CN102542645A - Entrance guard authentication method and system - Google Patents
Entrance guard authentication method and system Download PDFInfo
- Publication number
- CN102542645A CN102542645A CN2012100102951A CN201210010295A CN102542645A CN 102542645 A CN102542645 A CN 102542645A CN 2012100102951 A CN2012100102951 A CN 2012100102951A CN 201210010295 A CN201210010295 A CN 201210010295A CN 102542645 A CN102542645 A CN 102542645A
- Authority
- CN
- China
- Prior art keywords
- key
- card
- gate inhibition
- card reader
- sub
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
- Lock And Its Accessories (AREA)
Abstract
The embodiment of the invention discloses an entrance guard authentication method, which comprises the following steps that: a card reader judges whether private keys of the card reader and sub-keys specified by the card reader in an entrance guard card are successfully authenticated, wherein at least two sub-keys with a shared master key are stored in the entrance guard card; the card reader acquires data information which is required to be returned by the entrance guard card if the authentication is successful; and the card reader transmits the acquired data information to an entrance guard control terminal and receives authentication passing information returned after the entrance guard control terminal verifies the correctness of the data information. The embodiment of the invention also discloses an entrance guard authentication system. By the method and the system, the entrance guard card and a plurality of card readers are mutually authenticated; and therefore, nuclear power personnel using the entrance guard card can pass various nuclear power plants under the same nuclear power enterprise by using the same card.
Description
Technical field
The present invention relates to gate inhibition's technical field, relate in particular to the gate inhibition's authentication method and the Verification System in a kind of nuclear power gate inhibition field.
Background technology
The nuclear power energy is the mainstay of global energy development.Along with the development of the nuclear power energy, its security also becomes the problem that emphasis will be considered in the evolution.
At present; The method that the nuclear power gate control system adopts is: for each nuclear power plant area of the same subordinate of enterprise sets up oneself independently gate control system; Nuclear power personnel's gate inhibition Ka Nei has only the authorization key of a nuclear power plant area; Suppose a nuclear power user need be under it new nuclear power plant area beyond nuclear power plant area when current; Need earlier to remove the authorization key of the original nuclear power plant area of its gate inhibition's card stored, the authorization key with new nuclear power plant area writes gate inhibition's card again, and it is current that the nuclear power personnel can be implemented in the gate inhibition of current new nuclear power plant area.And, after the nuclear power personnel leave this new nuclear power plant area, also need remove the authorization key of its gate inhibition Ka Nei.
Along with the continuous expansion of nuclear power plant area scale, the nuclear power personnel often need pass through between each nuclear power plant area of the same subordinate of enterprise, correspondingly need have the authority that the gate inhibition of a plurality of nuclear power plant area passes through.Yet present nuclear power gate control system is the actual demand that can't satisfy the nuclear power personnel.
Summary of the invention
Embodiment of the invention technical matters to be solved is, a kind of authentication mode and Verification System of gate inhibition's card is provided, and can realize that the nuclear power personnel are capable at the all-purpose card of each nuclear power plant area of the same nuclear power subordinate of enterprise.
In order to solve the problems of the technologies described above, the embodiment of the invention provides a kind of gate inhibition's authentication method, comprising:
Whether the sub-key that card reader is judged its private cipher key and the said card reader appointment of gate inhibition Ka Nei authentication success; Wherein, said gate inhibition's card internal memory contains at least two sub-keys that have common female key;
If authentication success, then said card reader is obtained its data message of asking said gate inhibition's card to return;
Said card reader sends to gate inhibition's control terminal with the said data message that obtains, and receives the checking message of successful that said gate inhibition's control terminal verifies that said data message returns after correct.
Correspondingly, the embodiment of the invention also provides a kind of gate inhibition's Verification System, comprising:
Card reader is used to judge the sub-key authentication success whether of private cipher key and the said card reader appointment of said gate inhibition Ka Nei of its storage; And when authentication success, obtain the data message that it asks said gate inhibition's card to return; Wherein, said gate inhibition's card internal memory contains at least two sub-keys that have common female key;
Gate inhibition's card is used to return the data message that said card reader request returns and gives said card reader;
Gate inhibition's control terminal is used to receive the said data message that obtains that said card reader is sent, and after the said data message of checking is correct, returns the checking message of successful and give said card reader.
