CN103248487B - Near-field communication authentication method, certificate authority and near-field communication equipment - Google Patents
Near-field communication authentication method, certificate authority and near-field communication equipment Download PDFInfo
- Publication number
- CN103248487B CN103248487B CN201310155677.8A CN201310155677A CN103248487B CN 103248487 B CN103248487 B CN 103248487B CN 201310155677 A CN201310155677 A CN 201310155677A CN 103248487 B CN103248487 B CN 103248487B
- Authority
- CN
- China
- Prior art keywords
- field communication
- communication equipment
- key
- authentication
- authentication request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 459
- 238000000034 method Methods 0.000 title claims abstract description 41
- 102000003745 Hepatocyte Growth Factor Human genes 0.000 claims abstract description 69
- 108090000100 Hepatocyte Growth Factor Proteins 0.000 claims abstract description 69
- 230000002452 interceptive effect Effects 0.000 claims abstract description 15
- 230000005540 biological transmission Effects 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 8
- 230000004044 response Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 3
- 239000006185 dispersion Substances 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention provides a kind of near-field communication authentication method, certificate authority and near-field communication equipment, method comprises: certificate authority obtains the current scatter factor of near-field communication equipment, and the described current scatter factor comprises the device identification of near-field communication equipment and current more new logo; The master key utilizing this locality to prestore and the described current scatter factor, obtain multiple current key of described near-field communication equipment; Send described multiple current key to described near-field communication equipment, carry out interactive authentication to make described near-field communication equipment.The present invention obtains the current key of near-field communication equipment according to the master key stored by certificate authority, and send current key to near-field communication equipment, the scheme of interactive authentication is carried out according to multiple current key and other near-field communication equipments to make near-field communication equipment, solve the master key be stored in near-field communication equipment in prior art to be easily cracked the safety problem caused, thus effectively improve the fail safe of near-field communication.
Description
Technical field
The present invention relates to the communications field, particularly relate to a kind of near-field communication authentication method, certificate authority and near-field communication equipment.
Background technology
Along with the equipment possessing near field communication (NFC) function is popularized gradually, realize transfer of data between equipment also all the more frequent by near-field communication.How guaranteeing the fail safe of near-field communication, is the problem needing in current near-field communication technology evolution to solve.
For this reason, existing solution is, by the task equipment of business hall, master key is pre-deposited each equipment, after this, when needing to carry out communication interaction between each equipment, then according to the described master key pre-deposited in this equipment and the random number being set in advance in the randomizer generation in this equipment, the session key of each communication can be produced by specific key decentralized algorithm, thus realize being encrypted the communication data between equipment, ensure the fail safe of near-field communication.
But, in above-mentioned existing scheme, master key for generation of the session key be encrypted communication data is pre-stored in equipment this locality, its possibility be cracked is very large, even described master key is cracked, then generate according to described master key, and the fail safe for the session key of encryption of communicated data will cannot ensure equally, therefore, still there is very large potential safety hazard in the program.
Summary of the invention
The invention provides a kind of near-field communication authentication method, certificate authority and near-field communication equipment, for solving in existing near-field communication technology, the safety problem that the master key in near-field communication equipment is easily cracked and causes.
On the one hand, the invention provides a kind of near-field communication authentication method, comprising:
Certificate authority obtains the current scatter factor of near-field communication equipment, and the described current scatter factor comprises the device identification of described near-field communication equipment and current more new logo;
The master key utilizing this locality to prestore and the described current scatter factor, obtain multiple current key of described near-field communication equipment;
Send described multiple current key to described near-field communication equipment, carry out interactive authentication to make described near-field communication equipment according to described multiple current key and other near-field communication equipments.
On the other hand, the invention provides a kind of certificate authority, comprising:
Acquisition module, for obtaining the current scatter factor of near-field communication equipment, the described current scatter factor comprises the device identification of described near-field communication equipment and current more new logo;
Processing module, also for the master key that utilizes this locality to prestore and the described current scatter factor, obtains multiple current key of described near-field communication equipment;
Sending module, for sending described multiple current key to described near-field communication equipment, carries out interactive authentication to make described near-field communication equipment according to described multiple current key and other near-field communication equipments.
Another aspect, the invention provides another kind of near-field communication authentication method, comprising:
Multiple current key that near-field communication equipment acceptance certificate authorization center sends, the current scatter factor of described multiple current key master key that to be described certificate authority prestore according to this locality and described near-field communication equipment obtains, and the described current scatter factor comprises the device identification of described near-field communication equipment and current more new logo;
Send the second authentication request to another near-field communication equipment, described second authentication request comprises one of described multiple current key and the device identification of described near-field communication equipment, carries out certification to make another near-field communication equipment to described near-field communication equipment.
Another aspect, the invention provides a kind of near-field communication equipment, comprising:
Receiver module, for multiple current key that acceptance certificate authorization center sends, the current scatter factor of described multiple current key master key that to be described certificate authority prestore according to this locality and described near-field communication equipment obtains, and the described current scatter factor comprises the device identification of described near-field communication equipment and current more new logo;
Sending module, for sending the second authentication request to another near-field communication equipment, described second authentication request comprises one of described multiple current key and the device identification of described near-field communication equipment, carries out certification to make another near-field communication equipment to described near-field communication equipment.
