A USB-KEY device and authentication method
By combining a USB-KEY device with a permission verification registration process and a periodic polling mechanism, the complex installation, high cost, and maintenance difficulties of existing identity authentication schemes are solved, achieving low-cost, easy-to-maintain, and scalable secure identity authentication, thereby improving user experience and system security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- 北京国联政信科技有限公司
- Filing Date
- 2025-05-16
- Publication Date
- 2026-06-30
AI Technical Summary
Existing hardware-based identity authentication schemes suffer from problems such as complex client installation, high hardware costs, and insufficient maintenance and scalability, while traditional account and password methods pose security risks.
Using a USB-KEY device as the authentication carrier, combined with the permission verification and registration process, the system prompts the user to initiate permission verification via a pop-up window and manages the permission status through a periodic polling mechanism, simplifying the client installation process and reducing hardware and maintenance costs.
It achieves plug-and-play, low-cost, easy-to-maintain and expandable identity authentication, improves security and user experience, and enhances the system's real-time monitoring and management capabilities.
Smart Images

Figure CN122316751A_ABST
Abstract
Description
[0001] This application is a divisional application of a patent application entitled "An Authentication Method Based on a USB-KEY Device", the original application was filed on May 16, 2025, application number 202510630346.8. Technical Field
[0002] This application relates to the field of information security technology, and in particular to a USB-KEY device and an authentication method. Background Technology
[0003] Traditional identity authentication methods primarily rely on usernames and passwords, which present numerous security vulnerabilities. For example, passwords are easily cracked, forgotten, or leaked. Once a user's username and password are obtained by someone else, their personal information and important assets are at significant risk. To improve identity authentication security, various authentication technologies have emerged in the market, with hardware-based authentication methods gaining increasing attention. However, existing hardware-based authentication solutions generally have limitations. On one hand, many solutions require the installation of dedicated drivers or authentication software on the client side. This not only increases user costs and operational complexity but can also lead to compatibility issues, impacting user experience. For instance, users of different operating systems need to download and install corresponding drivers separately. If the driver malfunctions or is not updated in a timely manner, authentication may fail. On the other hand, some solutions have high hardware requirements, requiring specific and expensive hardware devices as authentication carriers. This places significant cost pressure on businesses or individuals when promoting and using these solutions, limiting their widespread adoption. In addition, some existing identity authentication schemes are also inadequate in terms of maintenance and expansion. When it is necessary to upgrade the authentication system or add new functions, large-scale modifications and debugging of the client and server sides are often required, resulting in high maintenance costs and difficulty in quickly adapting to ever-changing security requirements and business scenarios. Summary of the Invention
[0004] To address the problems of complex client installation, high hardware costs, and insufficient maintenance and scalability in existing hardware-based identity authentication schemes, this application provides a USB-KEY device and identity authentication method to simplify client installation and maintenance processes, optimize user experience, and reduce hardware and maintenance costs.
[0005] To achieve the above objectives, this application provides the following technical solution.
[0006] In a first aspect, this application provides a USB-KEY device, including a storage module and a communication interface; the storage module records relevant information of the user's USB-KEY and the user number specified by the USB-KEY, and stores a permission verification and registration program for loading by the client; the communication interface is used to connect to the client's USB interface; The USB-KEY device is configured to: trigger a pop-up prompt window on the client when the USB port of the client is plugged in, asking the user whether to start the permission verification and registration program; and after receiving the user's confirmation to start the program, cause the client to load and run the permission verification and registration program. The permission verification registration procedure is configured to: read the user ID specified by the USB-KEY and send it to the server for verification; after successful verification on the server, refresh the first page to the second page within the same web application on the client; the first page does not provide menu functions without USB-KEY permission verification, while the second page additionally displays menu functions for USB-KEY permission verification; and during the periodic execution of the polling mechanism, if the server does not continue to grant permissions, restrict the client's use of the relevant menu functions and output a prompt to try again after permission verification.
[0007] Optionally, the USB-KEY device uses a USB flash drive as its hardware carrier.
[0008] Optionally, the first page and the second page have a similar style and layout, and the only difference between the first page and the second page is whether or not there is a menu function for permission verification.