Embodiment of the present invention embodiment has following beneficial effect:
Whether the sub-key of judging its private cipher key and the said card reader appointment of gate inhibition Ka Nei through card reader authentication success; Said gate inhibition's card internal memory contains at least two sub-keys that have common female key; When authentication success, obtain its data message of asking said gate inhibition's card to return and also this data message is sent to gate inhibition's control terminal; And receive the design that said gate inhibition's control terminal is verified the checking message of successful that said data message returns after correct; Because containing at least two, said gate inhibition's card internal memory has the sub-key of common female key because gate inhibition's card stores a plurality of sub-keys that have common female key; Therefore, this gate inhibition's card can carry out authentication with the card reader of a plurality of key management system management, thereby has realized the mutual authentication of gate inhibition's card and a plurality of card reader.During respectively with a plurality of card reader authentication success, then these a plurality of card reader all can be obtained the data message of this gate inhibition's card, and give gate inhibition's control terminal with this data information transfer at gate inhibition's card.Gate inhibition's control terminal, then opens the door when legal at this data message that obtains of checking, and is like this then realized that the nuclear power personnel of use gate inhibition card are capable at the all-purpose card of each nuclear power plant area of the same nuclear power subordinate of enterprise.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of first embodiment of a kind of gate inhibition's authentication method provided by the invention;
Fig. 2 is the schematic flow sheet of the embodiment of step S12 among the present invention embodiment shown in Figure 1;
Fig. 3 is the schematic flow sheet of embodiment of the private cipher key generation method of a kind of card reader provided by the invention;
Fig. 4 is the schematic flow sheet of embodiment of generation method of the sub-key of a kind of gate inhibition's card provided by the invention;
Fig. 5 is the structural representation of the embodiment of a kind of gate inhibition's Verification System provided by the invention;
Fig. 6 is the structural representation of the embodiment of the card reader among Fig. 5;
Fig. 7 is the structural representation of the embodiment of the gate inhibition's card among Fig. 5.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
Please refer to Fig. 1, is the schematic flow sheet of first embodiment of a kind of gate inhibition's authentication method provided by the invention, and said authentication method comprises:
Step S11, whether the sub-key that card reader is judged its private cipher key and the said card reader appointment of gate inhibition Ka Nei authentication success; Wherein, said gate inhibition's card internal memory contains at least two sub-keys that have common female key;
Wherein, at least two sub-keys that have common female key of the private cipher key of card reader and gate inhibition's card storage all are to be write in advance by the key management system under it.
Particularly, a card reader is provided and managed to the key management system of each nuclear power plant area (claiming tier-2 department again) of the same nuclear power subordinate of enterprise respectively.The private cipher key of the card reader storage of each nuclear power plant area has a common female key.Usually, each key management system is identification number of private cipher key definition of the card reader of its management, with the authentication of convenience with the sub-key of gate inhibition's card.
Wherein, the initialization of gate inhibition's card then can be carried out by the unified key management system of the department's (claiming the one-level part again) that manages each nuclear power plant area.Behind gate inhibition's card initialization; The key management system of each nuclear power plant area all can write sub-key to this gate inhibition Ka Nei; The identification number of each its sub-key that writes of key management system definition; The identification number coupling (identical or corresponding) of the private cipher key in this identification number and its card reader of managing is used to distinguish the sub-key that each nuclear power on-site meets authorising conditional (condition of promptly opening the door).Wherein, each key management system all can be to the reason that this gate inhibition Ka Nei writes sub-key: the initialization of gate inhibition's card is to be carried out by the unified key management system of each key management system of management.
In this step, because gate inhibition's card internal memory contains at least two sub-keys that have common female key, therefore, before card reader and said gate inhibition sticked into capable key authentication, card reader also need be specified the sub-key of the gate inhibition's card that carries out authentication with it.Because the different sub key of gate inhibition's card storage makes a distinction with identification number, therefore, card reader can be specified the sub-key of the gate inhibition's card that carries out authentication with it through the mode of appointment with the identification number of the identification number coupling of the private cipher key of its storage.
In this step, if the sub-key authentication success that card reader is judged its private cipher key and its appointment of gate inhibition Ka Nei then flow process get into step S12, as if authentification failure, then withdraw from identifying procedure.
Step S12, said card reader is obtained its data message of asking said gate inhibition's card to return.
Step S13, said card reader sends to gate inhibition's control terminal with the said data message that obtains, and receives the checking message of successful that said gate inhibition's control terminal verifies that said data message returns after correct.
Card reader is given gate inhibition's control terminal with the data information transfer of the gate inhibition's card that obtains, and gate inhibition's control terminal then returns the checking message of successful to card reader, and opens the door when this data message that obtains of checking is legal.
In the present embodiment, because gate inhibition's card stores a plurality of sub-keys that have common female key, therefore, this gate inhibition's card can carry out authentication with the card reader of a plurality of key management system management, thereby has realized the mutual authentication of gate inhibition's card and a plurality of card reader.If gate inhibition's card is distinguished authentication successs with a plurality of card reader respectively, then these a plurality of card reader all can be obtained the data message of this gate inhibition's card, and give gate inhibition's control terminal with this data information transfer.Gate inhibition's control terminal, then opens the door when legal at this data message that obtains of checking, and is like this then realized that the nuclear power personnel of use gate inhibition card are capable at the all-purpose card of each nuclear power plant area of the same nuclear power subordinate of enterprise.
Please refer to Fig. 2, is the schematic flow sheet of the embodiment of step S12 among the present invention embodiment shown in Figure 1,
Said method comprises:
Step S23, said card reader is sent random information and is given said gate inhibition's card; Said random information comprises ciphertext part and plaintext part, and said ciphertext is partly encrypted with said transmission security key, is used to the data message of indicating the said gate inhibition's card of said card reader request to return; Said plaintext partly is used to the sub-key of specifying said gate inhibition Ka Nei and said card reader to carry out authentication;
Wherein, the private cipher key of card reader specifically comprises transmission security key and root key, and this transmission security key and root key all are to be write by the key management system under the card reader.Wherein, the data message that returns of the said gate inhibition's card of said card reader request specifically can be the sequence number that is used to identify said gate inhibition's card.
