Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
At first, word and term in following each embodiment are made an explanation:
The electronics password card of mentioning in the embodiment of the present invention is that a vang draws and password card one to one, wherein, index can be coordinate etc. can unique definite card on the sign of password, for example, index can be row-coordinate, row coordinate.Also have a sequence number on card, be used for and the user account binding.
The one-way function of mentioning in the embodiment of the present invention refers to: if a function, for any one group of independent variable, there is unique dependent variable corresponding with this group independent variable, and for nearly all dependent variable, but can't draw one group of independent variable of determining by finding the solution this function, this function is exactly one-way function.
That mention in the embodiment of the present invention and/or, at least one in referring to both.For example, A and/or B comprise: A, B, A and three kinds of situations of B.
The ordinal numbers such as " first " mentioned in the embodiment of the present invention, " second ", " the 3rd ", " the 4th ", unless the meaning of its certain order of representation based on context, should be understood to has been only the use of differentiation.
Embodiment 1
Referring to Fig. 2, the present embodiment provides a kind of authentication method, and the method comprises:
S11: in the situation that certified equipment and authenticating device are confirmed the other side's sequence number and the sequence numbers match of self mutually, authenticating device produces one group of random number, and random number is sent to certified equipment, random number comprises: the sequence number of the electronics password card that authentication is used, the index on the electronics password card, and random number also comprises: the sequence number of one-way function and/or the sequence number of enciphered message;
Wherein, enciphered message comprises key and cryptographic algorithm, and corresponding, the sequence number of enciphered message comprises the sequence number of key and the sequence number of cryptographic algorithm.
S12: authenticating device receives the first answer information that certified equipment sends, and the first answer information is that certified equipment adopts the method identical with authenticating device to generate;
S13: authenticating device finds corresponding electronics password card according to the sequence number of the electronics password card that the authentication that random number is carried is used from the data of self preserving, index on the electronics password card that carries according to random number is determined corresponding password at the electronics password card that finds, the sequence number of the one-way function that carries according to random number and/or the sequence number of enciphered message find corresponding one-way function and/or enciphered message from the data of self preserving, and use the one-way function find and/or enciphered message that the password of determining is processed to obtain result, with result as the second answer information,
S14: authenticating device compares the second answer information that self produces and the first answer information that receives from certified equipment, if consistent, judges that certified equipment is legal, authentication is passed through, if inconsistent, judge that certified equipment is illegal, authentication is not passed through.
The present embodiment sends to certified equipment by authenticating device with the sequence number of one-way function and/or the sequence number of enciphered message, certified equipment uses corresponding one-way function or/and after the enciphered message processing with the password of electronics password card, send to again authenticating device to authenticate, be difficult for finding the solution the special nature of independent variable by dependent variable due to one-way function, perhaps due to the encryption of enciphered message to password, even the answer information of certified equipment is intercepted and captured, the interceptor can not obtain password, thereby has improved the fail safe of inter-device authentication.
Embodiment 2
Referring to Fig. 3, the present embodiment provides a kind of authentication method, and the method comprises:
S21: in the situation that certified equipment and authenticating device are confirmed the other side's sequence number and the sequence numbers match of self mutually, certified equipment receives one group of random number that authenticating device produces and sends, random number comprises: the sequence number of the electronics password card that authentication is used, the index on the electronics password card, and random number also comprises: the sequence number of one-way function and/or the sequence number of enciphered message;
Wherein, enciphered message comprises key and cryptographic algorithm, and corresponding, the sequence number of enciphered message comprises the sequence number of key and the sequence number of cryptographic algorithm.
S22: certified equipment finds corresponding electronics password card according to the sequence number of the electronics password card that the authentication that random number is carried is used from the data of self preserving, index on the electronics password card that carries according to random number is determined corresponding password at the electronics password card that finds, the sequence number of the one-way function that carries according to random number and/or the sequence number of enciphered message find corresponding one-way function and/or enciphered message from the data of self preserving, and use the one-way function find and/or enciphered message that the password of determining is processed to obtain result, with result as the first answer information,
S23: certified equipment sends the first answer information to authenticating device, make authenticating device adopt the method identical with certified equipment to generate the second answer information, and the second answer information that self produces and the first answer information that receives from certified equipment are compared, if consistent, judge that certified equipment is legal, authentication is passed through, if inconsistent, judge that certified equipment is illegal, authentication is not passed through.
The present embodiment is by the sequence number of the one-way function of certified equipment reception authenticating device transmission and/or the sequence number of enciphered message, the password of electronics password card is used corresponding one-way function or/and after the enciphered message processing, send to again authenticating device to authenticate, be difficult for finding the solution the special nature of independent variable by dependent variable due to one-way function, perhaps due to the encryption of enciphered message to password, even the answer information of certified equipment is intercepted and captured, the interceptor can not obtain password, thereby has improved the fail safe of inter-device authentication.
Embodiment 3
Referring to Fig. 4, the present embodiment provides a kind of authentication method, and the method comprises:
201: certified equipment is initiated authentication application to authenticating device, certified equipment and authenticating device confirm mutually whether the other side's sequence number and the sequence number of self mate, if coupling, execution in step 202 or directly execution in step 203, if do not mate, withdraw from verification process.
Certified equipment and authenticating device confirm mutually whether the other side's sequence number and the sequence number of self mate, specifically comprise: certified equipment sends to authenticating device with the sequence number of self, authenticating device mates the sequence number of this equipment and the sequence number of certified equipment, authenticating device sends to certified equipment with the sequence number of self, and certified equipment mates the sequence number of this equipment and the sequence number of authenticating device.
Wherein, authentication application can be initiated by master authentication equipment or from authenticating device.
202: certified equipment authenticates authenticating device, if authentication is passed through, execution in step 203, if authentication is not passed through, withdraws from verification process.
Wherein, step 202 is optional, if execution in step 202 can further improve the fail safe of authentication.
203: authenticating device authenticates certified equipment, if authentication is passed through, execution in step 204, if authentication is not passed through, withdraws from verification process.
204: verification process is completed.
In order to realize that authenticating device authenticates certified equipment, perhaps in order to realize that certified equipment authenticates authenticating device, need respectively to preserve at least one group of identical electronics password card of content, at least one one-way function at authenticating device and certified equipment, at least one encrypts the data such as enciphered message of use.Wherein, enciphered message comprises key and cryptographic algorithm, and corresponding, the sequence number of enciphered message comprises the sequence number of key and the sequence number of cryptographic algorithm.Further, in order to prevent being stolen in the data of authenticating device and the preservation of certified equipment, authenticating device and certified equipment can be encrypted the data of self preserving respectively, the present embodiment does not limit concrete encryption method, and authenticating device and certified equipment can adopt identical or different encryption method that the data of self preserving are encrypted.Held by the user with respect to electronics password card in prior art, any holder can see the information on the electronics password card, the disabled user is by the information that the means that copy just can the electron gain password card such as scanning, take a picture, copy, the electronics password card of the embodiment of the present invention is kept at equipment (authenticating device or certified equipment), and can encrypting storing, the disabled user is difficult for the information of electron gain password card.Further, when electronics password card, one-way function or enciphered message have when a plurality of, increase password and intercepted and captured the difficulty of decoding, improved the fail safe of authentication.In order further to improve the fail safe of authentication, the electronics password card can be divided into two groups, one group of electronics password card is specifically designed to authenticating device certified equipment is authenticated, and another group electronics password card is specifically designed to certified equipment authenticating device is authenticated; In like manner, one-way function can be divided into two groups, and one group of one-way function is specifically designed to authenticating device certified equipment is authenticated, and another group one-way function is specifically designed to certified equipment authenticating device is authenticated; In like manner, enciphered message can be divided into two groups, and a group encryption information is specifically designed to authenticating device certified equipment is authenticated, and another group encryption information is specifically designed to certified equipment authenticating device is authenticated.
The certified equipment of step 202 authenticates authenticating device, can adopt following methods:
2021: certified equipment produces one group of second random number, and should organize the second random number and send to authenticating device;
Wherein, this group second random number comprises: the sequence number of the electronics password card that authentication is used, the index on the electronics password card; This group random number also comprises: the sequence number of one-way function and/or the sequence number of enciphered message.Wherein, enciphered message comprises key and cryptographic algorithm, and corresponding, the sequence number of enciphered message comprises the sequence number of key and the sequence number of cryptographic algorithm.
Further, the electronics password card that carries of this group random number, one-way function are or/and the information such as enciphered message can be specifically designed to certified equipment that authenticating device is authenticated.
2022: after authenticating device received this group second random number, the information of carrying according to this group second random number produced the 3rd answer information, and the 3rd answer information is sent to certified equipment;
Concrete, the sequence number of the electronics password card that authenticating device uses according to the authentication that this group second random number is carried finds corresponding the second electronics password card from the data of self preserving, and the second password of correspondence determined in the index on the electronics password card that carries according to this group random number at the electronics password card that finds; The sequence number of the one-way function that carries according to this group random number and/or the sequence number of enciphered message find corresponding the second one-way function and/or the second enciphered message from the data of self preserving, and use the second one-way function find and/or the second enciphered message that the second password of determining is processed to obtain the second result, with the second result as the 3rd answer information.
Wherein, the second one-way function that use is found and/or the second enciphered message are processed the second password of determining and are obtained the second result, and four kinds of methods specifically can be arranged.The first is to use the second one-way function that finds to calculate the second result to the second password of determining.The second is to use the second enciphered message that finds that the second password of determining is encrypted and obtain the second result.The third is that the second one-way function that first use is found calculates the second intermediate object program to the second password of determining, then uses the second enciphered message that finds that the second intermediate object program that calculates is encrypted and obtains the second result.The 4th kind is, first uses the second enciphered message that finds that the second password of determining is encrypted and obtains the second intermediate object program, then uses the second one-way function that finds to calculate the second result to the second intermediate object program that encryption obtains.
2023: certified equipment adopts the method identical with authenticating device, the information of carrying according to this group second random number produces the 4th answer information, and the 4th answer information that self produces and the 3rd answer information that receives from authenticating device are compared, if consistent, judge that authenticating device is legal, authentication is passed through, if inconsistent, judge that authenticating device is illegal, authentication is not passed through.
Wherein, certified equipment adopts the method identical with authenticating device, and the information of carrying according to this group second random number produces the 4th answer information, specifically comprises:
The sequence number of the electronics password card that the authentication of carrying according to this group second random number is used finds corresponding the second electronics password card from the data of self preserving, and the second password of correspondence determined in the index on the electronics password card that carries according to this group random number at the electronics password card that finds; The sequence number of the one-way function that carries according to this group random number and/or the sequence number of enciphered message find corresponding the second one-way function and/or the second enciphered message from the data of self preserving, and use the second one-way function find and/or the second enciphered message that the second password of determining is processed to obtain the second result, with the second result as the 4th answer information.
