CN106055966A - Method and system for authentication - Google Patents
Method and system for authentication Download PDFInfo
- Publication number
- CN106055966A CN106055966A CN201610322177.2A CN201610322177A CN106055966A CN 106055966 A CN106055966 A CN 106055966A CN 201610322177 A CN201610322177 A CN 201610322177A CN 106055966 A CN106055966 A CN 106055966A
- Authority
- CN
- China
- Prior art keywords
- information
- main control
- authenticating device
- control device
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Abstract
The invention relates to a method and system for authentication. The method for the authentication comprises the steps that a registration request is initiated to main control equipment, wherein the registration request comprises first external input information; the main control equipment can register authentication equipment according to the first external input information and can send data characteristic information to the authentication equipment, wherein the data characteristic information comprises an ID authentication secret key, an ID and an ID secret key; an authentication request is sent to the main control equipment according to the received data characteristic information, so that the main control equipment can send first information; the ID secret key is used for first encryption of the first information and second external input information, second information is generated, the ID authentication secret key is used for second encryption of the second information, and encrypted data is generated, so that the main control equipment can authenticate the authentication equipment according to the second information and the encrypted data; and a result about legality of the authentication equipment sent by the main control equipment is received. The method and the system provided by the invention enhance safety of an intelligent terminal which is taken as the authentication equipment.
Description
Technical field
The present invention relates to safety applications field, in particular to a kind of authentication method and system.
Background technology
Intelligent terminal refers to have multimedia equipment, and these equipment supports the merit of the aspects such as audio frequency, video, data
Energy.
The most relatively common intelligent terminal has smart mobile phone, flat board, pc etc.;Due to intelligent terminal it is
System is open, when use intelligent terminal hardware as safety certification when, it is necessary to have the safe handling of reinforcement,
Could be on the basis of for the limited trust of intelligent terminal, it is achieved the needs of high strength safe application.
Usually, when using the independent hardware closed as safety certificate equipment when, such as IC-card, bracelet, its
Safety is safe in the link of each working service, does not has leaky.
The present invention is exactly the complete safety issue solving intelligent terminal as authenticating device.
Summary of the invention
It is an object of the invention to the shortcoming for prior art, it is provided that a kind of authentication method and system, existing to solve
The intelligent terminal of technology is as the complete safety issue of authenticating device.
For achieving the above object, first aspect, the invention provides a kind of authentication method, this authentication method includes:
Initiating registration request to main control device, wherein, registration request includes inputting outside first information, in order to main control device
According to inputting information outside first, authenticating device is registered, and send data characteristic information to authenticating device;Wherein, data
Characteristic information includes ID KI, ID and ID key;
Certification request is sent to main control device, in order to main control device sends the first letter according to the data characteristic information received
Breath;
Use the ID double secret key first information and the second outer input information to carry out the first encryption, generate the second information, and make
With ID KI, the second information is carried out the second encryption, generate encryption data, in order to main control device is according to the second information and adds
Authenticating device is authenticated by ciphertext data;
Receive the authenticating device authentication result that main control device sends.
Preferably, using ID KI that the second information carries out the second encryption, the step generating encryption data is specifically wrapped
Include: obtained digital signature by ID and the second information;Use ID KI that digital signature carries out the second encryption, generate encryption number
According to.
Preferably, method also includes:
Authenticating device sends the second status information to main control device.
Second aspect, the invention provides a kind of authentication method, and this authentication method includes:
Receiving the registration request that authenticating device sends, wherein, registration request includes inputting outside first information, and storage is outside defeated
Enter information;
Authenticating device is registered, and sends data characteristic information to authenticating device;Wherein, characteristic information include ID,
ID key and ID KI, in order to, authenticating device sends certification request according to data characteristic information;
Reception certification is asked, and sends the first information, in order to authenticating device obtains the second information and encryption according to the first information
Data;
Receive the second information and encryption data that authenticating device sends, and according to the second information and the second encryption data to recognizing
Card equipment is authenticated.
Preferably, the step being authenticated authenticating device according to the second information and encryption data includes:
Encryption data is carried out the first decryption processing according to ID KI, and judges encryption according to the first decrypted result
The legitimacy of data;When judged result is legal, then judge the legitimacy of the second information;
Second information uses ID key carry out second time decryption processing, and judges according to the second result solving ciphertext data
The legitimacy of the second information;
Authenticating device is authenticated by the legitimacy according to the second information.
Preferably, method also includes: the first status information that main control device sends to authenticating device, in order to authenticating device root
The second status information is sent according to the first status information;Wherein, main control device stores the first status information.
The third aspect, the invention provides a kind of Verification System, and this system includes: authenticating device and main control device.
It is an object of the invention to the safety when using intelligent terminal as authenticating device with high intensity.
Accompanying drawing explanation
Fig. 1 is the application scenarios figure of the present invention;
The structure flow chart of a kind of authentication method that Fig. 2 provides for the embodiment of the present invention;
The structure flow chart of the another kind of authentication method that Fig. 3 provides for the embodiment of the present invention;
The structural representation of the Verification System that Fig. 4 provides for the embodiment of the present invention.
Detailed description of the invention
The present invention has the main control device of ID, ID key, ID KI and the authentication information such as known by storage
Become the safety certification of intelligent terminal, improve the intelligent terminal safety issue as authenticating device.
Below by drawings and Examples, technical scheme is described in further detail.
The application scenarios figure that Fig. 1 provides for the embodiment of the present invention.As it is shown in figure 1, main control device is electronic lock or lock;
Authenticating device is the third party application (Application, APP) on smart mobile phone or flat board.
If on smart mobile phone, pre-set known information, by fingerprint, shape of face, password, figure password (Quick Response Code) and
Sound, controls the first outer input information and the second outer use inputting information.During directly using, directly use above-mentioned
Mode (fingerprint, shape of face, password, image password and sound), it is allowed to use known information, add convenience and the safety of use
Property.
For same intelligent terminal, support that the number of main control device can also infinite expanding.A most same intelligence
Terminal can be supported to be not intended to number electronic lock or automotive lock, simply in the information supported, adds electronic lock or vapour
The coding information of lock itself, to be distinguished by.
The structure flow chart of a kind of authentication method that Fig. 2 provides for the embodiment of the present invention.As in figure 2 it is shown, this authentication method
Step include:
Step S200: initiating registration request to main control device, wherein, registration request includes inputting outside first information, with
Just main control device is according to inputting information outside first, registers authenticating device, and sends data characteristic information to authenticating device;
Wherein, data characteristic information includes ID KI, ID and ID key;
Specifically, authenticating device is registered to main control device, is to prove main control device license to main control device
Identity, the first outer input information is sent to main control device, it is simple to the legitimacy of authenticating device holder is examined simultaneously
Survey.
Specifically, connect in several ways between main control device and authenticating device: networking, NFC communication, sound wave, picture
(Quick Response Code), input through keyboard, etc..
Step S210: send certification request according to the data characteristic information received to main control device, in order to main control device is sent out
Send the first information;
Step S220: use the ID double secret key first information and the second outer input information to carry out the first encryption, generate the second letter
Breath, and use ID KI that the second information carries out the second encryption, generate encryption data, in order to main control device is according to second
Authenticating device is authenticated by information and encryption data;
After having processed step S220, need ID, the second information, encryption data are uploaded to main control device.
Specifically, using ID KI that the second information carries out the second encryption, the step generating encryption data is specifically wrapped
Include: obtained digital signature by ID and the second information;Use ID KI that digital signature carries out the second encryption, generate encryption number
According to.
Step S230: receive the authenticating device authentication result that main control device sends.
Alternatively, after certification is complete, main control device needs the first status information (configuration information and the state oneself stored
Information) it is sent to authenticating device.Authenticating device is according to current configuration information/status information and the second status information of storage
(configuration information/status information) compares, and carries out further reminder alarm lamp etc. and processes.
Specifically, the use state of main control device notice authenticating device main control device there occurs that (main control device increases in change
Authenticating device, this authenticating device repeatedly need not wait).
Method flow to this side of main control device in figure 3 below is described.
The embodiment of the present invention is registered to main control device by authenticating device, and the process of certification after registration, strengthens
Safety monitoring to authenticating device.
The structure flow chart of the another kind of authentication method that Fig. 3 provides for the embodiment of the present invention.As it is shown on figure 3, this authenticating party
The step of method includes:
Step S300: receiving the registration request that authenticating device sends, wherein, registration request includes inputting outside first information,
Storage external input information;
Step S310: authenticating device is registered, and send data characteristic information to authenticating device;Wherein, feature letter
Breath includes ID, ID key and ID KI, in order to, authenticating device sends certification request according to data characteristic information;
Step S320: receive certification request, send the first information, in order to authenticating device obtains the second letter according to the first information
Breath and encryption data;
Step S330: receive described second information and described encryption data that described authenticating device sends, and according to described
Described authenticating device is authenticated by the second information and described second encryption data.
The step of step S330 specifically includes: carry out described encryption data at the first deciphering according to described ID KI
Reason, and the legitimacy of described encryption data is judged according to the first decrypted result;When described judged result is legal, then judge institute
State the legitimacy of the second information;Described ID key is used to carry out second time decryption processing described second information, and according to the
Two results solving ciphertext data judge the legitimacy of described second information;Described certification is set by the legitimacy according to described second information
For being authenticated.
Alternatively, after certification is complete, main control device receives the second status information (configuration information and the state letter of authenticating device
Breath), and the first status information and second status information of self storage are made comparisons, carry out the use further to main control device
Situation further processes.
Method flow to this side of main control device in the following examples is described.
Authenticating device is detected in the safety of registration and the process of certification by the embodiment of the present invention by main control device, protects
Demonstrate,prove the safety issue of authenticating device.
The validity judgement in decrypting process to authenticating device holder's identity in Fig. 1: use ID KI pair
Encryption data carries out the first decryption oprerations;Obtain digital signature;The integrity of digital signature checked, when digital signature is not repaiied
Change, just can carry out the legitimacy of the holder holding authenticating device is verified;Use ID double secret key the first encryption data
Carry out the second decryption oprerations;Outer to first outer input information and second input information is contrasted;When the first outer input information and
Second outer input information is identical, and the identity legitimacy of the holder of authenticating device is proved to be successful, and can obtain awarding of main control device
Power operates accordingly;Illegal and/or the user that holds authenticating device the identity of authenticating device is illegal, terminates certification
The checking of equipment validity.
The structural representation of the Verification System that Fig. 4 provides for the embodiment of the present invention.As shown in Figure 4, this Verification System includes:
Authenticating device and main control device;Wherein;
Between main control device and authenticating device, connected mode includes: network, NFC communication, sound wave, picture (Quick Response Code), key
Dish inputs;Authenticating device sends registration request to main control device, and this registration request includes inputting outside first information;Main control device
After storage the first outer input information, sending the data characteristic information that main control device preserves, data characteristic information includes that ID, ID are close
Key and ID KI.
During certification, authenticating device initiates certification request to main control device, and main control device sends the first information to authenticating device;
Outside the authenticating device first information and second to receiving, input information uses the encryption of ID key to generate the second information, authenticating device pair
ID, the second information carries out data integrity and is calculated digital signature, and uses ID KI to be encrypted;Authenticating device will
ID, the second information, the signing messages after encryption passes to main control device.
Main control device judges the legitimacy of authenticating device according to digital signature, outer defeated according to the first outer input information and second
Enter information and judge the legitimacy of authenticating device holder's identity;The most now certification just completes, if digital signature is modified, recognizes
Demonstrate,prove unsuccessfully;If the first outer input information and the second outer input information differ, authentification failure;And pass through at digital signature identification
On the premise of, just can be authenticated the checking of equipment holder's legitimacy.
After certification is complete, main control device will be stored in the first status information (configuration information/state letter in main control device
Breath) issue authenticating device;In upper once certification, second status information (configuration information/status information) of authenticating device storage
Contrast with obtaining the first status information, the service condition of main control device is further processed.Afterwards, main control device equipment
Update the first status information (configuration information/status information that storage is new.
Simultaneously after certification completes, authenticating device can also send storage the second status information (configuration information/state letter
Breath) give main control device, main control device is further processed according to the second status information and the first status information.
It should be noted that the first outer input information and the second outer input information can be passwords, only whether certification sets
The standby password controlled that accesses, but the password of main control device storage, be the main control device part that needs certification.If password needs
Revise, then must revise the password of storage on main control device;And, password is the user input holding authenticating device,
So other people take authenticating device, owing to not knowing password, also cannot use authenticating device.
If it is to say, assailant obtains the right to use of authenticating device, but not knowing password, also cannot be by recognizing
Card.If assailant is aware of password, do not hold the authenticating device comprising the information such as ID, ID key and ID KI, yet
Certification cannot be passed through equally.Such dual factors combine, and improve the safety of use.Convenience and safety are contradiction,
But must take into account.
Alternatively, Verification System support, by the locally stored information of authenticating device, is deposited by the client of strong safety certification
Beyond the clouds, when user updates authenticating device, the locally stored information of authenticating device legal can download to new authenticating device in storage
On.Depend on the password that user is grasped, it is possible on new authenticating device, have authenticated conveniently by main control device.
The problem that this addresses the problem migration on authenticating device.
Alternatively, authenticating device and at least one main control device;Wherein;One authenticating device is carried out to multiple main control devices
Registration and certification, for same authenticating device, support that the number of main control device can be with infinite expanding, simply in the information supported
The coding information of the multiple main control device of middle increase, to be distinguished by.
Alternatively, a main control device can support unlimited authenticating device, simply after certification, is stored in main control device
The first status information there occurs change, say, that need upper once certification when main control device obtain the second state
Issuing authenticating device after information, authenticating device is further warned and prompting etc. processes.
Alternatively, after upper once certification, main control device obtains the second status information, in contrast the first status information and the
After two-state information, the service condition of main control device is further processed.Afterwards, main control device renewal of the equipment storage is new
The first status information.
Specifically, the change of the use state of main control device is mainly reflected in: authenticating device quantity changes, and has certification to set
Standby the most repeatedly need not, etc..When authenticating device is independent hardware, such as Intelligent bracelet, this point is still that extremely to be had
The function of benefit.
Characteristic information of the present invention, focuses on the safe handling of its two levels used of explanation, however it is not limited to
More data message is had to comprise wherein.
The present invention is by carrying out registering and certification to main control device by intelligent terminal, and then solves intelligent terminal as recognizing
The safety issue of card equipment.
Above detailed description of the invention, has been carried out the purpose of the present invention, technical scheme and beneficial effect the most in detail
Illustrate, be it should be understood that the detailed description of the invention that these are only the present invention, the protection model being not intended to limit the present invention
Enclose, all within the spirit and principles in the present invention, any modification, equivalent substitution and improvement etc. done, should be included in the present invention
Protection domain within.
Claims (7)
1. the method for a certification, it is characterised in that including:
Initiating registration request to main control device, wherein, described registration request includes inputting outside first information, in order to described master control
Equipment inputs information according to outside described first, registers described authenticating device, and it is special to send data to described authenticating device
Reference ceases;Wherein, described data characteristic information includes ID KI, ID and ID key;
Certification request is sent to described main control device, in order to described main control device sends according to the described data characteristic information received
The first information;
Use the first information described in described ID double secret key and the described second outer input information to carry out the first encryption, generate the second letter
Breath, and use ID KI that described second information carries out the second encryption, generate encryption data, in order to described main control device
According to described second information and described encryption data, described authenticating device is authenticated;
Receive the described authenticating device authentication result that described main control device sends.
Method the most according to claim 1, it is characterised in that described second information is carried out by described use ID KI
Second encryption, the step generating encryption data specifically includes: obtained described digital signature by described ID and described second information;Make
With ID KI, described digital signature is carried out the second encryption, generate described encryption data.
Method the most according to claim 1, it is characterised in that described method also includes:
Described authenticating device sends the second status information to described main control device.
4. an authentication method, it is characterised in that including:
Receive authenticating device send registration request, wherein, described registration request includes inputting outside first information, store described outside
Portion's input information;
Described authenticating device is registered, and sends data characteristic information to described authenticating device;Wherein, described characteristic information
Including ID, ID key and ID KI, in order to, described authenticating device sends certification request according to described data characteristic information;
Receive described certification request, send the first information, in order to described authenticating device according to the first information obtain the second information and
Encryption data;
Receive described second information and described encryption data that described authenticating device sends, and according to described second information and described
Described authenticating device is authenticated by the second encryption data.
Method the most according to claim 4, it is characterised in that described according to described second information and described encryption data pair
The step that described authenticating device is authenticated includes:
Described encryption data is carried out the first decryption processing according to described ID KI, and judges according to the first decrypted result
The legitimacy of described encryption data;When described judged result is legal, then judge the legitimacy of described second information;
Described second information use described ID key carry out second time decryption processing, and the result solving ciphertext data according to second
Judge the legitimacy of described second information;
Described authenticating device is authenticated by the legitimacy according to described second information.
Method the most according to claim 4, it is characterised in that described method also includes:
The first status information that described main control device sends to described authenticating device, in order to described authenticating device is according to described first
Status information sends the second status information;Wherein, described main control device stores described first status information.
7. a Verification System, it is characterised in that include Verification System as described in claim 1-3 any one claim and
Main control device as described in claim 4-6 any one claim.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610322177.2A CN106055966B (en) | 2016-05-16 | 2016-05-16 | A kind of authentication method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610322177.2A CN106055966B (en) | 2016-05-16 | 2016-05-16 | A kind of authentication method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106055966A true CN106055966A (en) | 2016-10-26 |
CN106055966B CN106055966B (en) | 2019-04-26 |
Family
ID=57177571
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610322177.2A Expired - Fee Related CN106055966B (en) | 2016-05-16 | 2016-05-16 | A kind of authentication method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106055966B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106878298A (en) * | 2017-02-08 | 2017-06-20 | 飞天诚信科技股份有限公司 | The integrated approach of a kind of authenticating device and website, system and device |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101282222A (en) * | 2008-05-28 | 2008-10-08 | 胡祥义 | Digital signature method based on CSK |
CN101557289A (en) * | 2009-05-13 | 2009-10-14 | 大连理工大学 | Storage safe key management method based on ID authentication |
CN101742499A (en) * | 2009-12-31 | 2010-06-16 | 优视科技有限公司 | Account number protection system for mobile communication equipment terminal and application method thereof |
CN102088353A (en) * | 2011-03-11 | 2011-06-08 | 道里云信息技术(北京)有限公司 | Two-factor authentication method and system based on mobile terminal |
CN103530548A (en) * | 2013-10-22 | 2014-01-22 | 山东神思电子技术股份有限公司 | Embedded terminal dependable starting method based on mobile dependable computing module |
CN104796265A (en) * | 2015-05-06 | 2015-07-22 | 厦门大学 | Internet-of-things identity authentication method based on Bluetooth communication access |
CN104915689A (en) * | 2015-04-15 | 2015-09-16 | 四川量迅科技有限公司 | Intelligent card information processing method |
US20150341343A1 (en) * | 2013-01-02 | 2015-11-26 | Siemens Aktiengesellschaft | RFID Tag and Method for Operating an RFID Tag |
-
2016
- 2016-05-16 CN CN201610322177.2A patent/CN106055966B/en not_active Expired - Fee Related
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101282222A (en) * | 2008-05-28 | 2008-10-08 | 胡祥义 | Digital signature method based on CSK |
CN101557289A (en) * | 2009-05-13 | 2009-10-14 | 大连理工大学 | Storage safe key management method based on ID authentication |
CN101742499A (en) * | 2009-12-31 | 2010-06-16 | 优视科技有限公司 | Account number protection system for mobile communication equipment terminal and application method thereof |
CN102088353A (en) * | 2011-03-11 | 2011-06-08 | 道里云信息技术(北京)有限公司 | Two-factor authentication method and system based on mobile terminal |
US20150341343A1 (en) * | 2013-01-02 | 2015-11-26 | Siemens Aktiengesellschaft | RFID Tag and Method for Operating an RFID Tag |
CN103530548A (en) * | 2013-10-22 | 2014-01-22 | 山东神思电子技术股份有限公司 | Embedded terminal dependable starting method based on mobile dependable computing module |
CN104915689A (en) * | 2015-04-15 | 2015-09-16 | 四川量迅科技有限公司 | Intelligent card information processing method |
CN104796265A (en) * | 2015-05-06 | 2015-07-22 | 厦门大学 | Internet-of-things identity authentication method based on Bluetooth communication access |
Non-Patent Citations (1)
Title |
---|
候红霞: "《基于数字签名的动态口令认证系统设计》", 《保密科学与技术》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106878298A (en) * | 2017-02-08 | 2017-06-20 | 飞天诚信科技股份有限公司 | The integrated approach of a kind of authenticating device and website, system and device |
WO2018145593A1 (en) * | 2017-02-08 | 2018-08-16 | 飞天诚信科技股份有限公司 | Method for integrating authentication device and website, system and apparatus |
CN106878298B (en) * | 2017-02-08 | 2019-11-29 | 飞天诚信科技股份有限公司 | A kind of integrated approach, system and the device of authenticating device and website |
Also Published As
Publication number | Publication date |
---|---|
CN106055966B (en) | 2019-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109150548B (en) | Digital certificate signing and signature checking method and system and digital certificate system | |
US11252142B2 (en) | Single sign on (SSO) using continuous authentication | |
US9780950B1 (en) | Authentication of PKI credential by use of a one time password and pin | |
WO2018127081A1 (en) | Method and system for obtaining encryption key | |
CN110177354A (en) | A kind of wireless control method and system of vehicle | |
CN105847247A (en) | Authentication system and working method thereof | |
TW201741922A (en) | Biological feature based safety certification method and device | |
JP2019508972A (en) | System and method for password assisted computer login service assisted mobile pairing | |
US10050791B2 (en) | Method for verifying the identity of a user of a communicating terminal and associated system | |
US9445269B2 (en) | Terminal identity verification and service authentication method, system and terminal | |
CN110545252B (en) | Authentication and information protection method, terminal, control function entity and application server | |
CN111552935B (en) | Block chain data authorized access method and device | |
CN109920100B (en) | Unlocking method and system of intelligent lock | |
CN107733636B (en) | Authentication method and authentication system | |
CN110995710B (en) | Smart home authentication method based on eUICC | |
CN103929307A (en) | Password input method, intelligent secret key device and client device | |
JP2012530311A5 (en) | ||
US8397281B2 (en) | Service assisted secret provisioning | |
CN107135205A (en) | A kind of method for network access and system | |
WO2019056971A1 (en) | Authentication method and device | |
CN112020716A (en) | Remote biometric identification | |
CN107609878B (en) | Security authentication method and system for shared automobile | |
CN108989331B (en) | Use authentication method of data storage device, device and storage medium thereof | |
CN110278084B (en) | eID establishing method, related device and system | |
JP2015122073A (en) | Method for generating one-time password and device for executing the same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190426 Termination date: 20200516 |