Step S24, said card reader receives said gate inhibition and is stuck in the data message that returns after the said random information of deciphering;
Wherein, the gate inhibition is stuck in return data information and gives before the card reader, also needs to carry out:
The random information that the said card reader of said gate inhibition's card receiver is sent; And obtain the plaintext part in the random information; And according to the expressly indication of part; Judge that in a plurality of sub-keys of its stored, which sub-key is the sub-key that carries out authentication with it of card reader appointment, and obtain the sub-key of this appointment.Wherein, the sub-key of gate inhibition's card stored comprises sub-transmission security key and sub-root key.
Can the sub-transmission security key that said gate inhibition's card is used the card reader appointment goes to decipher the ciphertext part in the said random information, and judge and decipher said ciphertext part; If can decipher said ciphertext part, then, return the data message that the card reader request is returned according to the indication of the part of the ciphertext after decryption processing.Wherein, when returning this data message, need to use the sub-root key of said card reader appointment to encrypt.Wherein, this data message can be the sequence number that is used for unique identification gate inhibition card.
Step S25, said card reader judges that can said root key decipher the data message that said gate inhibition's card returns;
In this step, can decipher said data message if judge said root key, then flow process gets into step S26, if can not decipher, then withdraws from identifying procedure.
Step S26, if can decipher said data message, then said card reader is confirmed authentication success.
Further, before execution in step S23, also comprise:
Step S21, said card reader judges whether to sense said gate inhibition's card;
In this step, card reader is outwards sent electromagnetic wave with certain frequency period property ground, when gate inhibition's card gets into the electromagnetic scope of card reader transmission; Then said gate inhibition's card is sensed in the card reader judgement; And get into step S22, whether if fail to sense gate inhibition's card, then continuing induction has gate inhibition's card.
Step S22, said card reader is obtained random information from its inside, and uses said transmission security key to encrypt the ciphertext part in the said random information.
In the present embodiment, card reader is obtained random information when sensing gate inhibition's card, and uses transmission security key to encrypt the ciphertext part in the random information, and receives the data message that gate inhibition's card returns, thereby has realized the appointment and the authentication of the sub-key of gate inhibition's card.
Please refer to Fig. 3, is the schematic flow sheet of embodiment of the private cipher key generation method of a kind of card reader provided by the invention, and said method comprises:
Step S31, the one-level encryption equipment generates at least two different root keys, and with the root key corresponding stored that generates at least two different secondary encryption equipments;
In concrete the realization, the one-level encryption equipment generates at least two different root keys, comprising:
The one-level encryption equipment receives the key seed of at least two user's inputs;
Wherein, the key seed of at least two user's inputs can be identical, also can be different.The one-level encryption equipment need receive the reason that at least two users import key seed: the security of the female key that guarantees to generate.All users that the one-level encryption equipment has only acquisition to hold key seed import after the key seed, could produce identical female key.
The one-level encryption equipment according to female key schedule, generates female key according to the said key seed that receives;
Wherein, described female key schedule comprises the enciphering and deciphering algorithm that gate control system is required.The enciphering and deciphering algorithm of the key seed that receives according to gate control system calculated, can generate female key of specified type T, version V and index I.
The one-level encryption equipment receives at least two different service dispersion factors of user's input, according to female key decentralized algorithm, said female key is dispersed at least two different root keys.
Wherein, described female key decentralized algorithm comprises the key decentralized algorithm in gate inhibition field.Professional dispersion factor in this step is called the key dispersion factor again.The one-level encryption equipment has common female key according at least two different root keys that the key decentralized algorithm generates.And, then become the root key of each nuclear power plant area by each root key that female key branch sheds.Usually, female key that the one-level encryption equipment generates is by the primary department management of nuclear power enterprise, and the distribution of each root key that one-level encryption equipment branch sheds is also managed by the primary department of nuclear power enterprise with monitoring.
Wherein, the one-level encryption equipment with the purpose that said at least two different root keys deposit in the secondary encryption equipment is: guarantee the security of the sub-key of generation.
In concrete the realization, the one-level encryption equipment can be derived the root key of specified type T, version V and index I under the protection of specifying the protection key, and it is deposited in the secondary encryption equipment, for example, deposits among the different USB-Key.Each nuclear power plant area (tier-2 department) has the USB-Key of unique this root key of storage, and so, primary department has then been accomplished the distribution of root key.There is unique key management system of managing its root key independently in each nuclear power plant area, and the key management system of each nuclear power plant area can not produce and influences each other.Can understand like this, the quantity of the key management system of secondary part and the quantity of secondary encryption equipment are one to one, and a nuclear power plant area correspondence has a key management system and a secondary encryption equipment that obtains from primary department.