Near-field communication authentication method provided by the invention, certificate authority and near-field communication equipment, by the master key being used for obtaining near-field communication equipment current key is stored in certificate authority, the current key of described near-field communication equipment is obtained according to described master key, and send described current key to described near-field communication equipment, the technical scheme of interactive authentication is carried out according to described multiple current key and other near-field communication equipments to make described near-field communication equipment, solve in prior art the master key be stored in near-field communication equipment to be easily cracked and the safety problem caused, the fail safe of effective raising near-field communication.
Accompanying drawing explanation
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 1 provides for the embodiment of the present invention one;
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 2 provides for the embodiment of the present invention two;
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 3 provides for the embodiment of the present invention three;
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 4 provides for the embodiment of the present invention four;
The structural representation of a kind of certificate authority that Fig. 5 provides for the embodiment of the present invention six;
The structural representation of a kind of near-field communication equipment that Fig. 6 provides for the embodiment of the present invention seven.
Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described.
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 1 provides for the embodiment of the present invention one, as shown in Figure 1, described method comprises:
101, certificate authority obtains the current scatter factor of near-field communication equipment, and the described current scatter factor comprises the device identification of described near-field communication equipment and current more new logo.
Wherein, current more new logo is in the same time not different, concrete, described current more new logo can be the mark corresponding with current time, such as, if current time is 02 month 21 12 o'clock sharp in 2013, then described current renewal is designated 201302211200, again such as, if current time is 2013 02 month 11: 40 on the 21st, then described current renewal is designated 201302211140; Further, the current scatter factor can be the simple combination of device identification and current more new logo, such as, if device identification is abc123, current renewal is designated 201302211140, the current scatter factor that then described certificate authority obtains can be abc123201302211140, just a kind of concrete execution mode that citing provides, and does not limit other execution mode.
Concrete, 101 can comprise: the current scatter factor periodically obtaining described near-field communication equipment; Or,
According to the key request of described near-field communication equipment, obtain the current scatter factor of described near-field communication equipment.
The scene of this execution mode is, certificate authority periodically obtains the current scatter factor of described near-field communication equipment, or, certificate authority is according to the key request of described near-field communication equipment, obtain the current scatter factor of described near-field communication equipment, or further, certificate authority is on the basis of the current scatter factor periodically obtaining described near-field communication equipment, according to the key request of described near-field communication equipment, the current scatter factor of described near-field communication equipment can also be obtained.
It should be noted that, in the first above-mentioned scene, described near-field communication equipment is identical with the current more new logo in the current scatter factor of another near-field communication equipment, concrete, the execution cycle of 101 can be determined according to need of work, and such as, getting the described cycle is 30 minutes.It should be noted that equally, the described acquisition current scatter factor in various embodiments of the present invention all represents, obtain the current scatter factor according to device identification and current more new logo, optionally, described current more new logo is corresponding with current time.
102, the master key utilizing this locality to prestore and the described current scatter factor, obtain multiple current key of described near-field communication equipment.
Concrete, 102 can comprise: according to described master key and the described current scatter factor, disperse algorithm by China's finance integrated circuit card specification (the being called for short PBOC2.0 in the industry) key of standard and carry out two-stage scatter operation, obtain multiple current key of described near-field communication equipment.
103, send described multiple current key to described near-field communication equipment, carry out interactive authentication to make described near-field communication equipment according to described multiple current key and other near-field communication equipments.
Concrete, describedly send described multiple current key to described near-field communication equipment and can comprise: send described multiple current key by over the air (OvertheAirTechnology is called for short OTA) to described near-field communication equipment.
Wherein, the current scatter factor that described certificate authority obtains according to current more new logo, can be called the current scatter factor corresponding with described current more new logo; Accordingly, according to the current key that this current dispersion factor obtains, the current key corresponding with described current more new logo can be called.
The near-field communication authentication method that the present embodiment provides, by the master key being used for obtaining near-field communication equipment current key is stored in certificate authority, the current key of near-field communication equipment is obtained according to described master key, and send described current key to described near-field communication equipment, the technical scheme of interactive authentication is carried out according to described multiple current key and other near-field communication equipments to make described near-field communication equipment, solve in prior art the master key be stored in near-field communication equipment to be easily cracked and the safety problem caused, the fail safe of effective raising near-field communication.
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 2 provides for the embodiment of the present invention two, as shown in Figure 2, the near-field communication authentication method according to embodiment one, after 103, can also comprise:
201, the first authentication request that described near-field communication equipment sends is received, described first authentication request is that another near-field communication equipment sends to described near-field communication equipment, and described first authentication request comprises the device identification of described first key to be certified and another near-field communication equipment described.
Whether be multiple current key of described another near-field communication equipment one of, carry out certification, obtain the first authentication result to another near-field communication equipment described if 202, passing through to detect described first key to be certified.
Wherein, multiple current key of another near-field communication equipment described can be pre-stored in described certificate authority, or, can by described certificate authority when receiving described first authentication request, the master key stored according to this locality and the current scatter factor of another near-field communication equipment described obtain.
In rear a kind of execution mode, the enforcement scene of 101 can be, certificate authority periodically obtains the current scatter factor of described near-field communication equipment, or, certificate authority is according to the key request of described near-field communication equipment, obtain the current scatter factor of described near-field communication equipment, or further, certificate authority is on the basis of the current scatter factor periodically obtaining described near-field communication equipment, according to the key request of described near-field communication equipment, the current scatter factor of described near-field communication equipment can also be obtained.Concrete, when enforcement scene when 101 is latter two enforcement scene, in the rear in a kind of execution mode, described certificate authority all can obtain the current scatter of near-field communication equipment because of the period of the day from 11 p.m. to 1 a.m, the current more new logo that the current scatter factor pair preserving described near-field communication equipment is answered.
