CN100583734C - Method for realizing volatile secret key and separated checking module by collecting human characteristic - Google Patents

Abstract

A method for implementing volatile cipher key and separate verification module by collecting physical features includes: physical features sensor (11) is set on the handset (10), and control module (30) can be set separately; physical features sensor can collect physical features information of every user in advance, and said physical features can be transmitted to control module (30), and stored in user database (32); after physical features sensor (11) went away said user's body or cipher sent successfully, cipher temporary storage unit (14) reset; when registered user is operating again by using handset (10), control unit (31) can retrieve cipher data in said user database (32), and check whether same records exist or not; if same records exist, control unit (31) give a instruction to lower-stage controlled object (40); if not, control unit (31) delivers a warning information, and store an error record. Thus, potential safety hazard as a result of handset missing can be avoided, and a handset can be shared with multi-user and multi-task, thereby reduces system cost.

Description

Method for Realizing Volatile Key and Separate Verification Module by Collecting Human Body Characteristics

technical field

The present invention relates to secure or secure communication methods, and more particularly to methods and devices for verifying the identity or credentials of system users, especially to methods and devices for reading and identifying printed, written characters or user graphics.

Background technique

In the prior art, the method of verifying the user's identity for the next step is mostly realized by using different forms of IC cards. Recently, there are technical solutions for collecting human body feature information to achieve the above purpose, such as Chinese invention patent application No. 99815820, PCT /US99/29036, discloses a technical solution called "Security System Using Continuously Changing Features of Human Body Parts as Keys", which refers to a key that depends on the continuously changing body parts of the user. The system obtains An image of the user's fingerprint and combines it according to a random number generator. Only a part of the image is sent instead of the whole. Random segmentation ensures that the part of the image sent is constantly changing, so unauthorized recipients receive only a part and not the whole image, the fingerprint image is verified by the remote agent.

Another example is Chinese Invention Patent Application No. 98812158, PCT/US98/23327, a technical scheme with the title of "Using Biometric Data to Generate Cryptographic Keys", which provides a method and device for generating cryptographic keys using biometric data . A fingerprint is received and a feature set is extracted from the fingerprint. These feature sets may include one or more of the features from which a message is built from the fingerprint. For the first embodiment, the message is a template including the feature group. For the second embodiment, the message is a feature subset not included in the template. A message digest operation is applied to the message to create a cryptographic key. Yet another embodiment uses the feature set of the fingerprint image to generate a digital certificate. The public key used by the digital certificate is based on the fingerprint image.

In the above two technical solutions, each final verification module must be equipped with a corresponding human body feature collection device, resulting in a waste of resources, and the password in the handheld device can be saved once set, which is not conducive to security.

Contents of the invention

The technical problem to be solved by the present invention is to propose a method for realizing a volatile key and a separate verification module by collecting human body characteristics in order to avoid the deficiencies of the prior art. The present invention sets a human body characteristic sensor on the handheld device , every time you use the handheld device to operate, you will enter your own human body feature information into the handheld device through the sensor, and use the random encryption algorithm to add composite clock data, additional passwords, unique device ID (serial number) and other information to make Encryption operation, and the formula of the encryption algorithm together to generate password data. In this way, even if it is the same human body part of the same person, the password data generated each time is different. When the transmission of the password data is completed each time, the human body characteristic data and related information collected on the handheld device will be immediately cleared. After the password data is transmitted to the verification module, it is decoded, and the device ID code and additional password are extracted first, and the device ID code and additional password are compared with the blacklist database in the verification module. If the device ID code and additional password are in the blacklist In the database, all operations will be rejected and an alarm will be issued, or the alarm information will be stored for future reference. If it is not in the blacklist database, search the registered device ID code and the additional password database to confirm the legitimacy of the key. If the device ID code is not registered, the additional password code needs to be verified. If it passes, continue the follow-up operation, otherwise alarm; After the ID code and additional password have been registered, the data will be decoded, and the data of human body characteristics will be compared with the data of the clock. Since the clock cannot be completely synchronized, a corresponding tolerance should be set for the clock when comparing. After the biometric data verification is passed, the clock data is also verified within the corresponding set tolerance before the operation command is executed. If it is an authorized user, the follow-up operation will be executed, otherwise the alarm will be reported. If the key of the same ID is consecutive for several times, such as three alarms, the ID data is saved in the blacklist database. Due to the introduction of clock information, even if the data is intercepted during transmission, the clock information is also cloned when the data is cloned. Now the clocks of the comparison verification are inconsistent, and this data cannot pass the verification at the comparison end. To decode the cloned data, one must know how the clock information is loaded in the data chain, what is the encryption algorithm, and the decryption is extremely difficult. , It is almost impossible to be cracked, thus further ensuring the security of data transmission and final operation of this system. With the device ID code and additional password, the security of the final operation is further guaranteed. The unique device ID code can even be used to track and manage users in some special applications, such as financial safes and their operators, control and management of dangerous goods, military use, national security, etc. need to add a unique device ID Code identification function, that is, when the password is sent, the unique device ID code of the key is sent at the same time. When a certain key is rejected several times in a row (such as three times), the execution terminal verification module saves the ID in the blacklist database, and permanently rejects the key until the super user operates the ID from the blacklist database Deleted in . Additional passwords are used when using other people's handheld devices. Because other people's handheld device ID is not registered, so the additional password input that legal operator just knows is needed to confirm the legality of the temporary operation of the handheld device.