[0009] Optionally, the client is configured to perform a polling mechanism: polling is performed at preset time intervals, and a preset permission time is allocated each time the polling is successful; if the USB-KEY device is detected to be unplugged within the preset permission time, the user is allowed to continue operating until the current preset permission time ends; if the USB-KEY device is not detected when the next polling time point is reached, the granting of permissions is terminated.
[0010] Optionally, the polling mechanism is configured to poll 6 times per hour, and the preset permission time is 10 minutes.
[0011] Secondly, this application provides an authentication method based on a USB-KEY device, wherein the USB-KEY device records relevant information of the user's USB-KEY and the user number specified by the USB-KEY, and stores a permission verification and registration program for loading by a client; the authentication method is applied to a computer device acting as a client, and the authentication method includes: Responding to the address entered by the user on the web page, redirect to the login page; In response to the username and password information entered by the user on the login page, the user is logged into the first page, which does not provide menu functions without USB-KEY permission verification. Once the user inserts the USB-KEY device corresponding to their account into the USB port of the client, a pop-up window asks the user whether to start the permission verification and registration program. After the user confirms, the permission verification and registration program is loaded and run, and the user number specified by the USB-KEY is read and sent to the server for verification. Receive the permission verification result returned by the server, refresh the client page according to the permission verification result. If the permission verification fails, the first page will remain; if the permission verification succeeds, the second page will be displayed. The second page and the first page are pages within the same web application. The second page displays an additional menu function on the basis of the first page, allowing users to use USB-KEY permission verification. A polling mechanism is executed periodically to rerun the permission verification and registration process. If the server continues to grant permissions, the user is allowed to continue using the USB-KEY permission verification menu function. If the server does not continue to grant permissions, the user is not allowed to use the USB-KEY permission verification menu function, and the user will receive a prompt to verify permissions and try again when operating the functions on the second page.
[0012] Optionally, the USB-KEY device uses a USB flash drive as a carrier.
[0013] Optionally, the first page and the second page have a similar style and layout, and the only difference between the first page and the second page is whether or not there is a menu function for permission verification.
[0014] Optionally, the polling mechanism is executed at preset time intervals. Each successful poll allocates a preset permission time to the user. If the user removes the USB-KEY device from the client's USB port within the preset permission time, the client will allow the user to continue operating until the current preset permission time ends. In the next poll, if the client cannot scan for a USB-KEY device that has been verified, it cannot grant permissions to the user's account. In this case, the second page will not allow the user to use the USB-KEY permission verification menu function.
[0015] Optionally, the polling mechanism is to poll 6 times per hour, that is, to register the USB-KEY 6 times, and the preset permission time is 10 minutes.
[0016] Compared with the prior art, this application has at least the following beneficial effects: This application utilizes a USB-KEY device as the authentication carrier. This USB-KEY device records authentication information related to the user's identity and a designated user ID. Combined with a permission verification and registration program that does not require installation on the client side, it achieves plug-and-play functionality, low cost, and ease of maintenance and expansion. By employing a dual mechanism combining account password verification and USB-KEY hardware authentication, and storing the permission verification and registration program in the USB-KEY device while dynamically managing permission status through periodic polling, this application achieves comprehensive technical benefits, including significantly improved identity authentication security, simplified client installation and maintenance processes, optimized user experience, reduced hardware and maintenance costs, enhanced system scalability, and strengthened real-time monitoring and management capabilities. Attached Figure Description
[0017] Figure 1 A schematic diagram of an application environment for an authentication method based on a USB-KEY device provided in this application embodiment; wherein, 101, USB-KEY device; 102, client; 103, server; Figure 2 This is a flowchart illustrating an identity authentication method based on a USB-KEY device, provided in an embodiment of this application. Detailed Implementation
[0018] Current identity authentication technologies still have unresolved issues regarding convenience, cost control, and maintainability and scalability. A more efficient, low-cost, and easily maintainable and scalable identity authentication method is needed to meet the growing demands for cybersecurity.
[0019] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application.
[0020] In the description of this application: unless otherwise stated, the terms "first," "second," "third," etc., are intended to distinguish the objects they refer to and do not have any special meaning in terms of technical connotation (e.g., they should not be construed as an emphasis on importance or order). Expressions such as "comprising," "including," and "having" also mean "not limited to" (certain units, components, materials, steps, etc.).