203, described first authentication result is returned to described near-field communication equipment.
Optionally, after 103, can also comprise:
Initialization is the counting of the read-around ratio of authentification failure to described first authentication result;
Accordingly, after 202, can also comprise:
If the read-around ratio that described first authentication result is authentification failure is greater than default threshold value, then obtain the current scatter factor of another near-field communication equipment described;
Utilize the local master key of storage and the current scatter factor of another near-field communication equipment described, obtain multiple current key of another near-field communication equipment described;
Send multiple current key of another near-field communication equipment described to another near-field communication equipment described, and the first authentication result described in initialization is the counting of the read-around ratio of authentification failure.
Described threshold value can be determined according to actual needs, and such as, getting described threshold value is 5.
The application scenarios of present embodiment is, if the read-around ratio of certificate authority to certain near-field communication equipment authentification failure is greater than certain value, namely represent that the current key of this near-field communication equipment exists by the possibility attempting to crack, then described certificate authority obtains the current scatter factor of this near-field communication equipment, and sends to this near-field communication equipment according to this current dispersion factor acquisition current key.
The near-field communication authentication method that the present embodiment provides passes through, certificate authority is according to the authentication request of the near-field communication equipment received, whether be one of multiple current key of this near-field communication equipment by the key to be certified detected in described authentication request, realize carrying out certification to near-field communication equipment, and when the read-around ratio of authentification failure is greater than default threshold value, regain the technical scheme of the current key of this near-field communication equipment, the possibility that the key of effective this near-field communication equipment of reduction is cracked, thus the fail safe improving near-field communication further.
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 3 provides for the embodiment of the present invention three, as shown in Figure 3, the near-field communication authentication method according to embodiment one, after 103, can also comprise:
301, the key call request that described near-field communication equipment sends is received, described key call request is that described near-field communication equipment sends after the first authentication request receiving the transmission of another near-field communication equipment, and described first authentication request comprises the device identification of the first key to be certified and another near-field communication equipment described;
302, send described master key to described near-field communication equipment, according to described master key and described first authentication request, certification is carried out to another near-field communication equipment described to make described near-field communication equipment.
Optionally, after 302, can also comprise:
Receive the key updating request of carrying the device identification of another near-field communication equipment described that described near-field communication equipment sends, described key updating request is that described near-field communication equipment sends after being greater than default threshold value to the read-around ratio of another near-field communication equipment authentification failure described;
According to described key updating request, obtain the current scatter factor of another near-field communication equipment described;
Utilize the local master key of storage and the current scatter factor of another near-field communication equipment described, obtain multiple current key of another near-field communication equipment described;
Multiple current key of another near-field communication equipment described are sent to another near-field communication equipment described.
The near-field communication authentication method that the present embodiment provides passes through, certificate authority is when receiving the key call request that near-field communication equipment sends according to the authentication request of another near-field communication equipment received, the local master key stored is sent to described near-field communication equipment, thus make described near-field communication equipment carry out certification to another near-field communication equipment, and described near-field communication equipment sends when detecting and being greater than default threshold value to the read-around ratio of another near-field communication equipment authentification failure receiving, when comprising the key updating request of the device identification of another near-field communication equipment described, obtain the current key of described near-field communication equipment and send to the technical scheme of another near-field communication equipment described, the possibility that the key of effective this near-field communication equipment of reduction is cracked, thus improve the fail safe of near-field communication further.
Optionally, the near-field communication authentication method according to above-mentioned any embodiment, before 103, can also comprise:
Key instruction is sent to described near-field communication equipment;
Accordingly, 103 specifically can comprise:
If receive the key response that described near-field communication equipment returns according to described key instruction in the Preset Time after the instruction of described transmission key, then send described multiple current key to described near-field communication equipment.
Present embodiment is passed through, when receiving the key response returned in the Preset Time of near-field communication equipment after the key instruction receiving certificate authority transmission, the execution mode of current key is then sent to this near-field communication equipment, the current reiving/transmitting state of near-field communication equipment is detected in advance, thus effectively ensures the success rate that key sends.
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 4 provides for the embodiment of the present invention four, as shown in Figure 4, described method comprises:
401, multiple current key of near-field communication equipment acceptance certificate authorization center transmission, the current scatter factor of described multiple current key master key that to be described certificate authority prestore according to this locality and described near-field communication equipment obtains, and the described current scatter factor comprises the device identification of described near-field communication equipment and current more new logo.
In actual applications, described current key can be stored in the security module of equipment of itself by described near-field communication equipment, it should be noted that, the equipment of distinct device type, its security module may be different, concrete example, the security module of described near-field communication equipment can for being arranged on the smart card in described near-field communication equipment.
402, send the second authentication request to another near-field communication equipment, described second authentication request comprises one of described multiple current key and the device identification of described near-field communication equipment, carries out certification to make another near-field communication equipment to described near-field communication equipment.
Optionally, after 402, can also comprise:
Receive the first authentication request comprising the device identification of the first key to be certified and another near-field communication equipment described that another near-field communication equipment described sends, described first authentication request is that another near-field communication equipment described sends after to described near-field communication equipment authentication success;
According to described first authentication request, certification is carried out to another near-field communication equipment described;
If to the authentication success of another near-field communication equipment described, then connect with another near-field communication equipment described.