The present invention realizes by adopting following technical scheme:

Implement a method for realizing volatile keys and separate verification modules by collecting human body characteristics, based on handheld devices and signal transmission channels, the method includes steps:

a. A human body feature sensor, a key microprocessor unit, a password generating unit, a password temporary storage unit, and a key password data sending unit are arranged on the handheld device;

b. Set the password data receiving unit, and the verification module including the verification unit and the user database;

c. First, when the human body feature sensor separately collects the human body feature information of each user, it generates a corresponding password in the password generation unit, temporarily stores it in the password temporary storage unit, and transmits it through the signal transmission channel through the key password data sending unit to the password data receiving unit, and then the password is registered and confirmed, and stored in the user database; after the human body feature sensor leaves the user's body or the password is successfully transmitted, the password temporary storage unit is emptied;

d. When the user holds a hand-held device with a human body characteristic sensor to operate, collect his own human body characteristic information through the human body characteristic sensor, the password generation unit generates a corresponding password, and temporarily stores it in the password temporary storage unit, and then the registered user will The password data is transmitted to the password data receiving unit through the signal transmission channel through the key password data sending unit, and the verification unit searches the user database for the password data, and compares whether there is the same record; the comparison operation is carried out in the verification unit;

e. After comparison, if there is the same record in the user database, it is confirmed that the user is a registered user, and the verification unit sends an instruction to the next-level controlled object; if there is no identical record in the compared database, then The verification unit issues a warning message, or stores an error record at the same time.

The following is a detailed description of the above scheme:

The handheld device also includes a clock unit, a key button group, a display unit, a master password operator, a device ID and an additional password storage, and when performing the password generation and verification operations described in step c and step d, it operates as follows :

a. First, the master password calculator processes the human body characteristic information to form a multi-byte master password;

b. Combine the factory ID of the device, the current clock, and the additional password input through the keyboard to form an additional password and store it in the additional password memory;

c. Then, the key microprocessor unit calls out the additional password in the additional password memory, synthesizes the main password and the additional password, temporarily stores the synthesized password in the password temporary storage unit, and then sends data to the verification module;

d. The key microprocessor unit detects whether the user’s body is separated from the human body characteristic sensor according to the operation steps, and then clears the password temporary storage unit after determining the delay time, or the key microprocessor unit receives the verification through the transmission channel After the module returns the confirmation message of successful transmission, clear the password temporary storage unit. A key button group and a key display screen are also set on the handheld device, and the key button group is controlled by the key microprocessor unit to input an additional password and a temporary ID code, which are then stored in the additional password memory, and the key display screen is controlled by the key microprocessor unit. The key microprocessor unit controls the display of operating information.

When transmitting encrypted data to different destination terminals, there are text and graphic display modes for selection on the key display screen.

The present invention can also be further implemented through the following technical solutions:

Design and manufacture a volatile key and verification module realized by collecting human body characteristics, including a handheld device, a signal transmission channel, a password data receiving unit and a verification module, especially the handheld device also includes a human body characteristic sensor, a key micro Processor unit, password generation unit, password temporary storage unit, and key password data transmission unit; the human body feature sensor is connected to the key microprocessor unit and the password generation unit, and the password temporary storage unit is connected to the password generation unit and the key password data transmission unit unit; the human body characteristic sensor collects the human body characteristic information of each user, generates a corresponding password in the password generating unit, temporarily stores it in the password temporary storage unit, and transmits it to the password data receiving unit through the signal transmission channel through the key password data sending unit unit, and then the password is registered and confirmed, and stored in the user database; after the human body feature sensor leaves the user's body or the password is successfully transmitted, the password temporary storage unit is emptied.

Further detailing the described device:

The verification module includes a password data receiving unit, a verification unit, and a user database; the verification module is separated from the handheld device, and the physical connection in the middle is to establish a connection by wired or wireless means, and the verification unit is connected to the password data receiving unit And connect the user database, and also connect the output interface, receive the data sent by the handheld device, and the verification unit will compare it. The verification unit can not only be set independently in the verification module, but also can be embedded in the next level of controlled among the objects. The password data receiving unit is either set independently, or embedded in the verification module.

Compared with the prior art, the present invention is equipped with a human body characteristic sensor on the handheld device to collect different human body information for different users, thereby forming different password data, which is registered in the database in the verification module in advance, During each operation in the future, the password data on the handheld device is transmitted to the verification module for comparison with the records in the database. If there is the same record, follow-up operations will be performed, and if the registered record cannot be found, the alarm will be reported. The password data generated in the handheld device each time in the present invention is automatically cleared after the human body leaves the human body characteristic sensor for a certain period of time, or automatically cleared after the data is successfully sent or not sent within the set time limit, so that the handheld device is avoided. Security risks caused by loss. Moreover, a handheld device can be used by multiple users and multiple tasks, which reduces the system cost. The present invention has an alarm function when the user is under duress. For example, the alarm function under duress can be realized through the particularity of the operation, such as the order of multi-fingerprint authentication or the special code segment of the additional code.

Description of drawings

Fig. 1 is the principle block diagram that the present invention realizes volatile key and separate verification module method by collecting human body characteristics;

Fig. 2 is the block diagram of verification module embodiment two in the method for the present invention;

Fig. 3 is a flow chart of a method for authorizing a user in the method of the present invention;

Fig. 4 is the flow chart of the method for logout user in the method of the present invention;

Fig. 5 is a schematic diagram of the user's application in the banking system in the method of the present invention;

Fig. 6 is a schematic diagram of the user's application in the entry-exit identity management system in the method of the present invention.

Detailed ways

The present invention will be further described in detail with reference to the accompanying drawings and preferred embodiments.

As shown in Figure 1, implement a kind of method that realizes volatile key and verification module by collecting human body characteristics, based on handheld device 10, signal transmission channel 20, the best implementation mode of described method comprises steps:

a. A human body feature sensor 11, a key microprocessor unit 12, a password generation unit 13, a password temporary storage unit 14, a clock unit 19 and a key password data sending unit 18 are set on the handheld device 10;

b. set password data receiving unit 38, and include verification module 30 of verification unit 31, user database 32;

c. First, when the human body characteristic sensor 11 collects the human body characteristic information of each user, the corresponding password is generated in the password generation unit 13, temporarily stored in the password temporary storage unit 14, and transmitted by a signal through the key password data sending unit 18 The channel 20 is transmitted to the password data receiving unit 38, and then the password is registered and confirmed and stored in the user database 32; after the human body characteristic sensor 11 leaves the user's body or the password is successfully transmitted, the password temporary storage unit 14 is emptied;

d. When the user holds the hand-held device 10 with the human body characteristic sensor 11 to operate, collect his human body characteristic information through the human body characteristic sensor 11, the password generation unit 13 generates the corresponding password again, and temporarily stores it in the password temporary storage unit 14 , then the user transmits the password data to the password data receiving unit 38 through the signal transmission channel 20 through the key password data sending unit 18, and the verification unit 31 searches the user database 32 for the password data, and compares whether there is the same record; the comparison operation It is carried out in the verification unit 31; the verification unit 31 can also be embedded in the next-level controlled object 40;

e. After comparison, if there is the same record in the user database 32, the verification unit 31 then sends an instruction to the next-level controlled object 40; if there is no identical record in the compared database, then the verification unit 31 sends a warning message, Or store an error record at the same time.

The handheld device 10 also includes a master password calculator 131, a device ID 134 and an additional password memory 133. When performing the password generation operation described in step c and step d, it operates as follows:

a. First, the master password calculator 131 processes the human body characteristic information to form a multi-byte master password;

b. The device factory ID, the current time, and the additional password input through the keyboard together form an additional password and store it in the additional password memory 133;

c. Then, the key microprocessor unit 12 calls out the additional password in the additional password memory 133, synthesizes the master password and the additional password, temporarily stores the synthesized password in the password temporary storage unit 14, and then sends data to the verification module 30 ;

d. According to the operation steps, the key microprocessor unit 12 detects whether the user's body is separated from the human body characteristic sensor 11 after confirming the data is sent, and then decides the delay time, clears the password temporary storage unit 14, or the key microprocessor unit Unit 12 clears password temporary storage unit 14 after receiving confirmation information from verification module 30.

In the above method, a key button group 15 and a key display screen 16 are also set on the handheld device 10, and the key button group 15 is controlled by the key microprocessor unit 12 to input an additional password, and then stored in the additional password memory 133 , the key display screen 16 is controlled by the key microprocessor unit 12 to display operation information.

In the above method, the verification module 30 also includes a verification module clock unit 36 and a blacklist database 37. After querying as described in step e, if there is no identical record in the query database, or the time information in the received data exceeds the allowable range, the verification unit 31 sends a warning message, or after storing an error record at the same time, when the password data of the same ID reports to the police more than twice in a row, then the ID data is saved in the blacklist database 37.

The signal transmission channel 20 includes connected wired transmission, wireless transmission and infrared transmission, etc.; the key password data sending unit 18 and password data receiving unit 38 also include contact transmission, wireless transmission and infrared transmission that match each other. unit.

The next-level controlled objects 40 include various types of locks, computers, mobile phones, electronic identity authentication, information management entrances, channel access control, financial transactions, network firewalls, security management, and authorized operations.

The handheld device 10 includes a handheld device embedded in a mobile phone, a PDA, a POS machine or a mobile storage disk, a separate handheld device, and a fixed device fixed in a manned or unattended place.

The human body feature sensor 11 includes a fingerprint identification sensor or a palm print, a palm shape, a face shape, DNA, an acoustic wave sensor or an iris sensor or a combination thereof.

The present invention can also be further realized by adopting the following technical solutions.

As shown in Figures 1 and 2, a volatile key and verification module realized by collecting human body characteristics is designed and manufactured, including a handheld device 10, a signal transmission channel 20 and a verification module 30, especially on the handheld device 10. Comprising a human body feature sensor 11, a key microprocessor unit 12, a password generation unit 13, a password temporary storage unit 14 and a key password data sending unit 18; the human body feature sensor 11 is connected to the key microprocessor unit 12 and the password generation unit 13, The password temporary storage unit 14 is connected to the password generation unit 13 and the key password data sending unit 18;

The human body characteristic sensor 11 collects the human body characteristic information of each user, generates a corresponding password in the password generation unit 13, temporarily stores it in the password temporary storage unit 14, and transmits it to Verification module 30, then the password is registered and confirmed, and stored in the user database 32; after the human body feature sensor 11 leaves the user's body or the password is successfully transmitted, the password temporary storage unit 14 is emptied.

Password data receiving unit 38 or independent setting or be embedded among verification module 30, described verification module 30 comprises verification unit 31, user database 32; Described verification unit 31 connects password data receiving unit 38 and connects user database 32, also connects Output interface 39; the verification module 30 receives the data sent by the handheld device 10, and the verification unit 31 performs a comparison operation on it.

The verification unit 31 can also be embedded in the next-level controlled object 40 .

Also comprise key button group 15 and key display screen 16 on described handheld device 10, described key button group 15 connects key microprocessor unit 12 and enters additional password; And store in the additional password memory that key microprocessor unit 12 connects 133 ; the key display screen 16 is connected to the key microprocessor unit 12 to display operation information.

The handheld device 10 also includes a clock unit 19, a master password calculator 131, a device factory ID 134, and an additional password memory 133. The master password calculator 131 processes the human body characteristic information to form a multi-byte master password, which is compatible with the device. The factory ID, the current time, and the additional password input through the keyboard together form an additional password.

The signal transmission channel 20 includes contact transmission, wireless transmission and infrared transmission; the key password data sending unit 18 and password data receiving unit 38 are contact transmission that match each other, or wireless transmission and or infrared transmission. transfer mode.

The human body feature sensor 11 includes a fingerprint identification sensor or a palm print, a palm shape, a face shape, DNA, an acoustic wave sensor or an iris sensor or a combination thereof.

As shown in Figure 2: in the second embodiment of the present invention, a verification module button group 33, a verification module display 34 and a verification module alarm 35 are also set on the verification module 30, and the verification module button group 33 is connected to verify Unit 31 is used to input operation instructions; the verification module display 34 is also controlled by the verification unit 31, and is used to display operation results and alarm information. In this embodiment, the driver of the liquid crystal display is selected from EAV-D2004OAR, certainly in other The implementation may have different display and driver options. The verification module alarm 35 is also controlled by the verification unit 31 to send out an audible alarm signal.

The verification module 30 also includes a verification module clock unit 36 and a blacklist database 37. After the query, there is no record identical to the received data in the database, or the time information in the received data exceeds the allowable range, then the verification unit 31 sends a warning message, or stores simultaneously An error record; when a password data reports to the police three times in a row, then this password data is saved in the blacklist database 37.

The verification module 30 may be a physically separate module, or may be implemented by running a computer program.

The output interface 39 is controlled by the verification unit 31, and the communication with the next-level controlled object 40 can adopt RS485 communication, can also adopt CAN bus mode or other bus modes, can also be local area network, Internet, can adopt wired connection, or Wireless transmission. And after the network control is formed, each next-level controlled object 40 accepts the control command of the network system, and transmits the data of the device to the host computer of the network control.

In a preferred embodiment, the human body feature sensor 11 is a fingerprint authentication sensor. In other embodiments DNA sensors, face, palm or other biosensors may be used.

As shown in FIG. 3 , the present invention has a password authorization function and an authorization password management function. The storage of the password adopts the method of encrypted storage, that is, the correct password must be read out only by using the decryption algorithm or the read data can be restored to the correct password by the decryption algorithm. The password can be divided into three levels: super password (level 1), administrator password (level 2), user password (level 3). The verification module 30 does not have any password in the initial state, and there will be a default super password set by the system when used for the first time, and this default super password should be modified to set for oneself when used for the first time. In non-group use, the setting of other passwords must have two or more combinations in the non-executed state in addition to the super password, so as to further improve the security of password authorization.

Among them, the super password can authorize or cancel the administrator password and user password, and the next operation can be performed; if necessary, the super password can authorize multiple super passwords that are the same as it.

The administrator password can authorize or cancel the user password, and can perform the next operation, but cannot authorize or cancel the super password and administrator password; the user password can only perform the next operation.

When the verification module 30 does not need to be used through networking, the administrator password may not be set. The super password and administrator password can view the user name of the authorized user list, and all operations cannot view the user password.

As shown in Figure 4, when logging out a certain user, operate according to the process shown in the figure.

Through the network interface, multiple terminals can be managed together, and even remote management can be realized through the Internet or a dedicated network. The connection between the server or the integrated terminal and the terminal can be realized through known technologies, such as using various bus and network technologies based on twisted pairs (such as RS485, CAN, Ethernet, etc.). Such a system is usually used in areas requiring group management, such as hotels and restaurants, and can also be used by families if necessary, such as realizing centralized management and alarming of door locks and furniture locks in the home.

Verification module 30 itself can have verification module annunciator 35, also can not be provided with, and at this moment alarm can be realized by communication port, as automatically dialing a phone to owner or building/community management office or public security department etc. by an interface.

Yet another embodiment of the present invention combines the handheld device 10 of the mobile phone, and the additional password can be conveniently set through the buttons of the mobile phone. For different operation objects, the password data can be directly transmitted to the verification device directly by wired or wireless means. The module can also transfer the password data to the verification terminal through the GSM or CDMA network of the mobile phone, place the finger during the authorization setting on the fingerprint detection area of the human body feature sensor 11, and input the corresponding additional information and press the send button. If it is directly sent to the verification module at close range, it is necessary to put the key password data sending unit 18 close to the password data receiving unit 38 acceptance position of the verification module 30, after the password data is sent into confirmation, the password is automatically cleared and waits for the next operation. It is also possible to provide 24-hour on-duty anti-theft monitoring to entrusted users through a dedicated service website, such as anti-theft monitoring for cars, and through authorization to remotely disconnect the circuit and oil circuit of the alarm car, and coordinate with the positioning system for positioning. When in use, the password data receiving unit 38 in the car transmits the received data to the verification unit 31 for decoding, the fingerprint data after decoding is compared with the fingerprint data of the registered user database 32, and when consistent, Then decode the additional code, compare the decoded data with the code table, and drive the corresponding circuit to execute according to the comparison result. Start and stop, temperature adjustment, etc.

Since the handheld device 10 itself does not have any password, the loss of the handheld device 10 only means the loss of the economic value of the handheld device 10 itself, without other evil consequences. You only need to find any handheld device 10 of the present invention, such as borrowing from neighbors, security guards, etc., to perform your own operations. The borrowee does not need to worry about his password leaking, and the borrower does not need to worry about his password leaking either. As a way of providing services, the building management office, security and other service departments can provide public key convenience services.

The mobile phone is used as the embodiment of the hand-held device 10 to pay the fee and pay on behalf: first register the user's fingerprint in the bank, then link it with the user's account, and form a record in the database. During the transaction, on the POS terminal of the dealer, the consumption amount and the information of the POS machine are sent to the bank by means of SMS, GPRS or CDMA1X of the mobile phone, and the fingerprint is input into the fingerprint collector of the mobile phone when sending. At this time, the consumption amount and fingerprint information entered by the user are sent to the bank together, or the customer's fingerprint information is transmitted to the bank through a wired acquisition device installed at the dealer for identity verification, and the verification terminal stores the customer's fingerprint After the information is verified to be correct, the bank will feed back the information to the dealer's POS machine to print a successful transaction certificate and transfer the corresponding payment to the dealer, and the transaction will be completed. This function can not only bring convenience to your own consumption, but also pay for other people's consumption.

In yet another embodiment of the present invention, the banking system is as shown in Figure 5, the signal transmission channel 20 at this time belongs to wired transmission, and the handheld device 10 is similar to a POS password entry device connected to a computer for user registration. The procedure is the same as using a separate handheld device 10 . After the information data is stored in the database, the password information is not saved on the handheld device 10 . The password data receiving unit 38 for wireless transmission can also be set in this device to wirelessly receive the operation of the separate handheld device 10, and this embodiment can also be applied to automatic teller machines (ATMs) or POS machines in shopping malls. The banking system 200 can exchange information with third-party network information operators or with more systems through the network 500 to expand more functions.

In yet another embodiment of the present invention, the entry-exit management system is shown in Figure 6. At this time, the signal transmission channel 20 also belongs to wired transmission, and the handheld device 10 is connected to a computer for registration of immigrants. The registration process is the same as using a separate handheld device 10 . After the information data is stored in the database, the password information is not saved on the handheld device 10 . The entry-exit management system 300 exchanges information with the bank system 200 and other security systems through the network 500, and can monitor whether the immigrants have illegal transactions and records, so as to realize security management and monitoring.

The invention can also be applied to identity authentication, computer startup and digital signature.

Practice has proved that the present invention is equipped with a human body characteristic sensor on the handheld device to collect different human body information for different users, thereby forming different password data, which is registered in the database of the verification module in advance, and can be used every time , the password data on the handheld device is transmitted to the verification module for comparison with the records in the database, and if there is the same record, the corresponding operation will be executed, and if the registered record cannot be found, the alarm will be called. The invention automatically clears the password data and human body biometric information generated in the hand-held device each time when the human body leaves the hand-held device, thus avoiding potential safety hazards caused by loss of the hand-held device. Moreover, a handheld device can be used by multiple people and places, which reduces the system cost and facilitates the expansion of more functions.

Claims (16)

1. a method of realizing volatile key and separate verification module by collecting human body characteristics, based on handheld device (10), signal transmission channel (20), it is characterized in that, described method comprises steps: A. Human body feature sensor (11), key microprocessor unit (12), password generation unit (13), password temporary storage unit (14) and key password data sending unit (18) are set on handheld device (10); B. password data receiving unit (38) is set, and comprises the verification module (30) of verification unit (31), user database (32); c. First, when the human body feature sensor (11) separately collects the human body feature information of each user, the corresponding password is generated in the password generation unit (13), temporarily stored in the password temporary storage unit (14), and passed through the key password The data transmission unit (18) is transmitted to the password data receiving unit (38) through the signal transfer channel (20), and then the password is confirmed through registration and stored in the user database (32); After the password is transmitted successfully, the password temporary storage unit (14) is emptied; d. When the user holds the hand-held device (10) with the human body characteristic sensor (11) to operate, the human body characteristic information of himself is collected by the human body characteristic sensor (11), and the password generating unit (13) generates a corresponding password, and temporarily stores In the password temporary storage unit (14), then the user transmits the password data to the password data receiving unit (38) through the signal transmission channel (20) through the key password data sending unit (18), and the verification unit (31) Password data retrieval user database (32), compare whether identical record is arranged; Compare operation and carry out in verification unit (31); e. After comparison, if there is the same record in the user database (32), then confirm that the user is a registered user, and the verification unit (31) then sends an instruction to the next-level controlled object (40); If there is no identical record in the database, the verification unit (31) will issue a warning message, or store an error record at the same time. 2. the method for realizing volatile key and separate verification module by collecting human body characteristics according to claim 1, is characterized in that: also comprise clock unit (19), password generation unit on described handheld device (10) (13), master password operator (131), equipment ID (134) and additional password memory (133), when performing the password generation operation described in step c and step d, operate as follows: a. First, the master password operator (131) processes the human body characteristic information to form a multi-byte master password; b. form the additional password together with the device factory ID, the current time, and the additional password input through the keyboard and store it in the additional password memory (133); c. Then, the key microprocessor unit (12) calls out the additional password in the additional password memory (133), synthesizes the master password and the additional password, and temporarily stores the composite password in the password temporary storage unit (14), and then Send data to the verification module (30); d. The key microprocessor unit (12) is carried out according to the operation steps. After confirming that the data is sent, it detects whether the user's human body is separated from the human body characteristic sensor (11), and after deciding the delay time, the password temporary storage unit (14) is emptied , or the key microprocessor unit (12) clears the password temporary storage unit (14) after receiving the confirmation information from the verification module (30). 3. the method for realizing the volatile key and the separate verification module by collecting human body characteristics according to claim 1, is characterized in that: the key button group (15) and key key group (15) are also set on the handheld device (10). Display screen (16), described key button group (15) is used as input additional password, is controlled by key microprocessor unit (12) and is stored among the additional password memory (133) then, and key display screen (16) is controlled by key The microprocessor unit (12) controls the display of operation information. 4. the method for realizing volatile key and separate verification module by collecting human body characteristics according to claim 1, is characterized in that: verification module (30) also comprises verification module clock unit (36) and blacklist database ( 37), there is no identical record in the database after the comparison described in step e, or the time information in the received data exceeds the allowable range, then the verification unit (31) sends a warning message, or stores an error record at the same time; the password data of the same ID is continuous When reporting to the police twice or more, then this ID data is saved in the blacklist database (37). 5. The method for realizing volatile keys and separate verification modules by collecting human body characteristics according to claim 1, characterized in that: the signal transmission channel (20) includes wired transmission and wireless transmission connected by contacts And infrared transmission; the key password data sending unit (18) and password data receiving unit (38) also include contact transmission, wireless transmission and infrared transmission units that match each other. 6. The method for realizing volatile keys and separate verification modules by collecting human body characteristics according to claim 1, characterized in that: said next-level controlled objects (40) include various types of locks, computers, mobile Telephone, electronic identity authentication, information management entrance, channel access control, financial transaction, network firewall, security management, authorized operation. 7. The method for realizing volatile keys and separate verification modules by collecting human body characteristics according to claim 1, characterized in that: said handheld device (10) includes a mobile phone, PDA, POS machine or mobile A handheld device within a storage disk or a stand-alone handheld device, and a fixed device that is fixed in a manned or unattended location. 8. the method for realizing volatile key and separate verification module by collecting human body characteristics according to claim 1, is characterized in that: human body characteristic sensor (11) comprises fingerprint identification sensor or palmprint, palm shape, face shape , DNA, sonic sensor or sweat sensor or iris sensor or a combination thereof. 9. The method for realizing volatile keys and separate verification modules by collecting human body characteristics according to claim 1, characterized in that: the comparison between collecting human body's biological characteristics and data information is performed by physically separated two or The above equipment is completed. 10. A volatile key and a separate verification module realized by collecting human body characteristics, comprising a handheld device (10), a signal transmission channel (20), a password data receiving unit (38) and a verification module (30), its It is characterized in that: the handheld device (10) also includes a human body feature sensor (11), a key microprocessor unit (12), a password generating unit (13), a password temporary storage unit (14) and a key password data sending unit ( 18); the key microprocessor unit (12) connects the human body feature sensor (11) and the password generation unit (13), and the password temporary storage unit (14) connects the password generation unit (13) and the key password data transmission unit (18); the human body feature sensor (11) collects the human body feature information of each user, generates corresponding passwords at the password generation unit (13), temporarily stores in the password temporary storage unit (14), and passes the key password data The sending unit (18) is transmitted to the password data receiving unit (38) through the signal transmission channel (20), and then the password is confirmed through registration and stored in the user database (32); Or the password transmission is successful, and the password temporary storage unit (14) is emptied; The verification module (30) includes a verification unit (31), a user database (32); the verification unit (31) is connected to a password data receiving unit (38) and connected to a user database (32), and is also connected to an output interface (39) ; The password data receiving unit (38) receives the data sent by the handheld device (10), transmits it to the verification unit (31), and performs a comparison operation on it by the verification unit (31). 11. The volatile key and the separate verification module realized by collecting human body characteristics according to claim 10, characterized in that: the password data receiving unit (38) is either independently arranged, or embedded in the verification module (30 ) among. 12. The volatile key and separate verification module realized by collecting human body characteristics according to claim 10, characterized in that: the handheld device (10) also includes a key button group (15) and a key display screen (16), the key button group (15) is connected to the key microprocessor unit (12) to input additional passwords; and stored in the additional password memory (133) that the key microprocessor unit (12) connects; the key display screen ( 16) Connection key microprocessor unit (12) displays operation information. 13. The volatile key and the separate verification module realized by collecting human body characteristics according to claim 12, characterized in that: the handheld device (10) also includes a clock unit (19), a master password operation device (131), equipment factory ID (134) and additional password memory (133), the master password operator (131) processes the human body characteristic information, forms a multi-byte master password, and equipment factory ID, current time, pass The additional passwords entered from the keyboard together form the additional passwords. 14. The volatile key and separate verification module realized by collecting human body characteristics according to claim 10, characterized in that: the signal transmission channel (20) includes contact transmission, wireless transmission and infrared transmission; The key cipher data sending unit (18) and cipher data receiving unit (38) are in contact transmission mode matched with each other, or in wireless transmission mode and or in infrared transmission mode. 15. The volatile key and separate verification module realized by collecting human body features according to claim 10, characterized in that: the human body feature sensor (11) includes a fingerprint identification sensor or palmprint, palm shape, face shape, DNA, sonic sensor or iris sensor or a combination thereof. 16. The volatile key and the separate verification module realized by collecting human body characteristics according to claim 10, is characterized in that: the verification module (30) also includes a verification module clock unit (36) and a blacklist database (37 ), there is no record identical with the received data in the database after the query, or the time information in the received data exceeds the allowable range, then the verification unit (31) sends a warning message, or stores an error record at the same time; the password data of the same ID is consecutively twice When above reporting to the police, then this ID data is preserved in the blacklist database (37).

Images