douwen5951 2016-10-12 09:20
浏览 128
已采纳

如何通过网络使用智能卡和智能卡读卡器实现双因素身份验证

First of all, please excuse my ignorance about this topic. (related)

What exactly is needed to implement a process like this:

  1. Client visits login site (example.com/login).

  2. To login, the client enters its client ID. Also, a random (?) code is displayed to the visitor:
    251 221 555.

  3. The client picks up his smart card reader, puts his smart card into it and clicks on the "Login" button, enters the code 251 221 555

  4. The client then enter his PIN code (in the smart card reader)
  5. A token is then returned: 922 444 113
  6. The client uses the returned token to login in the website.

I guess one needs:

  • A smart card (which has a PIN code)
  • A smart card reader (see picture 1, 2)

What I wonder is how to authenticate the returned token in a website, and also how to return a token in the smart card reader? What are the exact (or simplest) steps to implement a process like the one above?

  • 写回答

1条回答 默认 最新

  • duanbi2760 2016-10-12 11:38
    关注

    The easiest implementation is to have a secret key stored in the smartcard, and trigger an encryption or MAC calculation over the input number. For this to work PIN entry should be before input number.

    The commands would be

    • VERIFY (with the PIN)
    • INTERNAL AUTHENTICATE (with the input number)
    • or PERFORM SECURITY OPERATION in mode Compute Cryptographic Checksum.

    For more details you should have a detailed look into ISO 7816 part 4 (verify and internal auth.) and 7816 part 8 (perform security op.). This assumes a so-called native card (as opposed to a JavaCard).

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 用hfss做微带贴片阵列天线的时候分析设置有问题
  • ¥15 基于52单片机的酒精浓度检测系统加继电器和sim800
  • ¥50 我撰写的python爬虫爬不了 要爬的网址有反爬机制
  • ¥15 Centos / PETSc / PETGEM
  • ¥15 centos7.9 IPv6端口telnet和端口监控问题
  • ¥120 计算机网络的新校区组网设计
  • ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作
  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 海浪数据 南海地区海况数据,波浪数据
  • ¥20 软件测试决策法疑问求解答