Step S32, said at least two different secondary encryption equipments according to the root key of its storage and the base condition code of its corresponding key management system input, according to the private cipher key generating algorithm of storing separately, generate corresponding private cipher key respectively.
Because each root key that the one-level encryption equipment will be dispersed into is stored to the secondary encryption equipment, and this secondary encryption equipment is disperseed each nuclear power plant area to the same nuclear power subordinate of enterprise.And; There are independently a key management system and a secondary encryption equipment that obtains from primary department in each nuclear power plant area; Therefore; The base condition code that the secondary encryption equipment that each nuclear power plant area is had then can be imported according to root key and its corresponding key management system of its storage respectively, according to the private cipher key generating algorithm of its storage, the private cipher key of the card reader that corresponding generation is corresponding.Wherein, the base condition code of key management system input is used for the unique nuclear power plant area under the same nuclear power of the unique identification enterprise.Because the root key of the secondary encryption equipment that different IPs power plant district is had storage is different; And the base condition code of the key management system that the secondary encryption equipment receives input is different; The private cipher key generating algorithm of its storage also might be different, and the so last private cipher key that generates is different certainly.It is understandable that because the root key of each nuclear power plant area has a common female key, the private cipher key that the secondary encryption equipment of so last each nuclear power plant area generates also has common female key.
After the secondary encryption equipment generated private cipher key, the key management system that this secondary encryption equipment is corresponding was also derived the private cipher key of generation, and it is write in the card reader.
Particularly, the process that writes in the card reader of key management system private cipher key that the secondary encryption equipment is generated comprises:
(1) obtains transmission security key and root key from the secondary encryption equipment, be stored in respectively in two different cards, these two cards are called transmission security key card and root key card respectively at this.
Particularly, the generative process of transmission security key card is:
Key management system is through calling the key derivation service interface of secondary encryption equipment (like USB-Key); And after USB-Key send to specify the message of type T, version V and index I of transmission security key of card reader, can receive the transmission security key that USB-Key returns.Key management system can write this transmission security key that gets access in the card, thereby form the transmission security key card after USB-Key gets access to transmission security key.
The generative process of root key card is:
Key management system is through calling the key derivation service interface of USB-Key, and after USB-Key sends the message of type T, version V and index I of the transmission security key of specifying card reader, can receive the transmission security key that USB-Key returns.Key management system can write this transmission security key that gets access in the card after USB-Key gets access to transmission security key.After the transmission security key that key management system sends is received in this clamping, under the protection of its initial master control key, the storage transmission key, and return transmission security key storage message of successful and give card sending system.
Key management system receives after the transmission security key storage message of successful that this card returns; Through calling the key derivation service interface of USB-Key; And after USB-Key send to specify the message of type T, version V and index I of root key of card reader, can receive the root key that USB-Key returns.Key management system can write this card with this root key that gets access to, thereby form the root key card after USB-Key gets access to root key.
(2) the card reader private cipher key writes
Write the transmission security key of card reader, particularly, the transmission security key of storing in the transmission security key card is write among the SAM of card reader.
Write the root key of card reader, particularly, under the protection of this transmission security key that writes, the root key of storing in the root key card is write among its SAM of card reader, thereby accomplished writing of card reader private cipher key.
Please refer to Fig. 4, is the schematic flow sheet of embodiment of the sub-key generation method of a kind of gate inhibition's card provided by the invention, and said method comprises:
Step S41, the one-level encryption equipment generates at least two different root keys, and with the root key corresponding stored that generates at least two different secondary encryption equipments;
Step S42, said at least two different secondary encryption equipments according to the base condition code of card sending system input and the root key of its storage, according to the private cipher key generating algorithm of storing separately, generate corresponding private cipher key respectively;
In the present embodiment, the operation of step S41-S42 is identical with the operation of step S31-S32 among the embodiment shown in Figure 3, repeats no more at this.
Step S43, said at least two different secondary encryption equipments according to the customer identification number of its corresponding key management system input, according to the sub-key decentralized algorithm of storing separately, are dispersed into the private cipher key of its storage the sub-key of correspondence respectively.
Wherein, the secondary encryption equipment receives the different customer identification number of its corresponding key management system input, and the sub-key of so corresponding generation also is different.After the secondary encryption equipment generated sub-key, key management system also write the sub-key that generates in the subscriber card.
Particularly; Key management system calls the key derivation service interface of secondary encryption equipment (like USB-Key); And after USB-Key send to specify the message of type T, version V and index I of master control key of gate inhibition's card, can receive the master control key that USB-Key returns.Key management system can write this master control key that gets access in gate inhibition's card after USB-Key gets access to master control key.
Further, key management system writes the message of successful family receiving the master control key that gate inhibition's card returns, and under the protection of the master control key of said write, writes the sub-key of gate inhibition's card, specifically comprises:
Key management system is through calling the key derivation service interface of USB-Key, and after USB-Key sends the message of type T, version V and index I of the transmission security key of specifying gate inhibition's card, can receive the transmission security key that USB-Key returns.Key management system can write gate inhibition's card with this transmission security key that gets access to after USB-Key gets access to transmission security key.