[0021] In one embodiment, this application provides an authentication method based on a USB-KEY device, aiming to solve the problems in existing authentication technologies, such as security vulnerabilities in account passwords, the need for hardware authentication devices to install dedicated drivers or authentication software on the client side, complex installation, high hardware and maintenance costs, and difficulty in maintenance and expansion. The operating environment of this authentication method is referenced. Figure 1 The authentication method is applied to the computer device acting as client 102. The USB-KEY device 101 records relevant information about the user's USB-KEY and the user number specified by the USB-KEY, and stores a permission verification registration program for client 102 to load.
[0022] In this embodiment, client 102 has a web page login system and a menu function for USB-KEY permission verification. The user opens a web browser on their computer, enters the system address to access the login page, and enters their username and password to log in. At this point, the menu function requiring permission verification is not visible. The user needs to insert the USB-KEY device 101 corresponding to their account into the computer's USB port to start the permission verification registration program. When the program returns a successful permission verification, the page is refreshed, and the menu function requiring permission verification will then be displayed.
[0023] Server 103 has account login and USB-KEY menu access verification functions. The account login function of server 103 records the user's account, password, and user ID. The USB-KEY menu access verification function records the user's USB-KEY information and the user ID assigned to the USB-KEY. Only when the user actively inserts the USB-KEY device 101 into the current computer, completes access verification, and logs into the system can they use higher-level menu functions. If the USB-KEY device 101 is not actively inserted into the current computer when logging into the system, or if the USB-KEY device 101 is unplugged during system use, higher-level menu functions will be unavailable, ensuring data security.
[0024] refer to Figure 2 The authentication method includes the following steps S1 to S5.
[0025] S1 responds to the address entered by the user through the web page and redirects to the login page.
[0026] S2, responding to the account and password information entered by the user on the login page, logs into the first page, which does not provide menu functions without USB-KEY authentication permission verification.
[0027] S3, after the user inserts the USB-KEY device 101 corresponding to their account into the USB interface of the client 102, the permission verification and registration program stored in the USB-KEY device 101 is loaded and run, the relevant information of the USB-KEY and the user number specified by the USB-KEY are read and sent to the server 103 for verification.
[0028] In one embodiment, when a user inserts the USB-KEY device 101 corresponding to their account into the USB port of the client 102, the system will automatically detect the insertion and display a prompt window asking the user whether to start the permission verification and registration process. The user can start the process by clicking the OK button or click the Cancel button to temporarily skip this step.
[0029] S4. Receive the permission verification result returned by the server 103, refresh the client page according to the permission verification result. If the permission verification fails, the first page will remain; if the permission verification succeeds, the second page will be displayed. The second page displays and allows the user to use the USB-KEY permission verification menu function.
[0030] In this embodiment, the distinction between the first page and the second page lies solely in whether or not a menu function for permission verification is provided; it does not impose specific limitations on the overall layout, functional modules, or user interface design of the pages. For example, the first page and the second page can have a similar visual style and layout, except that the second page will display additional menu functions related to permission verification after USB-KEY permission verification, while the first page will not provide these functions. This page distinction is solely for clarifying whether the user has completed identity authentication and permission verification, and does not restrict other functions or designs of the pages.
[0031] S5. Periodically execute the polling mechanism and run the permission verification and registration program again. If the server 103 continues to grant permissions, then allow the user to continue using the USB-KEY permission verification menu function; otherwise, do not allow the user to use the USB-KEY permission verification menu function.
[0032] In one embodiment, the polling mechanism executes at preset time intervals, allocating a preset permission time to the user upon each successful poll. If the user removes the USB-KEY device 101 from the USB port of the client 102 within the preset permission time, the client 102 will allow the user to continue operating until the current preset permission time expires. During the next poll, if the client 102 cannot scan for a verified USB-KEY device 101, it cannot grant further permissions to the user's account, and the second page will not allow the user to use the USB-KEY permission verification menu function.
[0033] In this embodiment, the system periodically checks the connection status of the USB-KEY device 101 and determines whether to continue granting permissions to the user based on whether the USB-KEY device 101 is connected. If the user unplugs the USB-KEY device 101 within the preset permission time, the user can still continue operating until the current preset permission time expires. In the next polling, if the system does not detect the USB-KEY device 101, permission verification cannot continue, and the second page will restrict the user's use of the permission verification menu functions.
[0034] In this embodiment, disallowing (restricting) the user's use of the USB-KEY permission verification menu function specifically means that the user will receive a prompt "Please verify permission and try again" when operating the function on the second page. This prompt clearly informs the user that permission verification has not been obtained through interface interaction, thereby restricting the use of the permission verification menu function. However, this application is not limited to this method. For example, when the user attempts to access the permission verification menu function, the relevant function option can be directly set to an unclickable state, or a dialog box can pop up when the user clicks, clearly informing the user "Permission verification has not been obtained and the function cannot be used." Furthermore, the system can automatically record the number of failed permission verification attempts and send a warning message to the user after a certain number of attempts.
[0035] The "Please verify your permissions and try again" prompt described in this embodiment is merely an example and not the only limitation of this application. The core of this application lies in controlling user access permissions to specific functions through the authentication mechanism of the USB-KEY device 101, and the specific implementation method can be flexibly adjusted according to actual application scenarios and needs.
[0036] In this embodiment, users can unplug the USB-KEY device 101 within the authorized time without immediately losing access. The system ensures that the USB-KEY device 101 is always connected by periodic polling, preventing unauthorized use. Even if the user temporarily unplugs the USB-KEY device 101 (for example, if the user accidentally unplugs the wrong USB drive), the operation will not be interrupted immediately, avoiding the inconvenience caused by frequent access verification.
[0037] In one embodiment, the system's permission verification uses a polling mechanism, polling 6 times per hour, meaning the USB-KEY is registered 6 times, with each registration lasting 10 minutes. When the customer removes the USB-KEY device 101 from the computer's USB port, the system still allows the customer some time to operate. The next time the system requests registration from the server, if it cannot find a verified USB-KEY device 101, it will be unable to grant permissions to the user's account. At this point, the user's interface will display a user-friendly message: "Please try again after permission verification."
[0038] In this embodiment, the system periodically (every hour in this embodiment, but users can set it according to specific circumstances) automatically checks the permission status. Each time it checks, it will re-register and verify permissions, and each time registration is successful, the permission time will be extended by 10 minutes.
[0039] Assuming the user completes the initial USB-KEY permission verification at 10:00 AM, the system will run a polling mechanism as follows.
[0040] Initial permission verification: If the user completes permission verification at 10:00, the system will grant initial permission time (assuming it is 10 minutes), meaning the permission will be valid until 10:10.
[0041] First poll: The system conducts its first poll at 10:10, exactly 10 minutes after the last permission verification. After a successful poll, the system registers and verifies permissions again, extending the permission validity period by 10 minutes, meaning the new permissions are valid until 10:20.
[0042] Second polling: The system will conduct a second poll at 10:20. After a successful poll, the user will be registered and their permissions verified again, with the validity period extended by 10 minutes. The new permissions will be valid until 10:30.
[0043] Third poll: The system will conduct a third poll at 10:30. After a successful poll, the user will be registered and their permissions verified again, and the validity period will be extended by 10 minutes. The new permissions will be valid until 10:40.
[0044] Fourth poll: The system will conduct the fourth poll at 10:40. After the poll is successful, the user will be registered and the permissions will be verified again, with the validity period extended by 10 minutes. The new permissions will be valid until 10:50.
[0045] Fifth poll: The system will conduct the fifth poll at 10:50. After the poll is successful, the user will be registered and the permissions will be verified again, with the validity period extended by 10 minutes. The new permissions will be valid until 11:00.
[0046] Sixth poll: The system will conduct the sixth poll at 11:00. After the poll is successful, the user will be registered and the permissions will be verified again, with the validity period extended by 10 minutes. The new permissions will be valid until 11:10.
[0047] The system polls six times per hour, extending the access time by 10 minutes after each successful poll. This mechanism ensures that users have valid access time throughout the entire hour, and the access time is refreshed with each poll to prevent users from being interrupted due to access verification timeout.
[0048] In this embodiment, addressing the security vulnerabilities of account passwords in existing identity authentication technologies, this application introduces hardware authentication to effectively prevent risks arising from password leakage or unauthorized account access. Simultaneously, the built-in permission verification and registration program of the USB-KEY device 101 avoids the need for clients to install complex drivers or authentication software, reducing hardware and maintenance costs. Furthermore, the periodic polling mechanism and flexible permission time management allow users to continue operating the system even after unplugging the device within the permission time until the time expires, improving the user experience and enhancing the system's real-time monitoring and management capabilities. This ensures that users can only access the permission verification menu functions when the device is connected and permission verification is valid, further guaranteeing system security.
[0049] In one embodiment, this application also provides a USB-KEY device 101, which includes a storage module and a communication interface. The storage module records information related to the user's USB-KEY and the user ID specified by the USB-KEY, and stores a permission verification and registration program for loading by a client. The communication interface is used to connect to the client's USB interface.
[0050] When the USB-KEY device 101 is inserted into the USB interface of the client 102, the client 102 automatically performs the following steps: loads and runs the permission verification and registration program stored in the USB-KEY device 101; reads the relevant information of the USB-KEY and the user number specified by the USB-KEY and sends them to the server 103 for verification; receives the permission verification result returned by the server 103; refreshes the client page according to the permission verification result; if the permission verification fails, the first page remains unchanged; if the permission verification succeeds, the second page is displayed, which displays and allows the user to use the menu function of USB-KEY permission verification; periodically executes a polling mechanism to run the permission verification and registration program again; if the server 103 continues to grant permission verification, the user continues to use the menu function of USB-KEY permission verification; otherwise, the user is not allowed to use the menu function of USB-KEY permission verification.
[0051] The USB-KEY device 101 also includes a control program, which triggers the client 102 to automatically execute the above steps (running the permission verification and registration program, periodically executing the polling mechanism, etc.).
[0052] In one embodiment, after the user inserts the USB-KEY device 101 corresponding to their account into the USB interface, a pop-up window asks the user whether to start the permission verification registration process. After the user confirms, the verification is then performed on the server 103.
[0053] In one embodiment, the polling mechanism is executed at a preset time interval. Each successful poll allocates a preset permission time to the user. If the user removes the USB-KEY device 101 from the USB interface of the client 102 within the preset permission time, the client 102 will allow the user to continue operating until the current preset permission time ends. In the next poll, if the client 102 cannot scan for a USB-KEY device 101 that has been verified, it cannot grant permissions to the user's account. At this time, the second page will not allow the user to use the USB-KEY permission verification menu function.
[0054] In one embodiment, the polling mechanism is to poll 6 times per hour, i.e., register the USB-KEY 6 times, and the preset permission time is 10 minutes.
[0055] In one embodiment, the menu function that prevents users from using USB-KEY permission verification specifically means that when a user operates a function on the second page, they will receive a prompt asking them to verify their permissions and try again.
[0056] When logging into the system, different users have different access permissions to menu functions. Simple menu permission management based on data structures cannot meet account security needs; that is, knowing someone else's account and password allows them to log in and use that account's functions. To limit this and further improve the security of system functions, this application introduces a USB-KEY digital certificate mechanism into the system. When a user enters their account and password to log in, they need to insert the account-bound USB-KEY device 101 into the current computer and start the program to complete permission verification. Only after successful permission verification can they use menu functions with higher permissions. Compared with existing technologies, this application has at least the following beneficial effects.
[0057] Based on further analysis and research into the problems of existing technologies, this application recognizes that traditional identity authentication methods relying on accounts and passwords have many security vulnerabilities, and that existing hardware-based identity authentication schemes mostly suffer from complex client installation, high hardware costs, and insufficient maintenance and scalability. Therefore, this application uses a USB-KEY device 101 as the authentication carrier. This USB-KEY device 101 records authentication information related to the user's identity and a designated user number. Combined with a permission verification and registration program that does not require installation on the client 102, it achieves the effects of plug-and-play, low cost, and ease of maintenance and scalability.
[0058] Furthermore, by adopting an authentication method based on the USB-KEY device 101, combining a dual mechanism of account password verification and USB-KEY hardware authentication, and storing the permission verification registration program in the USB-KEY device 101 and using a periodic polling mechanism to dynamically manage the permission status, a comprehensive technical effect is achieved, which significantly improves the security of identity authentication, simplifies the client installation and maintenance process, optimizes the user experience, reduces hardware and maintenance costs, enhances system scalability, and strengthens real-time monitoring and management capabilities.
[0059] This application also detects the connection status of the USB-KEY device 101 by periodically executing a polling mechanism and communicates with the server to extend the preset permission time or prompt the user to re-verify the permission, thereby further enhancing the security of identity authentication and user experience.