Usually, two near-field communication equipments before a connection is established, first need carry out mutual certification, if certification is all successful mutually, then connect.
In an embodiment of the present embodiment, describedly according to described first authentication request, certification is carried out to another near-field communication equipment described, specifically can comprise:
Described first authentication request is sent to described certificate authority, and receiving the first authentication result that described certificate authority returns, described first authentication result returns after described certificate authority carries out certification according to described first authentication request to another near-field communication equipment described.
Concrete, certificate authority carries out the detailed process of certification to near-field communication equipment, and similar to the related content in embodiment one, the present embodiment does not repeat them here.
In the another kind of execution mode of the present embodiment, describedly according to described first authentication request, certification is carried out to another near-field communication equipment described, specifically can comprise:
Send key call request to described certificate authority, and the described master key returned according to described certificate authority and described first authentication request carry out certification to another near-field communication equipment described.
Optionally, under the present embodiment, described second authentication request can also comprise the current more new logo of described near-field communication equipment, and described first authentication request can also comprise the current more new logo of another near-field communication equipment described; The described described master key that returns according to described certificate authority and described first authentication request carry out certification to another near-field communication equipment described, specifically can comprise:
The described master key returned according to described certificate authority, the current more new logo of another near-field communication equipment described and described first authentication request, obtain multiple current key of another near-field communication equipment described, and whether be one of multiple current key of another near-field communication equipment described by detecting described first key to be certified, certification is carried out to another near-field communication equipment described.
In the present embodiment after 401, described near-field communication equipment can also according to receive described certificate authority send current key time current time, determine the current more new logo that the described current key of self is corresponding.Further, when carrying out certification to another near-field communication equipment described, using current more new logo corresponding for the current key of self as current more new logo corresponding to the current key of another near-field communication equipment described.Wherein, described near-field communication equipment receives the time of the current key that described certificate authority sends, generating with described certificate authority time that in the current key of the described near-field communication equipment current scatter factor used, current more new logo is corresponding, may to there is the regular hour poor, that is, there is certain error in the current more new logo that the current more new logo that self current key of determining of described near-field communication equipment is corresponding is actual corresponding with the current key of described near-field communication equipment.Further, described certificate authority generates time that in time that in the current key of the described near-field communication equipment current scatter factor used, current more new logo is corresponding current scatter factor used with the current key generating another near-field communication equipment described, current more new logo is corresponding, and may to there is the regular hour poor, there is certain error in the current more new logo that namely the actual corresponding current more new logo of the current key of described near-field communication equipment is actual corresponding with the current key of another near-field communication equipment described, therefore, in order to improve the accuracy of certification further, a time window can be preset, the i.e. error range of current more new logo.Corresponding, the described described master key that returns according to described certificate authority and described first authentication request carry out certification to another near-field communication equipment described, specifically can comprise:
According to current more new logo and the default time window of the described near-field communication equipment prestored, obtain multiple can certification more new logo, described can the value of certification more new logo be not less than described current more new logo and described default time window difference and be not more than described current more new logo and described default time window and;
According to the device identification of another near-field communication equipment described, described multiple can certification more new logo and described master key, obtaining the multiple of another near-field communication equipment described respectively can certification current key, and be whether that the multiple of another near-field communication equipment described can one of certification current key by detecting described first key to be certified, certification is carried out to another near-field communication equipment described.
Wherein, described time window can be determined according to need of work, such as, if described time window is 2 minutes, if then the current renewal of described near-field communication equipment is designated 201302211200, then obtain multiple can certification more new logo comprise 201302211158,201302211159,201302211200,201302211201 and 201302211202.
Optionally, the described described master key that returns according to described certificate authority and described first authentication request can also comprise after carrying out certification to another near-field communication described:
If be greater than default threshold value to the read-around ratio that the authentication result of another near-field communication described is authentification failure, then send the key updating request of the device identification of carrying another near-field communication equipment described to described certificate authority, upgrade the current key of another near-field communication equipment described to make described certificate authority according to described key updating request.
Wherein, described second authentication request can also comprise the current more new logo of described near-field communication equipment, and described first authentication request can also comprise the current more new logo of another near-field communication equipment described.
The application scenarios of above-mentioned steps can be, if the read-around ratio of near-field communication equipment to another near-field communication equipment authentification failure is greater than default threshold value, namely represent that the current key of this another near-field communication equipment exists by the possibility attempting to crack, then described near-field communication equipment upgrades the current key of this another near-field communication equipment to certificate authority request.
Optionally, in one embodiment, before 401, can also comprise:
Receive the key instruction that described certificate authority sends, and to described certificate authority " return " key" response.
Optionally, in another embodiment, before 401, can also comprise:
Send key request to certificate authority, obtain the current scatter factor of described near-field communication equipment to make described certificate authority according to described key request.
Under above-mentioned two kinds of execution modes, described second authentication request in the present embodiment can also comprise the current more new logo of described near-field communication equipment, and described first authentication request can also comprise the current more new logo of another near-field communication equipment described.
The near-field communication authentication method that the present embodiment provides, before connecting at near-field communication equipment and another near-field communication equipment, the authentication request comprising arbitrary current key received from certificate authority is in advance sent to another near-field communication equipment, and after the authentication request that another near-field communication equipment returns described in receiving, another near-field communication equipment described is carried out to the technical scheme of certification, realize first carrying out interactive authentication before near-field communication equipment connects, thus effectively improve the fail safe of near-field communication.
The embodiment of the present invention five provides another near-field communication authentication method, the near-field communication authentication method according to embodiment four, before 402, can also comprise:
Receive the first authentication request comprising the device identification of the first key to be certified and another near-field communication equipment described that another near-field communication equipment sends;
According to described first authentication request, certification is carried out to another near-field communication equipment described;
Then corresponding, 402 specifically comprise:
If to the authentication success of another near-field communication equipment described, then send described second authentication request to another near-field communication equipment described.
Concrete, above-mentioned steps can perform before 401, or performed before 402 after 401, and the present embodiment is not limited.Wherein, the described concrete grammar carrying out certification to another near-field communication equipment described according to described first authentication request is similar to the related content in embodiment four, therefore does not repeat them here.
Optionally, in the present embodiment, the described described master key that returns according to described certificate authority and described first authentication request can also comprise after carrying out certification to another near-field communication equipment described:
If the first authentication result is the read-around ratio of authentification failure be greater than described threshold value, then send the key updating request of the device identification of carrying another near-field communication equipment described to described certificate authority, upgrade the current key of another near-field communication equipment described to make described certificate authority according to described key updating request.
In the present embodiment, the idiographic flow of each execution mode is similar to the related content in foregoing embodiments, and the present embodiment does not repeat them here.
The near-field communication authentication method that the present embodiment provides, by the authentication request that near-field communication equipment sends according to another near-field communication equipment, after another near-field communication equipment authentication success described, according to the current key that this locality receives from certificate authority, the authentication request comprising arbitrary described current key is sent to another near-field communication equipment described, to realize another near-field communication equipment described to carry out interactive authentication technical scheme to described near-field communication equipment, effectively improve the fail safe of near-field communication.
The structural representation of a kind of certificate authority that Fig. 5 provides for the embodiment of the present invention six, as shown in Figure 5, described certificate authority comprises:
Acquisition module 51, for obtaining the current scatter factor of near-field communication equipment, the described current scatter factor comprises the device identification of described near-field communication equipment and current more new logo;
Processing module 52, also for the master key that utilizes this locality to prestore and the described current scatter factor, obtains multiple current key of described near-field communication equipment;
Sending module 53, for sending described multiple current key to described near-field communication equipment, carries out interactive authentication to make described near-field communication equipment according to described multiple current key and other near-field communication equipments.
Optionally, in an embodiment of the present embodiment, described certificate authority can also comprise:
First receiver module, for receiving the first authentication request that described near-field communication equipment sends, described first authentication request is that another near-field communication equipment sends to described near-field communication equipment, and described first authentication request comprises the device identification of described first key to be certified and another near-field communication equipment described;
Whether authentication module, for being one of multiple current key of another near-field communication equipment described by detecting described first key to be certified, carrying out certification to another near-field communication equipment described, obtaining the first authentication result;
Sending module 53, also for returning described first authentication result to described near-field communication equipment.
Under the present embodiment, processing module 52 is also the counting of the read-around ratio of authentification failure to described first authentication result for initialization;
Acquisition module 51, if the read-around ratio being also authentification failure for described first authentication result is greater than default threshold value, then obtains the current scatter factor of another near-field communication equipment described;
Processing module 52, also for utilizing the local master key of storage and the current scatter factor of another near-field communication equipment described, obtains multiple current key of another near-field communication equipment described;
Sending module 53, also for sending multiple current key of another near-field communication equipment described to another near-field communication equipment described, and the first authentication result described in initialization is the counting of the read-around ratio of authentification failure.
Optionally, in the another kind of execution mode of the present embodiment, described certificate authority can also comprise: the second receiver module, for receiving the key call request that described near-field communication equipment sends, described key call request is that described near-field communication equipment sends after the first authentication request receiving the transmission of another near-field communication equipment, and described first authentication request comprises the device identification of the first key to be certified and another near-field communication equipment described;
Sending module 53, also for sending described master key to described near-field communication equipment, carries out certification according to described master key and described first authentication request to another near-field communication equipment described to make described near-field communication equipment.
Under the present embodiment, described second receiver module, also for receiving the key updating request of carrying the device identification of another near-field communication equipment described that described near-field communication equipment sends, described key updating request is that described near-field communication equipment sends after being greater than default threshold value to the read-around ratio of another near-field communication equipment authentification failure described;
Acquisition module 51, also for according to described key updating request, obtains the current scatter factor of another near-field communication equipment described;
Processing module 52, also for utilizing the local master key of storage and the current scatter factor of another near-field communication equipment described, obtains multiple current key of another near-field communication equipment described;
Sending module 53, also for sending multiple current key of another near-field communication equipment described to another near-field communication equipment described.
Optionally, in above-mentioned arbitrary execution mode, sending module 53, also for sending key instruction to described near-field communication equipment; Described certificate authority also comprises: the 3rd receiver module, for receiving the key response that described near-field communication equipment returns according to described key instruction; Sending module 53, if also for receiving the key response that described near-field communication equipment returns according to described key instruction in the Preset Time after the instruction of described transmission key, then sends described multiple current key to described near-field communication equipment.
Optionally, acquisition module 51, specifically for periodically obtaining the current scatter factor of described near-field communication equipment; Or, according to the key request of described near-field communication equipment, obtain the current scatter factor of described near-field communication equipment.
