CN107493171A - Wireless radios, certificate server and authentication method - Google Patents

Wireless radios, certificate server and authentication method Download PDF

Info

Publication number
CN107493171A
CN107493171A CN201610410567.5A CN201610410567A CN107493171A CN 107493171 A CN107493171 A CN 107493171A CN 201610410567 A CN201610410567 A CN 201610410567A CN 107493171 A CN107493171 A CN 107493171A
Authority
CN
China
Prior art keywords
data
wireless radios
certificate server
processing
subelement
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610410567.5A
Other languages
Chinese (zh)
Inventor
郭丽敏
刘丹
俞军
王立辉
李清
白亮
张纲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Fudan Microelectronics Group Co Ltd
Original Assignee
Shanghai Fudan Microelectronics Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Fudan Microelectronics Group Co Ltd filed Critical Shanghai Fudan Microelectronics Group Co Ltd
Priority to CN201610410567.5A priority Critical patent/CN107493171A/en
Publication of CN107493171A publication Critical patent/CN107493171A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A kind of wireless radios, certificate server and authentication method.The wireless radios include:First authentication unit;First authentication unit includes:PUF subelements, encoder and second processing subelement, wherein:The PUF subelements, suitable for when getting the first challenge, handling the described first challenge, true response data corresponding to output;The encoder, suitable for carrying out coded treatment to the true response data, assistance data corresponding to acquisition is simultaneously sent to the certificate server;The second processing subelement, suitable for handling the true response data, the first processing data corresponding to acquisition, and send to the certificate server.Using above-mentioned wireless radios, wireless radios and the security in certificate server verification process can be improved.

Description

Wireless radios, certificate server and authentication method
Technical field
The present invention relates to wireless communication technology field, and in particular to a kind of wireless radios, certificate server and certification Method.
Background technology
Internet of Things is referred to as after computer, internet, the third wave of world information industry.Radio frequency identification (Radio Frequency Identification, RFID) technology as structure Internet of Things key technology, in recent years by The extensive concern of people.Wireless radios based on RFID are also more and more, for example, smart card, mobile terminal, microprocessor, Computer, router, set top box etc..
In actual applications, clone, impersonation attack, Replay Attack, malice monitorings, malicious intercepted, it is asynchronous attack etc. be To the primary challenge means of wireless radios.In order to tackle above-mentioned attack, wireless radios before use, it is generally necessary to Certificate server is mutually authenticated, and with the legitimacy of authentication verification both sides, improves the security subsequently used.
Under normal circumstances, it is mutually authenticated between wireless radios and certificate server and is all based on key, utilizes key Some random number is encrypted, so as to the legitimacy of authentication verification both sides.However, in the verification process, key needs to protect Deposit in the nonvolatile memory, such as EEPROM (Electrically Erasable Programmable Read-Only Memory, EEPROM), flash memory (FLASH) etc..Now, attacker can use probe, electricity The physical attacks technology such as sub- scanning mirror, to obtain the key.Once attacker obtains the key for certification, it is possible to a large amount of Forgery wireless radios, it is follow-up to be effectively ensured using the security of wireless radios.
It is unclonable that physics is provided with order to resist physical attacks and cloning attack, in wireless radios (Physically Unclonable Function, PUF) unit, is authenticated using PUF units.PUF technologies are current half The new breakthrough of conductor safe practice.PUF units give an input when upper electric, and it is based on unavoidably producing in manufacturing process Raw random physical difference, a unique uncertain response can be exported, input now is corresponding to the response Challenge.Because the response of PUF units need not store, therefore the memory space of wireless radios can be saved, also, be provided with The wireless radios of PUF units can resist physical attacks and cloning attack.
Each chip can be inevitably generated the difference between many individuals during its manufacturing, so nothing How to be designed by chip, in manufacturing process, small difference always produced between chip and chip, even in design, encapsulation, Under conditions of manufacturing process is completely the same, it is also not possible to copy two the same chips.The physical difference is from system Uncontrollable factor during making, so as to which PUF naturally possesses uniqueness, randomness and nonclonability.When PUF is upper electric, ring Should exist, when power down, response disappears.Even manufacturer can not also copy, so as to be widely used in safety and It is false proof.
However, in the existing wireless radios based on PUF and certificate server mutual authentication process, attacker's profit Remained able to forge wireless radios with corresponding attack meanses, cause the security of certification poor, user couple can not be met The requirement of security.
The content of the invention
Present invention solves the technical problem that it is how to improve wireless radios and the peace in certificate server verification process Quan Xing, to prevent attacker from forging wireless radios by attacking.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of wireless radios, the wireless radios Including:First authentication unit, the wireless radios are authenticated suitable for certificate server, the first authentication unit bag Include:PUF subelements, encoder and second processing subelement, wherein:The PUF subelements, the first challenge is got suitable for working as When, the described first challenge is handled, true response data corresponding to output;The encoder, suitable for the true sound Data are answered to carry out coded treatment, assistance data corresponding to acquisition is simultaneously sent to the certificate server;Second processing is single Member, suitable for handling the true response data, the first processing data corresponding to acquisition, and send to the authentication service Device, the wireless radios are recognized according to the assistance data and the first processing data by the certificate server Card.
Alternatively, first authentication unit also includes:First processing subelement, certificate server hair is received suitable for working as During the first data for certification sent, first challenge is obtained according to first data.
Alternatively, the wireless radios also include:Second authentication unit, suitable for right in the described first processing list member Before first data are handled, the certificate server is authenticated.
Alternatively, second authentication unit includes:Subelement is obtained, suitable for obtaining the second random number and sending to described Certificate server;3rd processing subelement, suitable for handling second random number, obtains second processing data;First Certification subelement, suitable for when receiving three processing data that the certificate server is sent, entering to the certificate server Row certification, wherein, the 3rd processing data is the data after the certificate server is handled second random number, It is and identical with the processing procedure of the second processing data.
Alternatively, first authentication unit also includes:Encryption sub-unit operable, suitable for being sent by the assistance data to institute Before stating certificate server, the assistance data is encrypted, and the assistance data after encryption is sent to institute State certificate server.
Alternatively, first authentication unit also includes:First key generates subelement, suitable for utilizing the 3rd data and institute State at least one generation first key stream in second processing data.
Alternatively, the second processing subelement, suitable for utilizing the first key stream, the true response data is entered Row processing.
Alternatively, the encryption sub-unit operable, suitable for utilizing the first key stream, place is encrypted to the assistance data Reason.
Alternatively, the PUF subelements are suitable to realize by weak PUF.
The embodiment of the present invention additionally provides a kind of certificate server, and the certificate server includes:3rd authentication unit, fit It is authenticated in wireless radios;3rd authentication unit includes:Response data acquisition subelement, decoder, the 4th Subelement and the second certification subelement are handled, wherein:The response data obtains subelement, suitable for described wireless when getting In radio-frequency apparatus during the first challenge of PUF subelements, according to the PUF physical characteristic parameter data prestored, obtain with it is described Normal response data corresponding to first challenge, wherein, the PUF physical characteristic parameters data are for producing normal response data Data;The decoder, suitable for when receiving the assistance data that the wireless radios are sent, to assistance data and mark Quasi- response data carries out decoding process, the first response data corresponding to acquisition, and the assistance data is to the described first challenge pair The true response data answered carries out the data after coded treatment;The fourth process subelement, suitable for first number of responses According to being handled, fourth process data are obtained;The second certification subelement, the wireless radios hair is received suitable for working as During the first processing data sent, based on the fourth process data and the first processing data, the wireless radios are carried out Certification, wherein, first processing data is the data after handling true response data corresponding to the described first challenge, The fourth process data are identical with the processing procedure of first processing data.
Alternatively, the 3rd authentication unit also includes:First data acquisition subelement and the first processing subelement, its In:The first data acquisition subelement, the wireless radios are delivered to suitable for obtaining the first Data Concurrent;At described first Subelement is managed, suitable for entering processing to first data, obtains first challenge.
Alternatively, the certificate server also includes:4th authentication unit, suitable in the 3rd authentication unit to described Before wireless radios are authenticated, interact with the wireless radios, recognized by the wireless radios Card.
Alternatively, the 4th authentication unit includes:3rd processing subelement, sets suitable for that ought receive the less radio-frequency During the second random number that preparation is sent, second random number is handled, obtains the 3rd processing data, and send to the nothing Line radio-frequency apparatus, the certificate server is authenticated based on the 3rd processing data by the wireless radios.
Alternatively, the 3rd authentication unit also includes:Subelement is decrypted, the wireless radios are received suitable for working as During assistance data after the encryption of transmission, the assistance data after the encryption is decrypted, obtains the assistance data.
Alternatively, the 3rd authentication unit also includes:Second key generates subelement, suitable for utilizing the 3rd data and institute State the key stream of at least one generation second in the 3rd processing data.
Alternatively, the fourth process subelement, suitable for utilizing second key stream, first response data is entered Row processing, obtains the fourth process data.
Alternatively, the decryption subelement is suitable to utilize second key stream, and the assistance data after the encryption is entered Row decryption, obtains the assistance data.
Alternatively, the quantity of the response data acquisition retrievable normal response data of subelement is deposited in advance more than described The quantity of the PUF physical characteristic parameter data of storage.
The embodiment of the present invention additionally provides a kind of authentication method of wireless radios, and methods described includes:When getting During the first challenge, the described first challenge input to PUF subelements are handled, true response data corresponding to acquisition;To institute State true response data and carry out coded treatment, assistance data corresponding to acquisition is simultaneously sent to the certificate server;To described true Real response data are handled, the first processing data corresponding to acquisition, and are sent to the certificate server, are taken by the certification Business device is authenticated according to the assistance data and the first processing data to the wireless radios.
Alternatively, methods described also includes:When receiving the first data of certificate server transmission, counted to described first According to being handled, first challenge is obtained.
Alternatively, methods described also includes:Before obtaining first data, the certificate server is authenticated.
Alternatively, before acquisition first data, the certificate server is authenticated, including:Obtain the Two random numbers are simultaneously sent to the certificate server;Second random number is handled, obtains second processing data;When connecing When receiving three processing data that the certificate server is sent, the certificate server is authenticated, wherein, the described 3rd Processing data be the certificate server second random number is handled after data, and with the second processing data Processing procedure it is identical.
The embodiment of the present invention additionally provides the authentication method of another wireless radios, and methods described includes:Work as acquisition Into the wireless radios during the first challenge of PUF subelements, according to the PUF physical characteristic parameter data prestored, Obtain normal response data corresponding with the described first challenge;When the assistance data for receiving the wireless radios transmission When, decoding process, the first response data corresponding to acquisition, the supplementary number are carried out to the assistance data and normal response data According to for the data after true response data progress coded treatment corresponding to the described first challenge;First response data is entered Row processing, obtains fourth process data;When receiving the first processing data that the wireless radios are sent, based on described The wireless radios are authenticated by fourth process data and the first processing data, wherein, first processing data is Data after handling true response data corresponding to the described first challenge, at the fourth process data and described first The processing procedure for managing data is identical.
Alternatively, methods described also includes:Obtain the first Data Concurrent and deliver to the wireless radios;To described first Data are handled, and obtain first challenge.
Alternatively, methods described also includes:Before first data are obtained, carried out in the wireless radios Certification.
Alternatively, it is described to be authenticated before first data are obtained in the wireless radios, including: When receiving the second random number that the wireless radios are sent, second random number is handled, obtains the 3rd Processing data, and send to the wireless radios, carried out by the wireless radios based on the 3rd processing data Certification.
Relative to prior art, this have the advantage that:
Using above-mentioned wireless radios, after the true response data for obtaining the output of PUF subelements, to the true response Data are retransmited to certificate server after being handled, rather than the true response data is sent directly into the authentication service Device, therefore can prevent attacker from obtaining and forge PUF subelements by analyzing the true output data of PUF subelements, and then It can prevent from forging wireless radios, improve wireless radios and the security in certificate server verification process.
Before handling the first data, the certificate server is authenticated, that is, in certificate server Before being authenticated to wireless radios, first certificate server is authenticated by wireless radios, can prevent from palming off Certificate server obtain assistance data and the first processing data, it is pre- to analyze so as to prevent attacker from passing through assistance data The true response data of PUF subelements is surveyed, and then prevents from forging wireless radios, thus can further improve less radio-frequency Equipment and the security in certificate server verification process.
Assistance data is being sent to before the certificate server, using fixed key or first key stream to described auxiliary Help data to be encrypted, the assistance data after encryption is retransmited to the certificate server, can prevent from attacking Person analyzes the true response data of prediction PUF subelements by assistance data, and then prevents from forging wireless radios, so as to Wireless radios and the security in certificate server verification process can further be improved.
Using first key stream described in generating random number, the first key stream can be caused more to be randomized, improve and add Close security.
By the first processing subelement when receiving the first data for certification that certificate server is sent, according to institute State the first data and obtain first challenge, can avoid because certificate server is to directly transmitting first between wireless radios Challenge, therefore can prevent attacker from obtaining and entering data to forge PUF subelements by analyzing the true of PUF subelements, enter And can prevent from forging wireless radios, further improve wireless radios and the safety in certificate server verification process Property.
The quantity that the retrievable normal response data of subelement are obtained due to the response data can be advance more than described The quantity of the PUF physical characteristic parameter data of storage, that is to say, that during actual authentication, certificate server can be based on pre- The assistance data that a small amount of PUF physical characteristic parameters data and wireless radios first stored are sent, recovers less radio-frequency and sets True challenge responses in standby realize the certification to wireless radios to data, and using the response data, therefore, when described In wireless radios PUF subelements by weak PUF to realize when, its attack protection can reach strong PUF effect, and can be with The cost of wireless radios is reduced, reduces the area of wireless radios.In addition, during actual authentication, the certification Server only stores PUF physical characteristic parameter data, and the storage that thus not only can further save certificate server is empty Between, and the data interaction between registration phase and wireless radios can be reduced, improve registration speed.
Brief description of the drawings
Fig. 1 is a kind of structural representation of first authentication unit and the 3rd authentication unit in the embodiment of the present invention;
Fig. 2 is the structural representation of another first authentication unit and the 3rd authentication unit in the embodiment of the present invention;
Fig. 3 is a kind of structural representation of second authentication unit and the 4th authentication unit in the embodiment of the present invention;
Fig. 4 is the structural representation of the authentication unit of another in the embodiment of the present invention first and the 3rd authentication unit;
Fig. 5 is a kind of flow chart of the authentication method of wireless radios in the embodiment of the present invention;
Fig. 6 is the flow chart of the authentication method of another wireless radios in the embodiment of the present invention.
Embodiment
In the wireless radios for being provided with PUF units, because PUF units are when upper electric, response is present, during power down, Response disappears, and therefore, is authenticated using PUF units, can prevent the physical attacks such as probe, electron scanning.It is further, since every Individual PUF units can all be inevitably generated the difference between many individuals during its manufacturing, and the physical difference is come Uncontrollable factor in manufacturing process is come from, so no matter how PUF units design, between PUF units and PUF units always In the presence of some small differences, under conditions of design, encapsulation, manufacturing process are completely the same, it is also not possible to copy two Individual the same PUF units, so as to which PUF units naturally possess uniqueness and nonclonability.
At present, during being mutually authenticated with certificate server, between wireless radios and certificate server Interacted with real data, that is to say, that wireless radios directly transmit real data with certificate server To other side.Wherein, the real data include the challenge of PUF units and true response data.In above-mentioned verification process, Attacker often can be by intercepting the True Data in verification process, and then the data to being intercepted are analyzed, according to point Result is analysed to forge PUF units, and then wireless radios can be forged.
In view of the above-mentioned problems, the embodiments of the invention provide a kind of wireless radios, the wireless radios include First authentication unit, second processing subelement is provided with first authentication unit, the second processing subelement can be right The true response data is handled, the first processing data corresponding to acquisition, and is sent to the certificate server, by described Certificate server is authenticated according to the assistance data and the first processing data to the wireless radios, due to described The non-true response data of first processing data in itself, therefore can prevent attacker by intercept the true response data come PUF subelements are forged, improve wireless radios and the security in certificate server verification process.
It is understandable to enable above-mentioned purpose, feature and the beneficial effect of the present invention to become apparent, below in conjunction with the accompanying drawings to this The specific embodiment of invention is described in detail.
Reference picture 1, the embodiments of the invention provide a kind of wireless radios, the wireless radios can include: First authentication unit 10.First authentication unit 10 is authenticated suitable for certificate server to the wireless radios.
In specific implementation, first authentication unit 10 can include:PUF subelements 102, encoder 103 and Two processing subelements 104, wherein:
The PUF subelements 102, it is defeated suitable for when getting the first challenge C1, challenging described first C1 processing True response data D1 corresponding to going out;
The encoder 103, suitable for carrying out coded treatment, assistance data corresponding to acquisition to the true response data D1 P1 is simultaneously sent to the certificate server;
The second processing subelement 104, suitable for the true response data D1 processing, first corresponding to acquisition Processing data T1, and send to the certificate server, by the certificate server according to the assistance data P1 and first Processing data T1 is authenticated to the wireless radios.
Accordingly, embodiments of the invention additionally provide a kind of certificate server, and the certificate server can include:The Three authentication units 20.3rd authentication unit 20 is suitable to be authenticated the wireless radios.
In specific implementation, the 3rd authentication unit 20 includes:Response data acquisition subelement 202, decoder 203, The certification subelement 204 of fourth process subelement 207 and second, wherein:
The response data obtains subelement 202, suitable for when getting the of PUF subelements in the wireless radios During one challenge C1, according to the PUF physical characteristic parameter data prestored, obtain and rung with the described first corresponding C1 of challenge standard Data D0 is answered, wherein, the PUF physical characteristic parameters data are the data for producing normal response data;
The decoder 203, suitable for when receiving the assistance data P1 that the wireless radios are sent, to supplementary number Decoding process is carried out according to P1 and normal response data D0, the first response data D2, the assistance data P1 corresponding to acquisition is pair True response data D1 corresponding to the first challenge C1 carries out the data after coded treatment;
The fourth process subelement 207, suitable for the first response data D2 processing, obtaining fourth process number According to T4;
The second certification subelement 204, suitable for when the first processing data for receiving the wireless radios transmission During T1, based on the fourth process data T4 and the first processing data T1, the wireless radios are authenticated.Wherein, The first processing data T1 is the data after handling true response data D1 corresponding to the described first challenge C1, described Fourth process data T4 is identical with the processing procedure of the first processing data T1.
In specific implementation, wireless radios based on PUF be mutually authenticated with certificate server before, it is necessary in certification Registered on server.In registration phase, certificate server reads the PUF physics of PUF subelements 102 in wireless radios Characteristic parameter data.Usual registration process is carried out in security context, and is only carried out once.After registration terminates, PUF physics is read The interface of characteristic parameter data is closed forever.In authentication phase, PUF subelements 102 based on response caused by the challenge inputted, Referred to as true response data;Certificate server is based on the challenge inputted, the sound obtained from PUF physical characteristic parameter data Answer, referred to as normal response data.Certain connection corresponding to same challenge between normal response data and true response data be present System, is encoded to true response data using encryption algorithm, corresponding assistance data can be obtained, using decoding algorithm to institute State normal response data and assistance data carries out decoding process, corresponding true response data can be obtained.Based on normal response Relation between data, true response data and assistance data three, certificate server can be carried out to wireless radios Certification, to confirm the legitimacy of wireless radios.
In specific implementation, the wireless radios can obtain the first challenge C1 in several ways, specifically It is unrestricted.
In one embodiment of this invention, first authentication unit 10 can also include:First processing subelement 101, Suitable for when receive certificate server transmission the first data R1 for certification when, according to the first data R1 acquisition described in First challenge C1.
Accordingly, the 3rd authentication unit 20 can also include:First data acquisition subelement 201, and at first Manage subelement 101.Wherein, the first data acquisition subelement 201 is suitable to obtain the first data R1 and sent to described wireless Radio-frequency apparatus.The first processing subelement 101 is suitable to the first data R1 processing, obtains first challenge C1。
It should be noted that in specific implementation, the first data acquisition subelement 201 can be produced or set from other The first data R1 of standby middle acquisition.The first data R1 can be random number, or selected in the set of finite number evidence Any data taken, can also be for the first challenge C1 in itself, and length is unrestricted.It is specific that no matter the first data R1 is What, as long as the first processing subelement 101 receives the first data R1, can be translated into the first challenge C1. Wherein, the length of the first challenge C1 is identical with the length for the challenge that PUF subelements 102 are allowed.Specific transform mode bag Include but be not limited to forward, encrypt, related operation etc..The first processing subelement 101 can select corresponding Processing Algorithm to hold The above-mentioned conversion process of row.
For example, the first processing subelement can be by way of crypto-operation, at the first data R1 Reason.Wherein, selected cryptographic algorithm can be digest algorithm, such as SHA-256 etc.;Can also be symmetric cryptographic algorithm, example Such as, DES algorithms, RC2 algorithms, RC4 algorithms, RC5 algorithms and Blowfish algorithms etc.;Can also be asymmetric cryptographic algorithm, example Such as RSA Algorithm, ECC algorithm and Knapsack algorithms.Wherein, the cryptographic algorithm can also include but is not limited to above-mentioned standard Algorithm and the custom algorithm of simplification.The first processing subelement 101 carries out parameter selected during above-mentioned processing to utilize institute Required parameter when the Processing Algorithm of selection is handled, the key of including but not limited to above-mentioned cryptographic algorithm.
First data R1 is sent to wireless radios, rather than the challenge of PUF subelements 102 is sent directly to wirelessly Radio-frequency apparatus, even if attacker is truncated to the first data R1, it is single also PUF can not to be forged by the analysis to the first data R1 Member 102.
In the first authentication unit 10, the first processing subelement 101 obtains the first challenge to the first data R1 processing After C1, the first challenge C1 is inputted to the PUF subelements 102, corresponding true response data D1 can be obtained.This truly rings Data D1 is answered certain contact to be present with corresponding normal response data D0.True response data D1 is carried out by encoder 103 Coded treatment, corresponding assistance data P1 can be obtained and sent to certificate server.
In the 3rd authentication unit 20, the first processing subelement 101 obtains the first challenge to the first data R1 processing After C1, subelement 201 is obtained from the PUF physical characteristic parameter data prestored by response data, obtained and described first Normal response data D0 corresponding to C1 is challenged, and then normal response data D0 and assistance data P1 are entered by decoder 203 again Row decoding, obtains the first response data D2, by fourth process subelement 207 to the first response data D2 processing, obtains Fourth process data T4, fourth process data T4 and the first processing data T1 are finally compared by the second certification subelement 204, sentenced Whether identical both disconnected, if identical, the wireless radios are legal, and otherwise the wireless radios are illegal 's.
It should be noted that in specific implementation, the fourth process subelement 207 to the first response data D2 at During reason, there may be a variety of processing modes, including but not limited to encryption, related operation etc..For example, the fourth process subelement 207 can select corresponding digest algorithm, symmetric cryptographic algorithm or asymmetric cryptographic algorithm to the first response data D2 It is encrypted, arithmetic operation can also be carried out to the first response data D2 by crc computings etc..Specifically it is referred to The above-mentioned description to the first processing subelement 101 is implemented, and here is omitted.
It should be noted that in specific implementation, the fourth process data T4 and second processing data T2 place Reason process is identical, that is to say, that the fourth process subelement 207 and the second processing subelement 104 use identical Processing Algorithm and parameter are handled the data each inputted.Such as when the fourth process subelement 207 is added using DES When first response data D2 is encrypted close algorithm, the second processing subelement 104 also uses des encryption algorithm pair True response data D1 is encrypted, and the fourth process subelement 207 and second processing subelement 104 are added Key during close processing is identical.
At present, PUF generally includes two classes, and one kind is strong PUF, and one kind is weak PUF.Wherein, there is substantial amounts of challenge in strong PUF Response pair, attack protection is strong, but manufacturing cost is high, and using complexity, such as Arbiter PUF etc. are based on circuit delay PUF, or CNN PUF based on analog circuit etc..Weak PUF only exists a small amount of challenge responses pair, and attack protection is weak, but is manufactured into This is relatively low, and use is easier, such as the memory such as static memory SRAM, flash memory Flash PUF.It is existing wirelessly to penetrate It is authenticated in frequency equipment usually using strong PUF, because strong PUF needs special circuit, for security, it is necessary to replicate multiple Identical special circuit, so as to cause the cost of wireless radios higher, area is larger.
In an embodiment of the present invention, the PUF physical characteristic parameters data prestored can be to characterize the nothing The relevant parameter of the physical features of PUF subelements 102 in line radio-frequency apparatus, it is generally used for producing normal response data.For example, work as When PUF subelements 102 are SRAM PUF, the PUF physical characteristic parameters can be SRAM whole byte values.When PUF is single Member 102 be ring shake PUF when, the PUF physical characteristic parameters can be the frequency values that shake of ring.
In registration phase, the certificate server can read PUF physical characteristic parameters from the wireless radios Data, it is mutually authenticated using PUF physical characteristic parameters data with wireless device.
In an embodiment of the present invention, the PUF subelements 102 can both be realized by strong PUF, can also be by weak PUF is realized.When the PUF subelements 102 are weak PUF, because the response data obtains 202 retrievable mark of subelement The quantity of quasi- response data is more than the quantity of the PUF physical characteristic parameter data prestored.That is, actual authentication During, certificate server can be sent based on a small amount of PUF physical characteristic parameters data prestored and wireless radios Assistance data, recover true challenge responses in wireless radios to data, and realize to nothing using the response data The certification of line radio-frequency apparatus, therefore, when in the wireless radios PUF subelements 102 by weak PUF to realize when, it is anti- Aggressiveness can reach strong PUF effect, and can reduce the cost of wireless radios, reduce the face of wireless radios Product.
In addition, during actual authentication, the certificate server only stores PUF physical characteristic parameter data, by This not only can further save the memory space of certificate server, and can reduce registration phase and wireless radios it Between data interaction, improve registration speed.
For example, when the PUF subelements 102 are the SRAM PUF of 256 bytes, in registration phase, the authentication service Device can read SRAM 256 byte values, that is, SRAM PUF PUF physical characteristic parameter data from wireless device, It is designated as data [0]~data [255].It is single to obtain PUF to the first data R1 processing for first processing subelement 101 First challenge C1 of member 102, wherein C1 is 32 bytes, is designated as C [0]~C [31].Then correspond to the first challenge C1 normal response number According to for D0=data [C [0]]~data [C [31]], wherein, any byte in C [0]~C [31] can from data [0]~ Data is selected at random in [255], and based on 256 byte values, response data, which obtains subelement 202, can produce (28)32It is individual to choose War response pair, and (28)32Attack protection of the individual challenge responses to the strong PUF that is enough to compare.
And for example, when the PUF subelements 102 shake PUF for the ring of 256 ring vibration frequencies, in registration phase, the certification Server can read the frequency values that 256 rings shake from wireless device, that is, ring shakes PUF PUF physical characteristic parameter numbers According to being designated as f [0]~f [255].First processing subelement 101 obtains PUF subelements to the first data R1 processing 102 the first challenge C1, wherein C1 is 32 bytes, is designated as C [0]~C [31].The mark of PUF units can be obtained in the following manner Quasi- response:[[i [] > f [C [i+1]], if corresponding first challenge C1 normal response data D0 i+1 bit is 1 to C to f;If f [[during i []≤f [C [i+1]], corresponding first challenge C1 normal response data D0 i+1 bit is 0 to C.Based on this 256 The frequency values that ring shakes, response data, which obtains subelement 202, can produce 231Individual challenge responses pair.
In specific implementation, in order to obtain higher security, the certificate server can be limited and wirelessly penetrated to described The number that frequency equipment is authenticated.For example, the certificate server only can carry out 20 certifications to the wireless radios, if When reaching certification number, the wireless radios are that is, described by the certification of certificate server, then final authentication failure not yet Wireless radios are illegal equipment.In such cases, the first data in each verification process can be from comprising n Randomly selected in the set of numerical value, or be random number, as long as so that the first data in each certification differ.
Reference picture 2, in another embodiment of the present invention, there is provided a kind of wireless radios and corresponding authentication service Device.It is with the embodiment difference shown in Fig. 1, first authentication unit 10 also includes:Encryption sub-unit operable 105.Institute State encryption sub-unit operable 105 to be suitable to send to before the certificate server by the assistance data P1, to the assistance data P1 is encrypted, and the assistance data P0 after encryption is sent to the certificate server.Wherein, the key can Think fixed key, or specific unrestricted using key stream caused by random number.
Accordingly, the 3rd authentication unit 30 can also include:Decrypt subelement 205.The decryption subelement 205 is suitable When as the assistance data P0 after receiving the encryption that the wireless radios send, to the assistance data P0 after the encryption It is decrypted.
In specific implementation, the encryption sub-unit operable 105 can be entered using symmetric cryptographic algorithm to the assistance data P1 Row encryption, can also be encrypted to the assistance data P1 using asymmetric cryptographic algorithm, be specifically referred to above-mentioned to institute The description for stating the first processing subelement 101 and second processing subelement 104 is implemented.
It is understood that when the assistance data P0 after encryption is decrypted the decryption subelement 205, it is selected Decipherment algorithm is corresponding with the cryptographic algorithm selected by encryption sub-unit operable 105.Such as the cryptographic algorithm that encryption sub-unit operable 105 selects For des encryption algorithm when, the decryption subelement 205 can select corresponding to DES decipherment algorithms.By decrypting subelement 205 Decryption, assistance data P1 can be obtained, so as to being solved by decoder 203 to assistance data P1 and normal response data D0 Code processing, obtains the first response data D2.
, both can be by wireless radios when wireless radios are mutually authenticated with certificate server in specific implementation First certificate server is authenticated, then the wireless radios are authenticated by certificate server, can also be by described Certificate server is first authenticated to the wireless radios, then certificate server is recognized by the wireless radios Card, specific authentication sequence is unrestricted, but no matter is authenticated in what order, not enough into limitation of the present invention, and Within protection scope of the present invention.
Reference picture 3, in another embodiment of the present invention, there is provided a kind of wireless radios and corresponding authentication service Device.It is with the embodiment difference shown in Fig. 1, in addition to first authentication unit, the wireless radios may be used also With including:Second authentication unit 11.Second authentication unit 11 is suitable to before first data are obtained, to the certification Server is authenticated.That is, during specific certification, first the certificate server is authenticated by wireless radios, The wireless radios are authenticated by certificate server again, thus it can be prevented that the certificate server of personation is aided in Data and the first processing data T1, further improve wireless radios and the security in certificate server verification process.
In specific implementation, second authentication unit 11 can include:Obtain subelement 111, the 3rd processing subelement 112 and the first certification subelement 113.Wherein:
The acquisition subelement 111, suitable for obtaining the second random number R 2 and sending to the certificate server;
The 3rd processing subelement 112, suitable for handling second random number R 2, obtains second processing data T2;
The first certification subelement 113, suitable for as the 3rd processing data T3 for receiving the certificate server transmission When, the certificate server is authenticated, wherein, the 3rd processing data T3 is the certificate server to described second Random number R 2 handled after data, and with the second processing data T2 corresponding to Processing Algorithm and parameter it is identical.
Accordingly, the certificate server can include:4th authentication unit 21, suitable in the 3rd authentication unit 11 to institute State before wireless radios are authenticated, interact with the wireless radios, carried out by the wireless radios Certification.
In specific implementation, the 4th authentication unit 21 can include:3rd processing subelement 112, suitable for when reception To the wireless radios send the second random number R 2 when, second random number R 2 is handled, obtained at the 3rd Data T3 is managed, and is sent to the wireless radios, the 3rd T3 pairs of the processing data is based on by the wireless radios The certificate server is authenticated.
It should be noted that in specific implementation, second random number R 2 can be by the wireless radios from Got by the wireless radios caused by body or from miscellaneous equipment, also, second random number R 2 Length, concrete numerical value and the form of expression it is unrestricted.
In specific implementation, the second processing data T2 is identical with the processing procedure of the 3rd processing data T3, That is the second processing data T2 and the 3rd processing data T3 are resulting number after identical processing procedure respectively According to.Wherein, the 3rd processing subelement 112 is treated journey to second random number R 2, is referred to above-mentioned to the Description when one processing subelement 101 is handled the first data R1, here is omitted.
In specific implementation, the first certification subelement 113 receives the 3rd processing that the certificate server is sent , can be by the 3rd processing data T3 compared with the second processing data T2 during data T3.If the two is identical, institute Certificate server is stated by certification, i.e., described certificate server is legal certificate server, and then can be recognized by described first Card unit interacts with certificate server, completes certification of the certificate server to the wireless radios, otherwise described to recognize Card server is illegal certificate server.
Reference picture 4, in one more embodiment of the present invention, there is provided a kind of wireless radios and corresponding certification clothes Business device.Unlike the embodiment shown in Fig. 2, first authentication unit 10 can also include:First key generation Unit 106.The first key generation subelement 106 is suitable to utilize in the 3rd data R3 and second processing data T2 at least One generation first key stream key1.
Accordingly, the certificate server 20 can also include:Second key generates subelement 206, second key Subelement 206 is generated to be suitable to utilize the key stream of at least one generation second in the 3rd data R3 and the 3rd processing data T3 key2。
In specific implementation, first key generation subelement 106 can be merely with including the 3rd data R3 generations the One key stream key1, first key stream key1 can also be generated merely with second processing data T2, the 3rd can also be utilized simultaneously Data R3 and second processing data T2 generation first key streams key1.Because the 3rd data R3 can be random number, also may be used Think the first data R1, or be fixed data, therefore, the first key stream key1 can be random key, or Fixed key.Certainly, when the 3rd data R3 and the first data R1 are differed, the first key generation subelement 106 may be used also It is specific unrestricted to generate first key stream key1 using the first data R1, as long as the security of processing can be improved.
In specific implementation, second key generation subelement 206 can be merely with including the 3rd data R3 generations the One key stream key2, first key stream key2 can also be generated merely with the 3rd processing data T3, the 3rd can also be utilized simultaneously Data R3 and the 3rd processing data T3 generation first key streams key2.Because the 3rd data R3 can be random number, also may be used Think the first data R1, or be fixed data, therefore, the first key stream key2 can be random key, or Fixed key.Certainly, the second key generation subelement 206 can also utilize the first data R1 generation first key streams Key2, it is specific unrestricted, as long as the security of processing can be improved.
Now, in the first authentication unit 10, it is described first processing subelement 101, second processing subelement 104 and The first key stream that first key generation subelement 106 is generated can be partly or entirely utilized in encryption sub-unit operable 105 Key1 processing.For example the first processing subelement 101 can be carried out using first key stream key1 to the first data R1 Encryption.The second processing subelement 104 true response data D1 can be encrypted using first key stream key1 Processing.The encryption sub-unit operable 105 assistance data P1 can be encrypted using first key stream key1.
In the 3rd authentication unit 20, the first processing subelement 101, fourth process subelement 207 and the solution Some or all of the second key stream that the second key generation subelement 206 can be utilized to be generated in close subelement 205 Key2 processing.For example the first processing subelement 101 can utilize the second key stream key2 to entering to the first data R1 Row encryption, the decryption subelement 205 can be solved using the second key stream key2 to the assistance data P0 after encryption Close processing.
It should be noted that in specific implementation, the first processing subelement 101, second processing subelement 104, the When three processing subelements 112 and encryption sub-unit operable 105 are handled corresponding data, and decryption subelement 205 is to phase When processing is decrypted in the data answered, different keys can be used respectively, can also part subelement use identical key, Can also whole subelements use identical key, it is specific unrestricted, as long as identical or corresponding subelement uses phase Same key.Also, key used in each subelement can be generated by the wireless radios itself, Can the wireless radios got from miscellaneous equipment.But no matter specifically the key is obtained in which way, It is not construed as limiting the invention, and within protection scope of the present invention.
It should be noted that in specific implementation, it is if wireless radios are by the certification to certificate server, i.e., described Certificate server is legal, and now the second processing data T2 and the 3rd processing data T3 are identical, the first authentication unit 10 In key of the first processing subelement 101 when handling the first data, with the first processing in the 3rd authentication unit 20 Key when subelement 101 is handled the first data is also just identical.If the certificate server is the server of personation, The stage is authenticated to certificate server in wireless radios, second processing data T2 and the 3rd processing data T3 are different, the Key when the first processing subelement 101 in one authentication unit 10 is handled the first data, with the 3rd authentication unit 20 In key of the first processing subelement 101 when handling the first data it is also just different, ultimately result in wireless radios The certification of certificate server can not be passed through.
In summary, the wireless radios and certificate server in the embodiment of the present invention, in the process being mutually authenticated In, the part or all of data interacted are handled, and then can prevent attacker from obtaining corresponding data and analyze, from And can prevent that attacker from forging the PUF subelements in wireless radios, improve the security in verification process.
In specific implementation, those skilled in the art are as needed, can use what is provided in the above embodiment of the present invention Wireless radios and its corresponding certificate server, less radio-frequency Verification System is formed, correspondingly improves less radio-frequency Security in equipment and certificate server mutual authentication process.
In order that those skilled in the art more fully understand and realized the present invention, below to above-mentioned wireless radios and Authentication method is described in detail corresponding to certificate server.
Reference picture 5, the embodiments of the invention provide a kind of authentication method of wireless radios, methods described can include Following steps:
Step 51, when getting the first challenge, the described first challenge input to PUF subelements is handled, obtained Corresponding true response data.
Step 52, coded treatment is carried out to the true response data, assistance data corresponding to acquisition is simultaneously sent to described Certificate server.
Step 53, the true response data is handled, the first processing data corresponding to acquisition, and sent to described Certificate server, by the certificate server according to the assistance data and the first processing data to the wireless radios It is authenticated.
It should be noted that in specific implementation, the execution sequence of step 52 and step 53 is unrestricted, both can first hold Row step 52, then perform step 53, can also first carry out step 53, then perform step 52, can also perform simultaneously step 52 and 53。
In specific implementation, methods described can also include:
Step 54, when receiving the first data of certificate server transmission, first data is handled, obtained First challenge.
That is, the first data sent by the certificate server, to obtain the first challenge.
In specific implementation, methods described can also include:Before handling first data, to the certification Server is authenticated.Specifically, it can first obtain the second random number and send to the certificate server, then to described second Random number is handled, and obtains second processing data, finally receives the 3rd processing data that the certificate server is sent again When, the certificate server is authenticated, wherein, the 3rd processing data be the certificate server to described second with Machine number R2 handled after data, it is and identical with the processing procedure of the second processing data.
Reference picture 6, the embodiment of the present invention additionally provide the authentication method of another wireless radios, and methods described can be with Comprise the following steps:
Step 61, when getting the first challenge of PUF subelements in the wireless radios, according to what is prestored PUF physical characteristic parameter data, obtain normal response data corresponding with the described first challenge.
Step 62, when receiving the assistance data that the wireless radios are sent, to assistance data and normal response Data carry out decoding process, the first response data corresponding to acquisition.
Wherein, the assistance data is that the number after coded treatment is carried out to true response data corresponding to the described first challenge According to.
Step 63, first response data is handled, obtains fourth process data.
Step 64, when receiving the first processing data that the wireless radios are sent, based on the fourth process The wireless radios are authenticated by data and the first processing data.
Wherein, first processing data is the number after handling true response data corresponding to the described first challenge According to the fourth process data are identical with the algorithm of processing and parameter corresponding to first processing data.
In specific implementation, methods described can also include:Step 65 and step 66.Specifically,
Step 65, obtain the first Data Concurrent and deliver to the wireless radios.
Step 66, first data are handled, obtains first challenge.
In specific implementation, methods described can also include:Before first data are obtained, in the less radio-frequency It is authenticated in equipment.Specifically, when receiving the second random number that the wireless radios are sent, to described second with Machine number is handled, and obtains the 3rd processing data, and is sent to the wireless radios, is based on by the wireless radios 3rd processing data is verified to the certificate server.
It should be noted that in the above embodiment of the present invention, the wireless radios are based on wireless radio-frequency Equipment, including but not limited to smart card, mobile terminal, microprocessor, computer, router, set top box etc..It is specific no matter institute State wireless radios the form of expression how, not enough into limitation of the present invention, and protection scope of the present invention it It is interior.
It should be noted that in the above embodiment of the present invention, the certificate server is and the wireless radios The less radio-frequency server of adaptation.For example the wireless radios, when being smart card, the certificate server can be Card Reader Device.Also, the certificate server can be an independent private server, other services can also be provided simultaneously, such as One piece of special memory block and memory field can be opened up on other servers, to provide performance monitoring service.Certainly, either Using the certificate server of which kind of mode, as long as data interaction can be carried out with the wireless radios.
As shown in the above, the authentication method in the embodiment of the present invention, during being mutually authenticated, by being handed over Mutual part or all of data are handled, and then can be prevented attacker from obtaining corresponding data and be analyzed, so as to prevent Only attacker forges the PUF subelements in wireless radios, improves the security in verification process.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can To instruct the hardware of correlation to complete by program, the program can be stored in a computer-readable recording medium, storage Medium can include:ROM, RAM, disk or CD etc..
Although present disclosure is as above, the present invention is not limited to this.Any those skilled in the art, this is not being departed from In the spirit and scope of invention, it can make various changes or modifications, therefore protection scope of the present invention should be with claim institute The scope of restriction is defined.

Claims (26)

  1. A kind of 1. wireless radios, it is characterised in that including:First authentication unit, suitable for certificate server to described wireless Radio-frequency apparatus is authenticated, and first authentication unit includes:PUF subelements, encoder and second processing subelement, its In:
    The PUF subelements, it is true corresponding to output suitable for when getting the first challenge, handling the described first challenge Real response data;
    The encoder, suitable for carrying out coded treatment to the true response data, assistance data corresponding to acquisition is simultaneously sent extremely The certificate server;
    The second processing subelement, suitable for handling the true response data, the first processing data corresponding to acquisition, And send to the certificate server, by the certificate server according to the assistance data and the first processing data to described Wireless radios are authenticated.
  2. 2. wireless radios as claimed in claim 1, it is characterised in that first authentication unit also includes:At first Subelement is managed, suitable for when receiving the first data for certification of certificate server transmission, being obtained according to first data Obtain first challenge.
  3. 3. wireless radios as claimed in claim 2, it is characterised in that also include:Second authentication unit, suitable for described Before first processing list member is handled first data, the certificate server is authenticated.
  4. 4. wireless radios as claimed in claim 3, it is characterised in that second authentication unit includes:
    Subelement is obtained, suitable for obtaining the second random number and sending to the certificate server;
    3rd processing subelement, suitable for handling second random number, obtains second processing data;
    First certification subelement, suitable for when receiving three processing data that the certificate server is sent, to the certification Server is authenticated, wherein, the 3rd processing data is that the certificate server is handled second random number Data afterwards, and it is identical with the processing procedure of the second processing data.
  5. 5. wireless radios as claimed in claim 4, it is characterised in that first authentication unit also includes:Encryption Unit, suitable for being sent by the assistance data to before the certificate server, the assistance data is encrypted, And the assistance data after encryption is sent to the certificate server.
  6. 6. wireless radios as claimed in claim 5, it is characterised in that first authentication unit also includes:First is close Key generates subelement, suitable for utilizing at least one generation first key stream in the 3rd data and the second processing data.
  7. 7. wireless radios as claimed in claim 6, it is characterised in that the second processing subelement, suitable for utilizing institute First key stream is stated, the true response data is handled.
  8. 8. wireless radios as claimed in claim 6, it is characterised in that the encryption sub-unit operable, suitable for utilizing described the One key stream, the assistance data is encrypted.
  9. 9. the wireless radios as described in any one of claim 1~8, it is characterised in that the PUF subelements are suitable to pass through Weak PUF is realized.
  10. A kind of 10. certificate server, it is characterised in that including:3rd authentication unit, suitable for recognizing wireless radios Card;3rd authentication unit includes:Response data obtains subelement, decoder, fourth process subelement and the second certification Subelement, wherein:
    The response data obtains subelement, suitable for when the first challenge for getting PUF subelements in the wireless radios When, according to the PUF physical characteristic parameter data prestored, normal response data corresponding with the described first challenge are obtained, its In, the PUF physical characteristic parameters data are the data for producing normal response data;
    The decoder, suitable for when receiving the assistance data that the wireless radios are sent, to assistance data and standard Response data carries out decoding process, the first response data corresponding to acquisition, and the assistance data is corresponding to the described first challenge True response data carry out coded treatment after data;
    The fourth process subelement, suitable for handling first response data, obtain fourth process data;
    The second certification subelement, suitable for when receiving the first processing data that the wireless radios are sent, being based on The wireless radios are authenticated by the fourth process data and the first processing data, wherein, the first processing number According to for the data after handling true response data corresponding to the described first challenge, the fourth process data and described the The processing procedure of one processing data is identical.
  11. 11. certificate server as claimed in claim 10, it is characterised in that the 3rd authentication unit also includes:First number According to acquisition subelement and the first processing subelement, wherein:
    The first data acquisition subelement, the wireless radios are delivered to suitable for obtaining the first Data Concurrent;
    The first processing subelement, suitable for entering processing to first data, obtain first challenge.
  12. 12. certificate server as claimed in claim 11, it is characterised in that also include:4th authentication unit, suitable for described Before 3rd authentication unit is authenticated to the wireless radios, interacted with the wireless radios, by described Wireless radios are authenticated.
  13. 13. certificate server as claimed in claim 12, it is characterised in that the 4th authentication unit includes:3rd processing Subelement, suitable for when receiving the second random number that the wireless radios are sent, at second random number Reason, the 3rd processing data is obtained, and sent to the wireless radios, the described 3rd is based on by the wireless radios Reason data are authenticated to the certificate server.
  14. 14. certificate server as claimed in claim 13, it is characterised in that the 3rd authentication unit also includes:Decryption Unit, suitable for when the assistance data after receiving the encryption that the wireless radios send, to the auxiliary after the encryption Data are decrypted, and obtain the assistance data.
  15. 15. certificate server as claimed in claim 14, it is characterised in that the 3rd authentication unit also includes:Second is close Key generates subelement, suitable for utilizing the key stream of at least one generation second in the 3rd data and the 3rd processing data.
  16. 16. certificate server as claimed in claim 15, it is characterised in that the fourth process subelement, suitable for utilizing institute The second key stream is stated, first response data is handled, obtains the fourth process data.
  17. 17. certificate server as claimed in claim 15, it is characterised in that the decryption subelement is suitable to utilize described second Key stream, the assistance data after the encryption is decrypted, obtains the assistance data.
  18. 18. the certificate server as described in any one of claim 10~17, it is characterised in that it is single that the response data obtains son The quantity of the retrievable normal response data of member is more than the quantity of the PUF physical characteristic parameter data prestored.
  19. A kind of 19. authentication method of wireless radios, it is characterised in that including:
    When getting the first challenge, the described first challenge input is handled to PUF subelements, truly rung corresponding to acquisition Answer data;
    Coded treatment is carried out to the true response data, assistance data corresponding to acquisition is simultaneously sent to the certificate server;
    The true response data is handled, the first processing data corresponding to acquisition, and sent to the certificate server, The wireless radios are authenticated according to the assistance data and the first processing data by the certificate server.
  20. 20. the authentication method of wireless radios as claimed in claim 19, it is characterised in that also include:
    When receiving the first data of certificate server transmission, first data are handled, described first is obtained and chooses War.
  21. 21. the authentication method of wireless radios as claimed in claim 20, it is characterised in that also include:Obtain described Before one data, the certificate server is authenticated.
  22. 22. the authentication method of wireless radios as claimed in claim 21, it is characterised in that described to obtain first number According to before, the certificate server is authenticated, including:
    Obtain the second random number and send to the certificate server;
    Second random number is handled, obtains second processing data;
    When receiving three processing data that the certificate server is sent, the certificate server is authenticated, wherein, 3rd processing data is the data after the certificate server is handled second random number, and with described second The processing procedure of processing data is identical.
  23. A kind of 23. authentication method of wireless radios, it is characterised in that including:
    When getting the first challenge of PUF subelements in the wireless radios, according to the PUF physical features prestored Supplemental characteristic, obtain normal response data corresponding with the described first challenge;
    When receiving the assistance data that the wireless radios are sent, the assistance data and normal response data are carried out Decoding process, the first response data corresponding to acquisition, the assistance data are to true number of responses corresponding to the described first challenge According to the data after progress coded treatment;
    First response data is handled, obtains fourth process data;
    When receiving the first processing data that the wireless radios are sent, at the fourth process data and first Data are managed, the wireless radios are authenticated, wherein, first processing data is to corresponding to the described first challenge Data after truly response data is handled, the processing procedure phase of the fourth process data and first processing data Together.
  24. 24. the authentication method of wireless radios as claimed in claim 23, it is characterised in that also include:
    Obtain the first Data Concurrent and deliver to the wireless radios;
    First data are handled, obtain first challenge.
  25. 25. the authentication method of wireless radios as claimed in claim 24, it is characterised in that also include:Described in acquisition Before first data, it is authenticated in the wireless radios.
  26. 26. the authentication method of wireless radios as claimed in claim 25, it is characterised in that described to obtain described first Before data, it is authenticated in the wireless radios, including:
    When receiving the second random number that the wireless radios are sent, second random number is handled, obtained 3rd processing data, and send to the wireless radios, it is based on the 3rd processing data by the wireless radios It is authenticated.
CN201610410567.5A 2016-06-13 2016-06-13 Wireless radios, certificate server and authentication method Pending CN107493171A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610410567.5A CN107493171A (en) 2016-06-13 2016-06-13 Wireless radios, certificate server and authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610410567.5A CN107493171A (en) 2016-06-13 2016-06-13 Wireless radios, certificate server and authentication method

Publications (1)

Publication Number Publication Date
CN107493171A true CN107493171A (en) 2017-12-19

Family

ID=60642956

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610410567.5A Pending CN107493171A (en) 2016-06-13 2016-06-13 Wireless radios, certificate server and authentication method

Country Status (1)

Country Link
CN (1) CN107493171A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005040A (en) * 2018-09-10 2018-12-14 湖南大学 Dynamic multi-secrets key obscures PUF structure and its authentication method
CN111685378A (en) * 2020-06-15 2020-09-22 上海复旦微电子集团股份有限公司 Electronic cigarette cartridge and electronic cigarette
CN111756525A (en) * 2019-03-26 2020-10-09 北京普安信科技有限公司 Method, server, terminal and system for transmitting high-quality key
CN111756541A (en) * 2019-03-26 2020-10-09 北京普安信科技有限公司 Method, server, terminal and system for transmitting secret key
CN112637249A (en) * 2021-03-10 2021-04-09 浙江宇视科技有限公司 Identification authentication method and device, electronic equipment and storage medium
CN112804678A (en) * 2021-04-15 2021-05-14 浙江口碑网络技术有限公司 Device registration, authentication and data transmission method and device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105324777A (en) * 2013-07-04 2016-02-10 凸版印刷株式会社 Device and authentication system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105324777A (en) * 2013-07-04 2016-02-10 凸版印刷株式会社 Device and authentication system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ANTHONY VAN HERREWEGE 等: "Reverse Fuzzy Extractors: Enabling Lightweight Mutual Authentication for PUF-enabled RFIDs", 《FINANCIAL CRYPTOGRAPHY.2012》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005040A (en) * 2018-09-10 2018-12-14 湖南大学 Dynamic multi-secrets key obscures PUF structure and its authentication method
CN109005040B (en) * 2018-09-10 2022-04-01 湖南大学 Dynamic multi-key confusion PUF (physical unclonable function) structure and authentication method thereof
CN111756525A (en) * 2019-03-26 2020-10-09 北京普安信科技有限公司 Method, server, terminal and system for transmitting high-quality key
CN111756541A (en) * 2019-03-26 2020-10-09 北京普安信科技有限公司 Method, server, terminal and system for transmitting secret key
CN111756525B (en) * 2019-03-26 2023-01-17 北京普安信科技有限公司 Method, server, terminal and system for transmitting high-quality key
CN111685378A (en) * 2020-06-15 2020-09-22 上海复旦微电子集团股份有限公司 Electronic cigarette cartridge and electronic cigarette
US11622584B2 (en) 2020-06-15 2023-04-11 Shanghai Fudan Microelectronics Group Company Limited Electronic-cigarette cartridge and electronic cigarette
CN112637249A (en) * 2021-03-10 2021-04-09 浙江宇视科技有限公司 Identification authentication method and device, electronic equipment and storage medium
CN112637249B (en) * 2021-03-10 2021-12-14 浙江宇视科技有限公司 Internet of things node identification authentication method and device, electronic equipment and storage medium
CN112804678A (en) * 2021-04-15 2021-05-14 浙江口碑网络技术有限公司 Device registration, authentication and data transmission method and device

Similar Documents

Publication Publication Date Title
CN107493171A (en) Wireless radios, certificate server and authentication method
CN107454079B (en) Lightweight equipment authentication and shared key negotiation method based on Internet of things platform
CN110365484B (en) Data processing method, device and system for equipment authentication
CN105760764B (en) Encryption and decryption method and device for embedded storage device file and terminal
KR980007143A (en) Authentication method, communication method and information processing device
CN104244237B (en) Data sending, receiving method and reception send terminal and data transmitter-receiver set
CN110891061B (en) Data encryption and decryption method and device, storage medium and encrypted file
CN106789024B (en) A kind of remote de-locking method, device and system
TW200402981A (en) Methods for remotely changing a communications password
CN110690956B (en) Bidirectional authentication method and system, server and terminal
CN100566337C (en) Strengthen the method for wireless LAN safety
WO2018133675A1 (en) Key update method, device and system
CN110519052A (en) Data interactive method and device based on Internet of Things operating system
CN111510288A (en) Key management method, electronic device and storage medium
Oke et al. Developing multifactor authentication technique for secure electronic voting system
KR20100031354A (en) Tag security processing method using one time password
US11240661B2 (en) Secure simultaneous authentication of equals anti-clogging mechanism
CN107493572B (en) Wireless radio frequency equipment, authentication server and authentication method
CN106537962B (en) Wireless network configuration, access and access method, device and equipment
Peris-Lopez et al. Security flaws in a recent ultralightweight RFID protocol
CN116743372A (en) Quantum security protocol implementation method and system based on SSL protocol
US20230114198A1 (en) Device in network
CN114221822B (en) Distribution network method, gateway device and computer readable storage medium
CN111263360A (en) Wireless encryption device and method for protecting variable mechanical authentication password by adopting public key
KR101912403B1 (en) Method for security authentication between equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171219