This section provides background information related to the present disclosure which is not necessarily prior art.
With the development of Internet technologies, people may use the Internet to engage in a variety of operations, in which many of the operations require user authentication. For example, when a user using Internet bank site to perform operations on bank account, it is necessary for the bank site to perform identity authentication on the user requesting operations, so as to ensure security of network operations.
To solve the issue of identity authentication on the Internet, there have been some client devices in the form of USB-KEY device. The USB-KEY device adopts a USB interface to connect with a computer, and interact with the server via the Internet, so as to complete the process of user identity authentication.
The prior USB-KEY authentication technologies may be divided into two categories based on whether a key stored in a USB-KEY device is consistent with another key stored in a server. The first category is referred to as unsymmetrical USB-KEY technologies, in which the key stored in the USB-KEY device is different from the key stored in the server, that is, the key stored in the USB-KEY device is a private_key, while the key stored in the server is a public_key. The other category is referred to as symmetrical USB-KEY technologies, in which the key stored in the USB-KEY device is consistent with the key stored in the server.
When adopting the unsymmetrical USB-KEY technologies, if the public_key stored in the server has been leaked due to the leakage of a database in the server, other people still cannot copy user's private_key due to the fact that the private_key cannot be calculated through the public_key, which to some extent ensures the security of interaction between the USB-KEY device and the server. However, from another aspect, because the unsymmetrical encryption algorithms adopted by the unsymmetrical encryption technologies, such as public-key cryptography algorithm (RSA), Elliptical Curve Cryptography (ECC) are very complicated, it is necessary to adopt special chips so as to complete calculation timely. However, the special chips are very expensive, which results in that the costs for applying the unsymmetrical USB-KEY technologies is relatively high, and subsequently it is difficult to promote the use of the unsymmetrical USB-KEY technologies.
In order to reduce costs, the industry has put forward the symmetrical USB-KEY technologies. Compared with the unsymmetrical USB-KEY technologies, complexity of the symmetrical encryption algorithms adopted by the symmetrical USB-KEY technologies, such as Data Encryption Standard (DES), Tiny Encryption Algorithm (TES), etc, is lower. These symmetrical encryption algorithms may be implemented using general computing devices, and subsequently the costs thereof may be reduced. However, since the key stored in the USB-KEY device is the same as another key stored in the server, once the key stored in the server has been leaked, other people may utilize the leaked key to impersonate the authorized user to perform network operations, thus the security may be greatly reduced.