CN103248487B - Near-field communication authentication method, certificate authority and near-field communication equipment - Google Patents
Near-field communication authentication method, certificate authority and near-field communication equipment Download PDFInfo
- Publication number
- CN103248487B CN103248487B CN201310155677.8A CN201310155677A CN103248487B CN 103248487 B CN103248487 B CN 103248487B CN 201310155677 A CN201310155677 A CN 201310155677A CN 103248487 B CN103248487 B CN 103248487B
- Authority
- CN
- China
- Prior art keywords
- field communication
- communication device
- near field
- authentication
- current
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 463
- 238000000034 method Methods 0.000 title claims abstract description 45
- 239000006185 dispersion Substances 0.000 claims abstract description 66
- 238000012545 processing Methods 0.000 claims description 8
- 230000002452 interceptive effect Effects 0.000 abstract description 8
- 238000005336 cracking Methods 0.000 abstract description 3
- 230000004044 response Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
本发明提供一种近场通信认证方法、证书授权中心及近场通信设备,方法包括:证书授权中心获得近场通信设备的当前分散因子,所述当前分散因子包括近场通信设备的设备标识和当前更新标识;利用本地预先存储的主密钥和所述当前分散因子,获得所述近场通信设备的多个当前密钥;向所述近场通信设备发送所述多个当前密钥,以使所述近场通信设备进行交互认证。本发明通过证书授权中心根据存储的主密钥获得近场通信设备的当前密钥,并向近场通信设备发送当前密钥,以使近场通信设备根据多个当前密钥和其他近场通信设备进行交互认证的方案,解决现有技术中存储在近场通信设备中的主密钥容易被破解导致的安全问题,从而有效提高近场通信的安全性。
The present invention provides a near-field communication authentication method, a certificate authorization center and a near-field communication device. The method includes: the certificate authorization center obtains the current dispersion factor of the near-field communication device, and the current dispersion factor includes the device identification and the near-field communication device. The current update identifier; using the local pre-stored master key and the current dispersion factor to obtain a plurality of current keys of the near field communication device; sending the plurality of current keys to the near field communication device to enabling the near field communication device to perform interactive authentication. In the present invention, the certificate authorization center obtains the current key of the near-field communication device according to the stored master key, and sends the current key to the near-field communication device, so that the near-field communication device communicates with other near-field communication devices based on multiple current keys. The solution for mutual authentication of devices solves the security problem caused by the easy cracking of the master key stored in the near field communication device in the prior art, thereby effectively improving the security of the near field communication.
Description
技术领域technical field
本发明涉及通信领域,尤其涉及一种近场通信认证方法、证书授权中心及近场通信设备。The invention relates to the communication field, in particular to a near-field communication authentication method, a certificate authorization center and near-field communication equipment.
背景技术Background technique
随着具备近场通信功能的设备逐渐普及,通过近场通信实现设备之间的数据传输也越发的频繁。如何确保近场通信的安全性,是目前近场通信技术发展过程中需要解决的问题。With the gradual popularization of devices with near-field communication functions, data transmission between devices through near-field communication becomes more and more frequent. How to ensure the security of near field communication is a problem that needs to be solved in the development of near field communication technology.
为此,现有的解决方案为,通过营业厅的专有设备将主密钥预先存入各设备,此后,当各设备之间需要进行通信交互时,则可根据本设备中预先存入的所述主密钥和预先设置在本设备中的随机数发生器生成的随机数,通过特定的密钥分散算法产生每次通信的会话密钥,从而实现对设备之间的通信数据进行加密,保证近场通信的安全性。To this end, the existing solution is to store the master key in each device in advance through the dedicated equipment in the business hall. After that, when communication and interaction between devices are required, the The master key and the random number generated by the random number generator preset in the device generate a session key for each communication through a specific key distribution algorithm, so as to realize the encryption of communication data between devices, Ensure the security of near field communication.
但是,在上述现有方案中,用于产生对通信数据进行加密的会话密钥的主密钥被预先存储在设备本地,其被破解的可能性很大,即若所述主密钥被破解,则根据所述主密钥生成的,用于通信数据加密的会话密钥的安全性将同样无法保证,因此,该方案中仍存在很大的安全隐患。However, in the above-mentioned existing solutions, the master key used to generate the session key for encrypting communication data is pre-stored locally in the device, and it is very likely to be cracked, that is, if the master key is cracked , then the security of the session key used for encrypting communication data generated according to the master key will also not be guaranteed. Therefore, there is still a great security risk in this scheme.
发明内容Contents of the invention
本发明提供一种近场通信认证方法、证书授权中心及近场通信设备,用于解决现有近场通信技术中,近场通信设备中的主密钥容易被破解而导致的安全问题。The invention provides a near-field communication authentication method, a certificate authorization center and a near-field communication device, which are used to solve the security problem caused by the master key in the near-field communication device being easily cracked in the existing near-field communication technology.
一方面,本发明提供一种近场通信认证方法,包括:In one aspect, the present invention provides a near field communication authentication method, comprising:
证书授权中心获得近场通信设备的当前分散因子,所述当前分散因子包括所述近场通信设备的设备标识和当前更新标识;The certificate authority obtains the current dispersion factor of the near field communication device, and the current dispersion factor includes the device identification and the current update identification of the near field communication device;
利用本地预先存储的主密钥和所述当前分散因子,获得所述近场通信设备的多个当前密钥;Obtaining a plurality of current keys of the near field communication device by using the locally pre-stored master key and the current dispersion factor;
向所述近场通信设备发送所述多个当前密钥,以使所述近场通信设备根据所述多个当前密钥和其他近场通信设备进行交互认证。Sending the multiple current keys to the near field communication device, so that the near field communication device performs mutual authentication with other near field communication devices according to the multiple current keys.
另一方面,本发明提供一种证书授权中心,包括:In another aspect, the present invention provides a certificate authority, including:
获取模块,用于获得近场通信设备的当前分散因子,所述当前分散因子包括所述近场通信设备的设备标识和当前更新标识;An obtaining module, configured to obtain a current dispersion factor of the near field communication device, the current dispersion factor including the device identification and the current update identification of the near field communication device;
处理模块,还用于利用本地预先存储的主密钥和所述当前分散因子,获得所述近场通信设备的多个当前密钥;The processing module is further configured to obtain a plurality of current keys of the near-field communication device by using the local pre-stored master key and the current dispersion factor;
发送模块,用于向所述近场通信设备发送所述多个当前密钥,以使所述近场通信设备根据所述多个当前密钥和其他近场通信设备进行交互认证。A sending module, configured to send the multiple current keys to the near field communication device, so that the near field communication device performs mutual authentication with other near field communication devices according to the multiple current keys.
又一方面,本发明提供另一种近场通信认证方法,包括:In yet another aspect, the present invention provides another near field communication authentication method, including:
近场通信设备接收证书授权中心发送的多个当前密钥,所述多个当前密钥是所述证书授权中心根据本地预先存储的主密钥和所述近场通信设备的当前分散因子得到的,所述当前分散因子包括所述近场通信设备的设备标识和当前更新标识;The near-field communication device receives multiple current keys sent by the certificate authority, the multiple current keys are obtained by the certificate authority according to the local pre-stored master key and the current dispersion factor of the near-field communication device , the current dispersion factor includes a device identifier and a current update identifier of the near field communication device;
向另一近场通信设备发送第二认证请求,所述第二认证请求包括所述多个当前密钥之一和所述近场通信设备的设备标识,以使另一近场通信设备对所述近场通信设备进行认证。sending a second authentication request to another near field communication device, the second authentication request including one of the plurality of current keys and the device identification of the near field communication device, so that the other near field communication device The above-mentioned near-field communication device is authenticated.
又一方面,本发明提供一种近场通信设备,包括:In yet another aspect, the present invention provides a near field communication device, comprising:
接收模块,用于接收证书授权中心发送的多个当前密钥,所述多个当前密钥是所述证书授权中心根据本地预先存储的主密钥和所述近场通信设备的当前分散因子得到的,所述当前分散因子包括所述近场通信设备的设备标识和当前更新标识;A receiving module, configured to receive multiple current keys sent by the certificate authority, the multiple current keys are obtained by the certificate authority according to the local pre-stored master key and the current dispersion factor of the near field communication device Wherein, the current dispersion factor includes the device identification and the current update identification of the near field communication device;
发送模块,用于向另一近场通信设备发送第二认证请求,所述第二认证请求包括所述多个当前密钥之一和所述近场通信设备的设备标识,以使另一近场通信设备对所述近场通信设备进行认证。A sending module, configured to send a second authentication request to another near-field communication device, where the second authentication request includes one of the plurality of current keys and the device identifier of the near-field communication device, so that another near-field communication device The field communication device authenticates the near field communication device.
本发明提供的近场通信认证方法、证书授权中心及近场通信设备,通过将用于获得近场通信设备当前密钥的主密钥存储在证书授权中心,根据所述主密钥获得所述近场通信设备的当前密钥,并向所述近场通信设备发送所述当前密钥,以使所述近场通信设备根据所述多个当前密钥和其他近场通信设备进行交互认证的技术方案,解决了现有技术中存储在近场通信设备中的主密钥容易被破解而导致的安全问题,有效提高近场通信的安全性。In the near field communication authentication method, certificate authority center and near field communication device provided by the present invention, the master key used to obtain the current key of the near field communication device is stored in the certificate authority center, and the master key is obtained according to the master key. the current key of the near-field communication device, and send the current key to the near-field communication device, so that the near-field communication device performs mutual authentication with other near-field communication devices according to the plurality of current keys The technical solution solves the security problem caused by the easy cracking of the master key stored in the near-field communication device in the prior art, and effectively improves the security of the near-field communication.
附图说明Description of drawings
图1为本发明实施例一提供的一种近场通信认证方法的流程示意图;FIG. 1 is a schematic flowchart of a near-field communication authentication method provided by Embodiment 1 of the present invention;
图2为本发明实施例二提供的一种近场通信认证方法的流程示意图;FIG. 2 is a schematic flowchart of a near-field communication authentication method provided in Embodiment 2 of the present invention;
图3为本发明实施例三提供的一种近场通信认证方法的流程示意图;FIG. 3 is a schematic flowchart of a near-field communication authentication method provided by Embodiment 3 of the present invention;
图4为本发明实施例四提供的一种近场通信认证方法的流程示意图;FIG. 4 is a schematic flowchart of a near-field communication authentication method provided in Embodiment 4 of the present invention;
图5为本发明实施例六提供的一种证书授权中心的结构示意图;FIG. 5 is a schematic structural diagram of a certificate authority center provided in Embodiment 6 of the present invention;
图6为本发明实施例七提供的一种近场通信设备的结构示意图。FIG. 6 is a schematic structural diagram of a near field communication device provided by Embodiment 7 of the present invention.
具体实施方式Detailed ways
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention more clear, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention.
图1为本发明实施例一提供的一种近场通信认证方法的流程示意图,如图1所示,所述方法包括:Fig. 1 is a schematic flowchart of a near-field communication authentication method provided in Embodiment 1 of the present invention. As shown in Fig. 1 , the method includes:
101、证书授权中心获得近场通信设备的当前分散因子,所述当前分散因子包括所述近场通信设备的设备标识和当前更新标识。101. The certificate authority obtains the current dispersion factor of the near field communication device, where the current dispersion factor includes the device identification and the current update identification of the near field communication device.
其中,不同时刻的当前更新标识不同,具体的,所述当前更新标识可以为与当前时间对应的标识,例如,若当前时间为2013年02月21日12点整,则所述当前更新标识为201302211200,再例如,若当前时间为2013年02月21日11点40分,则所述当前更新标识为201302211140;进一步的,当前分散因子可以为设备标识和当前更新标识的简单组合,例如,若设备标识为abc123,当前更新标识为201302211140,则所述证书授权中心获得的当前分散因子可以为abc123201302211140,举例给出的只是一种具体的实施方式,并未对其它实施方式进行限制。Wherein, the current update ID is different at different times. Specifically, the current update ID may be an ID corresponding to the current time. For example, if the current time is 12 o'clock on February 21, 2013, the current update ID is 201302211200, for another example, if the current time is 11:40 on February 21, 2013, the current update ID is 201302211140; further, the current dispersion factor can be a simple combination of the device ID and the current update ID, for example, if If the device ID is abc123 and the current update ID is 201302211140, then the current dispersion factor obtained by the certificate authority may be abc123201302211140. The example given is only a specific implementation and does not limit other implementations.
具体的,101可以包括:周期性地获得所述近场通信设备的当前分散因子;或者,Specifically, 101 may include: periodically obtaining the current dispersion factor of the near field communication device; or,
根据所述近场通信设备的密钥请求,获得所述近场通信设备的当前分散因子。Obtain the current dispersion factor of the near field communication device according to the key request of the near field communication device.
该实施方式的场景为,证书授权中心周期性地获得所述近场通信设备的当前分散因子,或者、证书授权中心根据所述近场通信设备的密钥请求,获得所述近场通信设备的当前分散因子,或者进一步的,证书授权中心在周期性地获得所述近场通信设备的当前分散因子的基础上,还可以根据所述近场通信设备的密钥请求,获得所述近场通信设备的当前分散因子。The scenario of this embodiment is that the certificate authority periodically obtains the current dispersion factor of the near field communication device, or the certificate authority obtains the key request of the near field communication device according to the key request of the near field communication device The current dispersion factor, or further, on the basis of periodically obtaining the current dispersion factor of the near field communication device, the certificate authority may also obtain the near field communication device according to the key request of the near field communication device The current dispersion factor of the device.
需要说明的是,在上述的第一种场景中,所述近场通信设备和另一近场通信设备的当前分散因子中的当前更新标识相同,具体的,101的执行周期可以根据工作需要确定,例如,取所述周期为30分钟。同样需要说明的是,本发明各实施例中的所述获得当前分散因子均表示,根据设备标识和当前更新标识获得当前分散因子,可选的,所述当前更新标识与当前时间对应。It should be noted that, in the above-mentioned first scenario, the current update identifier in the current dispersion factor of the near field communication device and another near field communication device is the same, specifically, the execution cycle of step 101 can be determined according to work needs , for example, take the period as 30 minutes. It should also be noted that the obtaining of the current dispersion factor in each embodiment of the present invention means that the current dispersion factor is obtained according to the device identifier and the current update identifier, and optionally, the current update identifier corresponds to the current time.
102、利用本地预先存储的主密钥和所述当前分散因子,获得所述近场通信设备的多个当前密钥。102. Obtain multiple current keys of the near field communication device by using a locally pre-stored master key and the current dispersion factor.
具体的,102可以包括:根据所述主密钥和所述当前分散因子,通过标准的中国金融集成电路卡规范(业内简称PBOC2.0)密钥发散算法进行两级分散操作,获得所述近场通信设备的多个当前密钥。Specifically, 102 may include: according to the master key and the current dispersal factor, perform two-stage dispersal operations through the standard China Financial Integrated Circuit Card Specification (PBOC2.0 for short) key divergence algorithm to obtain the near Multiple current keys for field communication devices.
103、向所述近场通信设备发送所述多个当前密钥,以使所述近场通信设备根据所述多个当前密钥和其他近场通信设备进行交互认证。103. Send the multiple current keys to the near field communication device, so that the near field communication device performs interactive authentication with other near field communication devices according to the multiple current keys.
具体的,所述向所述近场通信设备发送所述多个当前密钥可以包括:通过空中下载技术(OvertheAirTechnology,简称OTA)向所述近场通信设备发送所述多个当前密钥。Specifically, the sending the multiple current keys to the near-field communication device may include: sending the multiple current keys to the near-field communication device through an over-the-air technology (OvertheAirTechnology, OTA for short).
其中,所述证书授权中心根据当前更新标识获得的当前分散因子,可以称为与所述当前更新标识对应的当前分散因子;相应的,根据该当前分散因子获得的当前密钥,可以称为与所述当前更新标识对应的当前密钥。Wherein, the current dispersal factor obtained by the certificate authority according to the current update ID may be referred to as the current dispersal factor corresponding to the current update ID; correspondingly, the current key obtained according to the current dispersal factor may be referred to as the The current update identifies a corresponding current key.
本实施例提供的近场通信认证方法,通过将用于获得近场通信设备当前密钥的主密钥存储在证书授权中心,根据所述主密钥获得近场通信设备的当前密钥,并向所述近场通信设备发送所述当前密钥,以使所述近场通信设备根据所述多个当前密钥和其他近场通信设备进行交互认证的技术方案,解决了现有技术中存储在近场通信设备中的主密钥容易被破解而导致的安全问题,有效提高近场通信的安全性。The near field communication authentication method provided in this embodiment stores the master key used to obtain the current key of the near field communication device in the certificate authority, obtains the current key of the near field communication device according to the master key, and Sending the current key to the near-field communication device, so that the near-field communication device performs interactive authentication with other near-field communication devices according to the multiple current keys, solves the problem of storing The security problem caused by the master key in the near field communication device being easily cracked can effectively improve the security of the near field communication.
图2为本发明实施例二提供的一种近场通信认证方法的流程示意图,如图2所示,根据实施例一所述的近场通信认证方法,在103之后,还可以包括:FIG. 2 is a schematic flowchart of a near field communication authentication method provided in Embodiment 2 of the present invention. As shown in FIG. 2 , according to the near field communication authentication method described in Embodiment 1, after step 103, it may further include:
201、接收所述近场通信设备发送的第一认证请求,所述第一认证请求是另一近场通信设备发送给所述近场通信设备的,所述第一认证请求包括所述第一待认证密钥和所述另一近场通信设备的设备标识。201. Receive a first authentication request sent by the near field communication device, where the first authentication request is sent to the near field communication device by another near field communication device, and the first authentication request includes the first The key to be authenticated and the device identifier of the other near field communication device.
202、通过检测所述第一待认证密钥是否为所述另一近场通信设备的多个当前密钥之一,对所述另一近场通信设备进行认证,获得第一认证结果。202. Authenticate the other near-field communication device by detecting whether the first key to be authenticated is one of multiple current keys of the other near-field communication device, and obtain a first authentication result.
其中,所述另一近场通信设备的多个当前密钥可以预存在所述证书授权中心,或者,可以通过所述证书授权中心在接收到所述第一认证请求时,根据本地存储的主密钥和所述另一近场通信设备的当前分散因子获得。Wherein, multiple current keys of the other near field communication device may be pre-stored in the certificate authority, or the certificate authority may, upon receiving the first authentication request, A key and a current dispersion factor of the other near field communication device are obtained.
在后一种实施方式中,101的实施场景可以为,证书授权中心周期性地获得所述近场通信设备的当前分散因子,或者、证书授权中心根据所述近场通信设备的密钥请求,获得所述近场通信设备的当前分散因子,或者进一步的,证书授权中心在周期性地获得所述近场通信设备的当前分散因子的基础上,还可以根据所述近场通信设备的密钥请求,获得所述近场通信设备的当前分散因子。具体的,当101的实施场景为后两种实施场景时,在所述后一种实施方式中,所述证书授权中心均可在获得近场通信设备的当前分散因子时,保存所述近场通信设备的当前分散因子对应的当前更新标识。In the latter implementation manner, the implementation scenario of step 101 may be that the certificate authority periodically obtains the current dispersion factor of the near-field communication device, or the certificate authority, according to the key request of the near-field communication device, Obtain the current dispersal factor of the near field communication device, or further, on the basis of periodically obtaining the current dispersal factor of the near field communication device, the certificate authority may also use the key of the near field communication device Request to obtain the current dispersion factor of the near field communication device. Specifically, when the implementation scenario of 101 is the latter two implementation scenarios, in the latter implementation manner, the certificate authority can save the near-field communication device when obtaining the current dispersion factor of the near-field communication device. The current update identifier corresponding to the current dispersion factor of the communication device.
203、向所述近场通信设备返回所述第一认证结果。203. Return the first authentication result to the near field communication device.
可选的,在103之后,还可以包括:Optionally, after 103, it may also include:
初始化对所述第一认证结果为认证失败的连续次数的计数;Initializing the count of the number of consecutive times that the first authentication result is an authentication failure;
相应的,在202之后,还可以包括:Correspondingly, after 202, it may also include:
若所述第一认证结果为认证失败的连续次数大于预设的门限值,则获得所述另一近场通信设备的当前分散因子;If the first authentication result is that the number of consecutive authentication failures is greater than a preset threshold value, then obtain the current dispersion factor of the other near-field communication device;
利用本地存储的主密钥和所述另一近场通信设备的当前分散因子,获得所述另一近场通信设备的多个当前密钥;obtaining a plurality of current keys of the other near field communication device using the locally stored master key and the current dispersion factor of the other near field communication device;
向所述另一近场通信设备发送所述另一近场通信设备的多个当前密钥,并初始化所述第一认证结果为认证失败的连续次数的计数。Sending multiple current keys of the other near field communication device to the another near field communication device, and initializing the count of consecutive times that the first authentication result is an authentication failure.
所述门限值可以根据实际需要确定,例如,取所述门限值为5。The threshold value may be determined according to actual needs, for example, the threshold value is 5.
本实施方式的应用场景为,若证书授权中心对某近场通信设备认证失败的连续次数大于一定值,即表示该近场通信设备的当前密钥存在被试图破解的可能,则所述证书授权中心获得该近场通信设备的当前分散因子,并根据该当前分散因子获得当前密钥发送给该近场通信设备。The application scenario of this embodiment is that if the certificate authorization center fails to authenticate a certain near-field communication device for a consecutive number of times greater than a certain value, it means that the current key of the near-field communication device may be attempted to be cracked. The center obtains the current dispersion factor of the near-field communication device, and obtains a current key according to the current dispersion factor and sends it to the near-field communication device.
本实施例提供的近场通信认证方法通过,证书授权中心根据接收到的近场通信设备的认证请求,通过检测所述认证请求中的待认证密钥是否为该近场通信设备的多个当前密钥之一,实现对近场通信设备进行认证,并在认证失败的连续次数大于预设的门限值时,重新获得该近场通信设备的当前密钥的技术方案,有效降低该近场通信设备的密钥被破解的可能性,从而进一步提高近场通信的安全性。The near field communication authentication method provided in this embodiment is passed. According to the received authentication request of the near field communication device, the certificate authority detects whether the key to be authenticated in the authentication request is a plurality of current keys of the near field communication device. One of the keys is to realize the authentication of the near-field communication device, and when the consecutive times of authentication failures are greater than the preset threshold value, the technical scheme of re-obtaining the current key of the near-field communication device effectively reduces the near-field communication The possibility of the key of the communication device being cracked, thereby further improving the security of the near field communication.
图3为本发明实施例三提供的一种近场通信认证方法的流程示意图,如图3所示,根据实施例一所述的近场通信认证方法,在103之后,还可以包括:FIG. 3 is a schematic flowchart of a near field communication authentication method provided in Embodiment 3 of the present invention. As shown in FIG. 3 , according to the near field communication authentication method described in Embodiment 1, after step 103, it may further include:
301、接收所述近场通信设备发送的密钥调用请求,所述密钥调用请求是所述近场通信设备在接收到另一近场通信设备发送的第一认证请求后发送的,所述第一认证请求包括第一待认证密钥和所述另一近场通信设备的设备标识;301. Receive a key invocation request sent by the near field communication device, where the key invocation request is sent by the near field communication device after receiving a first authentication request sent by another near field communication device, the The first authentication request includes a first key to be authenticated and a device identifier of the other near field communication device;
302、向所述近场通信设备发送所述主密钥,以使所述近场通信设备根据所述主密钥和所述第一认证请求对所述另一近场通信设备进行认证。302. Send the master key to the near field communication device, so that the near field communication device authenticates the other near field communication device according to the master key and the first authentication request.
可选的,在302之后,还可以包括:Optionally, after 302, it can also include:
接收所述近场通信设备发送的携带所述另一近场通信设备的设备标识的密钥更新请求,所述密钥更新请求是所述近场通信设备在对所述另一近场通信设备认证失败的连续次数大于预设的门限值后发送的;Receiving a key update request sent by the near field communication device and carrying the device identifier of the other near field communication device, where the key update request is an update request sent by the near field communication device to the another near field communication device Sent after the number of consecutive authentication failures is greater than the preset threshold;
根据所述密钥更新请求,获得所述另一近场通信设备的当前分散因子;Obtain the current dispersion factor of the other near field communication device according to the key update request;
利用本地存储的主密钥和所述另一近场通信设备的当前分散因子,获得所述另一近场通信设备的多个当前密钥;obtaining a plurality of current keys of the other near field communication device using the locally stored master key and the current dispersion factor of the other near field communication device;
向所述另一近场通信设备发送所述另一近场通信设备的多个当前密钥。A plurality of current keys of the other near field communication device are sent to the other near field communication device.
本实施例提供的近场通信认证方法通过,证书授权中心在接收到近场通信设备根据接收到的另一近场通信设备的认证请求发送的密钥调用请求时,向所述近场通信设备发送本地存储的主密钥,从而使所述近场通信设备对另一近场通信设备进行认证,并在接收到所述近场通信设备在检测到对另一近场通信设备认证失败的连续次数大于预设的门限值时发送的,包括所述另一近场通信设备的设备标识的密钥更新请求时,获得所述近场通信设备的当前密钥并发送给所述另一近场通信设备的技术方案,有效降低该近场通信设备的密钥被破解的可能性,从而进一步提高近场通信的安全性。The near field communication authentication method provided in this embodiment is passed. When the certificate authority receives the key invocation request sent by the near field communication device according to the received authentication request of another near field communication device, it sends the certificate to the near field communication device. sending the locally stored master key, so that the near field communication device authenticates another near field communication device, and after receiving the continuous When the number of times is greater than the preset threshold value, when a key update request including the device identification of the other near-field communication device is sent, the current key of the near-field communication device is obtained and sent to the other near-field communication device The technical solution of the field communication device effectively reduces the possibility that the key of the near field communication device is cracked, thereby further improving the security of the near field communication.
可选的,根据上述任一实施例所述的近场通信认证方法,在103之前,还可以包括:Optionally, according to the near field communication authentication method described in any of the above embodiments, before step 103, it may also include:
向所述近场通信设备发送密钥指令;sending a key instruction to the near field communication device;
相应的,103具体可以包括:Correspondingly, 103 may specifically include:
若在所述发送密钥指令之后的预设时间内接收到所述近场通信设备根据所述密钥指令返回的密钥响应,则向所述近场通信设备发送所述多个当前密钥。If a key response returned by the near-field communication device according to the key instruction is received within a preset time after sending the key instruction, sending the plurality of current keys to the near-field communication device .
本实施方式通过,当接收到近场通信设备在接收到证书授权中心发送的密钥指令后的预设时间内返回的密钥响应时,则向该近场通信设备发送当前密钥的实施方式,对近场通信设备的当前收发状态预先进行检测,从而有效保证密钥发送的成功率。In this embodiment, when receiving the key response returned by the near-field communication device within a preset time after receiving the key instruction sent by the certificate authority, the current key is sent to the near-field communication device , the current sending and receiving status of the near field communication device is detected in advance, so as to effectively ensure the success rate of key sending.
图4为本发明实施例四提供的一种近场通信认证方法的流程示意图,如图4所示,所述方法包括:FIG. 4 is a schematic flowchart of a near-field communication authentication method provided in Embodiment 4 of the present invention. As shown in FIG. 4, the method includes:
401、近场通信设备接收证书授权中心发送的多个当前密钥,所述多个当前密钥是所述证书授权中心根据本地预先存储的主密钥和所述近场通信设备的当前分散因子得到的,所述当前分散因子包括所述近场通信设备的设备标识和当前更新标识。401. The near-field communication device receives multiple current keys sent by the certificate authority, where the multiple current keys are the certificate authority's local pre-stored master key and the current dispersion factor of the near-field communication device It is obtained that the current dispersion factor includes the device identifier and the current update identifier of the near field communication device.
在实际应用中,所述近场通信设备可以将所述当前密钥存储在自身设备的安全模块内,需要说明的是,不同设备类型的设备,其安全模块可能不同,具体举例来说,所述近场通信设备的安全模块可以为设置在所述近场通信设备中的智能卡。In practical applications, the near field communication device may store the current key in the security module of its own device. It should be noted that different device types may have different security modules. For example, the The security module of the near field communication device may be a smart card set in the near field communication device.
402、向另一近场通信设备发送第二认证请求,所述第二认证请求包括所述多个当前密钥之一和所述近场通信设备的设备标识,以使另一近场通信设备对所述近场通信设备进行认证。402. Send a second authentication request to another near field communication device, where the second authentication request includes one of the multiple current keys and the device identifier of the near field communication device, so that the other near field communication device Authenticate the near field communication device.
可选的,在402之后,还可以包括:Optionally, after 402, it can also include:
接收所述另一近场通信设备发送的包括第一待认证密钥和所述另一近场通信设备的设备标识的第一认证请求,所述第一认证请求是所述另一近场通信设备在对所述近场通信设备认证成功后发送的;Receive a first authentication request sent by the other near field communication device that includes the first key to be authenticated and the device identifier of the other near field communication device, where the first authentication request is the other near field communication sent by the device after the device successfully authenticates the near-field communication device;
根据所述第一认证请求对所述另一近场通信设备进行认证;authenticating the other near field communication device according to the first authentication request;
若对所述另一近场通信设备的认证成功,则与所述另一近场通信设备建立连接。If the authentication of the other near field communication device is successful, establish a connection with the other near field communication device.
通常,两个近场通信设备在建立连接之前,需先进行相互认证,若相互认证均成功,则建立连接。Usually, two near field communication devices need to perform mutual authentication before establishing a connection, and if the mutual authentication is successful, the connection is established.
在本实施例的一种实施方式中,所述根据所述第一认证请求对所述另一近场通信设备进行认证,具体可以包括:In an implementation manner of this embodiment, the authenticating the other near-field communication device according to the first authentication request may specifically include:
向所述证书授权中心发送所述第一认证请求,并接收所述证书授权中心返回的第一认证结果,所述第一认证结果是所述证书授权中心根据所述第一认证请求对所述另一近场通信设备进行认证后返回的。sending the first authentication request to the certificate authority, and receiving a first authentication result returned by the certificate authority, the first authentication result being that the certificate authority It is returned after another near-field communication device performs authentication.
具体的,证书授权中心对近场通信设备进行认证的具体过程,与实施例一中的相关内容相似,本实施例在此不再赘述。Specifically, the specific process for the certificate authority to authenticate the near field communication device is similar to the relevant content in the first embodiment, and will not be repeated in this embodiment.
在本实施例的另一种实施方式中,所述根据所述第一认证请求对所述另一近场通信设备进行认证,具体可以包括:In another implementation manner of this embodiment, the authenticating the other near-field communication device according to the first authentication request may specifically include:
向所述证书授权中心发送密钥调用请求,并根据所述证书授权中心返回的所述主密钥和所述第一认证请求对所述另一近场通信设备进行认证。Sending a key invocation request to the certificate authority, and authenticating the other near-field communication device according to the master key returned by the certificate authority and the first authentication request.
可选的,在本实施方式下,所述第二认证请求还可以包括所述近场通信设备的当前更新标识,所述第一认证请求还可以包括所述另一近场通信设备的当前更新标识;所述根据所述证书授权中心返回的所述主密钥和所述第一认证请求对所述另一近场通信设备进行认证,具体可以包括:Optionally, in this embodiment, the second authentication request may also include the current update identifier of the near field communication device, and the first authentication request may also include the current update ID of the other near field communication device. Identification; the authenticating the other near-field communication device according to the master key returned by the certificate authority and the first authentication request may specifically include:
根据所述证书授权中心返回的所述主密钥、所述另一近场通信设备的当前更新标识和所述第一认证请求,获得所述另一近场通信设备的多个当前密钥,并通过检测所述第一待认证密钥是否为所述另一近场通信设备的多个当前密钥之一,对所述另一近场通信设备进行认证。Obtaining multiple current keys of the other near field communication device according to the master key returned by the certificate authority, the current update identifier of the other near field communication device, and the first authentication request, And by detecting whether the first key to be authenticated is one of multiple current keys of the other near field communication device, the other near field communication device is authenticated.
本实施例中401之后,所述近场通信设备还可以根据接收到所述证书授权中心发送的当前密钥时的当前时间,确定自身的所述当前密钥对应的当前更新标识。进一步地,在对所述另一近场通信设备进行认证时,将自身的当前密钥对应的当前更新标识作为所述另一近场通信设备的当前密钥对应的当前更新标识。其中,所述近场通信设备接收到所述证书授权中心发送的当前密钥的时间,与所述证书授权中心生成所述近场通信设备的当前密钥所用的当前分散因子中当前更新标识对应的时间可能存在一定的时间差,即,所述近场通信设备确定的自身当前密钥对应的当前更新标识与所述近场通信设备的当前密钥实际对应的当前更新标识存在一定的误差。进一步地,所述证书授权中心生成所述近场通信设备的当前密钥所用的当前分散因子中当前更新标识对应的时间与生成所述另一近场通信设备的当前密钥所用的当前分散因子中当前更新标识对应的时间可能存在一定的时间差,即所述近场通信设备的当前密钥实际对应的当前更新标识与所述另一近场通信设备的当前密钥实际对应的当前更新标识存在一定的误差,因此,为了进一步提高认证的准确性,可以预先设定一个时间窗,即当前更新标识的误差范围。对应的,所述根据所述证书授权中心返回的所述主密钥和所述第一认证请求对所述另一近场通信设备进行认证,具体可以包括:After step 401 in this embodiment, the near field communication device may also determine the current update identifier corresponding to the current key of itself according to the current time when the current key sent by the certificate authority is received. Further, when authenticating the other near-field communication device, use the current update identifier corresponding to its own current key as the current update identifier corresponding to the current key of the other near-field communication device. Wherein, the time when the near-field communication device receives the current key sent by the certificate authority corresponds to the current update identifier in the current dispersion factor used by the certificate authority to generate the current key of the near-field communication device There may be a certain time difference, that is, there is a certain error between the current update identifier corresponding to the current key determined by the near field communication device and the current update identifier actually corresponding to the current key of the near field communication device. Further, the time corresponding to the current update identifier in the current dispersion factor used by the certificate authority to generate the current key of the near-field communication device is the same as the current dispersion factor used to generate the current key of the other near-field communication device There may be a certain time difference between the time corresponding to the current update ID in the , that is, the current update ID actually corresponding to the current key of the near-field communication device and the current update ID actually corresponding to the current key of the other near-field communication device exist Therefore, in order to further improve the accuracy of authentication, a time window can be preset, that is, the error range of the current updated identification. Correspondingly, the authenticating the other near-field communication device according to the master key returned by the certificate authority and the first authentication request may specifically include:
根据预存的所述近场通信设备的当前更新标识和预设的时间窗,获得多个可认证更新标识,所述可认证更新标识的值不小于所述当前更新标识与所述预设的时间窗的差、且不大于所述当前更新标识与所述预设的时间窗的和;Obtain a plurality of certifiable update identities according to the pre-stored current update identities of the near-field communication device and a preset time window, where the value of the certifiable update identities is not less than the time between the current update identities and the preset time window The difference between the windows is not greater than the sum of the current update identifier and the preset time window;
根据所述另一近场通信设备的设备标识、所述多个可认证更新标识和所述主密钥,分别获得所述另一近场通信设备的多个可认证当前密钥,并通过检测所述第一待认证密钥是否为所述另一近场通信设备的多个可认证当前密钥之一,对所述另一近场通信设备进行认证。Obtain multiple certifiable current keys of the other near field communication device respectively according to the device identifier of the other near field communication device, the multiple certifiable update identities, and the master key, and pass the detection Whether the first key to be authenticated is one of a plurality of current verifiable keys of the other near field communication device, and authenticate the other near field communication device.
其中,所述时间窗可以根据工作需要确定,例如,设所述时间窗为2分钟,则若所述近场通信设备的当前更新标识为201302211200,则获得多个可认证更新标识包括201302211158、201302211159、201302211200、201302211201和201302211202。Wherein, the time window can be determined according to work needs. For example, if the time window is set to 2 minutes, if the current update ID of the near-field communication device is 201302211200, multiple certifiable update IDs including 201302211158 and 201302211159 can be obtained. , 201302211200, 201302211201, and 201302211202.
可选的,所述根据所述证书授权中心返回的所述主密钥和所述第一认证请求对所述另一近场通信进行认证之后,还可以包括:Optionally, after authenticating the other near field communication according to the master key returned by the certificate authority and the first authentication request, the method may further include:
若对所述另一近场通信的认证结果为认证失败的连续次数大于预设的门限值,则向所述证书授权中心发送携带所述另一近场通信设备的设备标识的密钥更新请求,以使所述证书授权中心根据所述密钥更新请求更新所述另一近场通信设备的当前密钥。If the result of the authentication of the other near field communication is that the consecutive number of authentication failures is greater than the preset threshold value, send a key update carrying the device identification of the other near field communication device to the certificate authority request, so that the certificate authority updates the current key of the other near field communication device according to the key update request.
其中,所述第二认证请求还可以包括所述近场通信设备的当前更新标识,所述第一认证请求还可以包括所述另一近场通信设备的当前更新标识。Wherein, the second authentication request may further include the current update identifier of the near field communication device, and the first authentication request may further include the current update identifier of the other near field communication device.
上述步骤的应用场景可以为,若近场通信设备对另一近场通信设备认证失败的连续次数大于预设的门限值,即表示该另一近场通信设备的当前密钥存在被试图破解的可能,则所述近场通信设备向证书授权中心请求更新该另一近场通信设备的当前密钥。The application scenario of the above steps may be that if the number of consecutive failures of the near field communication device to authenticate another near field communication device is greater than the preset threshold value, it means that the current key of the other near field communication device has been tried to crack If possible, the near field communication device requests the certificate authority to update the current key of the other near field communication device.
可选的,在一种实施方式中,在401之前,还可以包括:Optionally, in an implementation manner, before 401, it may also include:
接收所述证书授权中心发送的密钥指令,并向所述证书授权中心返回密钥响应。Receive the key instruction sent by the certificate authority, and return a key response to the certificate authority.
可选的,在另一种实施方式中,在401之前,还可以包括:Optionally, in another implementation manner, before 401, it may also include:
向证书授权中心发送密钥请求,以使所述证书授权中心根据所述密钥请求获得所述近场通信设备的当前分散因子。Sending a key request to the certificate authority, so that the certificate authority obtains the current dispersion factor of the near field communication device according to the key request.
在上述两种实施方式下,本实施例中的所述第二认证请求还可以包括所述近场通信设备的当前更新标识,所述第一认证请求还可以包括所述另一近场通信设备的当前更新标识。In the above two implementation modes, the second authentication request in this embodiment may also include the current update ID of the near field communication device, and the first authentication request may also include the other near field communication device The current update ID for .
本实施例提供的近场通信认证方法,通过在近场通信设备与另一近场通信设备建立连接之前,向另一近场通信设备发送包括任一预先从证书授权中心接收到的当前密钥的认证请求,并在接收到所述另一近场通信设备返回的认证请求后,对所述另一近场通信设备进行认证的技术方案,实现在近场通信设备建立连接之前先进行交互认证,从而有效提高近场通信的安全性。In the near field communication authentication method provided in this embodiment, before the near field communication device establishes a connection with another near field communication device, it sends to another near field communication device including any current key received in advance from the certificate authority. authentication request, and after receiving the authentication request returned by the other near-field communication device, a technical solution for authenticating the other near-field communication device, so as to realize interactive authentication before the near-field communication device establishes a connection , so as to effectively improve the security of near field communication.
本发明实施例五提供又一种近场通信认证方法,根据实施例四所述的近场通信认证方法,在402之前,还可以包括:Embodiment 5 of the present invention provides another near-field communication authentication method. According to the near-field communication authentication method described in Embodiment 4, before 402, it may also include:
接收另一近场通信设备发送的包括第一待认证密钥和所述另一近场通信设备的设备标识的第一认证请求;receiving a first authentication request sent by another near field communication device that includes a first key to be authenticated and a device identifier of the another near field communication device;
根据所述第一认证请求对所述另一近场通信设备进行认证;authenticating the other near field communication device according to the first authentication request;
则相应的,402具体包括:Correspondingly, 402 specifically includes:
若对所述另一近场通信设备的认证成功,则向所述另一近场通信设备发送所述第二认证请求。If the authentication of the another near field communication device succeeds, sending the second authentication request to the another near field communication device.
具体的,上述步骤可以在401之前执行,或者在401之后402之前执行,本实施例未对其进行限制。其中,所述根据所述第一认证请求对所述另一近场通信设备进行认证的具体方法与实施例四中的相关内容相似,故在此不再赘述。Specifically, the above steps may be performed before 401, or after 401 and before 402, which is not limited in this embodiment. Wherein, the specific method for authenticating the other near-field communication device according to the first authentication request is similar to the relevant content in Embodiment 4, so it will not be repeated here.
可选的,在本实施方式中,所述根据所述证书授权中心返回的所述主密钥和所述第一认证请求对所述另一近场通信设备进行认证之后,还可以包括:Optionally, in this implementation manner, after authenticating the other near-field communication device according to the master key returned by the certificate authority and the first authentication request, the method may further include:
若第一认证结果为认证失败的连续次数大于所述门限值,则向所述证书授权中心发送携带所述另一近场通信设备的设备标识的密钥更新请求,以使所述证书授权中心根据所述密钥更新请求更新所述另一近场通信设备的当前密钥。If the first authentication result is that the number of consecutive authentication failures is greater than the threshold value, send a key update request carrying the device identification of the other near-field communication device to the certificate authorization center, so that the certificate authorization The center updates the current key of the other near field communication device according to the key update request.
本实施例中各实施方式的具体流程与前述各实施例中的相关内容相似,本实施例在此不再赘述。The specific process of each implementation manner in this embodiment is similar to the related content in the foregoing embodiments, and will not be repeated in this embodiment.
本实施例提供的近场通信认证方法,通过近场通信设备根据另一近场通信设备发送的认证请求,对所述另一近场通信设备认证成功后,根据本地从证书授权中心接收到的当前密钥,向所述另一近场通信设备发送包括任一所述当前密钥的认证请求,以实现所述另一近场通信设备对所述近场通信设备进行交互认证的技术方案,有效提高近场通信的安全性。In the near-field communication authentication method provided in this embodiment, after the near-field communication device successfully authenticates the other near-field communication device according to the authentication request sent by another near-field communication device, according to the certificate received locally from the certificate authority The current key, sending an authentication request including any of the current keys to the other near-field communication device, so as to realize the technical solution of interactive authentication of the near-field communication device by the other near-field communication device, Effectively improve the security of near field communication.
图5为本发明实施例六提供的一种证书授权中心的结构示意图,如图5所示,所述证书授权中心包括:Fig. 5 is a schematic structural diagram of a certificate authority center provided in Embodiment 6 of the present invention. As shown in Fig. 5, the certificate authority center includes:
获取模块51,用于获得近场通信设备的当前分散因子,所述当前分散因子包括所述近场通信设备的设备标识和当前更新标识;An obtaining module 51, configured to obtain a current dispersion factor of the near field communication device, where the current dispersion factor includes a device identification and a current update identification of the near field communication device;
处理模块52,还用于利用本地预先存储的主密钥和所述当前分散因子,获得所述近场通信设备的多个当前密钥;The processing module 52 is further configured to obtain a plurality of current keys of the near field communication device by using the local pre-stored master key and the current dispersion factor;
发送模块53,用于向所述近场通信设备发送所述多个当前密钥,以使所述近场通信设备根据所述多个当前密钥和其他近场通信设备进行交互认证。The sending module 53 is configured to send the multiple current keys to the near field communication device, so that the near field communication device performs interactive authentication with other near field communication devices according to the multiple current keys.
可选的,在本实施例的一种实施方式中,所述证书授权中心还可以包括:Optionally, in an implementation manner of this embodiment, the certificate authority may further include:
第一接收模块,用于接收所述近场通信设备发送的第一认证请求,所述第一认证请求是另一近场通信设备发送给所述近场通信设备的,所述第一认证请求包括所述第一待认证密钥和所述另一近场通信设备的设备标识;A first receiving module, configured to receive a first authentication request sent by the near field communication device, the first authentication request is sent to the near field communication device by another near field communication device, the first authentication request including the first key to be authenticated and a device identifier of the other near field communication device;
认证模块,用于通过检测所述第一待认证密钥是否为所述另一近场通信设备的多个当前密钥之一,对所述另一近场通信设备进行认证,获得第一认证结果;An authentication module, configured to authenticate the other near-field communication device by detecting whether the first key to be authenticated is one of a plurality of current keys of the other near-field communication device, and obtain first authentication result;
发送模块53,还用于向所述近场通信设备返回所述第一认证结果。The sending module 53 is further configured to return the first authentication result to the near field communication device.
在本实施方式下,处理模块52,还用于初始化对所述第一认证结果为认证失败的连续次数的计数;In this embodiment, the processing module 52 is further configured to initialize the count of the number of consecutive times that the first authentication result is an authentication failure;
获取模块51,还用于若所述第一认证结果为认证失败的连续次数大于预设的门限值,则获得所述另一近场通信设备的当前分散因子;The obtaining module 51 is further configured to obtain the current dispersion factor of the other near-field communication device if the first authentication result is that the number of consecutive authentication failures is greater than a preset threshold value;
处理模块52,还用于利用本地存储的主密钥和所述另一近场通信设备的当前分散因子,获得所述另一近场通信设备的多个当前密钥;The processing module 52 is further configured to obtain a plurality of current keys of the other near field communication device by using the locally stored master key and the current dispersion factor of the other near field communication device;
发送模块53,还用于向所述另一近场通信设备发送所述另一近场通信设备的多个当前密钥,并初始化所述第一认证结果为认证失败的连续次数的计数。The sending module 53 is further configured to send a plurality of current keys of the another near field communication device to the other near field communication device, and initialize a count of consecutive times that the first authentication result is an authentication failure.
可选的,在本实施例的另一种实施方式中,所述证书授权中心还可以包括:第二接收模块,用于接收所述近场通信设备发送的密钥调用请求,所述密钥调用请求是所述近场通信设备在接收到另一近场通信设备发送的第一认证请求后发送的,所述第一认证请求包括第一待认证密钥和所述另一近场通信设备的设备标识;Optionally, in another implementation manner of this embodiment, the certificate authority may further include: a second receiving module, configured to receive a key invocation request sent by the near-field communication device, and the key The call request is sent by the near field communication device after receiving a first authentication request sent by another near field communication device, and the first authentication request includes the first key to be authenticated and the other near field communication device equipment identification;
发送模块53,还用于向所述近场通信设备发送所述主密钥,以使所述近场通信设备根据所述主密钥和所述第一认证请求对所述另一近场通信设备进行认证。The sending module 53 is further configured to send the master key to the near-field communication device, so that the near-field communication device can communicate with the other near-field communication device according to the master key and the first authentication request. The device is authenticated.
在本实施方式下,所述第二接收模块,还用于接收所述近场通信设备发送的携带所述另一近场通信设备的设备标识的密钥更新请求,所述密钥更新请求是所述近场通信设备在对所述另一近场通信设备认证失败的连续次数大于预设的门限值后发送的;In this embodiment, the second receiving module is further configured to receive a key update request sent by the near field communication device and carrying the device identifier of the other near field communication device, the key update request is sent by the near field communication device after the consecutive number of authentication failures of the other near field communication device is greater than a preset threshold;
获取模块51,还用于根据所述密钥更新请求,获得所述另一近场通信设备的当前分散因子;The obtaining module 51 is further configured to obtain the current dispersion factor of the another near-field communication device according to the key update request;
处理模块52,还用于利用本地存储的主密钥和所述另一近场通信设备的当前分散因子,获得所述另一近场通信设备的多个当前密钥;The processing module 52 is further configured to obtain a plurality of current keys of the other near field communication device by using the locally stored master key and the current dispersion factor of the other near field communication device;
发送模块53,还用于向所述另一近场通信设备发送所述另一近场通信设备的多个当前密钥。The sending module 53 is further configured to send multiple current keys of the other near field communication device to the other near field communication device.
可选的,在上述任一实施方式中,发送模块53,还用于向所述近场通信设备发送密钥指令;所述证书授权中心还包括:第三接收模块,用于接收所述近场通信设备根据所述密钥指令返回的密钥响应;发送模块53,还用于若在所述发送密钥指令之后的预设时间内接收到所述近场通信设备根据所述密钥指令返回的密钥响应,则向所述近场通信设备发送所述多个当前密钥。Optionally, in any of the above embodiments, the sending module 53 is further configured to send a key instruction to the near-field communication device; the certificate authority further includes: a third receiving module, configured to receive the near-field communication device The key response returned by the field communication device according to the key instruction; the sending module 53 is also used to receive the key response from the near field communication device according to the key instruction within the preset time after sending the key instruction. The returned key response is used to send the multiple current keys to the near field communication device.
可选的,获取模块51,具体用于周期性地获得所述近场通信设备的当前分散因子;或者,根据所述近场通信设备的密钥请求,获得所述近场通信设备的当前分散因子。Optionally, the obtaining module 51 is specifically configured to periodically obtain the current dispersion factor of the near field communication device; or, obtain the current dispersion factor of the near field communication device according to the key request of the near field communication device factor.
本实施例提供的证书授权中心,通过将用于获得近场通信设备当前密钥的主密钥存储在所述证书授权中心,并且所述证书授权中心根据所述主密钥获得近场通信设备的当前密钥,并向所述近场通信设备发送所述当前密钥,以使所述近场通信设备根据所述多个当前密钥和其他近场通信设备进行交互认证的技术方案,解决了现有技术中存储在近场通信设备中的主密钥容易被破解而导致的安全问题,有效提高近场通信的安全性。The certificate authority provided by this embodiment stores the master key used to obtain the current key of the near-field communication device in the certificate authority, and the certificate authority obtains the certificate of the near-field communication device according to the master key. current key, and send the current key to the near-field communication device, so that the near-field communication device performs interactive authentication with other near-field communication devices according to the multiple current keys, solving The security problem caused by the easy cracking of the master key stored in the near-field communication device in the prior art is solved, and the security of the near-field communication is effectively improved.
图6为本发明实施例七提供的一种近场通信设备的结构示意图,如图6所示,所述近场通信设备包括:FIG. 6 is a schematic structural diagram of a near-field communication device provided in Embodiment 7 of the present invention. As shown in FIG. 6, the near-field communication device includes:
接收模块61,用于接收证书授权中心发送的多个当前密钥,所述多个当前密钥是所述证书授权中心根据本地预先存储的主密钥和所述近场通信设备的当前分散因子得到的,所述当前分散因子包括所述近场通信设备的设备标识和当前更新标识;The receiving module 61 is configured to receive a plurality of current keys sent by the certificate authority, where the plurality of current keys are based on the local pre-stored master key and the current dispersion factor of the near field communication device by the certificate authority obtained, the current dispersion factor includes the device identifier and the current update identifier of the near field communication device;
发送模块62,用于向另一近场通信设备发送第二认证请求,所述第二认证请求包括所述多个当前密钥之一和所述近场通信设备的设备标识,以使另一近场通信设备对所述近场通信设备进行认证。A sending module 62, configured to send a second authentication request to another near-field communication device, where the second authentication request includes one of the plurality of current keys and the device identifier of the near-field communication device, so that another The near field communication device authenticates the near field communication device.
可选的,接收模块61,还用于接收所述另一近场通信设备发送的包括第一待认证密钥和所述另一近场通信设备的设备标识的第一认证请求,所述第一认证请求是所述另一近场通信设备在对所述近场通信设备认证成功后发送的;Optionally, the receiving module 61 is further configured to receive a first authentication request sent by the other near field communication device that includes the first key to be authenticated and the device identifier of the other near field communication device, the second An authentication request is sent by the another near field communication device after the near field communication device is successfully authenticated;
相应的,所述近场通信设备,还包括:Correspondingly, the near field communication device further includes:
认证模块,用于根据所述第一认证请求对所述另一近场通信设备进行认证;an authentication module, configured to authenticate the other near-field communication device according to the first authentication request;
处理模块,用于若对所述另一近场通信设备的认证成功,则与所述另一近场通信设备建立连接。A processing module, configured to establish a connection with the other near field communication device if the authentication of the other near field communication device is successful.
在上述任一实施方式下,接收模块61,还用于接收所述证书授权中心发送的密钥指令;发送模块62,还用于根据所述密钥指令,向所述证书授权中心返回密钥响应。In any of the above embodiments, the receiving module 61 is also used to receive the key instruction sent by the certificate authority; the sending module 62 is also used to return the key to the certificate authority according to the key instruction response.
在上述任一实施方式下,发送模块62,还用于向证书授权中心发送密钥请求,以使所述证书授权中心根据所述密钥请求获得所述近场通信设备的当前分散因子。In any of the above implementation manners, the sending module 62 is further configured to send a key request to the certificate authority, so that the certificate authority obtains the current dispersion factor of the near field communication device according to the key request.
本实施例提供的近场通信设备,通过在所述近场通信设备与另一近场通信设备建立连接之前,向另一近场通信设备发送包括任一预先从证书授权中心接收到的当前密钥的认证请求,并在接收到所述另一近场通信设备返回的认证请求后,对所述另一近场通信设备进行认证的技术方案,实现在近场通信设备建立连接之前先进行交互认证,从而有效提高近场通信的安全性。The near field communication device provided in this embodiment, before the near field communication device establishes a connection with another near field communication device, sends to another near field communication device including any current password received in advance from a certificate authority. Key authentication request, and after receiving the authentication request returned by the other near-field communication device, the technical solution for authenticating the other near-field communication device, so as to realize the interaction before the near-field communication device establishes a connection Authentication, thereby effectively improving the security of near-field communication.
本发明实施例八提供另一种近场通信设备,根据实施例七所述的近场通信设备,Embodiment 8 of the present invention provides another near field communication device, according to the near field communication device described in Embodiment 7,
接收模块61,还用于接收另一近场通信设备发送的包括第一待认证密钥和所述另一近场通信设备的设备标识的第一认证请求;The receiving module 61 is further configured to receive a first authentication request sent by another near-field communication device, including the first key to be authenticated and the device identification of the other near-field communication device;
所述近场通信设备还包括:认证模块,用于根据所述第一认证请求对所述另一近场通信设备进行认证;The near field communication device further includes: an authentication module, configured to authenticate the other near field communication device according to the first authentication request;
发送模块62,具体用于若对所述另一近场通信设备的认证成功,则向所述另一近场通信设备发送所述第二认证请求。The sending module 62 is specifically configured to send the second authentication request to the other near field communication device if the authentication of the other near field communication device is successful.
根据实施例七或实施例八所述的近场通信设备,所述认证模块具体可以包括:According to the near field communication device described in Embodiment 7 or Embodiment 8, the authentication module may specifically include:
第一发送单元,用于向证书授权中心发送所述第一认证请求,以使所述证书授权中心根据所述第一认证请求对所述另一近场通信设备进行认证;A first sending unit, configured to send the first authentication request to a certificate authority, so that the certificate authority authenticates the other near-field communication device according to the first authentication request;
第一接收单元,用于接收所述证书授权中心根据所述第一认证请求对所述另一近场通信设备进行认证后返回的第一认证结果;A first receiving unit, configured to receive a first authentication result returned by the certificate authority after authenticating the other near-field communication device according to the first authentication request;
或者,所述认证模块具体可以包括:Or, the authentication module may specifically include:
第二发送单元,用于向所述证书授权中心发送密钥调用请求;a second sending unit, configured to send a key invocation request to the certificate authority;
第二接收单元,用于接收所述证书授权中心返回的所述主密钥;a second receiving unit, configured to receive the master key returned by the certificate authority;
认证单元,用于根据所述证书授权中心返回的所述主密钥和所述第一认证请求对所述另一近场通信设备进行认证。An authentication unit, configured to authenticate the other near field communication device according to the master key returned by the certificate authority and the first authentication request.
在后一种实施方式中,所述第二发送单元,还用于若第一认证结果为认证失败的连续次数大于所述门限值,则向所述证书授权中心发送携带所述另一近场通信设备的设备标识的密钥更新请求,以使所述证书授权中心根据所述密钥更新请求更新所述另一近场通信设备的当前密钥。In the latter implementation manner, the second sending unit is further configured to send a certificate carrying the other certificate to the certificate authority if the first authentication result is that the number of consecutive authentication failures is greater than the threshold value. A key update request of the device identification of the field communication device, so that the certificate authority updates the current key of the other near field communication device according to the key update request.
本实施例提供的近场通信设备,通过所述近场通信设备根据另一近场通信设备发送的认证请求,对所述另一近场通信设备认证成功后,根据本地从证书授权中心接收到的当前密钥,向所述另一近场通信设备发送包括任一所述当前密钥的认证请求,以实现所述另一近场通信设备对所述近场通信设备进行交互认证的技术方案,有效提高近场通信的安全性。The near-field communication device provided in this embodiment, through the near-field communication device according to the authentication request sent by another near-field communication device, after successfully authenticating the other near-field communication device, according to the locally received certificate from the certificate authorization center the current key, and send an authentication request including any of the current keys to the other near-field communication device, so as to realize the technical solution that the other near-field communication device performs interactive authentication on the near-field communication device , effectively improving the security of near-field communication.
需要说明的是,上述实施例提供的证书授权中心和近场通信设备均可实现本发明任一实施例提供的近场通信认证方法的步骤,具体实现方法在此不再赘述。It should be noted that both the certificate authority and the near-field communication device provided in the above embodiments can implement the steps of the near-field communication authentication method provided in any embodiment of the present invention, and the specific implementation method will not be repeated here.
本领域普通技术人员可以理解:实现上述各方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成。前述的程序可以存储于一计算机可读取存储介质中。该程序在执行时,执行包括上述各方法实施例的步骤;而前述的存储介质包括:ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the steps for implementing the above method embodiments can be completed by program instructions and related hardware. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, it executes the steps including the above-mentioned method embodiments; and the aforementioned storage medium includes: ROM, RAM, magnetic disk or optical disk and other various media that can store program codes.
最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than limiting them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: It is still possible to modify the technical solutions described in the foregoing embodiments, or perform equivalent replacements for some or all of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the various embodiments of the present invention. scope.
Claims (14)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310155677.8A CN103248487B (en) | 2013-04-28 | 2013-04-28 | Near-field communication authentication method, certificate authority and near-field communication equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310155677.8A CN103248487B (en) | 2013-04-28 | 2013-04-28 | Near-field communication authentication method, certificate authority and near-field communication equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103248487A CN103248487A (en) | 2013-08-14 |
| CN103248487B true CN103248487B (en) | 2015-11-25 |
Family
ID=48927723
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310155677.8A Active CN103248487B (en) | 2013-04-28 | 2013-04-28 | Near-field communication authentication method, certificate authority and near-field communication equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103248487B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106156592B (en) * | 2015-04-28 | 2019-03-01 | 北京智谷睿拓技术服务有限公司 | Exchange method and communication equipment |
| DE102015220489B4 (en) * | 2015-10-21 | 2024-05-29 | Ford Global Technologies, Llc | Procedure for authorising a software update in a motor vehicle |
| CN110113153B (en) * | 2019-04-23 | 2022-05-13 | 深圳数字电视国家工程实验室股份有限公司 | NFC secret key updating method, terminal and system |
| CN111917553B (en) * | 2020-06-29 | 2025-04-04 | 浪潮云洲工业互联网有限公司 | A multi-person authentication and authorization method, device and medium based on near field communication |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101739756A (en) * | 2008-11-10 | 2010-06-16 | 中兴通讯股份有限公司 | Method for generating secrete key of smart card |
| CN101911581A (en) * | 2007-11-30 | 2010-12-08 | 三星电子株式会社 | Method and system for secure communication in near field communication network |
| EP2490395A1 (en) * | 2011-02-14 | 2012-08-22 | Nxp B.V. | Method and system for access control for near field communication |
-
2013
- 2013-04-28 CN CN201310155677.8A patent/CN103248487B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101911581A (en) * | 2007-11-30 | 2010-12-08 | 三星电子株式会社 | Method and system for secure communication in near field communication network |
| CN101739756A (en) * | 2008-11-10 | 2010-06-16 | 中兴通讯股份有限公司 | Method for generating secrete key of smart card |
| EP2490395A1 (en) * | 2011-02-14 | 2012-08-22 | Nxp B.V. | Method and system for access control for near field communication |
Non-Patent Citations (1)
| Title |
|---|
| 基于智能卡的移动支付终端设计与实现;苗雷;《中国优秀硕士学位论文全文数据库(电子期刊)》;20081115;I136-407 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103248487A (en) | 2013-08-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109712278B (en) | Smart door lock identity authentication method, system, readable storage medium and mobile terminal | |
| CN103517273B (en) | Authentication method, managing platform and Internet-of-Things equipment | |
| CN104917727B (en) | A kind of method, system and device of account's authentication | |
| KR102382474B1 (en) | System and method for establishing trust using secure transmission protocols | |
| CN105188055B (en) | wireless network access method, wireless access point and server | |
| EP3208732A1 (en) | Method and system for authentication | |
| CN104185176B (en) | A kind of long-range initial method of Internet of Things virtual user identification module card and system | |
| CN105827573B (en) | System, method and the relevant apparatus of internet of things equipment strong authentication | |
| CN104539701A (en) | Working method of equipment and system for online activating mobile terminal token | |
| CN104125565A (en) | Method for realizing terminal authentication based on OMA DM, terminal and server | |
| CN103532963A (en) | IOT (Internet of Things) based equipment authentication method, device and system | |
| CN104125226A (en) | Locking and unlocking application method, device and system | |
| CN105408910A (en) | Systems and methods for authenticating access to operating system by user before the operating system is booted using wireless communication token | |
| CN111935191B (en) | Password resetting method, system and device and electronic equipment | |
| JP2012530311A5 (en) | ||
| CN111182521A (en) | Internet of things terminal machine card binding, network access authentication and service authentication method and device | |
| CN102930435A (en) | Authentication method and system for mobile payment | |
| CN102892102B (en) | A kind of method, system and equipment realizing binding machine and card in a mobile network | |
| CN105743650A (en) | Mobile office identity authentication method, platform and system, and mobile terminal | |
| CN105871864A (en) | Mobile terminal identity authentication method and device | |
| JP2017152880A (en) | Authentication system, key processing coordination method, and key processing coordination program | |
| CN103248487B (en) | Near-field communication authentication method, certificate authority and near-field communication equipment | |
| CN106296177A (en) | Data processing method based on bank's Mobile solution and equipment | |
| CN105187369A (en) | Data access method and data access device | |
| CN104918241B (en) | A user authentication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |