CN102917357B - A kind of authentication method and device - Google Patents
A kind of authentication method and device Download PDFInfo
- Publication number
- CN102917357B CN102917357B CN201110223682.9A CN201110223682A CN102917357B CN 102917357 B CN102917357 B CN 102917357B CN 201110223682 A CN201110223682 A CN 201110223682A CN 102917357 B CN102917357 B CN 102917357B
- Authority
- CN
- China
- Prior art keywords
- frequency
- radio
- response message
- low
- read
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention relates to a kind of authentication method and device. Wherein, authentication method comprises: send query statement by the first low channel, receive the first response message by the second low channel; Send connection request by the first radio-frequency channel, receive the second response message by the second radio-frequency channel; Judge that according to described the first response message and the second response message whether identity is legal. Authentication method of the present invention and device utilize dual-frequency point (low frequency and radio frequency), two-way low frequency with radio-frequency channel, the entity both sides that communicate by letter are carried out to binding authentication, improve in mobile payment application and concluded the business and be prone to the potential risk of leakage of personal information when entity is carried out identification, thereby improved security and the reliability of the communication process such as mobile payment transaction.
Description
Technical field
The present invention relates to wireless communication field, relate in particular to a kind of authentication method and device.
Background technology
Along with the development of the universal and wireless communication technology of mobile terminal, utilize mobile terminal to carry out the demand of mobile payment application very urgent, and derived multiple implementation. At present, occur by Mobile terminal main board or at SIM(SubscriberIdentityModule, subscriber identification module) card, SD(SecureDigital, security) increase radio-frequency enabled module in the assembly such as card, Micro-SD card, make mobile terminal become a Portable intelligent terminal with multiple application functions such as noncontact consumption and tag recognition.
For ensureing the safety of mobile payment transaction and reliable, carrying out before the transmission of transaction data, first both parties need to confirm the other side's identity, after meeting the requirements, the identity of confirming separately the other side just can enter follow-up transaction and settlement process, otherwise will not carry out transaction, this process is called authentication. In the application scenarios of mobile payment, the entity both sides of the communication mobile terminal that normally user holds and the read-write equipment of answering in contrast. Authentication between mobile terminal and read-write equipment is contained from read-write equipment and is sent connection request to this process of mobile terminal access transaction, relate to authentication information exchange and identification between mobile terminal and read-write equipment, success identity is the prerequisite that both sides carry out transaction smoothly.
In traditional technical scheme, authentication information and transaction data are all to transmit by the radio-frequency channel of single frequency. The benefit of this scheme is that communication frequency is single, can simplified design also access rapidly and complete transaction, but also have larger potential safety hazard simultaneously. Because to be transmission range far away and run into shelter easily produces reflection for the characteristic of radiofrequency signal, third party can take certain technological means from this radiofrequency signal of aerial interception, for example by copying read-write equipment or artificial mode of adding certain shelter on signal transmission path, just likely crack the authentication information that mobile terminal sends, thereby obtain the personal account information that mobile terminal carries.
Therefore, those skilled in the art have proposed again a kind of improving one's methods of unidirectional low channel and two-way radio-frequency channel binding certified transmission data of utilizing, and starting point is that low frequency wireless communication can limit communication distance within the specific limits. This flow process of improving one's methods is as follows: first, read-write equipment sends the unidirectional low frequency alternating magnetic field signal that carries query statement and authentication information, and mobile terminal receives and detect this low frequency alternating magnetic field signal; Secondly, mobile terminal parses identification information and the dependent instruction information of read-write equipment from this low frequency alternating magnetic field signal, the random number that generates information such as comprising self identification information, radio communication parameter according to specific algorithm starts radio communication to return this random number to read-write equipment simultaneously; Again, read-write equipment receives this random number and judges whether it meets the requirements, and radio communication frequency and the address of then consulting by both sides according to analysis result are responded mobile terminal again, consult frequency and the address of next radio communication; Finally, mobile terminal receives and checks the radio-frequency response data of read-write equipment, judges whether to bind and access transaction with read-write equipment, thereby realize bilateral authentication according to analysis result.
But in above-mentioned improvement project, LF communication is only the half-duplex channel of read-write equipment to mobile terminal, and the communication mode of follow-up mobile terminal response read-write equipment is still radio communication. Therefore, in the time that read-write equipment suffers that malice is distorted, for example strengthen its low frequencies power, improve its radio frequency reception sensitivity etc., will cause mobile terminal and the communication distance of the read-write equipment being tampered to increase, and then also can bring authentication information the potential unsafe factor such as to be easily blocked, to crack, thereby directly affect user's transaction process, security still needs further to be improved.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of authentication method and device, improves the security of the communication process such as mobile payment.
For solving the problems of the technologies described above, the present invention proposes a kind of authentication method, the method comprises:
Send query statement by the first low channel, receive the first response message by the second low channel;
Send connection request by the first radio-frequency channel, receive the second response message by the second radio-frequency channel;
Judge that according to described the first response message and the second response message whether identity is legal.
Further; above-mentioned authentication method also can have following characteristics; in described query statement, carry the identification information of the first radio-frequency unit, in described the first response message, carry the identification information of the second radio-frequency unit and the identification information of the first radio-frequency unit; In described connection request, carry the identification information of the first radio-frequency unit and the identification information of the second radio-frequency unit, in described the second response message, carry and confirm the whether legal information of identity.
Further, above-mentioned authentication method also can have following characteristics, judging according to described the first response message and the second response message whether identity is legal is specially: if the identification information of the first radio-frequency unit carrying in described the first response message is correct, and the whether legal information of the confirmation identity of carrying in described the second response message is legal, and the identity of the first radio-frequency unit and the second radio-frequency unit is all legal.
Further, above-mentioned authentication method also can have following characteristics, carries frequency and the address of the first radio-frequency channel in described the first response message, carries frequency and the address of the second radio-frequency channel in described connection request.
For solving the problems of the technologies described above, the present invention proposes a kind of authenticate device, this device comprises:
The first low frequency transceiver module, for sending query statement by the first low channel, receives the first response message by the second low channel;
The first RF receiving and transmission module, for sending connection request by the first radio-frequency channel, receives the second response message by the second radio-frequency channel;
The first judge module, for judging that according to described the first response message and the second response message whether identity is legal.
Further; above-mentioned authenticate device also can have following characteristics; in described query statement, carry the identification information of the first radio-frequency unit, in described the first response message, carry the identification information of the second radio-frequency unit and the identification information of the first radio-frequency unit; In described connection request, carry the identification information of the first radio-frequency unit and the identification information of the second radio-frequency unit, in described the second response message, carry and confirm the whether legal information of identity.
Further, above-mentioned authenticate device also can have following characteristics, described the first judge module comprises the first judging unit, the identification information that is used for the first radio-frequency unit carrying in described the first response message is correct, and when the whether legal information of the confirmation identity of carrying in described the second response message is legal, judge that the identity of the first radio-frequency unit and the second radio-frequency unit is all legal.
Further, above-mentioned authenticate device also can have following characteristics, carries frequency and the address of the first radio-frequency channel in described the first response message, carries frequency and the address of the second radio-frequency channel in described connection request.
For solving the problems of the technologies described above, the present invention proposes a kind of authentication method, the method comprises:
Receive query statement, send the first response message by the second low channel by the first low channel;
Receive connection request, send the second response message by the second radio-frequency channel by the first radio-frequency channel;
Judge that according to described query statement and connection request whether identity is legal.
For solving the problems of the technologies described above, the present invention proposes a kind of authenticate device, this device comprises:
The second low frequency transceiver module, for being received query statement, sent the first response message by the second low channel by the first low channel;
The second RF receiving and transmission module, for being received connection request, sent the second response message by the second radio-frequency channel by the first radio-frequency channel;
The second judge module, for judging that according to described query statement and connection request whether identity is legal.
Authentication method of the present invention and device utilize dual-frequency point (low frequency and radio frequency), two-way low frequency with radio-frequency channel, the entity both sides that communicate by letter are carried out to binding authentication, improve in mobile payment application and concluded the business and be prone to the potential risk of leakage of personal information when entity is carried out identification, thereby improved security and the reliability of the communication process such as mobile payment transaction.
Brief description of the drawings
Fig. 1 is the verification process schematic diagram of read-write equipment 201 and mobile terminal 202 in the embodiment of the present invention;
Fig. 2 is the application system structured flowchart of authentication method in the embodiment of the present invention;
Fig. 3 is the flow chart of the performed authentication method of read-write equipment 201 in Fig. 1;
Fig. 4 is the flow chart of the performed authentication method of mobile terminal 202 in Fig. 1;
Fig. 5 be in Fig. 1 read-write equipment 201 and mobile terminal 202 by the form schematic diagram of the low-frequency data frame of low channel sending and receiving;
Fig. 6 be in Fig. 1 read-write equipment 201 and mobile terminal 202 by the form schematic diagram of the rf data frame of radio-frequency channel sending and receiving;
Fig. 7 is the structure chart of the first authenticate device in the embodiment of the present invention;
Fig. 8 is the structure chart of the second authenticate device in the embodiment of the present invention.
Detailed description of the invention
The present invention proposes a kind of authentication method (for quoting conveniently, below authenticate device part this authentication method is called to the first authentication method), the method comprises: sends query statement, reception the first response message by low channel; Send connection request, receive the second response message by radio-frequency channel; Judge that according to the first response message and the second response message whether identity is legal. This authentication method can be applied in following read-write equipment 201.
The invention allows for a kind of authentication method (for quoting conveniently, below authenticate device part this authentication method is called to the second authentication method), the method comprises: receives query statement, transmission the first response message by low channel; Receive connection request, send the second response message by radio-frequency channel; Judge that according to query statement and connection request whether identity is legal. This authentication method can be applied in following mobile terminal 202.
Below in conjunction with drawings and Examples, principle of the present invention and feature are described, example, only for explaining the present invention, is not intended to limit scope of the present invention.
Fig. 1 is the verification process schematic diagram of read-write equipment and mobile terminal in the embodiment of the present invention. Verification process shown in Fig. 1 can also be applied to other communication system that comprises the first radio-frequency unit and the second radio-frequency unit. In the present embodiment, read-write equipment is the first concrete radio-frequency unit, and mobile terminal is the second concrete radio-frequency unit.
As shown in Figure 1, in the present embodiment, verification process comprises activation and the process 110 that connects, binding and access connection procedure 120, and is divided into following steps A, step B, step C and tetra-steps of step D. Wherein, activate and the process 110 that connects comprises steps A and step B, binding and access connection procedure 120 comprise step C and step D.
Respectively each step is described below with reference to Fig. 1:
Steps A, read-write equipment 201 sends the inquiry instruction 1101 of carrying its identification information by the first low channel 101 to mobile terminal 202;
Wherein, identification information can be the UID(UniqueIdentifier of read-write equipment 201, unique identifier).
The UID of read-write equipment and mobile terminal can be the true random number generating according to certain AES by randomizer, or the identification information that adopts other modes to distribute. UID has uniqueness and legitimacy. Mobile terminal and read-write equipment can be by resolving with the corresponding decipherment algorithm of AES the UID information of obtaining the other side, and can be according to relatively judging the authentication result of UID with the identification information of pre-stored. Wherein, AES can be DES(DataEncryptionStandard, data encryption standards) algorithm, 3DES(TripleDataEncryptionStandard, triple DES) algorithm, AES(AdvancedEncryptionStandard, Advanced Encryption Standard) algorithm, MD5(Message-DigestAlgorithm, md5-challenge or claim hash algorithm), SHA(SecureHashAlgorithm, SHA) etc.
Particularly, steps A can be: read-write equipment 201 sends the first low frequency alternating magnetic field signal according to the first default emission parameter by the first low channel 101, and inquiry instruction 1101 is included in this first low frequency alternating magnetic field signal. Wherein, the first emission parameter can comprise operating frequency, coding and modulation system, the transmitting magnetic induction intensity amplitude etc. of the first low frequency alternating magnetic field signal.
The first emission parameter can be specifically selected by following steps:
Steps A 1, the frequency of low frequency alternating magnetic field signal is lower, less through the otherness decaying after various types of mobile terminals, utilizes this characteristic, and the little frequency of selected difference in attenuation is as the operating frequency of the first low frequency alternating magnetic field signal;
Steps A 2, selects the coded system of any one coded system without average DC component as the first low frequency alternating magnetic field signal, such as Manchester code, Difference Manchester code, NRZ etc.;
Steps A 3, for example selects, without modulation system (base band transmission mode) or without the carrier modulation mode of changes in amplitude, carrier modulation mode can be selected any one modulation system without changes in amplitude, such as on-off keying method, phase-shift keying or frequency shift keying etc.;
Steps A 4, under selected operating frequency, coded system and modulation system, first gain and the bandwidth parameter of low frequency alternating magnetic field signal detection and amplification in selected mobile terminal; Then test reading write device 201 does not send under low frequency alternating magnetic field signal conditioning, and mobile terminal 202 detects the intrinsic noise voltage amplitude Vn of voltage; Measure again the selected code modulation mode of read-write equipment 201 use and send the detection voltage Vr in the moving terminal 202 of low frequency alternating magnetic field time shift signal; Select transmitting magnetic induction intensity amplitude, make Vr/Vn SNR, SNR is the signal to noise ratio of mobile terminal 202.
Step B, mobile terminal 202 receives inquiry instruction 1101, is then sent and replys instruction 1102 to read-write equipment 201 by the second low channel 102;
Wherein, reply instruction 1102 and carry the identification information of read-write equipment 201 and the identification information of mobile terminal 202. Wherein, identification information can be unique identifier UID.
Particularly, step B can be: mobile terminal 202 sends the second low frequency alternating magnetic field signal according to the second default emission parameter by the second low channel 102, replys instruction 1102 and is included in the second low frequency alternating magnetic field signal.
Wherein, the second emission parameter comprises operating frequency, coding and modulation system, the transmitting magnetic induction intensity amplitude of the second low frequency alternating magnetic field signal.
The second emission parameter can be specifically selected by following steps:
Step B1, utilizes low frequency alternating magnetic field signal through difference in attenuation and the little characteristic of fluctuation range after various types of mobile terminals, the operating frequency according to the selected frequency meeting the demands of destinations traffic distance as the second low frequency alternating magnetic field signal;
Step B2, selects any one coded system without average DC component, such as Manchester code, Difference Manchester code, NRZ etc.;
Step B3, selects without modulation system or without the carrier modulation mode of changes in amplitude, carrier modulation mode can be selected any one modulation system without changes in amplitude, such as on-off keying method, phase-shift keying or frequency shift keying etc.;
Step B4, under selected operating frequency, coded system and modulation system, first gain and the bandwidth parameter of low frequency alternating magnetic field signal detection and amplification in selected read-write equipment; Then testing mobile terminal 202 does not send under low frequency alternating magnetic field signal conditioning, and read-write equipment 201 detects the intrinsic noise voltage amplitude Vn of voltage; Detection voltage Vr when measuring again the selected code modulation mode of mobile terminal 202 use and sending low frequency alternating magnetic field signal in read-write equipment 201; Finally select transmitting magnetic induction intensity amplitude, make Vr/Vn SNR, SNR is the signal to noise ratio of read-write equipment 201.
Step C, read-write equipment 201 receives replys instruction 1102, then sends connectivity request message 1201 by the first radio-frequency channel 103 to mobile terminal 202;
Connectivity request message 1201 carries the identification information (for example UID) of read-write equipment 201 and mobile terminal 202 again, for further confirming both sides' identity.
The messaging parameter of the first radio-frequency channel 103 can be included in replys in instruction 1102, also can be generated according to default algorithm by read-write equipment 201, for example, by carrying out certain particular combinations exclusive disjunction with the identification information of read-write equipment 201 and mobile terminal 202 in instruction 1102 and generate replying. If the messaging parameter of radio-frequency channel is to generate according to default algorithm, in mobile terminal 202, also exist the radio-frequency channel messaging parameter generting machanism same with read-write equipment 201, in mobile terminal 202, also exist the default algorithm same with read-write equipment 201.
Step D, mobile terminal 202 receives connectivity request message 1201, is then sent and connects confirmation 1202 to read-write equipment 201 by the second radio-frequency channel 104.
The same with the messaging parameter of the first radio-frequency channel 103, the messaging parameter of the second radio-frequency channel 104 can be included in connectivity request message 1201, also can generate according to default algorithm.
Connect confirmation 1202 for confirming whether read-write equipment 201 is confirmed to be connected with mobile terminal 202, if confirm to connect, illustrate that both sides have realized legal authentication, and indicate the parameter transaction that subsequent transaction process 130 is relevant.
In the present embodiment, the first low channel and the second low channel can be same low channels, can be also different low channels. But the first radio-frequency channel and the second radio-frequency channel are different radio-frequency channels.
When after the described steps A that is finished, step B, step C and step D, after the process 110 that also activates and connect, binding and access connection procedure 120 complete smoothly, read-write equipment 201 and mobile terminal 202 enter transaction process 130.
Fig. 2 is the application system structured flowchart of authentication method in the embodiment of the present invention. As shown in Figure 2, in the present embodiment, the application system of authentication method comprises read-write equipment 201, mobile terminal 202, background server 210. Wherein, read-write equipment 201 has the first low frequency coupling coil 203, the first radio-frequency antenna 205. Mobile terminal 202 has the second low frequency coupling coil 204, the second radio-frequency antenna 206. In background server 210, comprise built-in database 220.
Wherein, the first low frequency coupling coil 203 and the second low frequency coupling coil 204 are for set up the first low channel 101 and the second low channel 102 between read-write equipment 201 and mobile terminal 202, and the low frequency alternating magnetic field signal of verify data is carried in transmission.
Wherein, the first radio-frequency antenna 205 and the second radio-frequency antenna 206 are for set up the first radio-frequency channel 103 and the second radio-frequency channel 104 between read-write equipment 201 and mobile terminal 202, and the radiofrequency signal of verify data is carried in transmission.
Wherein, database 220 is placed in background server 210, and for store the identification information of various mobile terminals in interaction, read-write equipment 201 can obtain these identification information from database 220, judges the legitimacy of mobile terminal 202. In addition, database 220 can also be used for the key message such as authentication information and transaction data to carry out encryption and decryption management.
Fig. 3 is the flow chart of the performed authentication method of read-write equipment 201 in Fig. 1. Now in conjunction with Fig. 3 and Fig. 1, this flow process is described further. In the present embodiment, the flow process of the performed authentication method of read-write equipment 201 specifically comprises the following steps:
Step 301, read-write equipment 201 is ready, starts to carry out certification;
Step 302, read-write equipment 201 is opened the first low channel 101, sets up LF communication be connected with mobile terminal 202;
Step 303, read-write equipment 201 sends the low frequency inquiry instruction 1101 of carrying self UID information by the first low channel 101;
Step 304, read-write equipment 201 is opened the second low channel 102, and the low frequency that wait mobile terminal receive 202 sends is replied instruction 1102;
Step 305, read-write equipment 201 judges whether to receive in the given time replys instruction 1102, if receive, performs step 306, otherwise execution step 314;
Step 306, read-write equipment 201 is replied instruction 1102 to the low frequency of receiving and is resolved, and extracts the identification information of wherein carrying;
Step 307, read-write equipment 201, by the identification information of receiving and the identification information comparison of self, judges that whether it is correct, if the result of checking is correct, performs step 308, otherwise execution step 316;
Step 308, read-write equipment 201 is opened the first radio-frequency channel 103, sets up radio communication be connected with mobile terminal 202;
Step 309, read-write equipment 201 sends connectivity request message 1201 by the first radio-frequency channel 103;
Step 310, read-write equipment 201 is opened the connection confirmation 1202 that the second radio-frequency channel 104 waits for that mobile terminal receive 202 sends;
Step 311, read-write equipment 201 judges whether to receive at the appointed time that connection confirmation 1202(confirms instruction), if receive, perform step 312, otherwise execution step 315;
Step 312, read-write equipment 201 is resolved the connection confirmation 1202 of receiving, extracts useful information wherein;
Useful information can comprise the legal authentication information of confirmation both sides identity, is ready for the information of subsequent transaction, indicates the content such as the frequency of next radio-frequency channel and the information of address.
Step 313, whether the data that read-write equipment 201 determining steps 312 are received are correct, if correct, perform step 318, otherwise execution step 317;
Step 314, read-write equipment 201 is attempted receiving replying instruction 1102 at the appointed time again, replys instruction if received in the given time, performs step 306; Do not receive yet and reply instruction if exceed the scheduled time, return to step 303;
Step 315, read-write equipment 201 is attempted receiving connecting confirmation 1202 at the appointed time again, if received in the given time connection confirmation, performs step 312; Do not receive yet connection confirmation if exceed the scheduled time, return to step 309;
Step 316, read-write equipment 201 disconnects and being connected with the LF communication of mobile terminal 202;
Step 317, read-write equipment 201 disconnects and being connected with the radio communication of mobile terminal 202;
Step 318, read-write equipment 201 thinks that the authentication success of itself and mobile terminal 202 completes, and enters subsequent transaction link.
Fig. 4 is the flow chart of the performed authentication method of mobile terminal 202 in Fig. 1. Now in conjunction with Fig. 4 and Fig. 1, this flow process is described further. In the present embodiment, the flow process of the performed authentication method of mobile terminal 202 specifically comprises the following steps:
Step 401, mobile terminal 202 is ready, starts to carry out certification;
Step 402, mobile terminal 202 is opened the first low channel 101, waits for and receives the inquiry instruction 1101 that read-write equipment 201 sends;
Step 403, mobile terminal 202 detects inquiry instruction 1101 and judges that whether it is correct, if correct, performs step 404, otherwise execution step 411;
Step 404, mobile terminal 202 extracts the identification information of read-write equipment 201 from inquiry instruction 1101, and the identification information of self is appended to generate low frequency after the identification information of read-write equipment 201 to reply instruction 1102(be low frequency reply data frame);
Step 405, mobile terminal 202 sends low frequency by the second low channel 102 and replys instruction 1102;
Step 406, mobile terminal 202 is opened the first radio-frequency channel 103, waits for and receives the connectivity request message 1201 that read-write equipment 201 sends;
Step 407, mobile terminal 202 judges whether to receive at the appointed time connectivity request message 1201, if receive, performs step 408, otherwise execution step 412;
Step 408, mobile terminal 202 is resolved the connectivity request message 1201 of receiving, extracts useful information wherein;
Here, useful information can comprise combination id information, the request access radio frequency of information, read-write equipment and the mobile terminal of instruction next radio communication frequency and the address contents such as the command information that is connected of concluding the business。
Step 409, whether the data that mobile terminal 202 verification steps 408 are received are effective, if effectively, perform step 410, otherwise execution step 413;
Step 410, mobile terminal 202 is according to the result of step 409, and corresponding generation connects confirmation 1202, and opens the second radio-frequency channel 104 to read-write equipment 201 transmission connection confirmations, execution step 414;
Step 411, mobile terminal 202 is attempted receiving inquiry instruction 1101 at the appointed time again, if received in the given time inquiry instruction, performs step 404, does not receive yet inquiry instruction if exceed the scheduled time, returns to step 402;
Step 412, mobile terminal 202 is attempted receiving connectivity request message 1201 at the appointed time again, if received in the given time connectivity request message, performs step 408; Do not receive yet connectivity request message if exceed the scheduled time, return to step 405;
Step 413, mobile terminal 202 disconnections are connected with read-write equipment 201;
Step 414, mobile terminal 202 thinks that the authentication success of itself and read-write equipment 201 completes, and enters subsequent transaction link.
Fig. 5 be in Fig. 1 read-write equipment 201 and mobile terminal 202 by the form schematic diagram of the low-frequency data frame of low channel sending and receiving. As shown in Figure 5, each frame of low-frequency data frame can be divided into following territory:
Synchronous code 501:1 byte (byte) width, for frame synchronization with as the beginning flag of frame; Wherein, can specify, be represented with 0x7E to the main low-frequency data frame of mobile terminal 202 directions by read-write equipment 201, the representing with 0x7F from low-frequency data frame to read-write equipment 201 directions by mobile terminal 202.
Control domain 502:1 byte wide, is used to indicate data type and the data length information in low-frequency data frame data territory 503, and wherein, data type designator and data length designator respectively account for 4 bits (bit) bit wide, can retain and treat that following expansion is used.
Data field 503:1 is to 16 byte wides, and the identification information that comprises read-write equipment 201 and mobile terminal 202, can be generated and be encrypted by random number, and specify its type and length by control domain 502.
CRC check 504:1 byte wide, carries out verification according to 8 CRC check modes to the content of control domain 502 and data field 503 scopes and calculates, and the initial value of CRC-8 verification is 0x00.
Fig. 6 be in Fig. 1 read-write equipment 201 and mobile terminal 202 by the form schematic diagram of the rf data frame of radio-frequency channel sending and receiving. As shown in Figure 6, each frame of rf data frame can be divided into following territory:
Lead code 601:1 byte wide, as frame beginning flag, for detection of 0 and 1, read-write equipment 201 and mobile terminal 202 add lead code 601 under sending mode, remove lead code 601 under receiving mode; In the present embodiment, definition lead code 601 represents type A for 01010101() or 10101010(represent type B) sequence. Lead code 601 is type A or type B, is specifically determined by the highest order of address field 602: if the highest order of address field 602 is 1, lead code is 01010101, if the highest order of address field 602 is 0, lead code is 10101010.
Address field 602:3 is to 5 byte wides, and content is the radio-frequency nodes address that read-write equipment and mobile terminal receive correct rf data frame, can be configured respectively sendaisle and receive path, and recipient automatically removes address from the Frame receiving.
Control domain 603:1 byte wide, for defining data length and the designation data type in valid data territory 604, wherein data length flag bit accounts for 5 bit bit wides, and data type flag bit accounts for 3 bit bit wides, can retain and treat that following expansion is used.
Valid data territory 604::1 is to 32 byte wides, connectivity request message is provided and is connected confirmation with mobile terminal for read-write equipment, carry both sides' authentication information and radio communication parameter, specified data length and the data type in valid data territory 604 by control domain 603.
CRC check 605:2 byte wide, carries out verification according to 16 CRC check modes to the content of address field 602, control domain 603 and valid data territory 604 scopes and calculates, and the initial value of CRC-16 verification is 0xFFFF.
The frame format of described low-frequency data frame and rf data frame, only as a kind of example, does not limit the frame format of the actual employing of the present invention above, and any frame format that comprises the unique identification reading and writing device of energy and mobile terminal UID all can be used in principle. UID can adopt the random number of sufficient length, also can adopt unique sequence number of manual allocation, or the identity code of other effective means generations.
Authentication method of the present invention utilizes dual-frequency point (low frequency and radio frequency), two-way low frequency with radio-frequency channel, the entity both sides that communicate by letter are carried out to binding authentication, improve in mobile payment application and concluded the business and be prone to the potential risk of leakage of personal information when entity is carried out identification, thereby improved security and the reliability of the communication process such as mobile payment transaction.
The invention allows for a kind of authenticate device (being called the first authenticate device), in order to carry out the first above-mentioned authentication method. Fig. 7 is the structure chart of the first authenticate device in the embodiment of the present invention. As shown in Figure 7, in the present embodiment, the first authenticate device 70 comprises the first low frequency transceiver module 71, the first RF receiving and transmission module 72 and the first judge module 73. Wherein, the first low frequency transceiver module 71 is for sending query statement, receiving the first response message by low channel; The first RF receiving and transmission module 72 is for sending connection request, receiving the second response message by radio-frequency channel; The first judge module 73 is for judging that according to the first response message and the second response message whether identity is legal. The first authenticate device 70 shown in Fig. 7 can be applied in above-mentioned read-write equipment 201.
Wherein, preferred a kind of mode is: in query statement, carry the identification information of the first radio-frequency unit, carry the identification information of the second radio-frequency unit and the identification information of the first radio-frequency unit in the first response message; In connection request, carry the identification information of the first radio-frequency unit and the identification information of the second radio-frequency unit, in the second response message, carry the information of whether confirming connection. Wherein, the first radio-frequency unit can be aforesaid read-write equipment, and the second radio-frequency unit can be aforesaid mobile terminal. Wherein, identification information can be unique identifier UID.
Wherein, in the first low frequency transceiver module 71, can comprise the first low frequency Transmit-Receive Unit, the first low frequency Transmit-Receive Unit, for sending query statement by the first low channel, receives the first response message by the second low channel.
Wherein, in the first RF receiving and transmission module 72, can comprise the first Transmit Receive Unit, the first Transmit Receive Unit, for sending connection request by the first radio-frequency channel, receives the second response message by the second radio-frequency channel.
Wherein, in the first judge module 73, can comprise the first judging unit, the identification information that the first judging unit is used for the first radio-frequency unit carrying in the first response message is correct, and while carrying the information of confirming connection in the second response message, judge that the identity of the first radio-frequency unit and the second radio-frequency unit is all legal. If the identification information mistake of the first radio-frequency unit carrying in the first response message, the first judging unit judges that the identity of the second radio-frequency unit is illegal, forbid the information connecting if carry in the second response message, the first judging unit judges that the identity of the first radio-frequency unit is illegal.
Wherein, the first RF receiving and transmission module 72 can comprise channel selecting unit in going back, and channel selecting unit is for generating frequency and the address of radio-frequency channel according to default algorithm.
Wherein, in the first response message, can carry frequency and the address of the first radio-frequency channel, in connection request, can carry frequency and the address of the second radio-frequency channel.
Authenticate device of the present invention utilizes dual-frequency point (low frequency and radio frequency), two-way low frequency with radio-frequency channel, the entity both sides that communicate by letter are carried out to binding authentication, improve in mobile payment application and concluded the business and be prone to the potential risk of leakage of personal information when entity is carried out identification, thereby improved security and the reliability of the communication process such as mobile payment transaction.
The invention allows for a kind of authenticate device (being called the second authenticate device), in order to carry out the second above-mentioned authentication method. Fig. 8 is the structure chart of the second authenticate device in the embodiment of the present invention. As shown in Figure 8, in the present embodiment, the second authenticate device 80 comprises the second low frequency transceiver module 81, the second RF receiving and transmission module 82 and the second judge module 83. Wherein, the second low frequency transceiver module 81 is for receiving query statement, sending the first response message by low channel; The second RF receiving and transmission module 82 is for receiving connection request, sending the second response message by radio-frequency channel; The second judge module 83 is for judging that according to query statement and connection request whether identity is legal. The second authenticate device 80 shown in Fig. 8 can be applied in above-mentioned mobile terminal 202.
Authenticate device of the present invention utilizes dual-frequency point (low frequency and radio frequency), two-way low frequency with radio-frequency channel, the entity both sides that communicate by letter are carried out to binding authentication, improve in mobile payment application and concluded the business and be prone to the potential risk of leakage of personal information when entity is carried out identification, thereby improved security and the reliability of the communication process such as mobile payment transaction.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any amendment of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. an authentication method, is characterized in that, the method comprises:
Send query statement according to the first default emission parameter by the first low channel, low by secondFrequently passage receives the first response message;
The first emission parameter is specifically selected by following steps:
Steps A 1, the frequency of selected difference in attenuation minimum is as the work frequency of the first low frequency alternating magnetic field signalRate;
Steps A 2, selects any one coded system without average DC component as the first low-frequency alternating magneticThe coded system of field signal;
Steps A 3, selects without modulation system or without the carrier modulation mode of changes in amplitude;
Steps A 4, under selected operating frequency, coded system and modulation system, first selected mobile terminalGain and the bandwidth parameter of interior low frequency alternating magnetic field signal detection and amplification; Then test reading write device is not sent outSend under low frequency alternating magnetic field signal conditioning, mobile terminal detects the intrinsic noise voltage amplitude Vn of voltage; AgainMeasuring the selected code modulation mode of read-write equipment sends in the moving terminal of low frequency alternating magnetic field time shift signalDetection voltage Vr; Select transmitting magnetic induction intensity amplitude, make Vr/Vn SNR, SNR is mobile terminalSignal to noise ratio;
Send connection request by the first radio-frequency channel, receive the second response letter by the second radio-frequency channelBreath;
Judge that according to described the first response message and the second response message whether identity is legal.
2. authentication method according to claim 1, is characterized in that:
In described query statement, carry the identification information of the first radio-frequency unit, described the first response messageIn carry the identification information of the second radio-frequency unit and the identification information of the first radio-frequency unit;
In described connection request, carry the identification information of the first radio-frequency unit and the second radio-frequency unitIdentification information, carries in described the second response message and confirms the whether legal information of identity.
3. authentication method according to claim 2, is characterized in that:
Judging according to described the first response message and the second response message whether identity is legal is specially:
If the identification information of the first radio-frequency unit carrying in described the first response message is correct, andThe whether legal information of confirmation identity of carrying in described the second response message is legal, the first radio frequency dressIt is all legal to put with the identity of the second radio-frequency unit.
4. authentication method according to claim 1, is characterized in that:
In described the first response message, carry frequency and the address of the first radio-frequency channel, in described connection requestCarry frequency and the address of the second radio-frequency channel.
5. an authenticate device, is characterized in that, this device comprises:
The first low frequency transceiver module, for sending out by the first low channel according to the first default emission parameterSend query statement, receive the first response message by the second low channel;
The first emission parameter is specifically selected by following steps:
Steps A 1, the frequency of selected difference in attenuation minimum is as the work frequency of the first low frequency alternating magnetic field signalRate;
Steps A 2, selects any one coded system without average DC component as the first low-frequency alternating magneticThe coded system of field signal;
Steps A 3, selects without modulation system or without the carrier modulation mode of changes in amplitude;
Steps A 4, under selected operating frequency, coded system and modulation system, first selected mobile terminalGain and the bandwidth parameter of interior low frequency alternating magnetic field signal detection and amplification; Then test reading write device is not sent outSend under low frequency alternating magnetic field signal conditioning, mobile terminal detects the intrinsic noise voltage amplitude Vn of voltage; AgainMeasuring the selected code modulation mode of read-write equipment sends in the moving terminal of low frequency alternating magnetic field time shift signalDetection voltage Vr; Select transmitting magnetic induction intensity amplitude, make Vr/Vn SNR, SNR is mobile terminalSignal to noise ratio;
The first RF receiving and transmission module, for sending connection request by the first radio-frequency channel, penetrates by secondFrequently passage receives the second response message;
The first judge module, for judging that according to described the first response message and the second response message identity isNo legal.
6. authenticate device according to claim 5, is characterized in that:
In described query statement, carry the identification information of the first radio-frequency unit, described the first response messageIn carry the identification information of the second radio-frequency unit and the identification information of the first radio-frequency unit;
In described connection request, carry the identification information of the first radio-frequency unit and the second radio-frequency unitIdentification information, carries in described the second response message and confirms the whether legal information of identity.
7. authenticate device according to claim 6, is characterized in that:
Described the first judge module comprises the first judging unit, for carrying in described the first response messageThe identification information of the first radio-frequency unit correct, and the confirmation of carrying in described the second response messageWhen the whether legal information of identity is legal, judge that the identity of the first radio-frequency unit and the second radio-frequency unit is equalLegal.
8. authenticate device according to claim 5, is characterized in that:
In described the first response message, carry frequency and the address of the first radio-frequency channel, in described connection requestCarry frequency and the address of the second radio-frequency channel.
9. an authentication method, is characterized in that, comprising:
Receive query statement, low by second according to the second default emission parameter by the first low channelFrequently passage sends the first response message;
The second emission parameter is specifically selected by following steps:
Step B1, utilize low frequency alternating magnetic field signal through difference in attenuation after various types of mobile terminals andThe characteristic that fluctuation range is little, hands over as the second low frequency according to the selected frequency meeting the demands of destinations traffic distanceThe operating frequency of varying magnetic field signal;
Step B2, selects any one coded system without average DC component;
Step B3, selects without modulation system or without the carrier modulation mode of changes in amplitude, carrier modulation modeSelect any one modulation system without changes in amplitude;
Step B4, under selected operating frequency, coded system and modulation system, first selected read-write equipmentGain and the bandwidth parameter of interior low frequency alternating magnetic field signal detection and amplification; Then testing mobile terminal is not sent outSend under low frequency alternating magnetic field signal conditioning, read-write equipment detects the intrinsic noise voltage amplitude Vn of voltage; AgainWhen measuring selected code modulation mode used for mobile terminal and sending low frequency alternating magnetic field signal in read-write equipmentDetection voltage Vr; Finally select transmitting magnetic induction intensity amplitude, make Vr/Vn SNR, SNR is read-writeThe signal to noise ratio of equipment;
Receive connection request, send the second response letter by the second radio-frequency channel by the first radio-frequency channelBreath;
Judge that according to described query statement and connection request whether identity is legal.
10. an authenticate device, is characterized in that, comprising:
The second low frequency transceiver module, for receiving query statement, according to default by the first low channelThe second emission parameter sends the first response message by the second low channel;
The second emission parameter is specifically selected by following steps:
Step B1, utilize low frequency alternating magnetic field signal through difference in attenuation after various types of mobile terminals andThe characteristic that fluctuation range is little, hands over as the second low frequency according to the selected frequency meeting the demands of destinations traffic distanceThe operating frequency of varying magnetic field signal;
Step B2, selects any one coded system without average DC component;
Step B3, selects without modulation system or without the carrier modulation mode of changes in amplitude, carrier modulation modeSelect any one modulation system without changes in amplitude;
Step B4, under selected operating frequency, coded system and modulation system, first selected read-write equipmentGain and the bandwidth parameter of interior low frequency alternating magnetic field signal detection and amplification; Then testing mobile terminal is not sent outSend under low frequency alternating magnetic field signal conditioning, read-write equipment detects the intrinsic noise voltage amplitude Vn of voltage; AgainWhen measuring selected code modulation mode used for mobile terminal and sending low frequency alternating magnetic field signal in read-write equipmentDetection voltage Vr; Finally select transmitting magnetic induction intensity amplitude, make Vr/Vn SNR, SNR is read-writeThe signal to noise ratio of equipment;
The second RF receiving and transmission module, for being received connection request, penetrated by second by the first radio-frequency channelFrequently passage sends the second response message;
The second judge module, for judging that according to described query statement and connection request whether identity is legal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110223682.9A CN102917357B (en) | 2011-08-05 | 2011-08-05 | A kind of authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110223682.9A CN102917357B (en) | 2011-08-05 | 2011-08-05 | A kind of authentication method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102917357A CN102917357A (en) | 2013-02-06 |
| CN102917357B true CN102917357B (en) | 2016-05-11 |
Family
ID=47615552
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110223682.9A Active CN102917357B (en) | 2011-08-05 | 2011-08-05 | A kind of authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102917357B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104184699B (en) * | 2013-05-21 | 2018-06-22 | 中国银联股份有限公司 | Security information interaction system, device and method |
| US10902423B2 (en) | 2014-09-29 | 2021-01-26 | Mastercard International Incorporated | Method and apparatus for streamlined digital wallet transactions |
| CN104317551A (en) * | 2014-10-17 | 2015-01-28 | 北京德加才科技有限公司 | Ultrahigh-safety true random number generation method and ultrahigh-safety true random number generation system |
| CN106850680B (en) * | 2017-03-20 | 2020-02-28 | 株洲中车时代电气股份有限公司 | Intelligent identity authentication method and device for rail transit equipment |
| CN108966190A (en) * | 2018-06-25 | 2018-12-07 | 北京旅居四方科技有限公司 | Water power stake and method, equipment and storage medium for process instruction |
| CN113132995B (en) * | 2019-12-31 | 2023-04-07 | 中移智行网络科技有限公司 | Equipment control method and device, storage medium and computer equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101334903A (en) * | 2008-06-25 | 2008-12-31 | 高英 | Low frequency magnetic field based no-parking toll collection system |
| CN102142868A (en) * | 2010-01-29 | 2011-08-03 | 国民技术股份有限公司 | Near field communication method and system |
-
2011
- 2011-08-05 CN CN201110223682.9A patent/CN102917357B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101334903A (en) * | 2008-06-25 | 2008-12-31 | 高英 | Low frequency magnetic field based no-parking toll collection system |
| CN102142868A (en) * | 2010-01-29 | 2011-08-03 | 国民技术股份有限公司 | Near field communication method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102917357A (en) | 2013-02-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102917357B (en) | A kind of authentication method and device | |
| US20110280406A1 (en) | Key distribution method and system | |
| US20130297507A1 (en) | System and method for wireless transaction authentication | |
| CN101742504A (en) | Method for carrying out identity authentication by utilizing short messages | |
| CN105704092A (en) | User identity authentication method, device and system | |
| CN103427993A (en) | Authentication for near field communication | |
| CN104240080A (en) | Realization method for mobile payment and device thereof | |
| CN106779711A (en) | Safe payment method and device based on eID | |
| CN106779672A (en) | The method and device that mobile terminal safety pays | |
| CN102957454B (en) | Method and system for utilizing magnetic bidirectional communication | |
| CN106776621A (en) | Generate the method and device of bill | |
| CN102054313A (en) | Transparent forwarding-based method and system for dual-band wireless payment authentication | |
| CN101964952B (en) | Transmission method of electronic ticket | |
| CN106709727A (en) | Intelligent card management method and system thereof, terminal and card service management apparatus | |
| KR20180001658A (en) | Method for Providing Asynchronous Reverse Direction Payment by using Radio Signal Device | |
| KR101384441B1 (en) | System and method for user certify | |
| KR20180110283A (en) | Method for Providing Payment by using OBD Interlocking Device in a Car | |
| CN109041025A (en) | A kind of personal identification method of near-field communication | |
| KR20170134854A (en) | Method for Providing Refueling Payment by using Close Range Device | |
| CN106789839A (en) | The method and device that mobile terminal safety pays | |
| KR20170034973A (en) | Method for Providing Two-Channel Payment by using Close Range Device | |
| KR101904458B1 (en) | Method for Operating One Time Code by using Allocation of Resource | |
| KR20180110292A (en) | Method for Providing Two-Channel Payment by using OBD Interlocking Device in a Car | |
| CN102694908A (en) | General authentication apparatus | |
| KR20180004372A (en) | Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Affiliated Store's Mobile Device with Radio Signal Sending |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |