smart key device communicates with the terminal in the form of audio signal and it can perform operations of A/D conversion and modulation and demodulation on the audio signal. In the signing method, the terminal sends an audio signal including important data to the smart key device, the audio smart key device receives and decodes the audio signal, demodulates the decoded data and decrypts the demodulated data, signs the decrypted data, encodes, modulates and encrypts the signature result subsequently, sends the crypted result to the terminal, where the encrypted result is sent to the server for signature verification.

摘要翻译： 提供了一种基于音频通信的电子签名系统及其方法。 该系统包括：包括接口模块，数据处理模块，智能钥匙模块和电源模块的音频智能钥匙装置; 以及包括音频输出接口，音频输入接口和应用单元的终端。 音频智能钥匙装置的接口模块以音频信号的形式与终端通信，可以对音频信号执行A / D转换和调制解调操作。 在签名方法中，终端向智能钥匙装置发送包括重要数据的音频信号，音频智能钥匙装置接收并解码音频信号，对解码后的数据进行解密，对解密的数据进行解密，对解密的数据进行签名，编码，调制 并随后加密签名结果，将加密结果发送给终端，加密结果发送到服务器进行签名验证。

公开(公告)号：US08184872B2

公开(公告)日：2012-05-22

申请号：US12326942

申请日：2008-12-03

申请人： Zhou Lu ,  Huazhang Yu

发明人： Zhou Lu ,  Huazhang Yu

IPC分类号： G06K9/00 ,  G05B19/00 ,  G06F21/00

CPC分类号： G06K9/00006

摘要： The invention relates to a one-time password generating method and an apparatus. The method includes steps of collecting fingerprint images, extracting fingerprint feature data from those fingerprint images, and comparing the fingerprint feature data with one or more pre-stored fingerprint feature templates for authentication. After the authentication is passed, a one-time password is generated by the corresponding fingerprint feature template or a user's secret corresponding to the template. The invention also discloses a one-time password apparatus, including a fingerprint collecting unit, a fingerprint feature extracting unit, a storage unit, a comparison unit, a one-time password generating unit, a control unit, and an output unit. By adding fingerprint authentication function to a one-time password generating apparatus, the invention avoids disadvantages such as no user authentication in the present apparatus, only for a single user, and imitation of the apparatus by others when it is lost or theft, as a result, increases security of the apparatus.

摘要翻译： 本发明涉及一次性密码生成方法和装置。 该方法包括收集指纹图像，从指纹图像中提取指纹特征数据，以及将指纹特征数据与一个或多个预先存储的指纹特征模板进行比较以进行认证的步骤。 认证通过后，通过相应的指纹特征模板或对应于该模板的用户密码生成一次性密码。 本发明还公开了一种一次性密码装置，包括指纹收集单元，指纹特征提取单元，存储单元，比较单元，一次密码生成单元，控制单元和输出单元。 通过向一次性密码生成装置添加指纹验证功能，本发明避免了在本装置中没有用户认证，仅针对单个用户，以及其他人在丢失或盗窃时对其进行仿制的缺点，作为 结果，增加了设备的安全性。

公开(公告)号：US20120096214A1

公开(公告)日：2012-04-19

申请号：US12921002

申请日：2010-07-23

申请人： Zhou Lu ,  Huazhang Yu

发明人： Zhou Lu ,  Huazhang Yu

IPC分类号： G06F12/14

CPC分类号： G06F21/60 ,  G06F21/34 ,  G06F21/79

摘要： A working method for information security device with CF interface and working system thereof are disclosed in the invention. The method includes that the card reading apparatus sends instruction to the information security device with CF interface, and the information security device with CF interface determines the object being operated by the instruction, if the object is flash module in the information security device with CF interface, the information security device with CF interface operates the flash module as normal, or else if the object is information security chip of the information security device with CF interface, the information security device with CF interface performs information security operation on the information security chip; or the card reading apparatus determines whether the object being operated by the instruction is a storage device or an information security device, if the object is storage device, the card reading apparatus operates the flash module of the information security device with CF interface as normal, otherwise the card reading apparatus performs information security operation on the information security chip of the information security device with CF interface.

摘要翻译： 本发明公开了一种具有CF接口的信息安全装置及其工作系统的工作方法。 该方法包括读卡装置用CF接口向信息安全装置发送指令，具有CF接口的信息安全装置如果对象是具有CF接口的信息安全装置中的闪存模块，则确定由指令操作的对象 具有CF接口的信息安全设备正常操作闪存模块，否则如果对象是具有CF接口的信息安全设备的信息安全芯片，则具有CF接口的信息安全设备对信息安全芯片执行信息安全操作; 或者卡读取装置判断由该指令操作的对象是存储装置还是信息安全装置，如果对象是存储装置，则读卡装置以正常的方式操作具有CF接口的信息安全装置的闪存模块， 否则卡读取装置在具有CF接口的信息安全装置的信息安全芯片上执行信息安全操作。

公开(公告)号：US20120089653A1

公开(公告)日：2012-04-12

申请号：US12811468

申请日：2010-06-28

申请人： Zhou Lu ,  Huazhang Yu

发明人： Zhou Lu ,  Huazhang Yu

IPC分类号： G06F15/00

CPC分类号： H04L9/3236

摘要： A data converting method and device therefor are disclosed by the invention, relating to data converting algorithm field, solving the problem of complicate data converting method in prior art. Steps of the invention are obtaining offset from the predetermined byte of the data string to be converted; obtaining the predetermined bits of data from the data string to be converted according to the offset; converting the obtained bits to decimal number; determining whether size of the decimal number is smaller than the first predetermined length, if so, keeping adding 0 to the upper digit of the decimal number till the first predetermined length is reached, and taking the data with added 0 as the converted data; otherwise keeping obtaining data from low bit of the decimal number, till the first predetermined length is reached, and taking the obtained data as the converted data. The method of the invention is mainly used for devices and methods requiring data converting, e.g. one time password generating method and device therefor.

摘要翻译： 本发明公开了一种数据转换方法及其装置，涉及数据转换算法领域，解决了现有技术中复杂数据转换方法的问题。 本发明的步骤是从要转换的数据串的预定字节获得偏移量; 根据偏移量从要转换的数据串中获取预定的数据位; 将获得的比特转换为十进制数; 确定十进制数的大小是否小于第一预定长度，如果是，则保持向十进制数的高位加上0直到达到第一预定长度，并且将加上0的数据作为转换数据; 否则保持从十进制数的低位获取数据，直到达到第一预定长度，并将所获得的数据作为转换的数据。 本发明的方法主要用于需要数据转换的装置和方法。 一次性密码生成方法及其设备。