[0060] Furthermore, this application has low equipment requirements; an inexpensive USB flash drive can be used as a USB-KEY carrier.
[0061] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this specification.
Claims
1. A USB-KEY device, characterized in that, It includes a storage module and a communication interface; the storage module records relevant information about the user's USB-KEY and the user number specified by the USB-KEY, and stores a permission verification and registration program for the client to load; the communication interface is used to connect to the client's USB interface; The USB-KEY device is configured to: trigger a pop-up prompt window on the client when the USB port of the client is plugged in, asking the user whether to start the permission verification and registration program; and after receiving the user's confirmation to start the program, cause the client to load and run the permission verification and registration program. The permission verification and registration program is configured to: read the user ID specified by the USB-KEY and send it to the server for verification; After successful verification on the server side, the client refreshes the first page to the second page within the same web application; the first page does not provide menu functionality without USB-KEY permission verification, while the second page additionally displays menu functionality with USB-KEY permission verification. In addition, when the polling mechanism is executed periodically, if the server does not continue to grant permissions, the client will restrict the use of relevant menu functions and output a prompt asking for permission verification before trying again.
2. The USB-KEY device according to claim 1, characterized in that, The USB-KEY device uses a USB flash drive as its hardware carrier.
3. The USB-KEY device according to claim 1, characterized in that, The first page and the second page have a similar style and layout. The only difference between the first page and the second page is whether or not there is a menu function that requires permission verification.
4. The USB-KEY device according to claim 1, characterized in that, The client is configured to perform a polling mechanism: polling is performed at preset time intervals, and a preset permission time is allocated each time a poll is successful; If the USB-KEY device is detected to be unplugged within the preset permission time, the user is allowed to continue operating until the current preset permission time ends. If the USB-KEY device is not detected when the next polling time is reached, the granting of permissions will be terminated.
5. The USB-KEY device according to claim 4, characterized in that, The polling mechanism is configured to poll 6 times per hour, and the preset permission time is 10 minutes.
6. An authentication method based on a USB-KEY device, characterized in that, The USB-KEY device records relevant information about the user's USB-KEY and the user ID specified by the USB-KEY, and stores a permission verification and registration program for the client to load; the authentication method is applied to the computer device acting as the client, and the authentication method includes: Responding to the address entered by the user on the web page, redirect to the login page; In response to the username and password information entered by the user on the login page, the user is logged into the first page, which does not provide menu functions without USB-KEY permission verification. Once the user inserts the USB-KEY device corresponding to their account into the USB port of the client, a pop-up window asks the user whether to start the permission verification and registration program. After the user confirms, the permission verification and registration program is loaded and run, and the user number specified by the USB-KEY is read and sent to the server for verification. Receive the permission verification result returned by the server, refresh the client page according to the permission verification result. If the permission verification fails, the first page will remain; if the permission verification succeeds, the second page will be displayed. The second page and the first page are pages within the same web application. The second page displays an additional menu function on the basis of the first page, allowing users to use USB-KEY permission verification. A polling mechanism is executed periodically to rerun the permission verification and registration process. If the server continues to grant permissions, the user is allowed to continue using the USB-KEY permission verification menu function. If the server does not continue to grant permissions, the user is not allowed to use the USB-KEY permission verification menu function, and the user will receive a prompt to verify permissions and try again when operating the functions on the second page.
7. The authentication method based on a USB-KEY device according to claim 6, characterized in that, The USB-KEY device uses a USB flash drive as its carrier.
8. The authentication method based on a USB-KEY device according to claim 6, characterized in that, The first page and the second page have a similar style and layout. The only difference between the first page and the second page is whether or not there is a menu function that requires permission verification.
9. The authentication method based on a USB-KEY device according to claim 6, characterized in that, The polling mechanism is executed at a preset time interval. Each time a poll is successful, a preset permission time is allocated to the user's operation. If the user removes the USB-KEY device from the client's USB port within the preset permission time, the client will allow the user to continue operating until the current preset permission time expires; If the client cannot find a USB-KEY device that has been verified during the next polling, it will be unable to grant permissions to the user's account. In this case, the second page will not allow the user to use the USB-KEY permission verification menu function.
10. The authentication method based on a USB-KEY device according to claim 9, characterized in that, The polling mechanism is to poll 6 times per hour, that is, to register the USB-KEY 6 times, and the preset permission time is 10 minutes.