The certificate authority that the present embodiment provides, by the master key being used for obtaining near-field communication equipment current key is stored in described certificate authority, and described certificate authority obtains the current key of near-field communication equipment according to described master key, and send described current key to described near-field communication equipment, the technical scheme of interactive authentication is carried out according to described multiple current key and other near-field communication equipments to make described near-field communication equipment, solve in prior art the master key be stored in near-field communication equipment to be easily cracked and the safety problem caused, the fail safe of effective raising near-field communication.
The structural representation of a kind of near-field communication equipment that Fig. 6 provides for the embodiment of the present invention seven, as shown in Figure 6, described near-field communication equipment comprises:
Receiver module 61, for multiple current key that acceptance certificate authorization center sends, the current scatter factor of described multiple current key master key that to be described certificate authority prestore according to this locality and described near-field communication equipment obtains, and the described current scatter factor comprises the device identification of described near-field communication equipment and current more new logo;
Sending module 62, for sending the second authentication request to another near-field communication equipment, described second authentication request comprises one of described multiple current key and the device identification of described near-field communication equipment, carries out certification to make another near-field communication equipment to described near-field communication equipment.
Optionally, receiver module 61, also for receiving the first authentication request comprising the device identification of the first key to be certified and another near-field communication equipment described that another near-field communication equipment described sends, described first authentication request is that another near-field communication equipment described sends after to described near-field communication equipment authentication success;
Accordingly, described near-field communication equipment, also comprises:
Authentication module, for carrying out certification according to described first authentication request to another near-field communication equipment described;
Processing module, if for the authentication success to another near-field communication equipment described, then connects with another near-field communication equipment described.
Under above-mentioned arbitrary execution mode, receiver module 61, also for receiving the key instruction that described certificate authority sends; Sending module 62, also for according to described key instruction, to described certificate authority " return " key" response.
Under above-mentioned arbitrary execution mode, sending module 62, also for sending key request to certificate authority, obtains the current scatter factor of described near-field communication equipment to make described certificate authority according to described key request.
The near-field communication equipment that the present embodiment provides, before connecting at described near-field communication equipment and another near-field communication equipment, the authentication request comprising arbitrary current key received from certificate authority is in advance sent to another near-field communication equipment, and after the authentication request that another near-field communication equipment returns described in receiving, another near-field communication equipment described is carried out to the technical scheme of certification, realize first carrying out interactive authentication before near-field communication equipment connects, thus effectively improve the fail safe of near-field communication.
The embodiment of the present invention eight provides another kind of near-field communication equipment, the near-field communication equipment according to embodiment seven,
Receiver module 61, also for receiving the first authentication request comprising the device identification of the first key to be certified and another near-field communication equipment described that another near-field communication equipment sends;
Described near-field communication equipment also comprises: authentication module, for carrying out certification according to described first authentication request to another near-field communication equipment described;
Sending module 62, if specifically for the authentication success to another near-field communication equipment described, then sends described second authentication request to another near-field communication equipment described.
Near-field communication equipment according to embodiment seven or embodiment eight, described authentication module specifically can comprise:
First transmitting element, for sending described first authentication request to certificate authority, carries out certification according to described first authentication request to another near-field communication equipment described to make described certificate authority;
First receiving element, for receiving the first authentication result returned after described certificate authority carries out certification according to described first authentication request to another near-field communication equipment described;
Or described authentication module specifically can comprise:
Second transmitting element, for sending key call request to described certificate authority;
Second receiving element, for receiving the described master key that described certificate authority returns;
Authentication ' unit, carries out certification for the described master key that returns according to described certificate authority and described first authentication request to another near-field communication equipment described.
In rear a kind of execution mode, described second transmitting element, if the read-around ratio being also authentification failure for the first authentication result is greater than described threshold value, then send the key updating request of the device identification of carrying another near-field communication equipment described to described certificate authority, upgrade the current key of another near-field communication equipment described to make described certificate authority according to described key updating request.
The near-field communication equipment that the present embodiment provides, by the authentication request that described near-field communication equipment sends according to another near-field communication equipment, after another near-field communication equipment authentication success described, according to the current key that this locality receives from certificate authority, the authentication request comprising arbitrary described current key is sent to another near-field communication equipment described, to realize another near-field communication equipment described to carry out interactive authentication technical scheme to described near-field communication equipment, effectively improve the fail safe of near-field communication.
It should be noted that, the certificate authority that above-described embodiment provides and near-field communication equipment all can realize the step of the near-field communication authentication method that any embodiment of the present invention provides, and concrete methods of realizing does not repeat them here.
One of ordinary skill in the art will appreciate that: all or part of step realizing above-mentioned each embodiment of the method can have been come by the hardware that program command is relevant.Aforesaid program can be stored in a computer read/write memory medium.This program, when performing, performs the step comprising above-mentioned each embodiment of the method; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
Last it is noted that above each embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to foregoing embodiments to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein some or all of technical characteristic; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme.
Claims (14)
1. a near-field communication authentication method, is characterized in that, comprising:
Certificate authority obtains the current scatter factor of near-field communication equipment, and the described current scatter factor comprises the device identification of described near-field communication equipment and current more new logo;
The master key utilizing this locality to prestore and the described current scatter factor, obtain multiple current key of described near-field communication equipment;
Send described multiple current key to described near-field communication equipment, carry out interactive authentication to make described near-field communication equipment according to described multiple current key and other near-field communication equipments.