Wherein, the second one-way function that use is found and/or the second enciphered message are processed the second password of determining and are obtained the second result, and four kinds of methods specifically can be arranged.The first is to use the second one-way function that finds to calculate the second result to the second password of determining.The second is to use the second enciphered message that finds that the second password of determining is encrypted and obtain the second result.The third is that the second one-way function that first use is found calculates the second intermediate object program to the second password of determining, then uses the second enciphered message that finds that the second intermediate object program that calculates is encrypted and obtains the second result.The 4th kind is, first uses the second enciphered message that finds that the second password of determining is encrypted and obtains the second intermediate object program, then uses the second one-way function that finds to calculate the second result to the second intermediate object program that encryption obtains.
Step 203 authenticating device authenticates certified equipment, can adopt following methods:
2031: authenticating device produces one group of random number, and should organize random number and send to certified equipment;
Wherein, this group random number comprises: the sequence number of the electronics password card that authentication is used, the index on the electronics password card; This group random number also comprises: the sequence number of one-way function and/or the sequence number of enciphered message.Wherein, enciphered message comprises key and cryptographic algorithm, and corresponding, the sequence number of enciphered message comprises the sequence number of key and the sequence number of cryptographic algorithm.
Further, the electronics password card that carries of this group random number, one-way function are or/and the information such as enciphered message can be specifically designed to authenticating device that certified equipment is authenticated.
2032: after certified equipment received this group random number, the information of carrying according to this group random number produced the first answer information, and the first answer information is sent to authenticating device;
Concrete, the sequence number of the electronics password card that certified equipment uses according to the authentication that this group random number is carried finds corresponding electronics password card from the data of self preserving, and the password of correspondence determined in the index on the electronics password card that carries according to this group random number at the electronics password card that finds; The sequence number of the one-way function that carries according to this group random number and/or the sequence number of enciphered message find corresponding one-way function and/or enciphered message from the data of self preserving, and use one-way function and/or the enciphered message find to calculate result to the password of determining, with result as the first answer information.
Wherein, the one-way function that use is found and enciphered message are processed the password of determining and are obtained result, and four kinds of methods specifically can be arranged.The first is to use the one-way function that finds to calculate result to the password of determining.The second is to use the enciphered message that finds that the password of determining is encrypted and obtain result.The third is that the one-way function that first use is found calculates intermediate object program to the password of determining, then uses the enciphered message that finds that middle result is encrypted and obtains result.The 4th kind is, first uses the enciphered message that finds that the password of determining is encrypted and obtains intermediate object program, then uses the one-way function that finds to calculate result to middle result.
2033: authenticating device adopts the method identical with certified equipment, the information of carrying according to this group random number produces the second answer information, and the second answer information that self produces and the first answer information that receives from certified equipment are compared, if consistent, judge that certified equipment is legal, authentication is passed through, if inconsistent, judge that certified equipment is illegal, authentication is not passed through.
Wherein, authenticating device adopts the method identical with certified equipment, and the information of carrying according to this group random number produces the second answer information, specifically comprises:
The sequence number of the electronics password card that authenticating device uses according to the authentication that this group random number is carried finds corresponding electronics password card from the data of self preserving, and the password of correspondence determined in the index on the electronics password card that carries according to this group random number at the electronics password card that finds; The sequence number of the one-way function that carries according to this group random number and/or the sequence number of enciphered message find corresponding one-way function and/or enciphered message from the data of self preserving, and use one-way function and/or the enciphered message find to calculate result to the password of determining, with result as the second answer information.
Wherein, the one-way function that use is found and enciphered message are processed the password of determining and are obtained result, and four kinds of methods specifically can be arranged.The first is to use the one-way function that finds to calculate result to the password of determining.The second is to use the enciphered message that finds that the password of determining is encrypted and obtain result.The third is that the one-way function that first use is found calculates intermediate object program to the password of determining, then uses the enciphered message that finds that middle result is encrypted and obtains result.The 4th kind is, first uses the enciphered message that finds that the password of determining is encrypted and obtains intermediate object program, then uses the one-way function that finds to calculate result to middle result.
The method of the authentication that the present embodiment provides can be applied to electronic lock, gate control system, electronic fare payment system, electronic device authentication etc.Take electronic lock as example, lockset and key are equivalent to respectively authenticating device and the certified equipment in the present embodiment.The verification process of brief description electronic lock.
301: key is initiated authentication application to lockset, and key and lockset confirm mutually whether the other side's sequence number and the sequence number of self mate, if coupling, execution in step 302 or directly execution in step 303 if do not mate, withdraw from verification process.
Key and lockset confirm mutually whether the other side's sequence number and the sequence number of self mate, specifically comprise: key sends to lockset with the sequence number of self, lockset mates the sequence number of this equipment and the sequence number of key, lockset sends to key with the sequence number of self, and key mates the sequence number of this equipment and the sequence number of lockset.
302: key authenticates lockset, if authentication is passed through, execution in step 303, if authentication is not passed through, withdraws from verification process.
Wherein, step 302 is optional, if execution in step 302 can further improve the fail safe of authentication.
303: lockset authenticates key, if authentication is passed through, execution in step 304, if authentication is not passed through, withdraws from verification process.
304: verification process is completed.