Key management system receives transmission security key and writes after the message of successful, also obtains root key from USB-Key.Particularly; Card sending system is through calling the key distribution services interface of USB-Key; And after USB-Key send to specify the type T, version V, index I of the transmission security key of gate inhibition's card (specifying the sequence number of gate inhibition's card), can receive the root key that USB-Key returns.Key management system can write gate inhibition's card with this root key that gets access to after USB-Key gets access to root key.
Need to prove that arbitrary key management system of each nuclear power plant area all can be according to above-mentioned described method, the sub-key that its secondary encryption equipment that has is generated writes gate inhibition's card.
Above-mentioned authentication method to a kind of gate inhibition's card provided by the invention has carried out description detailed, below, in conjunction with Fig. 5-7, the system that adopts above-mentioned authentication method to carry out the authentication of gate inhibition's card is described in detail.
As shown in Figure 5, be the structural representation of first embodiment of a kind of gate inhibition's Verification System disclosed by the invention, said Verification System comprises: card reader 51, gate inhibition's card 52 and gate inhibition's control terminal 53;
Wherein, said card reader 51, whether the sub-key that is used to judge its private cipher key and the said card reader appointment of said gate inhibition Ka Nei authentication success; And when authentication success, obtain the data message that it asks said gate inhibition's card to return; Wherein, said gate inhibition's card internal memory contains at least two sub-keys that have common female key;
Wherein, at least two sub-keys that have common female key of the private cipher key of card reader and gate inhibition's card storage all are to be write in advance by the key management system under it.
Particularly, a card reader is provided and managed to the key management system of each nuclear power plant area (claiming tier-2 department again) of the same nuclear power subordinate of enterprise respectively.The private cipher key of the card reader storage of each nuclear power plant area has a common female key.Usually, each key management system is identification number of private cipher key definition of the card reader of its management, with the authentication of convenience with the sub-key of gate inhibition's card.
Wherein, the initialization of gate inhibition's card then can be carried out by the unified key management system of the department's (claiming the one-level part again) that manages each nuclear power plant area.Behind gate inhibition's card initialization; The key management system of each nuclear power plant area all can write sub-key to this gate inhibition Ka Nei; The identification number of each its sub-key that writes of key management system definition; The identification number coupling (identical or corresponding) of the private cipher key in this identification number and its card reader of managing is used to distinguish the sub-key that each nuclear power on-site meets authorising conditional (condition of promptly opening the door).Wherein, each key management system all can be to the reason that this gate inhibition Ka Nei writes sub-key: the initialization of gate inhibition's card is to be carried out by the unified key management system of each key management system of management.
Wherein, because gate inhibition's card internal memory contains at least two sub-keys that have common female key, therefore, before card reader and said gate inhibition sticked into capable key authentication, card reader also need be specified the sub-key of the gate inhibition's card that carries out authentication with it.Because the different sub key of gate inhibition's card storage makes a distinction with identification number, therefore, card reader can be specified the sub-key of the gate inhibition's card that carries out authentication with it through the mode of appointment with the identification number of the identification number coupling of the private cipher key of its storage.
Said gate inhibition's card 52 is used to return the data message that said card reader 51 requests return and gives said card reader 51;
Said gate inhibition's control terminal 53 is used to receive the said data message that obtains that said card reader 51 is sent, and after the said data message of checking is correct, returns the checking message of successful and give said card reader.
In the present embodiment, because gate inhibition's card stores a plurality of sub-keys that have common female key, therefore, this gate inhibition's card can carry out authentication respectively with the card reader of a plurality of key management system management, thereby has realized the mutual authentication of gate inhibition's card and a plurality of card reader.If gate inhibition's card respectively with a plurality of card reader authentication successs, then this a plurality of card reader all can be obtained the data message of this gate inhibition's card, and with this data information transfer to gate inhibition's control terminal.Gate inhibition's control terminal then opens the door when this data message that obtains of checking is legal.Like this then realized using the nuclear power personnel of this gate inhibition's card capable at the all-purpose card of each nuclear power plant area of the same nuclear power subordinate of enterprise.
Please refer to Fig. 6, is the structural representation of the embodiment of a kind of card reader provided by the invention, and said card reader comprises:
Wherein, the private cipher key of said card reader comprises transmission security key and root key.
Said first transceiver module 61 also is used to receive said gate inhibition and is stuck in the data message that returns after the said random information of deciphering;
Further, said card reader also comprises:
Card reader is outwards sent electromagnetic wave with certain frequency period property ground; When gate inhibition's card 51 gets into the electromagnetic scope of card reader transmission; Then induction module 64 can be sensed said gate inhibition's card, and whether if induction module 64 fails to sense gate inhibition's card, then continuing induction has gate inhibition's card.
Obtain encrypting module 65, be used in the judged result of said induction module 64 obtaining random information from its inside, and using said transmission security key to encrypt the ciphertext part in the said random information when being;
Said first transceiver module 61 is used for the said random information that obtains after encrypting module 65 is encrypted is sent to gate inhibition's card.
In the present embodiment; Obtain encrypting module when induction module is sensed gate inhibition's card, obtain random information, and use transceiver module to send random information to gate inhibition's card; And receive the data message that gate inhibition's card returns, thereby the appointment and the authentication of the sub-key of gate inhibition's card have been realized.
Please refer to Fig. 7, is the structural representation of a kind of gate inhibition's card provided by the invention, and said gate inhibition's card comprises:
Wherein, the sub-key of gate inhibition's card comprises: sub-transmission security key and sub-root key.
Said second transceiver module 71 also is used in the judged result of said second judge module 73 according to the indication of the part of the ciphertext after the deciphering, returning the data message that said card reader request is returned when being; Said data message uses the sub-root key of said appointment to encrypt.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method; Be to instruct relevant hardware to accomplish through computer program; Described program can be stored in the computer read/write memory medium; This program can comprise the flow process like the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
Above disclosedly be merely preferred embodiment of the present invention; Certainly can not limit the present invention's interest field with this; One of ordinary skill in the art will appreciate that all or part of flow process that realizes the foregoing description; And, still belong to the scope that invention is contained according to the equivalent variations that claim of the present invention is done.
Claims (11)
1. gate inhibition's authentication method is characterized in that, comprising:
Whether the sub-key that card reader is judged its private cipher key and the said card reader appointment of gate inhibition Ka Nei authentication success; Wherein, said gate inhibition's card internal memory contains at least two sub-keys that have common female key;
If authentication success, then said card reader is obtained its data message of asking said gate inhibition's card to return;
Said card reader sends to gate inhibition's control terminal with the said data message that obtains, and receives the checking message of successful that said gate inhibition's control terminal verifies that said data message returns after correct.
2. authentication method as claimed in claim 1 is characterized in that, the private cipher key of said card reader comprises: whether the sub-key that transmission security key and root key, said card reader are judged its private cipher key and the said card reader appointment of gate inhibition Ka Nei authentication success, comprising:
Said card reader is sent random information and is given said gate inhibition's card; Said random information comprises ciphertext part and plaintext part, and said ciphertext is partly encrypted with said transmission security key, is used to the data message of indicating the said gate inhibition's card of said card reader request to return; Said plaintext partly is used to the sub-key of specifying said gate inhibition Ka Nei and said card reader to carry out authentication;
Said card reader receives said gate inhibition and is stuck in the data message that returns after the said random information of deciphering;
Said card reader judges that can said root key decipher the data message that said gate inhibition's card returns;
If can decipher said data message, then said card reader is confirmed authentication success.
3. authentication method as claimed in claim 2 is characterized in that, sends random information to before said gate inhibition's card in said card reader, also comprises:
Said card reader judges whether to sense said gate inhibition's card;
If judge and sense said gate inhibition's card, then said card reader is obtained random information from its inside, and uses said transmission security key to encrypt the ciphertext part in the said random information.
4. authentication method as claimed in claim 2 is characterized in that, said sub-key comprises: sub-root key and sub-transmission security key, receive before said gate inhibition is stuck in the data message that deciphering returns after the said random information in said card reader, and also comprise:
The random information that the said card reader of said gate inhibition's card receiver is sent;
Said gate inhibition's card obtains the sub-transmission security key and the sub-transmission security key of said card reader appointment according to the expressly indication of part in the said random information;
Said gate inhibition's card judges that can the sub-transmission security key of said appointment decipher the ciphertext part of said random information;
If can decipher said ciphertext part, then said gate inhibition's card returns the data message that said card reader request is returned according to the indication of the ciphertext part after deciphering; Said data message uses the sub-root key of said appointment to encrypt.
5. like each described authentication method of claim 1-4, the generation method of the private cipher key of institute's card reader storage comprises:
The one-level encryption equipment generates at least two different root keys, and with the root key corresponding stored that generates at least two different secondary encryption equipments;
Said at least two different secondary encryption equipments according to the root key of its storage and the base condition code of its corresponding key management system input, according to the private cipher key generating algorithm of storing separately, generate the private cipher key of corresponding card reader respectively.
6. authentication method as claimed in claim 5 is characterized in that, said one-level encryption equipment generates at least two different root keys, comprising:
The one-level encryption equipment receives the key seed of at least two user's inputs;
The one-level encryption equipment according to female key schedule, generates female key according to the said key seed that receives;
The one-level encryption equipment receives at least two different service dispersion factors of user's input, according to female key decentralized algorithm, said female key is dispersed at least two different root keys.
7. authentication method as claimed in claim 5 is characterized in that, the generation method of the sub-key of said gate inhibition's card stored comprises:
Said at least two different secondary encryption equipments according to the customer identification number of its corresponding key management system input, according to the sub-key decentralized algorithm of storing separately, are dispersed into the private cipher key of its storage the sub-key of correspondence respectively.
8. gate inhibition's Verification System is characterized in that, comprising:
Card reader, whether the sub-key that is used to judge its private cipher key and the said card reader appointment of said gate inhibition Ka Nei authentication success; And when authentication success, obtain the data message that it asks said gate inhibition's card to return; Wherein, said gate inhibition's card internal memory contains at least two sub-keys that have common female key;
Gate inhibition's card is used to return the data message that said card reader request returns and gives said card reader;
Gate inhibition's control terminal is used to receive the said data message that obtains that said card reader is sent, and after the said data message of checking is correct, returns the checking message of successful and give said card reader.
9. Verification System as claimed in claim 8 is characterized in that, the private cipher key of said card reader comprises: transmission security key and root key, and said card reader comprises:
First transceiver module is used to send random information and gives said gate inhibition's card; Said random information comprises ciphertext part and plaintext part, and said ciphertext is partly encrypted with said transmission security key, is used to the data message of indicating said card reader request gate inhibition card to return; Said plaintext partly is used to the sub-key of specifying said gate inhibition Ka Nei and said card reader to carry out authentication;
Said first transceiver module also is used to receive said gate inhibition and is stuck in the data message that returns after the said random information of deciphering;
First judge module is used to judge that can said root key decipher the data message that said first transceiver module receives;
Confirm module, be used in the judged result of said first judge module confirming said card reader authentication success when being.
10. Verification System as claimed in claim 9 is characterized in that, said card reader also comprises:
Induction module is used for induction and whether has said gate inhibition's card;
Obtain encrypting module, be used in the induction result of said induction module obtaining random information from its inside, and using said transmission security key to encrypt the ciphertext part in the said random information when being.
11. Verification System as claimed in claim 9 is characterized in that, said sub-key comprises: sub-root key and sub-transmission security key, and said gate inhibition's card comprises:
Second transceiver module is used to receive the random information that said card reader is sent;
Acquisition module, the random information that is used for receiving according to said second receiver module is the indication of part expressly, obtains the sub-transmission security key and the sub-root key of said card reader appointment;
Second judge module judges that can the sub-transmission security key of the said card reader appointment that said acquisition module gets access to decipher the ciphertext part of said random information;
Said second transceiver module also is used in the judged result of said second judge module according to the indication of the part of the ciphertext after the deciphering, returning the data message that said card reader request is returned when being; Said data message uses the sub-root key of said appointment to encrypt.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210010295.1A CN102542645B (en) | 2012-01-13 | 2012-01-13 | A kind of entrance guard authentication method and Verification System |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210010295.1A CN102542645B (en) | 2012-01-13 | 2012-01-13 | A kind of entrance guard authentication method and Verification System |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102542645A true CN102542645A (en) | 2012-07-04 |
| CN102542645B CN102542645B (en) | 2015-09-23 |
Family
ID=46349451
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210010295.1A Active CN102542645B (en) | 2012-01-13 | 2012-01-13 | A kind of entrance guard authentication method and Verification System |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102542645B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103971426A (en) * | 2013-01-31 | 2014-08-06 | 北京同方微电子有限公司 | PSAM safety control-based access control system and safe access control method using the same |
| CN106341817A (en) * | 2016-09-05 | 2017-01-18 | 努比亚技术有限公司 | Access control system, access control method, mobile terminals and access server |
| CN106952375A (en) * | 2017-03-30 | 2017-07-14 | 东信和平科技股份有限公司 | A kind of access control method and access controller |
| CN108230522A (en) * | 2018-03-16 | 2018-06-29 | 深圳市欣横纵技术股份有限公司 | A kind of high security access-control card reader and its encryption protection system and method |
| CN108961475A (en) * | 2017-05-19 | 2018-12-07 | 腾讯科技(深圳)有限公司 | A kind of gate inhibition's dispositions method and gate inhibition's deployment services device |
| CN115017927A (en) * | 2021-11-15 | 2022-09-06 | 荣耀终端有限公司 | Card simulation method, electronic device, and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1818923A (en) * | 2006-03-17 | 2006-08-16 | 清华大学 | Enciphering authentication for radio-frequency recognition system |
| US20080008322A1 (en) * | 2006-06-29 | 2008-01-10 | Incard S.A. | Method for Session Key Derivation in an IC Card |
| CN101246607A (en) * | 2007-02-13 | 2008-08-20 | 陈年 | Digital authentication control method for access control system and access control system using the same |
| CN101458834A (en) * | 2007-12-14 | 2009-06-17 | 英业达股份有限公司 | Door inhibition authentication method, mobile electronic device and door inhibition system applying the same |
| CN102201135A (en) * | 2011-05-26 | 2011-09-28 | 深圳中兴力维技术有限公司 | Access control management method applied to base station |
| CN102271040A (en) * | 2011-07-26 | 2011-12-07 | 北京华大信安科技有限公司 | Identity verifying system and method |
| CN102855517A (en) * | 2012-08-22 | 2013-01-02 | 中国银行股份有限公司 | Intelligent bank card with hospital general treatment function |
-
2012
- 2012-01-13 CN CN201210010295.1A patent/CN102542645B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1818923A (en) * | 2006-03-17 | 2006-08-16 | 清华大学 | Enciphering authentication for radio-frequency recognition system |