2. method according to claim 1, is characterized in that, described after the described multiple current key of described near-field communication equipment transmission, also comprises:
Receive the first authentication request that described near-field communication equipment sends, described first authentication request is that another near-field communication equipment sends to described near-field communication equipment, and described first authentication request comprises the device identification of the first key to be certified and another near-field communication equipment described;
Being whether one of multiple current key of another near-field communication equipment described by detecting described first key to be certified, certification being carried out to another near-field communication equipment described, obtains the first authentication result;
Described first authentication result is returned to described near-field communication equipment.
3. method according to claim 1 and 2, is characterized in that, described after the described multiple current key of described near-field communication equipment transmission, also comprises:
Receive the key call request that described near-field communication equipment sends, described key call request is that described near-field communication equipment sends after the first authentication request receiving the transmission of another near-field communication equipment, and described first authentication request comprises the device identification of the first key to be certified and another near-field communication equipment described;
Send described master key to described near-field communication equipment, according to described master key and described first authentication request, certification is carried out to another near-field communication equipment described to make described near-field communication equipment.
4. a near-field communication authentication method, is characterized in that, comprising:
Multiple current key that near-field communication equipment acceptance certificate authorization center sends, the current scatter factor of described multiple current key master key that to be described certificate authority prestore according to this locality and described near-field communication equipment obtains, and the described current scatter factor comprises the device identification of described near-field communication equipment and current more new logo;
Send the second authentication request to another near-field communication equipment, described second authentication request comprises one of described multiple current key and the device identification of described near-field communication equipment, carries out certification to make another near-field communication equipment to described near-field communication equipment.
5. method according to claim 4, is characterized in that, described to after another near-field communication equipment sends the second authentication request, also comprises:
Receive the first authentication request comprising the device identification of the first key to be certified and another near-field communication equipment described that another near-field communication equipment described sends, described first authentication request is that another near-field communication equipment described sends after to described near-field communication equipment authentication success;
According to described first authentication request, certification is carried out to another near-field communication equipment described;
If to the authentication success of another near-field communication equipment described, then connect with another near-field communication equipment described.
6. method according to claim 4, is characterized in that, described send the second authentication request to another near-field communication equipment before, also comprise:
Receive the first authentication request comprising the device identification of the first key to be certified and another near-field communication equipment described that another near-field communication equipment sends;
According to described first authentication request, certification is carried out to another near-field communication equipment described;
Describedly send the second authentication request to another near-field communication equipment, specifically comprise:
If to the authentication success of another near-field communication equipment described, then send described second authentication request to another near-field communication equipment described.
7. the method according to claim 5 or 6, is characterized in that, describedly carries out certification according to described first authentication request to another near-field communication equipment described, specifically comprises:
Described first authentication request is sent to described certificate authority, and receiving the first authentication result that described certificate authority returns, described first authentication result returns after described certificate authority carries out certification according to described first authentication request to another near-field communication equipment described; Or,
Send key call request to described certificate authority, and the described master key returned according to described certificate authority and described first authentication request carry out certification to another near-field communication equipment described.
8. a certificate authority, is characterized in that, comprising:
Acquisition module, for obtaining the current scatter factor of near-field communication equipment, the described current scatter factor comprises the device identification of described near-field communication equipment and current more new logo;
Processing module, also for the master key that utilizes this locality to prestore and the described current scatter factor, obtains multiple current key of described near-field communication equipment;
Sending module, for sending described multiple current key to described near-field communication equipment, carries out interactive authentication to make described near-field communication equipment according to described multiple current key and other near-field communication equipments.
9. certificate authority according to claim 8, is characterized in that, described certificate authority also comprises:
First receiver module, for receiving the first authentication request that described near-field communication equipment sends, described first authentication request is that another near-field communication equipment sends to described near-field communication equipment, and described first authentication request comprises the device identification of the first key to be certified and another near-field communication equipment described;
Whether authentication module, for being one of multiple current key of another near-field communication equipment described by detecting described first key to be certified, carrying out certification to another near-field communication equipment described, obtaining the first authentication result;
Described sending module, also for returning described first authentication result to described near-field communication equipment.
10. certificate authority according to claim 8 or claim 9, it is characterized in that, described certificate authority also comprises:
Second receiver module, for receiving the key call request that described near-field communication equipment sends, described key call request is that described near-field communication equipment sends after the first authentication request receiving the transmission of another near-field communication equipment, and described first authentication request comprises the device identification of the first key to be certified and another near-field communication equipment described;
Described sending module, also for sending described master key to described near-field communication equipment, carries out certification according to described master key and described first authentication request to another near-field communication equipment described to make described near-field communication equipment.
11. 1 kinds of near-field communication equipments, is characterized in that, comprising:
Receiver module, for multiple current key that acceptance certificate authorization center sends, the current scatter factor of described multiple current key master key that to be described certificate authority prestore according to this locality and described near-field communication equipment obtains, and the described current scatter factor comprises the device identification of described near-field communication equipment and current more new logo;
Sending module, for sending the second authentication request to another near-field communication equipment, described second authentication request comprises one of described multiple current key and the device identification of described near-field communication equipment, carries out certification to make another near-field communication equipment to described near-field communication equipment.
12. near-field communication equipments according to claim 11, it is characterized in that, described receiver module, also for receiving the first authentication request comprising the device identification of the first key to be certified and another near-field communication equipment described that another near-field communication equipment described sends, described first authentication request is that another near-field communication equipment described sends after to described near-field communication equipment authentication success;
Described near-field communication equipment, also comprises:
Authentication module, for carrying out certification according to described first authentication request to another near-field communication equipment described;
Processing module, if for the authentication success to another near-field communication equipment described, then connects with another near-field communication equipment described.
13. near-field communication equipments according to claim 11, is characterized in that,
Described receiver module, also for receiving the first authentication request comprising the device identification of the first key to be certified and another near-field communication equipment described that another near-field communication equipment sends;
Described near-field communication equipment also comprises:
Authentication module, for carrying out certification according to described first authentication request to another near-field communication equipment described;
Described sending module, if specifically for the authentication success to another near-field communication equipment described, then sends described second authentication request to another near-field communication equipment described.
14. near-field communication equipments according to claim 12 or 13, it is characterized in that, described authentication module specifically comprises:
First transmitting element, for sending described first authentication request to described certificate authority;
First receiving element, for receiving the first authentication result that described certificate authority returns, described first authentication result returns after described certificate authority carries out certification according to described first authentication request to another near-field communication equipment described;
Or described authentication module specifically comprises:
Second transmitting element, for sending key call request to described certificate authority;
Second receiving element, for receiving the described master key that described certificate authority returns;
Authentication ' unit, carries out certification for the described master key that returns according to described certificate authority and described first authentication request to another near-field communication equipment described.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310155677.8A CN103248487B (en) | 2013-04-28 | 2013-04-28 | Near-field communication authentication method, certificate authority and near-field communication equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310155677.8A CN103248487B (en) | 2013-04-28 | 2013-04-28 | Near-field communication authentication method, certificate authority and near-field communication equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103248487A CN103248487A (en) | 2013-08-14 |
| CN103248487B true CN103248487B (en) | 2015-11-25 |
Family
ID=48927723
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310155677.8A Active CN103248487B (en) | 2013-04-28 | 2013-04-28 | Near-field communication authentication method, certificate authority and near-field communication equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103248487B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106156592B (en) * | 2015-04-28 | 2019-03-01 | 北京智谷睿拓技术服务有限公司 | Exchange method and communication equipment |
| DE102015220489B4 (en) * | 2015-10-21 | 2024-05-29 | Ford Global Technologies, Llc | Procedure for authorising a software update in a motor vehicle |
| CN110113153B (en) * | 2019-04-23 | 2022-05-13 | 深圳数字电视国家工程实验室股份有限公司 | NFC secret key updating method, terminal and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101739756A (en) * | 2008-11-10 | 2010-06-16 | 中兴通讯股份有限公司 | Method for generating secrete key of smart card |
| CN101911581A (en) * | 2007-11-30 | 2010-12-08 | 三星电子株式会社 | Method and system for secure communication in near field communication network |
| EP2490395A1 (en) * | 2011-02-14 | 2012-08-22 | Nxp B.V. | Method and system for access control for near field communication |
-
2013
- 2013-04-28 CN CN201310155677.8A patent/CN103248487B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101911581A (en) * | 2007-11-30 | 2010-12-08 | 三星电子株式会社 | Method and system for secure communication in near field communication network |
| CN101739756A (en) * | 2008-11-10 | 2010-06-16 | 中兴通讯股份有限公司 | Method for generating secrete key of smart card |
| EP2490395A1 (en) * | 2011-02-14 | 2012-08-22 | Nxp B.V. | Method and system for access control for near field communication |
Non-Patent Citations (1)
| Title |
|---|
| 基于智能卡的移动支付终端设计与实现;苗雷;《中国优秀硕士学位论文全文数据库(电子期刊)》;20081115;I136-407 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103248487A (en) | 2013-08-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20170180330A1 (en) | Method and electronic device for vehicle remote control and a non-transitory computer readable storage medium | |
| CN104869175A (en) | Cross-platform account resource sharing implementation method, device and system | |
| CN105024986A (en) | Account login method, device and system | |
| CN103516511A (en) | Method and device for detecting encryption algorithm and secret key | |
| CN105471815A (en) | Internet-of-things data security method and Internet-of-things data security device based on security authentication | |
| CN104243461A (en) | Mobile terminal network security authentication method, whole SD card and mobile terminal | |
| CN104580176A (en) | Equipment sharing method and system | |
| US20160103716A1 (en) | Method for using shared device in apparatus capable of operating two operating systems | |
| CN103107888B (en) | The identity identifying method that the dynamic multi-attribute of facing moving terminal is multi-level | |
| CN104038490B (en) | A kind of communication security method of calibration and its device | |
| CN104363589A (en) | Identity authentication method, device and terminal | |
| CN103929411A (en) | Information displaying method, terminal, safety server and system | |
| CN105323094A (en) | Safety management method based on equipment identification and system thereof | |
| CN103248487B (en) | Near-field communication authentication method, certificate authority and near-field communication equipment | |
| CN104349313A (en) | Service authorization method, equipment and system | |
| CN104219626A (en) | Identity authentication method and device | |
| CN102594893A (en) | Remote compelled method and system for mobile terminal equipment and computer | |
| CN104980420A (en) | Business processing method, device, terminal and server | |
| CN105163312A (en) | Wireless network access method and wireless network access device | |
| CN104125205B (en) | A kind of communication account number login method, system and terminal | |
| CN103714017A (en) | Authentication method, authentication device and authentication equipment | |
| CN109712275B (en) | Unlocking control device, system and method | |
| CN104640112A (en) | Authentication method, device and system | |
| US20180234412A1 (en) | Online authentication method based on smart card, smart card and authentication server | |
| CN204291001U (en) | There is the near field communication tag of encipherment protection and applicable near-field communication control system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |