CN107493171A - Wireless radios, certificate server and authentication method - Google Patents
Wireless radios, certificate server and authentication method Download PDFInfo
- Publication number
- CN107493171A CN107493171A CN201610410567.5A CN201610410567A CN107493171A CN 107493171 A CN107493171 A CN 107493171A CN 201610410567 A CN201610410567 A CN 201610410567A CN 107493171 A CN107493171 A CN 107493171A
- Authority
- CN
- China
- Prior art keywords
- data
- wireless radios
- certificate server
- processing
- subelement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A kind of wireless radios, certificate server and authentication method.The wireless radios include:First authentication unit;First authentication unit includes:PUF subelements, encoder and second processing subelement, wherein:The PUF subelements, suitable for when getting the first challenge, handling the described first challenge, true response data corresponding to output;The encoder, suitable for carrying out coded treatment to the true response data, assistance data corresponding to acquisition is simultaneously sent to the certificate server;The second processing subelement, suitable for handling the true response data, the first processing data corresponding to acquisition, and send to the certificate server.Using above-mentioned wireless radios, wireless radios and the security in certificate server verification process can be improved.
Description
Technical field
The present invention relates to wireless communication technology field, and in particular to a kind of wireless radios, certificate server and certification
Method.
Background technology
Internet of Things is referred to as after computer, internet, the third wave of world information industry.Radio frequency identification
(Radio Frequency Identification, RFID) technology as structure Internet of Things key technology, in recent years by
The extensive concern of people.Wireless radios based on RFID are also more and more, for example, smart card, mobile terminal, microprocessor,
Computer, router, set top box etc..
In actual applications, clone, impersonation attack, Replay Attack, malice monitorings, malicious intercepted, it is asynchronous attack etc. be
To the primary challenge means of wireless radios.In order to tackle above-mentioned attack, wireless radios before use, it is generally necessary to
Certificate server is mutually authenticated, and with the legitimacy of authentication verification both sides, improves the security subsequently used.
Under normal circumstances, it is mutually authenticated between wireless radios and certificate server and is all based on key, utilizes key
Some random number is encrypted, so as to the legitimacy of authentication verification both sides.However, in the verification process, key needs to protect
Deposit in the nonvolatile memory, such as EEPROM (Electrically Erasable
Programmable Read-Only Memory, EEPROM), flash memory (FLASH) etc..Now, attacker can use probe, electricity
The physical attacks technology such as sub- scanning mirror, to obtain the key.Once attacker obtains the key for certification, it is possible to a large amount of
Forgery wireless radios, it is follow-up to be effectively ensured using the security of wireless radios.
It is unclonable that physics is provided with order to resist physical attacks and cloning attack, in wireless radios
(Physically Unclonable Function, PUF) unit, is authenticated using PUF units.PUF technologies are current half
The new breakthrough of conductor safe practice.PUF units give an input when upper electric, and it is based on unavoidably producing in manufacturing process
Raw random physical difference, a unique uncertain response can be exported, input now is corresponding to the response
Challenge.Because the response of PUF units need not store, therefore the memory space of wireless radios can be saved, also, be provided with
The wireless radios of PUF units can resist physical attacks and cloning attack.
Each chip can be inevitably generated the difference between many individuals during its manufacturing, so nothing
How to be designed by chip, in manufacturing process, small difference always produced between chip and chip, even in design, encapsulation,
Under conditions of manufacturing process is completely the same, it is also not possible to copy two the same chips.The physical difference is from system
Uncontrollable factor during making, so as to which PUF naturally possesses uniqueness, randomness and nonclonability.When PUF is upper electric, ring
Should exist, when power down, response disappears.Even manufacturer can not also copy, so as to be widely used in safety and
It is false proof.
However, in the existing wireless radios based on PUF and certificate server mutual authentication process, attacker's profit
Remained able to forge wireless radios with corresponding attack meanses, cause the security of certification poor, user couple can not be met
The requirement of security.
The content of the invention
Present invention solves the technical problem that it is how to improve wireless radios and the peace in certificate server verification process
Quan Xing, to prevent attacker from forging wireless radios by attacking.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of wireless radios, the wireless radios
Including:First authentication unit, the wireless radios are authenticated suitable for certificate server, the first authentication unit bag
Include:PUF subelements, encoder and second processing subelement, wherein:The PUF subelements, the first challenge is got suitable for working as
When, the described first challenge is handled, true response data corresponding to output;The encoder, suitable for the true sound
Data are answered to carry out coded treatment, assistance data corresponding to acquisition is simultaneously sent to the certificate server;Second processing is single
Member, suitable for handling the true response data, the first processing data corresponding to acquisition, and send to the authentication service
Device, the wireless radios are recognized according to the assistance data and the first processing data by the certificate server
Card.
Alternatively, first authentication unit also includes:First processing subelement, certificate server hair is received suitable for working as
During the first data for certification sent, first challenge is obtained according to first data.
Alternatively, the wireless radios also include:Second authentication unit, suitable for right in the described first processing list member
Before first data are handled, the certificate server is authenticated.
Alternatively, second authentication unit includes:Subelement is obtained, suitable for obtaining the second random number and sending to described
Certificate server;3rd processing subelement, suitable for handling second random number, obtains second processing data;First
Certification subelement, suitable for when receiving three processing data that the certificate server is sent, entering to the certificate server
Row certification, wherein, the 3rd processing data is the data after the certificate server is handled second random number,
It is and identical with the processing procedure of the second processing data.
Alternatively, first authentication unit also includes:Encryption sub-unit operable, suitable for being sent by the assistance data to institute
Before stating certificate server, the assistance data is encrypted, and the assistance data after encryption is sent to institute
State certificate server.
Alternatively, first authentication unit also includes:First key generates subelement, suitable for utilizing the 3rd data and institute
State at least one generation first key stream in second processing data.
Alternatively, the second processing subelement, suitable for utilizing the first key stream, the true response data is entered
Row processing.
Alternatively, the encryption sub-unit operable, suitable for utilizing the first key stream, place is encrypted to the assistance data
Reason.
Alternatively, the PUF subelements are suitable to realize by weak PUF.
The embodiment of the present invention additionally provides a kind of certificate server, and the certificate server includes:3rd authentication unit, fit
It is authenticated in wireless radios;3rd authentication unit includes:Response data acquisition subelement, decoder, the 4th
Subelement and the second certification subelement are handled, wherein:The response data obtains subelement, suitable for described wireless when getting
In radio-frequency apparatus during the first challenge of PUF subelements, according to the PUF physical characteristic parameter data prestored, obtain with it is described
Normal response data corresponding to first challenge, wherein, the PUF physical characteristic parameters data are for producing normal response data
Data;The decoder, suitable for when receiving the assistance data that the wireless radios are sent, to assistance data and mark
Quasi- response data carries out decoding process, the first response data corresponding to acquisition, and the assistance data is to the described first challenge pair
The true response data answered carries out the data after coded treatment;The fourth process subelement, suitable for first number of responses
According to being handled, fourth process data are obtained;The second certification subelement, the wireless radios hair is received suitable for working as
During the first processing data sent, based on the fourth process data and the first processing data, the wireless radios are carried out
Certification, wherein, first processing data is the data after handling true response data corresponding to the described first challenge,
The fourth process data are identical with the processing procedure of first processing data.
Alternatively, the 3rd authentication unit also includes:First data acquisition subelement and the first processing subelement, its
In:The first data acquisition subelement, the wireless radios are delivered to suitable for obtaining the first Data Concurrent;At described first
Subelement is managed, suitable for entering processing to first data, obtains first challenge.
Alternatively, the certificate server also includes:4th authentication unit, suitable in the 3rd authentication unit to described
Before wireless radios are authenticated, interact with the wireless radios, recognized by the wireless radios
Card.
Alternatively, the 4th authentication unit includes:3rd processing subelement, sets suitable for that ought receive the less radio-frequency
During the second random number that preparation is sent, second random number is handled, obtains the 3rd processing data, and send to the nothing
Line radio-frequency apparatus, the certificate server is authenticated based on the 3rd processing data by the wireless radios.
Alternatively, the 3rd authentication unit also includes:Subelement is decrypted, the wireless radios are received suitable for working as
During assistance data after the encryption of transmission, the assistance data after the encryption is decrypted, obtains the assistance data.
Alternatively, the 3rd authentication unit also includes:Second key generates subelement, suitable for utilizing the 3rd data and institute
State the key stream of at least one generation second in the 3rd processing data.
Alternatively, the fourth process subelement, suitable for utilizing second key stream, first response data is entered
Row processing, obtains the fourth process data.
Alternatively, the decryption subelement is suitable to utilize second key stream, and the assistance data after the encryption is entered
Row decryption, obtains the assistance data.
Alternatively, the quantity of the response data acquisition retrievable normal response data of subelement is deposited in advance more than described
The quantity of the PUF physical characteristic parameter data of storage.
The embodiment of the present invention additionally provides a kind of authentication method of wireless radios, and methods described includes:When getting
During the first challenge, the described first challenge input to PUF subelements are handled, true response data corresponding to acquisition;To institute
State true response data and carry out coded treatment, assistance data corresponding to acquisition is simultaneously sent to the certificate server;To described true
Real response data are handled, the first processing data corresponding to acquisition, and are sent to the certificate server, are taken by the certification
Business device is authenticated according to the assistance data and the first processing data to the wireless radios.
Alternatively, methods described also includes:When receiving the first data of certificate server transmission, counted to described first
According to being handled, first challenge is obtained.
Alternatively, methods described also includes:Before obtaining first data, the certificate server is authenticated.
Alternatively, before acquisition first data, the certificate server is authenticated, including:Obtain the
Two random numbers are simultaneously sent to the certificate server;Second random number is handled, obtains second processing data;When connecing
When receiving three processing data that the certificate server is sent, the certificate server is authenticated, wherein, the described 3rd
Processing data be the certificate server second random number is handled after data, and with the second processing data
Processing procedure it is identical.
The embodiment of the present invention additionally provides the authentication method of another wireless radios, and methods described includes:Work as acquisition
Into the wireless radios during the first challenge of PUF subelements, according to the PUF physical characteristic parameter data prestored,
Obtain normal response data corresponding with the described first challenge;When the assistance data for receiving the wireless radios transmission
When, decoding process, the first response data corresponding to acquisition, the supplementary number are carried out to the assistance data and normal response data
According to for the data after true response data progress coded treatment corresponding to the described first challenge;First response data is entered
Row processing, obtains fourth process data;When receiving the first processing data that the wireless radios are sent, based on described
The wireless radios are authenticated by fourth process data and the first processing data, wherein, first processing data is
Data after handling true response data corresponding to the described first challenge, at the fourth process data and described first
The processing procedure for managing data is identical.
Alternatively, methods described also includes:Obtain the first Data Concurrent and deliver to the wireless radios;To described first
Data are handled, and obtain first challenge.
Alternatively, methods described also includes:Before first data are obtained, carried out in the wireless radios
Certification.
Alternatively, it is described to be authenticated before first data are obtained in the wireless radios, including:
When receiving the second random number that the wireless radios are sent, second random number is handled, obtains the 3rd
Processing data, and send to the wireless radios, carried out by the wireless radios based on the 3rd processing data
Certification.
Relative to prior art, this have the advantage that:
Using above-mentioned wireless radios, after the true response data for obtaining the output of PUF subelements, to the true response
Data are retransmited to certificate server after being handled, rather than the true response data is sent directly into the authentication service
Device, therefore can prevent attacker from obtaining and forge PUF subelements by analyzing the true output data of PUF subelements, and then
It can prevent from forging wireless radios, improve wireless radios and the security in certificate server verification process.
Before handling the first data, the certificate server is authenticated, that is, in certificate server
Before being authenticated to wireless radios, first certificate server is authenticated by wireless radios, can prevent from palming off
Certificate server obtain assistance data and the first processing data, it is pre- to analyze so as to prevent attacker from passing through assistance data
The true response data of PUF subelements is surveyed, and then prevents from forging wireless radios, thus can further improve less radio-frequency
Equipment and the security in certificate server verification process.
Assistance data is being sent to before the certificate server, using fixed key or first key stream to described auxiliary
Help data to be encrypted, the assistance data after encryption is retransmited to the certificate server, can prevent from attacking
Person analyzes the true response data of prediction PUF subelements by assistance data, and then prevents from forging wireless radios, so as to
Wireless radios and the security in certificate server verification process can further be improved.
Using first key stream described in generating random number, the first key stream can be caused more to be randomized, improve and add
Close security.
By the first processing subelement when receiving the first data for certification that certificate server is sent, according to institute
State the first data and obtain first challenge, can avoid because certificate server is to directly transmitting first between wireless radios
Challenge, therefore can prevent attacker from obtaining and entering data to forge PUF subelements by analyzing the true of PUF subelements, enter
And can prevent from forging wireless radios, further improve wireless radios and the safety in certificate server verification process
Property.
The quantity that the retrievable normal response data of subelement are obtained due to the response data can be advance more than described
The quantity of the PUF physical characteristic parameter data of storage, that is to say, that during actual authentication, certificate server can be based on pre-
The assistance data that a small amount of PUF physical characteristic parameters data and wireless radios first stored are sent, recovers less radio-frequency and sets
True challenge responses in standby realize the certification to wireless radios to data, and using the response data, therefore, when described
In wireless radios PUF subelements by weak PUF to realize when, its attack protection can reach strong PUF effect, and can be with
The cost of wireless radios is reduced, reduces the area of wireless radios.In addition, during actual authentication, the certification
Server only stores PUF physical characteristic parameter data, and the storage that thus not only can further save certificate server is empty
Between, and the data interaction between registration phase and wireless radios can be reduced, improve registration speed.
Brief description of the drawings
Fig. 1 is a kind of structural representation of first authentication unit and the 3rd authentication unit in the embodiment of the present invention;
Fig. 2 is the structural representation of another first authentication unit and the 3rd authentication unit in the embodiment of the present invention;
Fig. 3 is a kind of structural representation of second authentication unit and the 4th authentication unit in the embodiment of the present invention;
Fig. 4 is the structural representation of the authentication unit of another in the embodiment of the present invention first and the 3rd authentication unit;
Fig. 5 is a kind of flow chart of the authentication method of wireless radios in the embodiment of the present invention;
Fig. 6 is the flow chart of the authentication method of another wireless radios in the embodiment of the present invention.
Embodiment
In the wireless radios for being provided with PUF units, because PUF units are when upper electric, response is present, during power down,
Response disappears, and therefore, is authenticated using PUF units, can prevent the physical attacks such as probe, electron scanning.It is further, since every
Individual PUF units can all be inevitably generated the difference between many individuals during its manufacturing, and the physical difference is come
Uncontrollable factor in manufacturing process is come from, so no matter how PUF units design, between PUF units and PUF units always
In the presence of some small differences, under conditions of design, encapsulation, manufacturing process are completely the same, it is also not possible to copy two
Individual the same PUF units, so as to which PUF units naturally possess uniqueness and nonclonability.
At present, during being mutually authenticated with certificate server, between wireless radios and certificate server
Interacted with real data, that is to say, that wireless radios directly transmit real data with certificate server
To other side.Wherein, the real data include the challenge of PUF units and true response data.In above-mentioned verification process,
Attacker often can be by intercepting the True Data in verification process, and then the data to being intercepted are analyzed, according to point
Result is analysed to forge PUF units, and then wireless radios can be forged.
In view of the above-mentioned problems, the embodiments of the invention provide a kind of wireless radios, the wireless radios include
First authentication unit, second processing subelement is provided with first authentication unit, the second processing subelement can be right
The true response data is handled, the first processing data corresponding to acquisition, and is sent to the certificate server, by described
Certificate server is authenticated according to the assistance data and the first processing data to the wireless radios, due to described
The non-true response data of first processing data in itself, therefore can prevent attacker by intercept the true response data come
PUF subelements are forged, improve wireless radios and the security in certificate server verification process.
It is understandable to enable above-mentioned purpose, feature and the beneficial effect of the present invention to become apparent, below in conjunction with the accompanying drawings to this
The specific embodiment of invention is described in detail.
Reference picture 1, the embodiments of the invention provide a kind of wireless radios, the wireless radios can include:
First authentication unit 10.First authentication unit 10 is authenticated suitable for certificate server to the wireless radios.
In specific implementation, first authentication unit 10 can include:PUF subelements 102, encoder 103 and
Two processing subelements 104, wherein:
The PUF subelements 102, it is defeated suitable for when getting the first challenge C1, challenging described first C1 processing
True response data D1 corresponding to going out;
The encoder 103, suitable for carrying out coded treatment, assistance data corresponding to acquisition to the true response data D1
P1 is simultaneously sent to the certificate server;
The second processing subelement 104, suitable for the true response data D1 processing, first corresponding to acquisition
Processing data T1, and send to the certificate server, by the certificate server according to the assistance data P1 and first
Processing data T1 is authenticated to the wireless radios.
Accordingly, embodiments of the invention additionally provide a kind of certificate server, and the certificate server can include:The
Three authentication units 20.3rd authentication unit 20 is suitable to be authenticated the wireless radios.
In specific implementation, the 3rd authentication unit 20 includes:Response data acquisition subelement 202, decoder 203,
The certification subelement 204 of fourth process subelement 207 and second, wherein:
The response data obtains subelement 202, suitable for when getting the of PUF subelements in the wireless radios
During one challenge C1, according to the PUF physical characteristic parameter data prestored, obtain and rung with the described first corresponding C1 of challenge standard
Data D0 is answered, wherein, the PUF physical characteristic parameters data are the data for producing normal response data;
The decoder 203, suitable for when receiving the assistance data P1 that the wireless radios are sent, to supplementary number
Decoding process is carried out according to P1 and normal response data D0, the first response data D2, the assistance data P1 corresponding to acquisition is pair
True response data D1 corresponding to the first challenge C1 carries out the data after coded treatment;
The fourth process subelement 207, suitable for the first response data D2 processing, obtaining fourth process number
According to T4;
The second certification subelement 204, suitable for when the first processing data for receiving the wireless radios transmission
During T1, based on the fourth process data T4 and the first processing data T1, the wireless radios are authenticated.Wherein,
The first processing data T1 is the data after handling true response data D1 corresponding to the described first challenge C1, described
Fourth process data T4 is identical with the processing procedure of the first processing data T1.
In specific implementation, wireless radios based on PUF be mutually authenticated with certificate server before, it is necessary in certification
Registered on server.In registration phase, certificate server reads the PUF physics of PUF subelements 102 in wireless radios
Characteristic parameter data.Usual registration process is carried out in security context, and is only carried out once.After registration terminates, PUF physics is read
The interface of characteristic parameter data is closed forever.In authentication phase, PUF subelements 102 based on response caused by the challenge inputted,
Referred to as true response data;Certificate server is based on the challenge inputted, the sound obtained from PUF physical characteristic parameter data
Answer, referred to as normal response data.Certain connection corresponding to same challenge between normal response data and true response data be present
System, is encoded to true response data using encryption algorithm, corresponding assistance data can be obtained, using decoding algorithm to institute
State normal response data and assistance data carries out decoding process, corresponding true response data can be obtained.Based on normal response
Relation between data, true response data and assistance data three, certificate server can be carried out to wireless radios
Certification, to confirm the legitimacy of wireless radios.
In specific implementation, the wireless radios can obtain the first challenge C1 in several ways, specifically
It is unrestricted.
In one embodiment of this invention, first authentication unit 10 can also include:First processing subelement 101,
Suitable for when receive certificate server transmission the first data R1 for certification when, according to the first data R1 acquisition described in
First challenge C1.
Accordingly, the 3rd authentication unit 20 can also include:First data acquisition subelement 201, and at first
Manage subelement 101.Wherein, the first data acquisition subelement 201 is suitable to obtain the first data R1 and sent to described wireless
Radio-frequency apparatus.The first processing subelement 101 is suitable to the first data R1 processing, obtains first challenge
C1。
It should be noted that in specific implementation, the first data acquisition subelement 201 can be produced or set from other
The first data R1 of standby middle acquisition.The first data R1 can be random number, or selected in the set of finite number evidence
Any data taken, can also be for the first challenge C1 in itself, and length is unrestricted.It is specific that no matter the first data R1 is
What, as long as the first processing subelement 101 receives the first data R1, can be translated into the first challenge C1.
Wherein, the length of the first challenge C1 is identical with the length for the challenge that PUF subelements 102 are allowed.Specific transform mode bag
Include but be not limited to forward, encrypt, related operation etc..The first processing subelement 101 can select corresponding Processing Algorithm to hold
The above-mentioned conversion process of row.
For example, the first processing subelement can be by way of crypto-operation, at the first data R1
Reason.Wherein, selected cryptographic algorithm can be digest algorithm, such as SHA-256 etc.;Can also be symmetric cryptographic algorithm, example
Such as, DES algorithms, RC2 algorithms, RC4 algorithms, RC5 algorithms and Blowfish algorithms etc.;Can also be asymmetric cryptographic algorithm, example
Such as RSA Algorithm, ECC algorithm and Knapsack algorithms.Wherein, the cryptographic algorithm can also include but is not limited to above-mentioned standard
Algorithm and the custom algorithm of simplification.The first processing subelement 101 carries out parameter selected during above-mentioned processing to utilize institute
Required parameter when the Processing Algorithm of selection is handled, the key of including but not limited to above-mentioned cryptographic algorithm.
First data R1 is sent to wireless radios, rather than the challenge of PUF subelements 102 is sent directly to wirelessly
Radio-frequency apparatus, even if attacker is truncated to the first data R1, it is single also PUF can not to be forged by the analysis to the first data R1
Member 102.
In the first authentication unit 10, the first processing subelement 101 obtains the first challenge to the first data R1 processing
After C1, the first challenge C1 is inputted to the PUF subelements 102, corresponding true response data D1 can be obtained.This truly rings
Data D1 is answered certain contact to be present with corresponding normal response data D0.True response data D1 is carried out by encoder 103
Coded treatment, corresponding assistance data P1 can be obtained and sent to certificate server.
In the 3rd authentication unit 20, the first processing subelement 101 obtains the first challenge to the first data R1 processing
After C1, subelement 201 is obtained from the PUF physical characteristic parameter data prestored by response data, obtained and described first
Normal response data D0 corresponding to C1 is challenged, and then normal response data D0 and assistance data P1 are entered by decoder 203 again
Row decoding, obtains the first response data D2, by fourth process subelement 207 to the first response data D2 processing, obtains
Fourth process data T4, fourth process data T4 and the first processing data T1 are finally compared by the second certification subelement 204, sentenced
Whether identical both disconnected, if identical, the wireless radios are legal, and otherwise the wireless radios are illegal
's.
It should be noted that in specific implementation, the fourth process subelement 207 to the first response data D2 at
During reason, there may be a variety of processing modes, including but not limited to encryption, related operation etc..For example, the fourth process subelement
207 can select corresponding digest algorithm, symmetric cryptographic algorithm or asymmetric cryptographic algorithm to the first response data D2
It is encrypted, arithmetic operation can also be carried out to the first response data D2 by crc computings etc..Specifically it is referred to
The above-mentioned description to the first processing subelement 101 is implemented, and here is omitted.
It should be noted that in specific implementation, the fourth process data T4 and second processing data T2 place
Reason process is identical, that is to say, that the fourth process subelement 207 and the second processing subelement 104 use identical
Processing Algorithm and parameter are handled the data each inputted.Such as when the fourth process subelement 207 is added using DES
When first response data D2 is encrypted close algorithm, the second processing subelement 104 also uses des encryption algorithm pair
True response data D1 is encrypted, and the fourth process subelement 207 and second processing subelement 104 are added
Key during close processing is identical.
At present, PUF generally includes two classes, and one kind is strong PUF, and one kind is weak PUF.Wherein, there is substantial amounts of challenge in strong PUF
Response pair, attack protection is strong, but manufacturing cost is high, and using complexity, such as Arbiter PUF etc. are based on circuit delay
PUF, or CNN PUF based on analog circuit etc..Weak PUF only exists a small amount of challenge responses pair, and attack protection is weak, but is manufactured into
This is relatively low, and use is easier, such as the memory such as static memory SRAM, flash memory Flash PUF.It is existing wirelessly to penetrate
It is authenticated in frequency equipment usually using strong PUF, because strong PUF needs special circuit, for security, it is necessary to replicate multiple
Identical special circuit, so as to cause the cost of wireless radios higher, area is larger.
In an embodiment of the present invention, the PUF physical characteristic parameters data prestored can be to characterize the nothing
The relevant parameter of the physical features of PUF subelements 102 in line radio-frequency apparatus, it is generally used for producing normal response data.For example, work as
When PUF subelements 102 are SRAM PUF, the PUF physical characteristic parameters can be SRAM whole byte values.When PUF is single
Member 102 be ring shake PUF when, the PUF physical characteristic parameters can be the frequency values that shake of ring.
In registration phase, the certificate server can read PUF physical characteristic parameters from the wireless radios
Data, it is mutually authenticated using PUF physical characteristic parameters data with wireless device.
In an embodiment of the present invention, the PUF subelements 102 can both be realized by strong PUF, can also be by weak
PUF is realized.When the PUF subelements 102 are weak PUF, because the response data obtains 202 retrievable mark of subelement
The quantity of quasi- response data is more than the quantity of the PUF physical characteristic parameter data prestored.That is, actual authentication
During, certificate server can be sent based on a small amount of PUF physical characteristic parameters data prestored and wireless radios
Assistance data, recover true challenge responses in wireless radios to data, and realize to nothing using the response data
The certification of line radio-frequency apparatus, therefore, when in the wireless radios PUF subelements 102 by weak PUF to realize when, it is anti-
Aggressiveness can reach strong PUF effect, and can reduce the cost of wireless radios, reduce the face of wireless radios
Product.
In addition, during actual authentication, the certificate server only stores PUF physical characteristic parameter data, by
This not only can further save the memory space of certificate server, and can reduce registration phase and wireless radios it
Between data interaction, improve registration speed.
For example, when the PUF subelements 102 are the SRAM PUF of 256 bytes, in registration phase, the authentication service
Device can read SRAM 256 byte values, that is, SRAM PUF PUF physical characteristic parameter data from wireless device,
It is designated as data [0]~data [255].It is single to obtain PUF to the first data R1 processing for first processing subelement 101
First challenge C1 of member 102, wherein C1 is 32 bytes, is designated as C [0]~C [31].Then correspond to the first challenge C1 normal response number
According to for D0=data [C [0]]~data [C [31]], wherein, any byte in C [0]~C [31] can from data [0]~
Data is selected at random in [255], and based on 256 byte values, response data, which obtains subelement 202, can produce (28)32It is individual to choose
War response pair, and (28)32Attack protection of the individual challenge responses to the strong PUF that is enough to compare.
And for example, when the PUF subelements 102 shake PUF for the ring of 256 ring vibration frequencies, in registration phase, the certification
Server can read the frequency values that 256 rings shake from wireless device, that is, ring shakes PUF PUF physical characteristic parameter numbers
According to being designated as f [0]~f [255].First processing subelement 101 obtains PUF subelements to the first data R1 processing
102 the first challenge C1, wherein C1 is 32 bytes, is designated as C [0]~C [31].The mark of PUF units can be obtained in the following manner
Quasi- response:[[i [] > f [C [i+1]], if corresponding first challenge C1 normal response data D0 i+1 bit is 1 to C to f;If f
[[during i []≤f [C [i+1]], corresponding first challenge C1 normal response data D0 i+1 bit is 0 to C.Based on this 256
The frequency values that ring shakes, response data, which obtains subelement 202, can produce 231Individual challenge responses pair.
In specific implementation, in order to obtain higher security, the certificate server can be limited and wirelessly penetrated to described
The number that frequency equipment is authenticated.For example, the certificate server only can carry out 20 certifications to the wireless radios, if
When reaching certification number, the wireless radios are that is, described by the certification of certificate server, then final authentication failure not yet
Wireless radios are illegal equipment.In such cases, the first data in each verification process can be from comprising n
Randomly selected in the set of numerical value, or be random number, as long as so that the first data in each certification differ.
Reference picture 2, in another embodiment of the present invention, there is provided a kind of wireless radios and corresponding authentication service
Device.It is with the embodiment difference shown in Fig. 1, first authentication unit 10 also includes:Encryption sub-unit operable 105.Institute
State encryption sub-unit operable 105 to be suitable to send to before the certificate server by the assistance data P1, to the assistance data
P1 is encrypted, and the assistance data P0 after encryption is sent to the certificate server.Wherein, the key can
Think fixed key, or specific unrestricted using key stream caused by random number.
Accordingly, the 3rd authentication unit 30 can also include:Decrypt subelement 205.The decryption subelement 205 is suitable
When as the assistance data P0 after receiving the encryption that the wireless radios send, to the assistance data P0 after the encryption
It is decrypted.
In specific implementation, the encryption sub-unit operable 105 can be entered using symmetric cryptographic algorithm to the assistance data P1
Row encryption, can also be encrypted to the assistance data P1 using asymmetric cryptographic algorithm, be specifically referred to above-mentioned to institute
The description for stating the first processing subelement 101 and second processing subelement 104 is implemented.
It is understood that when the assistance data P0 after encryption is decrypted the decryption subelement 205, it is selected
Decipherment algorithm is corresponding with the cryptographic algorithm selected by encryption sub-unit operable 105.Such as the cryptographic algorithm that encryption sub-unit operable 105 selects
For des encryption algorithm when, the decryption subelement 205 can select corresponding to DES decipherment algorithms.By decrypting subelement 205
Decryption, assistance data P1 can be obtained, so as to being solved by decoder 203 to assistance data P1 and normal response data D0
Code processing, obtains the first response data D2.
, both can be by wireless radios when wireless radios are mutually authenticated with certificate server in specific implementation
First certificate server is authenticated, then the wireless radios are authenticated by certificate server, can also be by described
Certificate server is first authenticated to the wireless radios, then certificate server is recognized by the wireless radios
Card, specific authentication sequence is unrestricted, but no matter is authenticated in what order, not enough into limitation of the present invention, and
Within protection scope of the present invention.
Reference picture 3, in another embodiment of the present invention, there is provided a kind of wireless radios and corresponding authentication service
Device.It is with the embodiment difference shown in Fig. 1, in addition to first authentication unit, the wireless radios may be used also
With including:Second authentication unit 11.Second authentication unit 11 is suitable to before first data are obtained, to the certification
Server is authenticated.That is, during specific certification, first the certificate server is authenticated by wireless radios,
The wireless radios are authenticated by certificate server again, thus it can be prevented that the certificate server of personation is aided in
Data and the first processing data T1, further improve wireless radios and the security in certificate server verification process.
In specific implementation, second authentication unit 11 can include:Obtain subelement 111, the 3rd processing subelement
112 and the first certification subelement 113.Wherein:
The acquisition subelement 111, suitable for obtaining the second random number R 2 and sending to the certificate server;
The 3rd processing subelement 112, suitable for handling second random number R 2, obtains second processing data
T2;
The first certification subelement 113, suitable for as the 3rd processing data T3 for receiving the certificate server transmission
When, the certificate server is authenticated, wherein, the 3rd processing data T3 is the certificate server to described second
Random number R 2 handled after data, and with the second processing data T2 corresponding to Processing Algorithm and parameter it is identical.
Accordingly, the certificate server can include:4th authentication unit 21, suitable in the 3rd authentication unit 11 to institute
State before wireless radios are authenticated, interact with the wireless radios, carried out by the wireless radios
Certification.
In specific implementation, the 4th authentication unit 21 can include:3rd processing subelement 112, suitable for when reception
To the wireless radios send the second random number R 2 when, second random number R 2 is handled, obtained at the 3rd
Data T3 is managed, and is sent to the wireless radios, the 3rd T3 pairs of the processing data is based on by the wireless radios
The certificate server is authenticated.
It should be noted that in specific implementation, second random number R 2 can be by the wireless radios from
Got by the wireless radios caused by body or from miscellaneous equipment, also, second random number R 2
Length, concrete numerical value and the form of expression it is unrestricted.
In specific implementation, the second processing data T2 is identical with the processing procedure of the 3rd processing data T3,
That is the second processing data T2 and the 3rd processing data T3 are resulting number after identical processing procedure respectively
According to.Wherein, the 3rd processing subelement 112 is treated journey to second random number R 2, is referred to above-mentioned to the
Description when one processing subelement 101 is handled the first data R1, here is omitted.
In specific implementation, the first certification subelement 113 receives the 3rd processing that the certificate server is sent
, can be by the 3rd processing data T3 compared with the second processing data T2 during data T3.If the two is identical, institute
Certificate server is stated by certification, i.e., described certificate server is legal certificate server, and then can be recognized by described first
Card unit interacts with certificate server, completes certification of the certificate server to the wireless radios, otherwise described to recognize
Card server is illegal certificate server.
Reference picture 4, in one more embodiment of the present invention, there is provided a kind of wireless radios and corresponding certification clothes
Business device.Unlike the embodiment shown in Fig. 2, first authentication unit 10 can also include:First key generation
Unit 106.The first key generation subelement 106 is suitable to utilize in the 3rd data R3 and second processing data T2 at least
One generation first key stream key1.
Accordingly, the certificate server 20 can also include:Second key generates subelement 206, second key
Subelement 206 is generated to be suitable to utilize the key stream of at least one generation second in the 3rd data R3 and the 3rd processing data T3
key2。
In specific implementation, first key generation subelement 106 can be merely with including the 3rd data R3 generations the
One key stream key1, first key stream key1 can also be generated merely with second processing data T2, the 3rd can also be utilized simultaneously
Data R3 and second processing data T2 generation first key streams key1.Because the 3rd data R3 can be random number, also may be used
Think the first data R1, or be fixed data, therefore, the first key stream key1 can be random key, or
Fixed key.Certainly, when the 3rd data R3 and the first data R1 are differed, the first key generation subelement 106 may be used also
It is specific unrestricted to generate first key stream key1 using the first data R1, as long as the security of processing can be improved.
In specific implementation, second key generation subelement 206 can be merely with including the 3rd data R3 generations the
One key stream key2, first key stream key2 can also be generated merely with the 3rd processing data T3, the 3rd can also be utilized simultaneously
Data R3 and the 3rd processing data T3 generation first key streams key2.Because the 3rd data R3 can be random number, also may be used
Think the first data R1, or be fixed data, therefore, the first key stream key2 can be random key, or
Fixed key.Certainly, the second key generation subelement 206 can also utilize the first data R1 generation first key streams
Key2, it is specific unrestricted, as long as the security of processing can be improved.
Now, in the first authentication unit 10, it is described first processing subelement 101, second processing subelement 104 and
The first key stream that first key generation subelement 106 is generated can be partly or entirely utilized in encryption sub-unit operable 105
Key1 processing.For example the first processing subelement 101 can be carried out using first key stream key1 to the first data R1
Encryption.The second processing subelement 104 true response data D1 can be encrypted using first key stream key1
Processing.The encryption sub-unit operable 105 assistance data P1 can be encrypted using first key stream key1.
In the 3rd authentication unit 20, the first processing subelement 101, fourth process subelement 207 and the solution
Some or all of the second key stream that the second key generation subelement 206 can be utilized to be generated in close subelement 205
Key2 processing.For example the first processing subelement 101 can utilize the second key stream key2 to entering to the first data R1
Row encryption, the decryption subelement 205 can be solved using the second key stream key2 to the assistance data P0 after encryption
Close processing.
It should be noted that in specific implementation, the first processing subelement 101, second processing subelement 104, the
When three processing subelements 112 and encryption sub-unit operable 105 are handled corresponding data, and decryption subelement 205 is to phase
When processing is decrypted in the data answered, different keys can be used respectively, can also part subelement use identical key,
Can also whole subelements use identical key, it is specific unrestricted, as long as identical or corresponding subelement uses phase
Same key.Also, key used in each subelement can be generated by the wireless radios itself,
Can the wireless radios got from miscellaneous equipment.But no matter specifically the key is obtained in which way,
It is not construed as limiting the invention, and within protection scope of the present invention.
It should be noted that in specific implementation, it is if wireless radios are by the certification to certificate server, i.e., described
Certificate server is legal, and now the second processing data T2 and the 3rd processing data T3 are identical, the first authentication unit 10
In key of the first processing subelement 101 when handling the first data, with the first processing in the 3rd authentication unit 20
Key when subelement 101 is handled the first data is also just identical.If the certificate server is the server of personation,
The stage is authenticated to certificate server in wireless radios, second processing data T2 and the 3rd processing data T3 are different, the
Key when the first processing subelement 101 in one authentication unit 10 is handled the first data, with the 3rd authentication unit 20
In key of the first processing subelement 101 when handling the first data it is also just different, ultimately result in wireless radios
The certification of certificate server can not be passed through.
In summary, the wireless radios and certificate server in the embodiment of the present invention, in the process being mutually authenticated
In, the part or all of data interacted are handled, and then can prevent attacker from obtaining corresponding data and analyze, from
And can prevent that attacker from forging the PUF subelements in wireless radios, improve the security in verification process.
In specific implementation, those skilled in the art are as needed, can use what is provided in the above embodiment of the present invention
Wireless radios and its corresponding certificate server, less radio-frequency Verification System is formed, correspondingly improves less radio-frequency
Security in equipment and certificate server mutual authentication process.
In order that those skilled in the art more fully understand and realized the present invention, below to above-mentioned wireless radios and
Authentication method is described in detail corresponding to certificate server.
Reference picture 5, the embodiments of the invention provide a kind of authentication method of wireless radios, methods described can include
Following steps:
Step 51, when getting the first challenge, the described first challenge input to PUF subelements is handled, obtained
Corresponding true response data.
Step 52, coded treatment is carried out to the true response data, assistance data corresponding to acquisition is simultaneously sent to described
Certificate server.
Step 53, the true response data is handled, the first processing data corresponding to acquisition, and sent to described
Certificate server, by the certificate server according to the assistance data and the first processing data to the wireless radios
It is authenticated.
It should be noted that in specific implementation, the execution sequence of step 52 and step 53 is unrestricted, both can first hold
Row step 52, then perform step 53, can also first carry out step 53, then perform step 52, can also perform simultaneously step 52 and
53。
In specific implementation, methods described can also include:
Step 54, when receiving the first data of certificate server transmission, first data is handled, obtained
First challenge.
That is, the first data sent by the certificate server, to obtain the first challenge.
In specific implementation, methods described can also include:Before handling first data, to the certification
Server is authenticated.Specifically, it can first obtain the second random number and send to the certificate server, then to described second
Random number is handled, and obtains second processing data, finally receives the 3rd processing data that the certificate server is sent again
When, the certificate server is authenticated, wherein, the 3rd processing data be the certificate server to described second with
Machine number R2 handled after data, it is and identical with the processing procedure of the second processing data.
Reference picture 6, the embodiment of the present invention additionally provide the authentication method of another wireless radios, and methods described can be with
Comprise the following steps:
Step 61, when getting the first challenge of PUF subelements in the wireless radios, according to what is prestored
PUF physical characteristic parameter data, obtain normal response data corresponding with the described first challenge.
Step 62, when receiving the assistance data that the wireless radios are sent, to assistance data and normal response
Data carry out decoding process, the first response data corresponding to acquisition.
Wherein, the assistance data is that the number after coded treatment is carried out to true response data corresponding to the described first challenge
According to.
Step 63, first response data is handled, obtains fourth process data.
Step 64, when receiving the first processing data that the wireless radios are sent, based on the fourth process
The wireless radios are authenticated by data and the first processing data.
Wherein, first processing data is the number after handling true response data corresponding to the described first challenge
According to the fourth process data are identical with the algorithm of processing and parameter corresponding to first processing data.
In specific implementation, methods described can also include:Step 65 and step 66.Specifically,
Step 65, obtain the first Data Concurrent and deliver to the wireless radios.
Step 66, first data are handled, obtains first challenge.
In specific implementation, methods described can also include:Before first data are obtained, in the less radio-frequency
It is authenticated in equipment.Specifically, when receiving the second random number that the wireless radios are sent, to described second with
Machine number is handled, and obtains the 3rd processing data, and is sent to the wireless radios, is based on by the wireless radios
3rd processing data is verified to the certificate server.
It should be noted that in the above embodiment of the present invention, the wireless radios are based on wireless radio-frequency
Equipment, including but not limited to smart card, mobile terminal, microprocessor, computer, router, set top box etc..It is specific no matter institute
State wireless radios the form of expression how, not enough into limitation of the present invention, and protection scope of the present invention it
It is interior.
It should be noted that in the above embodiment of the present invention, the certificate server is and the wireless radios
The less radio-frequency server of adaptation.For example the wireless radios, when being smart card, the certificate server can be Card Reader
Device.Also, the certificate server can be an independent private server, other services can also be provided simultaneously, such as
One piece of special memory block and memory field can be opened up on other servers, to provide performance monitoring service.Certainly, either
Using the certificate server of which kind of mode, as long as data interaction can be carried out with the wireless radios.
As shown in the above, the authentication method in the embodiment of the present invention, during being mutually authenticated, by being handed over
Mutual part or all of data are handled, and then can be prevented attacker from obtaining corresponding data and be analyzed, so as to prevent
Only attacker forges the PUF subelements in wireless radios, improves the security in verification process.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can
To instruct the hardware of correlation to complete by program, the program can be stored in a computer-readable recording medium, storage
Medium can include:ROM, RAM, disk or CD etc..
Although present disclosure is as above, the present invention is not limited to this.Any those skilled in the art, this is not being departed from
In the spirit and scope of invention, it can make various changes or modifications, therefore protection scope of the present invention should be with claim institute
The scope of restriction is defined.
Claims (26)
- A kind of 1. wireless radios, it is characterised in that including:First authentication unit, suitable for certificate server to described wireless Radio-frequency apparatus is authenticated, and first authentication unit includes:PUF subelements, encoder and second processing subelement, its In:The PUF subelements, it is true corresponding to output suitable for when getting the first challenge, handling the described first challenge Real response data;The encoder, suitable for carrying out coded treatment to the true response data, assistance data corresponding to acquisition is simultaneously sent extremely The certificate server;The second processing subelement, suitable for handling the true response data, the first processing data corresponding to acquisition, And send to the certificate server, by the certificate server according to the assistance data and the first processing data to described Wireless radios are authenticated.
- 2. wireless radios as claimed in claim 1, it is characterised in that first authentication unit also includes:At first Subelement is managed, suitable for when receiving the first data for certification of certificate server transmission, being obtained according to first data Obtain first challenge.
- 3. wireless radios as claimed in claim 2, it is characterised in that also include:Second authentication unit, suitable for described Before first processing list member is handled first data, the certificate server is authenticated.
- 4. wireless radios as claimed in claim 3, it is characterised in that second authentication unit includes:Subelement is obtained, suitable for obtaining the second random number and sending to the certificate server;3rd processing subelement, suitable for handling second random number, obtains second processing data;First certification subelement, suitable for when receiving three processing data that the certificate server is sent, to the certification Server is authenticated, wherein, the 3rd processing data is that the certificate server is handled second random number Data afterwards, and it is identical with the processing procedure of the second processing data.
- 5. wireless radios as claimed in claim 4, it is characterised in that first authentication unit also includes:Encryption Unit, suitable for being sent by the assistance data to before the certificate server, the assistance data is encrypted, And the assistance data after encryption is sent to the certificate server.
- 6. wireless radios as claimed in claim 5, it is characterised in that first authentication unit also includes:First is close Key generates subelement, suitable for utilizing at least one generation first key stream in the 3rd data and the second processing data.
- 7. wireless radios as claimed in claim 6, it is characterised in that the second processing subelement, suitable for utilizing institute First key stream is stated, the true response data is handled.
- 8. wireless radios as claimed in claim 6, it is characterised in that the encryption sub-unit operable, suitable for utilizing described the One key stream, the assistance data is encrypted.
- 9. the wireless radios as described in any one of claim 1~8, it is characterised in that the PUF subelements are suitable to pass through Weak PUF is realized.
- A kind of 10. certificate server, it is characterised in that including:3rd authentication unit, suitable for recognizing wireless radios Card;3rd authentication unit includes:Response data obtains subelement, decoder, fourth process subelement and the second certification Subelement, wherein:The response data obtains subelement, suitable for when the first challenge for getting PUF subelements in the wireless radios When, according to the PUF physical characteristic parameter data prestored, normal response data corresponding with the described first challenge are obtained, its In, the PUF physical characteristic parameters data are the data for producing normal response data;The decoder, suitable for when receiving the assistance data that the wireless radios are sent, to assistance data and standard Response data carries out decoding process, the first response data corresponding to acquisition, and the assistance data is corresponding to the described first challenge True response data carry out coded treatment after data;The fourth process subelement, suitable for handling first response data, obtain fourth process data;The second certification subelement, suitable for when receiving the first processing data that the wireless radios are sent, being based on The wireless radios are authenticated by the fourth process data and the first processing data, wherein, the first processing number According to for the data after handling true response data corresponding to the described first challenge, the fourth process data and described the The processing procedure of one processing data is identical.
- 11. certificate server as claimed in claim 10, it is characterised in that the 3rd authentication unit also includes:First number According to acquisition subelement and the first processing subelement, wherein:The first data acquisition subelement, the wireless radios are delivered to suitable for obtaining the first Data Concurrent;The first processing subelement, suitable for entering processing to first data, obtain first challenge.
- 12. certificate server as claimed in claim 11, it is characterised in that also include:4th authentication unit, suitable for described Before 3rd authentication unit is authenticated to the wireless radios, interacted with the wireless radios, by described Wireless radios are authenticated.
- 13. certificate server as claimed in claim 12, it is characterised in that the 4th authentication unit includes:3rd processing Subelement, suitable for when receiving the second random number that the wireless radios are sent, at second random number Reason, the 3rd processing data is obtained, and sent to the wireless radios, the described 3rd is based on by the wireless radios Reason data are authenticated to the certificate server.
- 14. certificate server as claimed in claim 13, it is characterised in that the 3rd authentication unit also includes:Decryption Unit, suitable for when the assistance data after receiving the encryption that the wireless radios send, to the auxiliary after the encryption Data are decrypted, and obtain the assistance data.
- 15. certificate server as claimed in claim 14, it is characterised in that the 3rd authentication unit also includes:Second is close Key generates subelement, suitable for utilizing the key stream of at least one generation second in the 3rd data and the 3rd processing data.
- 16. certificate server as claimed in claim 15, it is characterised in that the fourth process subelement, suitable for utilizing institute The second key stream is stated, first response data is handled, obtains the fourth process data.
- 17. certificate server as claimed in claim 15, it is characterised in that the decryption subelement is suitable to utilize described second Key stream, the assistance data after the encryption is decrypted, obtains the assistance data.
- 18. the certificate server as described in any one of claim 10~17, it is characterised in that it is single that the response data obtains son The quantity of the retrievable normal response data of member is more than the quantity of the PUF physical characteristic parameter data prestored.
- A kind of 19. authentication method of wireless radios, it is characterised in that including:When getting the first challenge, the described first challenge input is handled to PUF subelements, truly rung corresponding to acquisition Answer data;Coded treatment is carried out to the true response data, assistance data corresponding to acquisition is simultaneously sent to the certificate server;The true response data is handled, the first processing data corresponding to acquisition, and sent to the certificate server, The wireless radios are authenticated according to the assistance data and the first processing data by the certificate server.
- 20. the authentication method of wireless radios as claimed in claim 19, it is characterised in that also include:When receiving the first data of certificate server transmission, first data are handled, described first is obtained and chooses War.
- 21. the authentication method of wireless radios as claimed in claim 20, it is characterised in that also include:Obtain described Before one data, the certificate server is authenticated.
- 22. the authentication method of wireless radios as claimed in claim 21, it is characterised in that described to obtain first number According to before, the certificate server is authenticated, including:Obtain the second random number and send to the certificate server;Second random number is handled, obtains second processing data;When receiving three processing data that the certificate server is sent, the certificate server is authenticated, wherein, 3rd processing data is the data after the certificate server is handled second random number, and with described second The processing procedure of processing data is identical.
- A kind of 23. authentication method of wireless radios, it is characterised in that including:When getting the first challenge of PUF subelements in the wireless radios, according to the PUF physical features prestored Supplemental characteristic, obtain normal response data corresponding with the described first challenge;When receiving the assistance data that the wireless radios are sent, the assistance data and normal response data are carried out Decoding process, the first response data corresponding to acquisition, the assistance data are to true number of responses corresponding to the described first challenge According to the data after progress coded treatment;First response data is handled, obtains fourth process data;When receiving the first processing data that the wireless radios are sent, at the fourth process data and first Data are managed, the wireless radios are authenticated, wherein, first processing data is to corresponding to the described first challenge Data after truly response data is handled, the processing procedure phase of the fourth process data and first processing data Together.
- 24. the authentication method of wireless radios as claimed in claim 23, it is characterised in that also include:Obtain the first Data Concurrent and deliver to the wireless radios;First data are handled, obtain first challenge.
- 25. the authentication method of wireless radios as claimed in claim 24, it is characterised in that also include:Described in acquisition Before first data, it is authenticated in the wireless radios.
- 26. the authentication method of wireless radios as claimed in claim 25, it is characterised in that described to obtain described first Before data, it is authenticated in the wireless radios, including:When receiving the second random number that the wireless radios are sent, second random number is handled, obtained 3rd processing data, and send to the wireless radios, it is based on the 3rd processing data by the wireless radios It is authenticated.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610410567.5A CN107493171A (en) | 2016-06-13 | 2016-06-13 | Wireless radios, certificate server and authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610410567.5A CN107493171A (en) | 2016-06-13 | 2016-06-13 | Wireless radios, certificate server and authentication method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107493171A true CN107493171A (en) | 2017-12-19 |
Family
ID=60642956
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610410567.5A Pending CN107493171A (en) | 2016-06-13 | 2016-06-13 | Wireless radios, certificate server and authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107493171A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109005040A (en) * | 2018-09-10 | 2018-12-14 | 湖南大学 | Dynamic multi-secrets key obscures PUF structure and its authentication method |
CN111685378A (en) * | 2020-06-15 | 2020-09-22 | 上海复旦微电子集团股份有限公司 | Electronic cigarette cartridge and electronic cigarette |
CN111756525A (en) * | 2019-03-26 | 2020-10-09 | 北京普安信科技有限公司 | Method, server, terminal and system for transmitting high-quality key |
CN111756541A (en) * | 2019-03-26 | 2020-10-09 | 北京普安信科技有限公司 | Method, server, terminal and system for transmitting secret key |
CN112637249A (en) * | 2021-03-10 | 2021-04-09 | 浙江宇视科技有限公司 | Identification authentication method and device, electronic equipment and storage medium |
CN112804678A (en) * | 2021-04-15 | 2021-05-14 | 浙江口碑网络技术有限公司 | Device registration, authentication and data transmission method and device |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105324777A (en) * | 2013-07-04 | 2016-02-10 | 凸版印刷株式会社 | Device and authentication system |
-
2016
- 2016-06-13 CN CN201610410567.5A patent/CN107493171A/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105324777A (en) * | 2013-07-04 | 2016-02-10 | 凸版印刷株式会社 | Device and authentication system |
Non-Patent Citations (1)
Title |
---|
ANTHONY VAN HERREWEGE 等: "Reverse Fuzzy Extractors: Enabling Lightweight Mutual Authentication for PUF-enabled RFIDs", 《FINANCIAL CRYPTOGRAPHY.2012》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109005040A (en) * | 2018-09-10 | 2018-12-14 | 湖南大学 | Dynamic multi-secrets key obscures PUF structure and its authentication method |
CN109005040B (en) * | 2018-09-10 | 2022-04-01 | 湖南大学 | Dynamic multi-key confusion PUF (physical unclonable function) structure and authentication method thereof |
CN111756525A (en) * | 2019-03-26 | 2020-10-09 | 北京普安信科技有限公司 | Method, server, terminal and system for transmitting high-quality key |
CN111756541A (en) * | 2019-03-26 | 2020-10-09 | 北京普安信科技有限公司 | Method, server, terminal and system for transmitting secret key |
CN111756525B (en) * | 2019-03-26 | 2023-01-17 | 北京普安信科技有限公司 | Method, server, terminal and system for transmitting high-quality key |
CN111685378A (en) * | 2020-06-15 | 2020-09-22 | 上海复旦微电子集团股份有限公司 | Electronic cigarette cartridge and electronic cigarette |
US11622584B2 (en) | 2020-06-15 | 2023-04-11 | Shanghai Fudan Microelectronics Group Company Limited | Electronic-cigarette cartridge and electronic cigarette |
CN112637249A (en) * | 2021-03-10 | 2021-04-09 | 浙江宇视科技有限公司 | Identification authentication method and device, electronic equipment and storage medium |
CN112637249B (en) * | 2021-03-10 | 2021-12-14 | 浙江宇视科技有限公司 | Internet of things node identification authentication method and device, electronic equipment and storage medium |
CN112804678A (en) * | 2021-04-15 | 2021-05-14 | 浙江口碑网络技术有限公司 | Device registration, authentication and data transmission method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107493171A (en) | Wireless radios, certificate server and authentication method | |
CN107454079B (en) | Lightweight equipment authentication and shared key negotiation method based on Internet of things platform | |
CN110365484B (en) | Data processing method, device and system for equipment authentication | |
CN105760764B (en) | Encryption and decryption method and device for embedded storage device file and terminal | |
KR980007143A (en) | Authentication method, communication method and information processing device | |
CN104244237B (en) | Data sending, receiving method and reception send terminal and data transmitter-receiver set | |
CN110891061B (en) | Data encryption and decryption method and device, storage medium and encrypted file | |
CN106789024B (en) | A kind of remote de-locking method, device and system | |
TW200402981A (en) | Methods for remotely changing a communications password | |
CN110690956B (en) | Bidirectional authentication method and system, server and terminal | |
CN100566337C (en) | Strengthen the method for wireless LAN safety | |
WO2018133675A1 (en) | Key update method, device and system | |
CN110519052A (en) | Data interactive method and device based on Internet of Things operating system | |
CN111510288A (en) | Key management method, electronic device and storage medium | |
Oke et al. | Developing multifactor authentication technique for secure electronic voting system | |
KR20100031354A (en) | Tag security processing method using one time password | |
US11240661B2 (en) | Secure simultaneous authentication of equals anti-clogging mechanism | |
CN107493572B (en) | Wireless radio frequency equipment, authentication server and authentication method | |
CN106537962B (en) | Wireless network configuration, access and access method, device and equipment | |
Peris-Lopez et al. | Security flaws in a recent ultralightweight RFID protocol | |
CN116743372A (en) | Quantum security protocol implementation method and system based on SSL protocol | |
US20230114198A1 (en) | Device in network | |
CN114221822B (en) | Distribution network method, gateway device and computer readable storage medium | |
CN111263360A (en) | Wireless encryption device and method for protecting variable mechanical authentication password by adopting public key | |
KR101912403B1 (en) | Method for security authentication between equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171219 |