In order to realize that lockset authenticates key, perhaps in order to realize that key authenticates lockset, need respectively to preserve at least one group of identical electronics password card of content, at least one one-way function at lockset and key, at least one encrypts the data such as enciphered message of use.Further, in order to prevent being stolen in the data of lockset and key preservation, lockset and key can be encrypted the data of self preserving respectively, the present embodiment does not limit concrete encryption method, and lockset and key can adopt identical or different encryption method that the data of self preserving are encrypted.Further, when electronics password card, one-way function or enciphered message have when a plurality of, increase password and intercepted and captured the difficulty of decoding, improved the fail safe of authentication.In order further to improve the fail safe of authentication, the electronics password card can be divided into two groups, one group of electronics password card is specifically designed to lockset key is authenticated, and another group electronics password card is specifically designed to key lockset is authenticated; In like manner, one-way function can be divided into two groups, and one group of one-way function is specifically designed to lockset key is authenticated, and another group one-way function is specifically designed to key lockset is authenticated; In like manner, enciphered message can be divided into two groups, and a group encryption information is specifically designed to lockset key is authenticated, and another group encryption information is specifically designed to key lockset is authenticated.
Step 302 key authenticates lockset, can adopt following methods:
3021: key produces one group of second random number, and should organize the second random number and send to lockset;
Wherein, this group second random number comprises: the sequence number of the electronics password card that authentication is used, the index on the electronics password card; This group random number also comprises: the sequence number of one-way function and/or the sequence number of enciphered message.Wherein, enciphered message comprises key and cryptographic algorithm, and corresponding, the sequence number of enciphered message comprises the sequence number of key and the sequence number of cryptographic algorithm.
Further, the electronics password card that carries of this group random number, one-way function are or/and the information such as enciphered message can be specifically designed to key that lockset is authenticated.
3022: after lockset received this group second random number, the information of carrying according to this group second random number produced the 3rd answer information, and the 3rd answer information is sent to key;
Concrete, the sequence number of the electronics password card that lockset uses according to the authentication that this group second random number is carried finds corresponding the second electronics password card from the data of self preserving, and the second password of correspondence determined in the index on the electronics password card that carries according to this group random number at the electronics password card that finds; The sequence number of the one-way function that carries according to this group random number and/or the sequence number of enciphered message find corresponding the second one-way function and/or the second enciphered message from the data of self preserving, and use the second one-way function find and/or the second enciphered message that the second password of determining is processed to obtain the second result, with the second result as the 3rd answer information.
Wherein, the second one-way function that use is found and/or the second enciphered message are processed the second password of determining and are obtained the second result, and four kinds of methods specifically can be arranged.The first is to use the second one-way function that finds to calculate the second result to the second password of determining.The second is to use the second enciphered message that finds that the second password of determining is encrypted and obtain the second result.The third is that the second one-way function that first use is found calculates the second intermediate object program to the second password of determining, then uses the second enciphered message that finds that the second intermediate object program that calculates is encrypted and obtains the second result.The 4th kind is, first uses the second enciphered message that finds that the second password of determining is encrypted and obtains the second intermediate object program, then uses the second one-way function that finds to calculate the second result to the second intermediate object program that encryption obtains.
3023: key adopts the method identical with lockset, the information of carrying according to this group second random number produces the 4th answer information, and the 4th answer information that self produces and the 3rd answer information that receives from lockset are compared, if consistent, judge that lockset is legal, authentication is passed through, if inconsistent, judge that lockset is illegal, authentication is not passed through.
Wherein, key adopts the method identical with lockset, and the information of carrying according to this group second random number produces the 4th answer information, specifically comprises:
The sequence number of the electronics password card that the authentication of carrying according to this group second random number is used finds corresponding the second electronics password card from the data of self preserving, and the second password of correspondence determined in the index on the electronics password card that carries according to this group random number at the electronics password card that finds; The sequence number of the one-way function that carries according to this group random number and/or the sequence number of enciphered message find corresponding the second one-way function and/or the second enciphered message from the data of self preserving, and use the second one-way function find and/or the second enciphered message that the second password of determining is processed to obtain the second result, with the second result as the 4th answer information.
Wherein, the second one-way function that use is found and/or the second enciphered message are processed the second password of determining and are obtained the second result, and four kinds of methods specifically can be arranged.The first is to use the second one-way function that finds to calculate the second result to the second password of determining.The second is to use the second enciphered message that finds that the second password of determining is encrypted and obtain the second result.The third is that the second one-way function that first use is found calculates the second intermediate object program to the second password of determining, then uses the second enciphered message that finds that the second intermediate object program that calculates is encrypted and obtains the second result.The 4th kind is, first uses the second enciphered message that finds that the second password of determining is encrypted and obtains the second intermediate object program, then uses the second one-way function that finds to calculate the second result to the second intermediate object program that encryption obtains.
Step 303 lockset authenticates key, can adopt following methods:
3031: lockset produces one group of random number, and should organize random number and send to key;
Wherein, this group random number comprises: the sequence number of the electronics password card that authentication is used, the index on the electronics password card; This group random number also comprises: the sequence number of one-way function and/or the sequence number of enciphered message.Wherein, enciphered message comprises key and cryptographic algorithm, and corresponding, the sequence number of enciphered message comprises the sequence number of key and the sequence number of cryptographic algorithm.
Further, the electronics password card that carries of this group random number, one-way function are or/and the information such as enciphered message can be specifically designed to lockset that key is authenticated.
3032: after key received this group random number, the information of carrying according to this group random number produced the first answer information, and the first answer information is sent to lockset;
Concrete, the sequence number of the electronics password card that key uses according to the authentication that this group random number is carried finds corresponding electronics password card from the data of self preserving, and the password of correspondence determined in the index on the electronics password card that carries according to this group random number at the electronics password card that finds; The sequence number of the one-way function that carries according to this group random number and/or the sequence number of enciphered message find corresponding one-way function and/or enciphered message from the data of self preserving, and use one-way function and/or the enciphered message find to calculate result to the password of determining, with result as the first answer information.
Wherein, the one-way function that use is found and enciphered message are processed the password of determining and are obtained result, and four kinds of methods specifically can be arranged.The first is to use the one-way function that finds to calculate result to the password of determining.The second is to use the enciphered message that finds that the password of determining is encrypted and obtain result.The third is that the one-way function that first use is found calculates intermediate object program to the password of determining, then uses the enciphered message that finds that middle result is encrypted and obtains result.The 4th kind is, first uses the enciphered message that finds that the password of determining is encrypted and obtains intermediate object program, then uses the one-way function that finds to calculate result to middle result.
3033: lockset adopts the method identical with key, the information of carrying according to this group random number produces the second answer information, and the second answer information that self produces and the first answer information that receives from key are compared, if consistent, judge that key is legal, authentication is passed through, if inconsistent, judge that key is illegal, authentication is not passed through.
Wherein, lockset adopts the method identical with key, and the information of carrying according to this group random number produces the second answer information, specifically comprises:
The sequence number of the electronics password card that lockset uses according to the authentication that this group random number is carried finds corresponding electronics password card from the data of self preserving, and the password of correspondence determined in the index on the electronics password card that carries according to this group random number at the electronics password card that finds; The sequence number of the one-way function that carries according to this group random number and/or the sequence number of enciphered message find corresponding one-way function and/or enciphered message from the data of self preserving, and use one-way function and/or the enciphered message find to calculate result to the password of determining, with result as the second answer information.
Wherein, the one-way function that use is found and enciphered message are processed the password of determining and are obtained result, and four kinds of methods specifically can be arranged.The first is to use the one-way function that finds to calculate result to the password of determining.The second is to use the enciphered message that finds that the password of determining is encrypted and obtain result.The third is that the one-way function that first use is found calculates intermediate object program to the password of determining, then uses the enciphered message that finds that middle result is encrypted and obtains result.The 4th kind is, first uses the enciphered message that finds that the password of determining is encrypted and obtains intermediate object program, then uses the one-way function that finds to calculate result to middle result.
The present embodiment sends to certified equipment by authenticating device with the sequence number of one-way function and/or the sequence number of enciphered message, certified equipment uses corresponding one-way function or/and after the enciphered message processing with the password of electronics password card, send to again authenticating device to authenticate, be difficult for finding the solution the special nature of independent variable by dependent variable due to one-way function, perhaps due to the encryption of enciphered message to password, even the answer information of certified equipment is intercepted and captured, the interceptor can not obtain password, thereby has improved the fail safe of inter-device authentication.Simultaneously, electronics password card, one-way function or enciphered message can have when a plurality of, and can encrypting storing, have increased password and have been intercepted and captured the difficulty of decoding, have improved the fail safe of authentication.And, two-way authentication can further improve the fail safe of authentication, can also be with electronics password card, one-way function or/and the enciphered message grouping, be respectively used to certified equipment with to the authentication of authenticating device, the isolation of these data is used, and has further improved the fail safe of authentication.
Embodiment 4
Referring to Fig. 5, the present embodiment provides a kind of authenticating device, and this equipment can be specifically authenticating device, and this equipment comprises:
Sending module 401, be used in the situation that certified equipment and equipment are confirmed the other side's sequence number and the sequence numbers match of self mutually, produce one group of random number, and random number is sent to certified equipment, random number comprises: the sequence number of the electronics password card that authentication is used, the index on the electronics password card, and random number also comprises: the sequence number of one-way function and/or the sequence number of enciphered message;
Receiver module 402 is used for receiving the first answer information that certified equipment sends, and the first answer information is that certified equipment adopts the method identical with authenticating device to generate;
generation module 403, the sequence number that is used for the electronics password card that uses according to the authentication that random number is carried finds corresponding electronics password card from the data of self preserving, index on the electronics password card that carries according to random number is determined corresponding password at the electronics password card that finds, the sequence number of the one-way function that carries according to random number and/or the sequence number of enciphered message find corresponding one-way function and/or enciphered message from the data of self preserving, and use the one-way function find and/or enciphered message that the password of determining is processed to obtain result, with result as the second answer information,
Comparison module 404 is used for the second answer information that will self produce and the first answer information that receives from certified equipment and compares, if consistent, judge that certified equipment is legal, authentication is passed through, if inconsistent, judge that certified equipment is illegal, authentication is not passed through.
Wherein, the one-way function that generation module 403 finds in use and/or enciphered message are processed when obtaining as a result the password of determining, specifically are used for:
The one-way function that use is found calculates result to the password of determining;
Perhaps,
The enciphered message that use is found is encrypted the password of determining and obtains result;
Perhaps,
The one-way function that use is found calculates intermediate object program to the password of determining, and uses the enciphered message that finds that the intermediate object program that calculates is encrypted to obtain result;
Perhaps,
The enciphered message that use is found is encrypted the password of determining and obtains intermediate object program, and uses the one-way function that finds to calculate result to the intermediate object program that encryption obtains.
Further, certified equipment is by after authentication, and equipment also comprises:
Authentication module is used for receiving one group of second random number that certified equipment produces and sends; Produce the 3rd answer information according to the second random number, and the 3rd answer information is sent to certified equipment, make certified equipment adopt the method identical with authenticating device to generate the 4th answer information, and the 4th answer information that self produces and the 3rd answer information that receives from authenticating device are compared, if consistent, judge that authenticating device is legal, authentication is passed through, if inconsistent, judge that authenticating device is illegal, authentication is not passed through.
Wherein, authentication module specifically is used for when producing the 3rd answer information according to the second random number:
The sequence number of the electronics password card that the authentication of carrying according to the second random number is used finds corresponding the second electronics password card from the data of self preserving, the index on the electronics password card that carries according to the second random number is determined the second corresponding password at the second electronics password card that finds; The sequence number of the one-way function that carries according to the second random number and/or the sequence number of enciphered message find corresponding the second one-way function and/or the second enciphered message from the data of self preserving, the second one-way function that use is found and/or the second enciphered message are processed the second password of determining and are obtained the second result, with the second result as the 3rd answer information.
Wherein, the second one-way function that authentication module finds in use and/or the second enciphered message are processed the second password of determining and are obtained second as a result the time, specifically are used for:
The second one-way function that use is found calculates the second result to the second password of determining;
Perhaps,
The second enciphered message that use is found is encrypted the second password of determining and obtains the second result;
Perhaps,
The second one-way function that use is found calculates the second intermediate object program to the second password of determining, and uses the second enciphered message that finds that the second intermediate object program that calculates is encrypted to obtain the second result;
Perhaps,
The second enciphered message that use is found is encrypted the second password of determining and obtains the second intermediate object program, and uses the second one-way function that finds to calculate the second result to the second intermediate object program that encryption obtains.
In order to realize that authenticating device authenticates certified equipment, perhaps in order to realize that certified equipment authenticates authenticating device, need respectively to preserve at least one group of identical electronics password card of content, at least one one-way function at authenticating device and certified equipment, at least one encrypts the data such as enciphered message of use.Wherein, enciphered message comprises key and cryptographic algorithm, and corresponding, the sequence number of enciphered message comprises the sequence number of key and the sequence number of cryptographic algorithm.Further, in order to prevent being stolen in the data of authenticating device and the preservation of certified equipment, authenticating device and certified equipment can be encrypted the data of self preserving respectively, the present embodiment does not limit concrete encryption method, and authenticating device and certified equipment can adopt identical or different encryption method that the data of self preserving are encrypted.Held by the user with respect to electronics password card in prior art, any holder can see the information on the electronics password card, the disabled user is by the information that the means that copy just can the electron gain password card such as scanning, take a picture, copy, the electronics password card of the embodiment of the present invention is kept at equipment (authenticating device or certified equipment), and can encrypting storing, the disabled user is difficult for the information of electron gain password card.Further, when electronics password card, one-way function or enciphered message have when a plurality of, increase password and intercepted and captured the difficulty of decoding, improved the fail safe of authentication.In order further to improve the fail safe of authentication, the electronics password card can be divided into two groups, one group of electronics password card is specifically designed to authenticating device certified equipment is authenticated, and another group electronics password card is specifically designed to certified equipment authenticating device is authenticated; In like manner, one-way function can be divided into two groups, and one group of one-way function is specifically designed to authenticating device certified equipment is authenticated, and another group one-way function is specifically designed to certified equipment authenticating device is authenticated; In like manner, enciphered message can be divided into two groups, and a group encryption information is specifically designed to authenticating device certified equipment is authenticated, and another group encryption information is specifically designed to certified equipment authenticating device is authenticated.
The equipment that the present embodiment provides is by sending to certified equipment with the sequence number of one-way function and/or the sequence number of enciphered message, certified equipment uses corresponding one-way function or/and after the enciphered message processing with the password of electronics password card, send to again this equipment to authenticate, be difficult for finding the solution the special nature of independent variable by dependent variable due to one-way function, perhaps due to the encryption of enciphered message to password, even the answer information of certified equipment is intercepted and captured, the interceptor can not obtain password, thereby has improved the fail safe of inter-device authentication.
Embodiment 5
Referring to Fig. 6, the present embodiment provides a kind of authenticating device, and this equipment can be specifically certified equipment, and this equipment comprises:
Receiver module 501, be used in the situation that equipment and authenticating device are confirmed the other side's sequence number and the sequence numbers match of self mutually, receive one group of random number that authenticating device produces and sends, random number comprises: the sequence number of the electronics password card that authentication is used, the index on the electronics password card, and random number also comprises: the sequence number of one-way function and/or the sequence number of enciphered message;
generation module 502, the sequence number that is used for the electronics password card that uses according to the authentication that random number is carried finds corresponding electronics password card from the data of self preserving, index on the electronics password card that carries according to random number is determined corresponding password at the electronics password card that finds, the sequence number of the one-way function that carries according to random number and/or the sequence number of enciphered message find corresponding one-way function and/or enciphered message from the data of self preserving, and use the one-way function find and/or enciphered message that the password of determining is processed to obtain result, with result as the first answer information,
Sending module 503, be used for the first answer information that sends to authenticating device, make authenticating device adopt the method identical with equipment to generate the second answer information, and the second answer information that self produces and the first answer information that receives from equipment are compared, if consistent, determining apparatus is legal, authentication is passed through, if inconsistent, determining apparatus is illegal, and authentication is not passed through.
Wherein, the one-way function that generation module 502 finds in use and/or enciphered message are processed when obtaining as a result the password of determining, specifically are used for:
The one-way function that use is found calculates result to the password of determining;
Perhaps,
The enciphered message that use is found is encrypted the password of determining and obtains result;
Perhaps,
The one-way function that use is found calculates intermediate object program to the password of determining, and uses the enciphered message that finds that the intermediate object program that calculates is encrypted to obtain result;
Perhaps,
The enciphered message that use is found is encrypted the password of determining and obtains intermediate object program, and uses the one-way function that finds to calculate result to the intermediate object program that encryption obtains.
Further, equipment is by after authentication, and equipment also comprises:
Authentication module for generation of one group of second random number, and sends to authenticating device with the second random number, makes authenticating device adopt the method identical with certified equipment to generate the 3rd answer information, and the 3rd answer information is sent to equipment; Produce the 4th answer information according to the second random number, and the 4th answer information that self produces and the 3rd answer information that receives from authenticating device are compared, if consistent, judge that authenticating device is legal, authentication is passed through, if inconsistent, judge that authenticating device is illegal, authentication is not passed through.
Wherein, authentication module specifically is used for when producing the 4th answer information according to the second random number:
The sequence number of the electronics password card that the authentication of carrying according to the second random number is used finds corresponding the second electronics password card from the data of self preserving, the index on the electronics password card that carries according to the second random number is determined the second corresponding password at the second electronics password card that finds; The sequence number of the one-way function that carries according to the second random number and/or the sequence number of enciphered message find corresponding the second one-way function and/or the second enciphered message from the data of self preserving, the second one-way function that use is found and/or the second enciphered message are processed the second password of determining and are obtained the second result, with the second result as the 4th answer information.
Wherein, the second one-way function that authentication module finds in use and/or the second enciphered message are processed the second password of determining and are obtained second as a result the time, specifically are used for:
The second one-way function that use is found calculates the second result to the second password of determining;
Perhaps,
The second enciphered message that use is found is encrypted the second password of determining and obtains the second result;
Perhaps,
The second one-way function that use is found calculates the second intermediate object program to the second password of determining, and uses the second enciphered message that finds that the second intermediate object program that calculates is encrypted to obtain the second result;
Perhaps,
The second enciphered message that use is found is encrypted the second password of determining and obtains the second intermediate object program, and uses the second one-way function that finds to calculate the second result to the second intermediate object program that encryption obtains.
In order to realize that authenticating device authenticates certified equipment, perhaps in order to realize that certified equipment authenticates authenticating device, need respectively to preserve at least one group of identical electronics password card of content, at least one one-way function at authenticating device and certified equipment, at least one encrypts the data such as enciphered message of use.Wherein, enciphered message comprises key and cryptographic algorithm, and corresponding, the sequence number of enciphered message comprises the sequence number of key and the sequence number of cryptographic algorithm.Further, in order to prevent being stolen in the data of authenticating device and the preservation of certified equipment, authenticating device and certified equipment can be encrypted the data of self preserving respectively, the present embodiment does not limit concrete encryption method, and authenticating device and certified equipment can adopt identical or different encryption method that the data of self preserving are encrypted.Held by the user with respect to electronics password card in prior art, any holder can see the information on the electronics password card, the disabled user is by the information that the means that copy just can the electron gain password card such as scanning, take a picture, copy, the electronics password card of the embodiment of the present invention is kept at equipment (authenticating device or certified equipment), and can encrypting storing, the disabled user is difficult for the information of electron gain password card.Further, when electronics password card, one-way function or enciphered message have when a plurality of, increase password and intercepted and captured the difficulty of decoding, improved the fail safe of authentication.In order further to improve the fail safe of authentication, the electronics password card can be divided into two groups, one group of electronics password card is specifically designed to authenticating device certified equipment is authenticated, and another group electronics password card is specifically designed to certified equipment authenticating device is authenticated; In like manner, one-way function can be divided into two groups, and one group of one-way function is specifically designed to authenticating device certified equipment is authenticated, and another group one-way function is specifically designed to certified equipment authenticating device is authenticated; In like manner, enciphered message can be divided into two groups, and a group encryption information is specifically designed to authenticating device certified equipment is authenticated, and another group encryption information is specifically designed to certified equipment authenticating device is authenticated.
The equipment that the present embodiment provides, sequence number by receiving the one-way function that authenticating device sends and/or the sequence number of enciphered message, the password of electronics password card is used corresponding one-way function or/and after the enciphered message processing, send to again authenticating device to authenticate, be difficult for finding the solution the special nature of independent variable by dependent variable due to one-way function, perhaps due to the encryption of enciphered message to password, even the answer information of certified equipment is intercepted and captured, the interceptor can not obtain password, thereby has improved the fail safe of inter-device authentication.
Embodiment 6
Referring to Fig. 7, the present embodiment provides a kind of Verification System, and this system comprises: certified equipment 601 and authenticating device 602;
In the situation that certified equipment 601 and authenticating device 602 are confirmed the other side's sequence number and the sequence numbers match of self mutually, authenticating device 602, for generation of one group of random number, and random number is sent to certified equipment 601, random number comprises: the sequence number of the electronics password card that authentication is used, the index on the electronics password card, and random number also comprises: the sequence number of one-way function and/or the sequence number of enciphered message;
Certified equipment 601 is used for receiving random number, adopts the method identical with authenticating device 602 to generate the first answer information, and the first answer information is sent to authenticating device 602;
authenticating device 602, also be used for receiving the first answer information that certified equipment 601 sends, the sequence number of the electronics password card that the authentication of carrying according to random number is used finds corresponding electronics password card from the data of self preserving, index on the electronics password card that carries according to random number is determined corresponding password at the electronics password card that finds, the sequence number of the one-way function that carries according to random number and/or the sequence number of enciphered message find corresponding one-way function and/or enciphered message from the data of self preserving, and use the one-way function find and/or enciphered message that the password of determining is processed to obtain result, with result as the second answer information, the the second answer information that self produces and the first answer information that receives from certified equipment 601 are compared, if consistent, judge that certified equipment 601 is legal, authentication is passed through, if inconsistent, judges that certified equipment 601 is illegal, and authentication is not passed through.
22, according to claim 21 system is characterized in that, the one-way function that authenticating device 602 finds in use and/or enciphered message are processed when obtaining as a result the password of determining, specifically are used for:
Authenticating device 602 uses the one-way function that finds to calculate result to the password of determining;
Perhaps,
Authenticating device 602 uses the enciphered message that finds that the password of determining is encrypted and obtains result;
Perhaps,
Authenticating device 602 uses the one-way function that finds to calculate intermediate object program to the password of determining, and uses the enciphered message that finds that the intermediate object program that calculates is encrypted to obtain result;
Perhaps,
Authenticating device 602 uses the enciphered message that finds that the password of determining is encrypted and obtains intermediate object program, and uses the one-way function that finds to calculate result to the intermediate object program that encryption obtains.
23, according to claim 21 system is characterized in that, certified equipment 601 is by after authentication, and authenticating device 602 also is used for receiving one group of second random number that certified equipment 601 produces and sends; Produce the 3rd answer information according to the second random number, and the 3rd answer information is sent to certified equipment 601;
Certified equipment 601, be used for receiving the 3rd answer information that authenticating device 602 sends, adopt the method identical with authenticating device 602 to generate the 4th answer information, and the 4th answer information that self produces and the 3rd answer information that receives from authenticating device 602 are compared, if consistent, judge that authenticating device 602 is legal, authentication is passed through, if inconsistent, judge that authenticating device 602 is illegal, authentication is not passed through.
24, according to claim 23 system is characterized in that, authenticating device 602 is producing the 3rd when answering information according to the second random number, specifically be used for:
The sequence number of the electronics password card that authenticating device 602 uses according to the authentication that the second random number is carried finds corresponding the second electronics password card from the data of self preserving, the index on the electronics password card that carries according to the second random number is determined the second corresponding password at the second electronics password card that finds;
The sequence number of the one-way function that authenticating device 602 carries according to the second random number and/or the sequence number of enciphered message find corresponding the second one-way function and/or the second enciphered message from the data of self preserving, the second one-way function that use is found and/or the second enciphered message are processed the second password of determining and are obtained the second result, with the second result as the 3rd answer information.
25, according to claim 24 system is characterized in that, the second one-way function that authenticating device 602 finds in use and/or the second enciphered message are processed the second password of determining and obtained second as a result the time, specifically are used for:
Authenticating device 602 uses the second one-way function that finds to calculate the second result to the second password of determining;
Perhaps,
Authenticating device 602 uses the second enciphered message that finds that the second password of determining is encrypted and obtains the second result;
Perhaps,
Authenticating device 602 uses the second one-way function that finds to calculate the second intermediate object program to the second password of determining, and uses the second enciphered message that finds that the second intermediate object program that calculates is encrypted to obtain the second result;
Perhaps,
Authenticating device 602 uses the second enciphered message that finds that the second password of determining is encrypted and obtains the second intermediate object program, and uses the second one-way function that finds to calculate the second result to the second intermediate object program that encryption obtains.
In order to realize that authenticating device authenticates certified equipment, perhaps in order to realize that certified equipment authenticates authenticating device, need respectively to preserve at least one group of identical electronics password card of content, at least one one-way function at authenticating device and certified equipment, at least one encrypts the data such as enciphered message of use.Wherein, enciphered message comprises key and cryptographic algorithm, and corresponding, the sequence number of enciphered message comprises the sequence number of key and the sequence number of cryptographic algorithm.Further, in order to prevent being stolen in the data of authenticating device and the preservation of certified equipment, authenticating device and certified equipment can be encrypted the data of self preserving respectively, the present embodiment does not limit concrete encryption method, and authenticating device and certified equipment can adopt identical or different encryption method that the data of self preserving are encrypted.Held by the user with respect to electronics password card in prior art, any holder can see the information on the electronics password card, the disabled user is by the information that the means that copy just can the electron gain password card such as scanning, take a picture, copy, the electronics password card of the embodiment of the present invention is kept at equipment (authenticating device or certified equipment), and can encrypting storing, the disabled user is difficult for the information of electron gain password card.Further, when electronics password card, one-way function or enciphered message have when a plurality of, increase password and intercepted and captured the difficulty of decoding, improved the fail safe of authentication.In order further to improve the fail safe of authentication, the electronics password card can be divided into two groups, one group of electronics password card is specifically designed to authenticating device certified equipment is authenticated, and another group electronics password card is specifically designed to certified equipment authenticating device is authenticated; In like manner, one-way function can be divided into two groups, and one group of one-way function is specifically designed to authenticating device certified equipment is authenticated, and another group one-way function is specifically designed to certified equipment authenticating device is authenticated; In like manner, enciphered message can be divided into two groups, and a group encryption information is specifically designed to authenticating device certified equipment is authenticated, and another group encryption information is specifically designed to certified equipment authenticating device is authenticated.
The present embodiment sends to certified equipment by authenticating device with the sequence number of one-way function and/or the sequence number of enciphered message, certified equipment uses corresponding one-way function or/and after the enciphered message processing with the password of electronics password card, send to again authenticating device to authenticate, be difficult for finding the solution the special nature of independent variable by dependent variable due to one-way function, perhaps due to the encryption of enciphered message to password, even the answer information of certified equipment is intercepted and captured, the interceptor can not obtain password, thereby has improved the fail safe of inter-device authentication.
One of ordinary skill in the art will appreciate that all or part of step that realizes above-described embodiment can complete by hardware, also can come the relevant hardware of instruction to complete by program, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.
The above is only preferred embodiment of the present invention, and is in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, is equal to replacement, improvement etc., within all should being included in protection scope of the present invention.