| US20080008322A1 (en) * | 2006-06-29 | 2008-01-10 | Incard S.A. | Method for Session Key Derivation in an IC Card |
| CN101246607A (en) * | 2007-02-13 | 2008-08-20 | 陈年 | Digital authentication control method for access control system and access control system using the same |
| CN101458834A (en) * | 2007-12-14 | 2009-06-17 | 英业达股份有限公司 | Door inhibition authentication method, mobile electronic device and door inhibition system applying the same |
| CN102201135A (en) * | 2011-05-26 | 2011-09-28 | 深圳中兴力维技术有限公司 | Access control management method applied to base station |
| CN102271040A (en) * | 2011-07-26 | 2011-12-07 | 北京华大信安科技有限公司 | Identity verifying system and method |
| CN102855517A (en) * | 2012-08-22 | 2013-01-02 | 中国银行股份有限公司 | Intelligent bank card with hospital general treatment function |
Non-Patent Citations (1)
| Title |
|---|
| 戴毅: "IC卡门禁系统中的无线通信加密技术", 《科技资讯》 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103971426A (en) * | 2013-01-31 | 2014-08-06 | 北京同方微电子有限公司 | PSAM safety control-based access control system and safe access control method using the same |
| CN106341817A (en) * | 2016-09-05 | 2017-01-18 | 努比亚技术有限公司 | Access control system, access control method, mobile terminals and access server |
| CN106952375A (en) * | 2017-03-30 | 2017-07-14 | 东信和平科技股份有限公司 | A kind of access control method and access controller |
| CN106952375B (en) * | 2017-03-30 | 2019-02-12 | 东信和平科技股份有限公司 | A kind of access control method and access controller |
| CN108961475A (en) * | 2017-05-19 | 2018-12-07 | 腾讯科技(深圳)有限公司 | A kind of gate inhibition's dispositions method and gate inhibition's deployment services device |
| CN108961475B (en) * | 2017-05-19 | 2022-01-07 | 腾讯科技(深圳)有限公司 | Access control deployment method and access control deployment server |
| CN108230522A (en) * | 2018-03-16 | 2018-06-29 | 深圳市欣横纵技术股份有限公司 | A kind of high security access-control card reader and its encryption protection system and method |
| CN108230522B (en) * | 2018-03-16 | 2023-05-12 | 深圳市欣横纵技术股份有限公司 | High security access control card reader and encryption protection system and method thereof |
| CN115017927A (en) * | 2021-11-15 | 2022-09-06 | 荣耀终端有限公司 | Card simulation method, electronic device, and storage medium |
| CN115017927B (en) * | 2021-11-15 | 2023-04-11 | 荣耀终端有限公司 | Card simulation method, electronic device, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102542645B (en) | 2015-09-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11877213B2 (en) | Methods and systems for asset obfuscation | |
| CN103714633B (en) | A kind of method of safe generating transmission key and POS terminal | |
| CN108564353A (en) | Payment system based on block chain and method | |
| US9948624B2 (en) | Key downloading method, management method, downloading management method, device and system | |
| CN101593389B (en) | Key management method and system for POS terminal | |
| CN102855577B (en) | Multiple commodity antifake check method based on cloud computing | |
| CN111147432B (en) | KYC data sharing system with confidentiality and method thereof | |
| CN102542645B (en) | A kind of entrance guard authentication method and Verification System | |
| CN107547203B (en) | Anti-counterfeiting tracing method and system | |
| CN103051641A (en) | Method and system for updating multiple-client key, and information security transmission method | |
| CN112149077B (en) | Supply chain billing method, system and computer equipment based on block chain technology | |
| CN105978856A (en) | POS (point of sale) machine key downloading method, device and system | |
| CA3184856A1 (en) | Method, participatant unit, transaction register, and payment system for managing transaction data sets | |
| CN110098925A (en) | Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system | |
| CN108881106B (en) | System and method for network electronic identity verification | |
| CN105681041A (en) | RFID ownership transfer method | |
| CN110086627A (en) | Based on unsymmetrical key pond to and timestamp quantum communications service station cryptographic key negotiation method and system | |
| CN108848089A (en) | A kind of data ciphering method and data transmission system | |
| CN110113152A (en) | Based on unsymmetrical key pond to and digital signature quantum communications service station cryptographic key negotiation method and system | |
| CN108809651A (en) | Key pair management method and terminal | |
| Limbasiya et al. | Attacks on authentication and authorization models in smart grid | |
| CN114329624B (en) | Bone marrow matching method and device based on block chain, electronic equipment and readable medium | |
| CN116668071A (en) | Data asset management method and system based on blockchain | |
| CN116645750A (en) | Virtual card number management method and system | |
| CN103685288B (en) | Data guard method and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: 518000 Guangdong province Futian District Shangbu Road West of the city of Shenzhen Shenzhen science and technology building 15 layer (1502-1504, 1506) Patentee after: CHINA NUCLEAR POWER TECHNOLOGY RESEARCH INSTITUTE Patentee after: China General Nuclear Power Corporation Address before: 518000 Guangdong city of Shenzhen province Futian District science and technology building, Shangbu Road 15 Patentee before: Zhongkehua Nuclear Power Technology Institute Co., Ltd. Patentee before: China Guangdong Nuclear Power Group Co., Ltd. |