CN107690141B - Data communication method and system - Google Patents
Data communication method and system Download PDFInfo
- Publication number
- CN107690141B CN107690141B CN201610639419.0A CN201610639419A CN107690141B CN 107690141 B CN107690141 B CN 107690141B CN 201610639419 A CN201610639419 A CN 201610639419A CN 107690141 B CN107690141 B CN 107690141B
- Authority
- CN
- China
- Prior art keywords
- terminal
- data packet
- communication
- random number
- pulse number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
- G06K17/0029—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device the arrangement being specially adapted for wireless interrogation of grouped or bundled articles tagged with wireless record carriers
Abstract
The invention provides a data communication method and a system, wherein a first terminal starts to record the number of first terminal pulses of a communication carrier signal sent by the first terminal when the first terminal finishes sending a to-be-processed data packet, and receives a response data packet only when the number of the first terminal pulses reaches a threshold pulse number N; the second terminal starts to record the number of second terminal pulses of the communication carrier signals received by the second terminal after receiving the second terminal, and only sends the response data packet when the number of the second terminal pulses reaches N, the first terminal and the second terminal simultaneously receive and send data by detecting the number of the pulses, so that the timing accuracy of the two terminals is greatly improved, the first terminal and the second terminal are ensured to only receive and send the response data packet at a specific high-precision moment, the risk that the data received by the first terminal is tampered by the outside in the transmission process is avoided, and the reliability of the response data packet received by the first terminal is improved.
Description
Technical Field
The present invention relates to the field of electronic technologies, and in particular, to a data communication method and system.
Background
The existing card reading mechanism of the non-contact type IC card reader is based on communication protocols such as 14443, 15693 and the like for data transmission, in the above protocols, after the card reader sends command data, a Frame Waiting Time (FWT) is generated, which indicates the maximum time range of waiting for receiving card response data by the card reader. That is, after the card reader sends a command to the card, the card reader waits to receive response data of the card, and the card reader considers the returned data to be legal as long as the data is returned within the frame waiting time FWT. In the communication protocol, if a middleman intercepts data sent by the card reader and returns response data within the FWT time, the card reader considers that the source of the data is reliable, and the scheme has security risks of attack by the middleman, data tampering and the like.
Disclosure of Invention
The present invention aims to solve one of the above problems.
The invention mainly aims to provide a data communication method.
In order to achieve the purpose, the technical scheme of the invention is realized as follows: in the process of communicating between a first terminal and a second terminal, the first terminal always generates a communication carrier signal, and the second terminal receives the communication carrier signal, wherein the method comprises the following steps: the first terminal sends a communication data signal carrying a data packet to be processed, and the number of first terminal pulses of the communication carrier signal sent by the first terminal is recorded when the first terminal sends the data packet to be processed; the communication data signal is obtained by modulating the data packet to be processed on the communication carrier signal by the first terminal; the second terminal receives the communication data signal carrying the data packet to be processed, starts to record the second terminal pulse number of the communication carrier signal received by the second terminal when the second terminal receives the data packet to be processed, and generates a response data packet based on the data packet to be processed; when the second terminal records that the number of the pulses of the second terminal reaches a threshold pulse number N, the second terminal sends the response data packet to the first terminal; and when the first terminal records that the number of the first terminal pulses reaches the threshold pulse number N, allowing the first terminal to start receiving the response data packet.
Optionally, before the first terminal sends the communication data signal carrying the to-be-processed data packet, the method further includes the steps of: the first terminal generates a communication request and sends the communication request to the second terminal; the second terminal receives the communication request, generates a first negotiation data packet based on the communication request, and sends the first negotiation data packet to the first terminal; the first terminal receives the first negotiation data, carries out authentication operation on the second terminal based on the first negotiation data, generates a second negotiation data packet after the authentication is successful, and sends the second negotiation data packet to the second terminal; the second terminal receives the second negotiation data packet, performs authentication operation on the first terminal based on the second negotiation data packet, generates the threshold pulse number N after the authentication is successful, performs encryption operation on the threshold pulse number N, generates a threshold pulse number ciphertext, and transmits the threshold pulse number ciphertext to the first terminal, wherein N is less than or equal to lambda, and lambda is the pulse number generated when the communication carrier signal passes through the frame waiting time specified by the communication protocol adopted by the first terminal and the second terminal; and the first terminal receives the threshold pulse number ciphertext, decrypts the threshold pulse number ciphertext to obtain and store the threshold pulse number N.
Optionally, the preset factory information of the first terminal and the second terminal stores the threshold number of pulses N, where N is not greater than λ, and λ is the number of pulses generated when the communication carrier signal passes through a frame waiting time specified by a communication protocol used by the first terminal and the second terminal.
Optionally, the first terminal and the second terminal perform data interaction based on a pulse communication protocol, and perform a verification operation on the received number N of the threshold pulses based on a tamper-proof verification value, where the pulse communication protocol is a communication protocol in which transmission data at least includes the number N of the threshold pulses and the tamper-proof verification value; the threshold pulse number N is generated by the first terminal based on ω, where N is greater than or equal to ω, where ω is a pulse number generated by the communication carrier signal after passing through a predetermined completion time for processing data sent by the first terminal and received by the second terminal, or the threshold pulse number N is generated by negotiation between the first terminal and the second terminal, where the negotiation includes: the first terminal generates the N and sends the N to the second terminal, and the second terminal sends response information to the first terminal after the first terminal is successfully authenticated; or the second terminal generates the N and sends the N to the first terminal, and the first terminal sends response information to the second terminal after the second terminal is successfully authenticated; or the first terminal generates N1 and sends the N1 to the second terminal, the second terminal generates N2 and sends the N2 to the first terminal, and the first terminal and the second terminal respectively generate the N by using the N1 and the N2 based on the same algorithm.
Optionally, the communication method adopted by the first terminal and the second terminal includes: short-range wireless communication mode.
It is another object of the present invention to provide a data communication system.
In order to achieve the purpose, the technical scheme of the invention is realized as follows: the method at least comprises a first terminal and a second terminal, wherein the first terminal always generates a communication carrier signal and the second terminal receives the communication carrier signal in the communication process between the first terminal and the second terminal, and the method comprises the following steps: the first terminal is configured to send a communication data signal carrying a data packet to be processed, and start to record a first terminal pulse number of the communication carrier signal sent by the first terminal when the first terminal finishes sending the data packet to be processed; the communication data signal is obtained by modulating the data packet to be processed on the communication carrier signal by the first terminal; the second terminal is configured to receive the communication data signal carrying the to-be-processed data packet, start recording a second terminal pulse number of the communication carrier signal received by the second terminal when the second terminal finishes receiving the to-be-processed data packet, and generate a response data packet based on the to-be-processed data packet; the second terminal is used for sending the response data packet to the first terminal when the number of the pulses of the second terminal is recorded to reach a threshold number of pulses N; and the first terminal is used for allowing the response data packet to start to be received when the number of the pulses of the first terminal reaches the threshold number of pulses N.
Optionally, the first terminal is further configured to generate a communication request, and send the communication request to the second terminal; the second terminal is further configured to receive the communication request, generate a first negotiation data packet based on the communication request, and send the first negotiation data packet to the first terminal; the first terminal is further configured to receive the first negotiation data, perform authentication operation on the second terminal based on the first negotiation data, generate a second negotiation data packet after the authentication is successful, and send the second negotiation data packet to the second terminal; the second terminal is further configured to receive the second negotiation data packet, perform authentication operation on the first terminal based on the second negotiation data packet, after the authentication is successful, generate the threshold pulse number N, perform encryption operation on the threshold pulse number N, generate a threshold pulse number ciphertext, and send the threshold pulse number ciphertext to the first terminal, where N is equal to or less than λ, and λ is a number of pulses generated when the communication carrier signal passes through a frame waiting time specified by a communication protocol employed by the first terminal and the second terminal; and the first terminal is further configured to receive the threshold pulse number ciphertext, perform decryption operation on the threshold pulse number ciphertext, obtain and store the threshold pulse number N.
Optionally, the preset factory information of the first terminal and the second terminal stores the threshold number of pulses N, where N is not greater than λ, and λ is the number of pulses generated when the communication carrier signal passes through a frame waiting time specified by a communication protocol used by the first terminal and the second terminal.
Optionally, the first terminal and the second terminal perform data interaction based on a pulse communication protocol, and perform a verification operation on the received number N of the threshold pulses based on a tamper-proof verification value, where the pulse communication protocol is a communication protocol in which transmission data at least includes the number N of the threshold pulses and the tamper-proof verification value; the threshold pulse number N is generated by the first terminal based on ω, where N is greater than or equal to ω, where ω is a pulse number generated by the communication carrier signal after passing through a predetermined completion time for processing data sent by the first terminal and received by the second terminal, or the threshold pulse number N is generated by negotiation between the first terminal and the second terminal, where the negotiation includes: the first terminal generates the N and sends the N to the second terminal, and the second terminal sends response information to the first terminal after the first terminal is successfully authenticated; or the second terminal generates the N and sends the N to the first terminal, and the first terminal sends response information to the second terminal after the second terminal is successfully authenticated; or the first terminal generates N1 and sends the N1 to the second terminal, the second terminal generates N2 and sends the N2 to the first terminal, and the first terminal and the second terminal respectively generate the N by using the N1 and the N2 based on the same algorithm.
Optionally, the communication method adopted by the first terminal and the second terminal includes: short-range wireless communication mode.
It can be seen from the above technical solutions that, the present invention provides a data communication method and a data communication system, where a first terminal starts to record a first terminal pulse number of a communication carrier signal sent by the first terminal when a pending data packet is sent by the first terminal, and receives a response data packet only when the first terminal pulse number reaches a threshold pulse number N; the second terminal starts to record the pulse number of the second terminal of the communication carrier signal received by the second terminal after receiving the second terminal, and only sends a response data packet when the pulse number of the second terminal reaches N, the first terminal and the second terminal simultaneously send and receive data by detecting the pulse number, the timing accuracy of the two terminals is greatly improved, thereby ensuring that the first terminal and the second terminal only send and receive the response data packet at a specific high-accuracy moment, even if the response data packet sent by the second terminal to the first terminal is intercepted by a third party in the transmission process, because the tampering time of the data by the third party is in the millisecond level and is far greater than the timing accuracy of the first terminal, the first terminal does not receive the response data packet at the specific moment and immediately stops the communication flow, when the data tampered by the third party reaches the first terminal, the first terminal already stops the communication flow, thereby putting an end to the risk that the data received by the first terminal is tampered by the outside in the transmission process, the reliability of the response data packet received by the first terminal is greatly improved, in addition, N is larger than or equal to omega, the second terminal can be ensured to complete the processing operation of the data packet to be processed before the response data packet needs to be sent and generate the response data packet, and the communication method and the communication system can be compatible with the existing communication protocol by using lambda which is larger than or equal to N.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a flowchart of a data communication method according to embodiment 1 of the present invention;
fig. 2 is a flowchart of a threshold pulse number negotiation method provided in embodiment 1 of the present invention;
fig. 3 is a schematic structural diagram of a data communication system according to embodiment 2 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Example 1
The present embodiment provides a data communication method, in a communication process between a first terminal and a second terminal, the first terminal always generates a communication carrier signal, in the communication technology, the communication carrier signal is an electric wave generated by an oscillator and transmitted on a communication channel, and is modulated to transmit data, in the present embodiment, the communication carrier is generated by the first terminal as a carrier for transmitting data information.
As shown in fig. 1, the method comprises the following steps:
s101, the first terminal sends a communication data signal carrying a data packet to be processed,
the communication data signal is obtained by modulating the data packet to be processed on a communication carrier signal by the first terminal, the communication carrier signal is an unmodulated periodic oscillation signal, the communication carrier signal can be a sine wave or a non-sine wave (such as a periodic pulse sequence), and a signal generated by modulating the data packet to be processed on the communication carrier signal is called a communication data signal and contains full-wave characteristics of the data packet to be processed. The frequency of the communication carrier signal is generally required to be much higher than the bandwidth of the data packet modulation signal to be processed, otherwise aliasing occurs, and the transmission signal is distorted. And by using communication data signal transmission, the first terminal loads the signal of the data packet to be processed to the communication carrier signal for data transmission, so that the correct outgoing of the data packet to be processed is ensured.
S102, starting to record the number of first terminal pulses of a communication carrier signal sent by a first terminal when the first terminal finishes sending a data packet to be processed; the communication data signal is obtained by modulating a data packet to be processed on a communication carrier signal by a first terminal;
in the field of communications, a pulse signal is a discrete signal and can have various forms, such as a spike pulse signal, a triangular pulse signal, and the like. The most common pulse signal is a rectangular wave, i.e. a square wave, in the form of a periodic high level or a periodic low level. In this embodiment, the first terminal and the second terminal transmit and receive signals by recording the number of pulses of the pulse signal. When the first terminal finishes sending the data packet to be processed, the communication carrier signal is recorded in real time from 0 numberThe number of pulses of the communication carrier signal is obtained in real time, so that the number of pulses of the first terminal of the communication carrier signal sent by the first terminal is obtained in real time; or when the first terminal finishes sending the data packet to be processed, detecting the current pulse number by using a pulse detection element in the first terminal, setting the current pulse number as the first initial pulse number, and then starting to detect the pulse number change of the communication carrier signal in real time, so as to obtain the difference value of the pulses of the communication carrier signal relative to the first initial pulse number in real time. The pulse number variation speed of the communication carrier signal is positively correlated with the frequency of the communication carrier signal, and by detecting the first terminal pulse number of the communication carrier signal sent by the first terminal at a certain T moment, the time interval between the T moment and the moment when the first terminal finishes sending the data packet to be processed can be accurately recorded based on the pulse number, for example, when the frequency of the communication carrier signal is v, the duration of one period is vThat is to say two adjacent pulses are spaced apart by a time interval of
Because the frequency of the communication carrier signal is generally extremely high, for example, 13.56MHz and 2.4GHz, when the frequency adopted by the communication carrier signal is 2.4GHz, the interval time between two adjacent pulses is about 0.4 nanosecond, and it can be seen that the detection precision can be greatly improved by the first terminal detecting the time interval by measuring the number change of the communication carrier signal pulses.
S103, the second terminal receives the communication data signal carrying the data packet to be processed,
the second terminal receives the data signals of the data packets to be processed according to the frequency of the communication carrier signals, the amplitude of meaningful signal waves is different from that of meaningless signals, effective signals are extracted to be the data signals of the required data packets to be processed, and therefore the data packets to be processed are obtained efficiently.
S104, when the second terminal receives the data packet to be processed, starting to record the number of second terminal pulses of the communication carrier signal received by the second terminal, and generating a response data packet based on the data packet to be processed;
when the second terminal finishes receiving the data packet to be processed, recording the pulse number of the communication carrier signal in real time from the number 0, thereby obtaining the pulse number of the second terminal of the communication carrier signal received by the second terminal in real time; or when the second terminal receives the data packet to be processed, detecting the current pulse number by using a pulse detection element in the second terminal, setting the current pulse number as a second initial pulse number, and then starting to detect the pulse number change of the communication carrier signal in real time, so as to obtain the difference value of the pulse of the communication carrier signal relative to the second initial pulse number in real time, and processing the received data packet to be processed to generate a response data packet; the second terminal performs timing by detecting the communication carrier signal sent by the first terminal, and the time interval can be measured without arranging elements such as a timer, a crystal oscillator and a power supply on the second terminal, so that the production cost of the second terminal is reduced; by detecting the number of pulses of the first terminal of the communication carrier signal received by the second terminal at a certain time T, the time interval between the time T and the time when the second terminal finishes receiving the data packet to be processed can be accurately recorded based on the number of pulses, for example, when the frequency of the communication carrier signal is v, the duration of one period is vThat is to say two adjacent pulses are spaced apart by a time interval of
Because the frequency of the communication carrier signal is generally extremely high, such as 13.56MHz and 2.4GHz, when the frequency adopted by the communication carrier signal is 2.4GHz, the interval time between two adjacent pulses is about 0.4 nanosecond, and thus, the detection precision can be greatly improved by detecting the time interval by measuring the number change of the pulses of the communication carrier signal by the second terminal;
the first terminal and the second terminal carry out time detection based on the pulse number change of the same communication carrier signal, and when the first terminal finishes sending the number to be processedAfter the data packet, detecting the pulse number change of the communication carrier signal at a time T1, and after the second terminal receives the pending data packet, detecting the pulse number change of the communication carrier signal at a time T2, where T2 is T1+ Δ T1+ Δ T2, the first terminal splits the pending data packet into x data blocks for transmission, where Δ T1 is a transmission time of an xth data block in the pending data packet between the first terminal and the second terminal, and Δ T2 is a time difference between a time point when the xth data block reaches the second terminal and a time point when the xth data block of the pending data packet is received by the second terminal; the data packet to be processed is transmitted at the speed of light during transmission, and the transmission time Δ T1 of the last data block of the data packet to be processed is the ratio of the transmission distance S to the speed of light C, i.e., Δ T1 is S/C, since C is 3 × 108m/s, so Δ T1 is a minimum; in general, during the interaction process of the data packets, the two communicating parties split the data packet to be transmitted into a plurality of data blocks for transmission, in this embodiment, it is assumed that the data packet to be transmitted is split into x data blocks for transmission, before the first terminal finishes transmitting the last data block, that is, the xth data block, the second terminal has started receiving the first data block in the data packet to be processed, at time T1+ Δ T1, the second terminal has already received x-1 data blocks in the data packet to be processed, Δ T2 is a time difference between the time when the xth data block reaches the second terminal and the time when the xth data block of the data packet to be processed is received by the second terminal, and therefore, Δ T2 is also an extremely small value, and therefore, in the communication method provided in this embodiment, the first terminal and the second terminal can be regarded as equivalent and simultaneously perform timing based on the communication carrier signal, therefore, the synchronism and the accuracy of the timing results of the two parties are ensured;
the method comprises the steps that after a data packet to be processed is received by a second terminal, authentication operation is carried out on the data packet to be processed, key information in the data packet to be processed is extracted after authentication is successful, the key information is processed, a response data packet is generated, for example, in transaction communication, after the data packet to be processed is received by the second terminal, signature operation is carried out on the data packet to be processed, the identity of a first terminal is confirmed to be legal, then key information such as a transaction account number and a transaction amount in the data packet to be processed is extracted and displayed, after the user confirms, the second terminal carries out signature operation on the key information by using a second terminal private key, signature data is generated, and the response data packet is generated based on the signature data and a second terminal certificate, so that the communication safety is guaranteed.
S105, when the second terminal records that the number of the pulses of the second terminal reaches the threshold number of pulses N, the second terminal sends a response data packet to the first terminal;
the second terminal detects a variation difference value of the number of pulses of the communication carrier signal at the current moment relative to the second initial number of pulses in real time, and when the variation difference value reaches a threshold number of pulses N, transmits a generated response data packet to the first terminal, where the threshold number of pulses N may be stored in factory setting information for the first terminal and the second terminal, or the threshold number of pulses N may be generated by negotiation between the first terminal and the second terminal, or the threshold number of pulses N may be carried in a communication protocol of the first terminal and the second terminal, where, optionally, ω is not less than N and not more than λ, ω is a pulse number variation value generated by a predetermined completion time for processing data, which is received by the first terminal, by the second terminal, and the predetermined completion time is the longest time required by the second terminal for processing the data, which is sent by the first terminal, n is larger than or equal to omega, the second terminal can be ensured to finish the processing operation of the data packet to be processed and generate a response data packet before the response data packet needs to be sent, and the normal communication between the first terminal and the second terminal is ensured to be realized; λ is a pulse number change value generated when a communication carrier signal passes through frame waiting time specified by a communication protocol adopted by a first terminal and a second terminal, the frame waiting time refers to effective waiting time after a to-be-processed data packet specified in the communication protocol is sent, communication failure is judged after the frame waiting time is exceeded, the communication protocol adopted by the first terminal and the second terminal can be a current general communication protocol and a communication protocol which may appear in the future, such as an ISO14443 communication protocol and an ISO15693 communication protocol, and λ is not more than N and can ensure that the second terminal sends a response data packet to the first terminal within the frame waiting time, so that the method is compatible with the existing communication protocol and can ensure normal communication between the first terminal and the second terminal under the existing communication protocol; the second terminal sends the response data packet out only at a specific time point by detecting the number of the pulses and sending the response data packet out when the second number of the pulses reaches the threshold number of the pulses N, and meanwhile, the accuracy of the sending time of the response data packet is ensured.
S106, when the first terminal records that the number of the first terminal pulses reaches the threshold pulse number N, the first terminal allows to start receiving response data packets;
in this embodiment, the first terminal and the second terminal communicate by using a short-range wireless communication method, and the short-range wireless communication method may include the following communication protocols: a bluetooth communication protocol, an infrared IrDA communication protocol, an RFID communication protocol, a ZigBee communication protocol, an Ultra WideBand (Ultra WideBand) communication protocol, a short-range communication (NFC) communication protocol, a WiMedia communication protocol, a GPS communication protocol, a DECT communication protocol, a wireless 1394 communication protocol, and a dedicated wireless communication protocol, when the above-mentioned short-distance wireless communication method is used for communication, the distance between the first terminal and the second terminal is negligible with respect to the transmission distance of the data signal in a unit time, for example, when the bluetooth communication protocol is used for communication, the distance between the first terminal and the second terminal is less than 10 meters, and data between the first terminal and the second terminal is wirelessly transmitted at the speed of light, so that in the short-distance wireless communication method, the data transmission time between the first terminal and the second terminal is extremely short, about 30ns, and can be ignored, that is, after a first terminal sends a data packet, a second terminal can immediately receive the data packet, and when the first terminal receives a response data packet sent by the second terminal when detecting that the number of pulses of the second terminal reaches a threshold number of pulses N, the number of pulses of the first terminal detected by the first terminal is also N; the first terminal allows the response data packet to be received only when detecting that the number of pulses of the first terminal reaches the threshold number of pulses N, otherwise, the first terminal does not allow the data information sent from the outside to be received, and therefore the reliability of the received response data packet is greatly improved. In this embodiment, the first terminal and the second terminal may be any devices capable of performing data interactive communication, optionally, the first terminal may be a reader, the reader may be a card reader, a computer, a mobile phone, a router, a vehicle-mounted device, a server, and the like, the second terminal may be a transponder, the transponder may be a smart card, an identification card, a smart key device, a mobile phone, a computer, a router, a smart home, a wearable device, and the like, during data communication, the first terminal and the second terminal perform simultaneous transceiving by detecting the number of pulses, which greatly improves the timing accuracy of both sides, thereby ensuring that the first terminal and the second terminal only transceive the reply data packet at a specific high-accuracy moment, even if the reply data packet sent by the second terminal to the first terminal is intercepted by a third party during transmission, since the third party falsifies the data at millisecond level, the timing precision of the first terminal is far greater than that of the first terminal, the first terminal does not receive the response data packet at a specific moment and immediately stops the communication process, and when the data tampered by the third party reaches the first terminal, the first terminal terminates the communication process, so that the risk that the data received by the first terminal is tampered by the outside in the transmission process is eliminated, and the reliability of the response data packet received by the first terminal is greatly improved.
Optionally, before the first terminal sends the communication data signal carrying the data packet to be processed in step S101, as shown in fig. 2, the method further includes the steps of:
s1001, a first terminal generates a communication request and sends the communication request to a second terminal;
s1002, the second terminal receives the communication request, generates a first negotiation data packet based on the communication request and sends the first negotiation data packet to the first terminal;
s1003, the first terminal receives the first negotiation data, carries out authentication operation on the second terminal based on the first negotiation data, generates a second negotiation data packet after the authentication is successful, and sends the second negotiation data packet to the second terminal;
s1004, the second terminal receives a second negotiation data packet, performs authentication operation on the first terminal based on the second negotiation data packet, generates a threshold pulse number N after the authentication is successful, performs encryption operation on the threshold pulse number N, generates a threshold pulse number ciphertext, and transmits the threshold pulse number ciphertext to the first terminal, wherein N is less than or equal to lambda, and lambda is the pulse number generated when a communication carrier signal passes through frame waiting time specified by a communication protocol adopted by the first terminal and the second terminal;
the frame waiting time refers to effective waiting time after a to-be-processed data packet specified in a communication protocol is sent out, communication failure is judged after the frame waiting time is exceeded, and lambda is not less than N, so that the second terminal can be ensured to send a response data packet to the first terminal within the frame waiting time, the existing communication protocol is compatible, and normal communication can be carried out between the first terminal and the second terminal under the existing communication protocol;
optionally, ω ≦ N ≦ λ, where ω is a pulse number variation value generated by the second terminal for the communication carrier signal to process the received data sent by the first terminal within a predetermined completion time, and the first terminal may acquire the pulse number variation value in a variety of ways, including but not limited to the following ways: omega can be obtained by the first terminal through external key input, omega can be obtained by the second terminal sending to the first terminal, omega can be obtained by the first terminal scanning code, and omega can be obtained by the first terminal according to factory preset information; n is larger than or equal to omega, the second terminal can be ensured to finish the processing operation of the data packet to be processed and generate a response data packet before the response data packet needs to be sent, and the normal communication between the first terminal and the second terminal is ensured to be realized;
and S1005, the first terminal receives the threshold pulse number ciphertext, decrypts the threshold pulse number ciphertext to obtain and store the threshold pulse number N.
Steps S1001 to S1005 may include, but are not limited to, the following 3 implementation schemes provided in this embodiment:
scheme 1:
the first terminal generates a first random number and sends the first random number to the second terminal;
the first random number can be generated by the first terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the first random number is ensured;
the second terminal receives the first random number, generates a second random number, signs the first random number by using a second device private key, generates first signature information, and sends a first negotiation data packet to the first terminal, wherein the first negotiation data packet at least comprises: the CA certificate, the first signature information and the second random number of the second terminal;
the second random number can be generated by the second terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the second random number is ensured; the second equipment signs the first random number based on the private key of the second equipment and sends the CA certificate of the second equipment to the first terminal so that the first terminal authenticates the legitimacy of the second equipment;
the first terminal receives the first negotiation data, the CA certificate of the second terminal is authenticated, after the authentication is successful, a second terminal public key is obtained, the signature verification operation is carried out on the first signature information based on the second terminal public key, after the signature verification is successful, the signature verification operation is carried out on the second random number by using the first equipment private key, the second signature information is generated, and the second negotiation data packet is sent to the second terminal, wherein the second negotiation data packet at least comprises: the CA certificate and the second signature information of the first terminal;
the first terminal authenticates the identity of the second terminal based on the public key of the second terminal to ensure the validity of the second terminal, and after the authentication is successful, the first equipment signs the second random number based on the private key of the first equipment and sends the CA certificate of the first equipment to the second terminal so that the second terminal authenticates the validity of the first equipment;
the second terminal receives the second negotiation data, performs authentication operation on the CA certificate of the first terminal, acquires a first terminal public key after the authentication is successful, performs signature verification operation on the second signature information based on the first terminal public key, generates a threshold pulse number N after the signature verification is successful, performs encryption operation on the threshold pulse number N by using the first terminal public key, generates a threshold pulse number ciphertext, and transmits the threshold pulse number ciphertext to the first terminal;
the second terminal carries out identity authentication on the first terminal based on the first terminal public key to ensure the legality of the first terminal, after the authentication is successful, a threshold pulse number N is generated, the first terminal public key is used for carrying out encryption operation on the threshold pulse number to generate a threshold pulse number ciphertext, and the threshold pulse number ciphertext generated by carrying out the encryption operation on the threshold pulse number by using the first terminal public key can only be decrypted by using a first terminal private key, and the first terminal private key is stored in a first terminal security chip and cannot be obtained outside, so that the security of the threshold pulse number N is ensured;
the first terminal receives the threshold pulse number ciphertext, and decrypts the threshold pulse number ciphertext by using a first terminal private key to obtain and store the threshold pulse number N;
the first terminal decrypts the threshold pulse number ciphertext by using a private key of the first terminal to obtain and store the threshold pulse number N, thereby realizing the threshold pulse number N negotiation between the first terminal and the second terminal and simultaneously ensuring the safety of the negotiation process.
Scheme 2:
the first terminal generates a first random number and sends the first random number and a CA certificate of the first terminal to the second terminal;
the first random number can be generated by the first terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the first random number is ensured;
the second terminal receives the first random number and the CA certificate of the first terminal, generates a second random number, performs authentication operation on the CA certificate of the first terminal, acquires a first terminal public key after the authentication is successful, performs signature operation on the first random number by using a second terminal private key, generates first signature information, performs encryption operation on the second random number by using the first terminal public key, generates a second random number ciphertext, and sends first negotiation information to the first terminal, wherein the first negotiation information at least comprises: the CA certificate, the first signature information and the second random number ciphertext of the second terminal;
the second random number can be generated by the second terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the second random number is ensured; the second terminal obtains a first terminal public key based on the first terminal CA certificate and encrypts the second random number by using the first terminal public key, and because a second random number ciphertext generated by encrypting the first terminal public key can only be decrypted by using the first terminal private key, the first terminal private key is stored in the first terminal security chip and cannot be obtained outside, the security of the second random number is ensured;
the first terminal receives the first negotiation data, carries out authentication operation on a CA certificate of the second terminal, carries out signature verification operation on first signature information based on a public key of the second terminal after the authentication is successful, carries out decryption operation on a second random number ciphertext by using a private key of first equipment after the signature verification is successful, obtains a second random number, carries out signature operation on the second random number by using a private key of the first equipment, and generates second signature information; the first terminal generates a third random number, encrypts the third random number by using a public key of the second device to obtain a third random number ciphertext, obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, and sends second negotiation information to the second terminal, wherein the second negotiation information at least comprises: second signature information and a third random number ciphertext;
the first terminal authenticates the identity of the second terminal based on the second terminal public key to ensure the validity of the second terminal, decrypts the second random number ciphertext by using a private key of the first terminal after the authentication is successful to obtain a second random number, generates a third random number, and obtains a transmission key based on the second random number and the third random number according to a first preset algorithm; the third random number can be generated by the first terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the third random number is ensured; the second terminal public key is used for encrypting the third random number, and a third random number ciphertext generated by encrypting the second terminal public key can only be decrypted by using the second terminal private key, and the second terminal private key is stored in the second terminal security chip and cannot be obtained by the outside, so that the security of the third random number is ensured;
the second terminal receives the second negotiation data, performs signature verification operation on the second signature information based on the first terminal public key, decrypts a third random number ciphertext by using a second terminal private key after the signature verification is successful to obtain a third random number, and obtains a transmission key based on the second random number and the third random number according to a first preset algorithm; the second terminal generates a transmission key to generate feedback information and sends the transmission key to generate feedback information to the first terminal;
the second terminal decrypts the third random number ciphertext by using a private key thereof to obtain a third random number, and obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, and the first terminal and the second terminal respectively obtain the transmission key according to the first preset algorithm based on the second random number and the third random number, so that the two terminals are ensured to negotiate the same transmission key, the transmission key does not need to be sent out, the transmission key is prevented from leaking in the communication process, and the communication safety is improved;
the first terminal receives the transmission key to generate feedback information, generates threshold pulse number N, encrypts the threshold pulse number N by using the transmission key to generate threshold pulse number ciphertext, and sends the threshold pulse number ciphertext to the second terminal;
the method comprises the steps that a first terminal generates a threshold pulse number N, encryption operation is carried out on the threshold pulse number by using a transmission key to generate a threshold pulse number ciphertext, and the transmission key is obtained by the first terminal and a second terminal according to a first preset algorithm based on a second random number and a third random number respectively, only stored in the first terminal and the second terminal, and cannot be obtained by the outside, so that the safety of the threshold pulse number N is ensured;
the second terminal receives the threshold pulse number ciphertext, decrypts the threshold pulse number ciphertext by using the transmission key, and obtains and stores the threshold pulse number N;
the second terminal decrypts the threshold pulse number ciphertext by using the transmission key to obtain and store the threshold pulse number N, thereby realizing the negotiation of the threshold pulse number N between the first terminal and the second terminal and simultaneously ensuring the safety of the negotiation process.
Scheme 3:
the first terminal generates a first random number and sends the first random number and a CA certificate of the first terminal to the second terminal;
the first random number can be generated by the first terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the first random number is ensured;
the second terminal receives the first random number and the CA certificate of the first terminal, generates a second random number, performs authentication operation on the CA certificate of the first terminal, acquires a first terminal public key after the authentication is successful, performs signature operation on the first random number by using a second terminal private key, generates first signature information, performs encryption operation on the second random number by using the first terminal public key, generates a second random number ciphertext, and sends first negotiation information to the first terminal, wherein the first negotiation information at least comprises: the CA certificate, the first signature information and the second random number ciphertext of the second terminal;
the second random number can be generated by the second terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the second random number is ensured; the second terminal obtains a first terminal public key based on the first terminal CA certificate and encrypts the second random number by using the first terminal public key, and because a second random number ciphertext generated by encrypting the first terminal public key can only be decrypted by using the first terminal private key, the first terminal private key is stored in the first terminal security chip and cannot be obtained outside, the security of the second random number is ensured;
the first terminal receives the first negotiation data, carries out authentication operation on a CA certificate of the second terminal, carries out signature verification operation on first signature information based on a public key of the second terminal after the authentication is successful, carries out decryption operation on a second random number ciphertext by using a private key of first equipment after the signature verification is successful, obtains a second random number, carries out signature operation on the second random number by using a private key of the first equipment, and generates second signature information; the first terminal generates a third random number, encrypts the third random number by using a public key of the second device to obtain a third random number ciphertext, obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, and sends second negotiation information to the second terminal, wherein the second negotiation information at least comprises: second signature information and a third random number ciphertext;
the first terminal authenticates the identity of the second terminal based on the second terminal public key to ensure the validity of the second terminal, decrypts the second random number ciphertext by using a private key of the first terminal after the authentication is successful to obtain a second random number, generates a third random number, and obtains a transmission key based on the second random number and the third random number according to a first preset algorithm; the third random number can be generated by the first terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the third random number is ensured; the second terminal public key is used for encrypting the third random number, and a third random number ciphertext generated by encrypting the second terminal public key can only be decrypted by using the second terminal private key, and the second terminal private key is stored in the second terminal security chip and cannot be obtained by the outside, so that the security of the third random number is ensured;
the second terminal receives the second negotiation data, performs signature verification operation on the second signature information based on the first terminal public key, decrypts a third random number ciphertext by using a second terminal private key after the signature verification is successful to obtain a third random number, and obtains a transmission key based on the second random number and the third random number according to a first preset algorithm; the second terminal generates a threshold pulse number N, encrypts the threshold pulse number N by using a transmission key to generate a threshold pulse number ciphertext and sends the threshold pulse number ciphertext to the first terminal;
the second terminal decrypts the third random number ciphertext by using a private key thereof to obtain a third random number, and obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, and the first terminal and the second terminal respectively obtain the transmission key according to the first preset algorithm based on the second random number and the third random number, so that the two terminals are ensured to negotiate the same transmission key, the transmission key does not need to be sent out, the transmission key is prevented from leaking in the communication process, and the communication safety is improved; the second terminal generates a threshold pulse number N, and encrypts the threshold pulse number N by using transmission to generate a threshold pulse number ciphertext, because the transmission key is obtained by the first terminal and the second terminal according to a first preset algorithm based on a second random number and a third random number respectively, only stored in the first terminal and the second terminal, and cannot be obtained by the outside, the security of the threshold pulse number N is ensured;
the first terminal receives the threshold pulse number ciphertext, decrypts the threshold pulse number ciphertext by using the transmission key to obtain and store the threshold pulse number N;
the first terminal decrypts the threshold pulse number ciphertext by using the transmission key to obtain and store the threshold pulse number N, thereby realizing the negotiation of the threshold pulse number N between the first terminal and the second terminal and simultaneously ensuring the safety of the negotiation process.
Through the negotiation process of the threshold pulse number N, the safety of the generation of the threshold pulse number N can be ensured, the threshold pulse number N is prevented from being acquired externally, and further, the negotiation process of the threshold pulse number N can be generated by renegotiation before information interaction every time, so that the safety of the threshold pulse number N is further ensured.
Optionally, the factory preset information of the first terminal and the second terminal stores a threshold pulse number N, where N is equal to or less than λ, and λ is a pulse number generated when the communication carrier signal passes through a frame waiting time specified by a communication protocol adopted by the first terminal and the second terminal;
the threshold pulse number N is stored in the factory preset information of the first terminal and the second terminal, so that the threshold pulse number N does not need to be transmitted between the first terminal and the second terminal, the threshold pulse number N is prevented from being intercepted by the outside in the transmission process, and the safety of the threshold pulse number N is ensured; lambda is a pulse number change value generated when a communication carrier signal passes through frame waiting time specified by a communication protocol adopted by a first terminal and a second terminal, the frame waiting time refers to effective waiting time after a to-be-processed data packet specified in the communication protocol is sent out, communication failure is judged after the frame waiting time is exceeded, and lambda is not less than N, so that the second terminal can send a response data packet to the first terminal within the frame waiting time, the communication protocol is compatible with the existing communication protocol, and normal communication can be carried out between the first terminal and the second terminal under the existing communication protocol.
Optionally, the first terminal and the second terminal perform data interaction based on a pulse communication protocol, and perform a verification operation on the number N of received threshold pulses based on an anti-tampering verification value, where the pulse communication protocol is a communication protocol in which transmission data at least includes the number N of threshold pulses; or the pulse communication protocol is a communication protocol which at least comprises a threshold pulse number N and an anti-tampering check value in transmission data, wherein the anti-tampering check value is used for checking the threshold pulse number N;
the communication protocol adopted by the first terminal and the second terminal can specify that the number of threshold pulses N is carried in communication data, after the first terminal and the second terminal receive a data packet in the communication process, the number of threshold pulses N in the data packet is read, and timing communication is performed based on the number of threshold pulses N in the data packet, further, the communication protocol adopted by the first terminal and the second terminal can specify that the number of threshold pulses N and a tamper-proof check value are carried in the communication data simultaneously, after the first terminal and the second terminal receive the data packet in the communication process, the number of threshold pulses N and the tamper-proof check value in the data packet are read, the tamper-proof check value is a check value generated based on the number of threshold pulses N, for example, the tamper-proof check value is obtained by performing abstract operation on the number of threshold pulses N, after the first terminal and the second terminal receive the data packet in the communication process, reading the threshold pulse number N in the data packet to perform verification operation, wherein once the first terminal and the second terminal receive the data packet in the communication process, the threshold pulse number N in the read data packet is tampered by others, the verification can be failed, and after the verification is successful, the first terminal and the second terminal perform timing communication based on the threshold pulse number N in the data packet; optionally, the number N of the threshold pulses and the tamper-resistant check value may be attached to a data header or a data trailer of a communication data packet specified by an existing communication protocol, and of course, the present invention is not limited thereto; the threshold pulse number N is written into the transmission protocol, so that each data packet is ensured to contain the information of the threshold pulse number N, the first terminal and the second terminal do not need to store the threshold pulse number N, a third party is prevented from breaking a storage module of the first terminal or the second terminal to obtain the threshold pulse number N, and meanwhile, the communication efficiency is improved;
the threshold pulse number N is generated by the first terminal based on omega, and N is more than or equal to omega, wherein omega is the pulse number generated by the preset completion time of the communication carrier signal processing the received data sent by the first terminal through the second terminal,
the first terminal may obtain ω in a number of ways, including but not limited to the following: omega can be obtained by the first terminal through external key input, omega can be obtained by the second terminal sending to the first terminal, omega can be obtained by the first terminal scanning code, and omega can be obtained by the first terminal according to factory preset information; n is more than or equal to omega, the second terminal can finish the processing operation of the data packet to be processed and generate the response data packet before needing to send the response data packet, the normal communication between the first terminal and the second terminal is ensured to be realized,
optionally, ω ≦ N ≦ λ, where λ is a pulse number variation value generated by the communication carrier signal passing through a frame waiting time specified by a communication protocol employed by the first terminal and the second terminal; the frame waiting time refers to effective waiting time after a to-be-processed data packet specified in a communication protocol is sent out, communication failure is judged after the frame waiting time is exceeded, and lambda is not less than N, so that the second terminal can be ensured to send a response data packet to the first terminal within the frame waiting time, the existing communication protocol is compatible, and normal communication can be carried out between the first terminal and the second terminal under the existing communication protocol;
after the first terminal generates the threshold pulse number N, the threshold pulse number N may be sent to the second terminal in the following manner:
the first terminal encrypts the threshold pulse number N by using a second terminal public key to generate a threshold pulse number ciphertext and sends the threshold pulse number ciphertext to the second terminal; the threshold pulse number ciphertext generated by encrypting the threshold pulse number by using the second terminal public key can only be decrypted by using the second terminal private key, and the second terminal private key is stored in the second terminal security chip and cannot be obtained by the outside, so that the security of the threshold pulse number N is ensured; the second terminal receives the threshold pulse number ciphertext, decrypts the threshold pulse number ciphertext by using a second terminal private key to obtain and store the threshold pulse number N, so that the first terminal sends the generated threshold pulse number N to the second terminal, and meanwhile, the safety of the threshold pulse number N sending process is ensured; alternatively, the first and second electrodes may be,
the first terminal generates a first random number and sends the first random number and a CA certificate of the first terminal to the second terminal;
the first random number can be generated by the first terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the first random number is ensured;
the second terminal receives the first random number and the CA certificate of the first terminal, generates a second random number, performs authentication operation on the CA certificate of the first terminal, acquires a first terminal public key after the authentication is successful, performs signature operation on the first random number by using a second terminal private key, generates first signature information, performs encryption operation on the second random number by using the first terminal public key, generates a second random number ciphertext, and sends first negotiation information to the first terminal, wherein the first negotiation information at least comprises: the CA certificate, the first signature information and the second random number ciphertext of the second terminal;
the second random number can be generated by the second terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the second random number is ensured; the second terminal obtains a first terminal public key based on the first terminal CA certificate and encrypts the second random number by using the first terminal public key, and because a second random number ciphertext generated by encrypting the first terminal public key can only be decrypted by using the first terminal private key, the first terminal private key is stored in the first terminal security chip and cannot be obtained outside, the security of the second random number is ensured;
the first terminal receives the first negotiation data, carries out authentication operation on a CA certificate of the second terminal, carries out signature verification operation on first signature information based on a public key of the second terminal after the authentication is successful, carries out decryption operation on a second random number ciphertext by using a private key of first equipment after the signature verification is successful, obtains a second random number, carries out signature operation on the second random number by using a private key of the first equipment, and generates second signature information; the first terminal generates a third random number, encrypts the third random number by using a public key of the second device to obtain a third random number ciphertext, obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, and sends second negotiation information to the second terminal, wherein the second negotiation information at least comprises: second signature information and a third random number ciphertext;
the first terminal authenticates the identity of the second terminal based on the second terminal public key to ensure the validity of the second terminal, decrypts the second random number ciphertext by using a private key of the first terminal after the authentication is successful to obtain a second random number, generates a third random number, and obtains a transmission key based on the second random number and the third random number according to a first preset algorithm; the third random number can be generated by the first terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the third random number is ensured; the second terminal public key is used for encrypting the third random number, and a third random number ciphertext generated by encrypting the second terminal public key can only be decrypted by using the second terminal private key, and the second terminal private key is stored in the second terminal security chip and cannot be obtained by the outside, so that the security of the third random number is ensured;
the second terminal receives the second negotiation data, performs signature verification operation on the second signature information based on the first terminal public key, decrypts a third random number ciphertext by using a second terminal private key after the signature verification is successful to obtain a third random number, and obtains a transmission key based on the second random number and the third random number according to a first preset algorithm; the second terminal generates a transmission key to generate feedback information and sends the transmission key to generate feedback information to the first terminal;
the second terminal decrypts the third random number ciphertext by using a private key thereof to obtain a third random number, and obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, and the first terminal and the second terminal respectively obtain the transmission key according to the first preset algorithm based on the second random number and the third random number, so that the two terminals are ensured to negotiate the same transmission key, the transmission key does not need to be sent out, the transmission key is prevented from leaking in the communication process, and the communication safety is improved;
the first terminal receives the transmission key to generate feedback information, encrypts the generated threshold pulse number N by using the transmission key to generate a threshold pulse number ciphertext, and sends the threshold pulse number ciphertext to the second terminal;
the first terminal encrypts the threshold pulse number N by using the transmission key to generate a threshold pulse number ciphertext, and the transmission key is obtained by the first terminal and the second terminal according to a first preset algorithm based on a second random number and a third random number respectively, only stored in the first terminal and the second terminal, and not obtained by the outside, so that the safety of the threshold pulse number N is ensured;
the second terminal receives the threshold pulse number ciphertext, decrypts the threshold pulse number ciphertext by using the transmission key, and obtains and stores the threshold pulse number N;
the second terminal decrypts the threshold pulse number ciphertext by using the transmission key to obtain and store the threshold pulse number N, so that the first terminal sends the generated threshold pulse number N to the second terminal, and meanwhile, the safety of the threshold pulse number N sending process is ensured.
Optionally, the threshold number N of pulses is generated by a negotiation between the first terminal and the second terminal, where the negotiation includes: the first terminal generates N and sends the N to the second terminal, and the second terminal sends response information to the first terminal after the first terminal is successfully authenticated; or the second terminal generates N and sends the N to the first terminal, and the first terminal sends response information to the second terminal after the second terminal is successfully authenticated; or the first terminal generates N1 and transmits N1 to the second terminal, the second terminal generates N2 and transmits N2 to the first terminal, the first terminal and the second terminal respectively generate N by using N1 and N2 based on the same algorithm,
the negotiation process may include, but is not limited to, the following 3 implementation schemes provided by this embodiment:
scheme 1:
the first terminal generates a first random number and sends the first random number to the second terminal;
the first random number can be generated by the first terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the first random number is ensured;
the second terminal receives the first random number, generates a second random number, signs the first random number by using a second device private key, generates first signature information, and sends a first negotiation data packet to the first terminal, wherein the first negotiation data packet at least comprises: the CA certificate, the first signature information and the second random number of the second terminal;
the second random number can be generated by the second terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the second random number is ensured; the second equipment signs the first random number based on the private key of the second equipment and sends the CA certificate of the second equipment to the first terminal so that the first terminal authenticates the legitimacy of the second equipment;
the first terminal receives the first negotiation data, the CA certificate of the second terminal is authenticated, after the authentication is successful, a second terminal public key is obtained, the signature verification operation is carried out on the first signature information based on the second terminal public key, after the signature verification is successful, the signature verification operation is carried out on the second random number by using the first equipment private key, the second signature information is generated, and the second negotiation data packet is sent to the second terminal, wherein the second negotiation data packet at least comprises: the CA certificate and the second signature information of the first terminal;
the first terminal authenticates the identity of the second terminal based on the public key of the second terminal to ensure the validity of the second terminal, and after the authentication is successful, the first equipment signs the second random number based on the private key of the first equipment and sends the CA certificate of the first equipment to the second terminal so that the second terminal authenticates the validity of the first equipment;
the second terminal receives the second negotiation data, performs authentication operation on the CA certificate of the first terminal, acquires a first terminal public key after the authentication is successful, performs signature verification operation on the second signature information based on the first terminal public key, generates a threshold pulse number N after the signature verification is successful, performs encryption operation on the threshold pulse number N by using the first terminal public key, generates a threshold pulse number ciphertext, and transmits the threshold pulse number ciphertext to the first terminal;
the second terminal carries out identity authentication on the first terminal based on the first terminal public key to ensure the legality of the first terminal, after the authentication is successful, the threshold pulse number N is generated, the first terminal public key is used for carrying out encryption operation on the threshold pulse number N to generate a threshold pulse number ciphertext, the threshold pulse number ciphertext generated by carrying out encryption operation on the threshold pulse number N by using the first terminal public key can only be decrypted by using the first terminal private key, the first terminal private key is stored in the first terminal security chip and cannot be obtained by the outside, and therefore the security of the threshold pulse number N is ensured.
The first terminal receives the threshold pulse number ciphertext, and decrypts the threshold pulse number ciphertext by using a first terminal private key to obtain and store the threshold pulse number N;
the first terminal decrypts the threshold pulse number ciphertext by using a private key of the first terminal to obtain and store the threshold pulse number N, thereby realizing the negotiation of the threshold pulse number N between the first terminal and the second terminal and simultaneously ensuring the safety of the negotiation process.
Scheme 2:
the first terminal generates a first random number and sends the first random number and a CA certificate of the first terminal to the second terminal;
the first random number can be generated by the first terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the first random number is ensured;
the second terminal receives the first random number and the CA certificate of the first terminal, generates a second random number, performs authentication operation on the CA certificate of the first terminal, acquires a first terminal public key after the authentication is successful, performs signature operation on the first random number by using a second terminal private key, generates first signature information, performs encryption operation on the second random number by using the first terminal public key, generates a second random number ciphertext, and sends first negotiation information to the first terminal, wherein the first negotiation information at least comprises: the CA certificate, the first signature information and the second random number ciphertext of the second terminal;
the second random number can be generated by the second terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the second random number is ensured; the second terminal obtains a first terminal public key based on the first terminal CA certificate and encrypts the second random number by using the first terminal public key, and because a second random number ciphertext generated by encrypting the first terminal public key can only be decrypted by using the first terminal private key, the first terminal private key is stored in the first terminal security chip and cannot be obtained outside, the security of the second random number is ensured;
the first terminal receives the first negotiation data, carries out authentication operation on a CA certificate of the second terminal, carries out signature verification operation on first signature information based on a public key of the second terminal after the authentication is successful, carries out decryption operation on a second random number ciphertext by using a private key of first equipment after the signature verification is successful, obtains a second random number, carries out signature operation on the second random number by using a private key of the first equipment, and generates second signature information; the first terminal generates a third random number, encrypts the third random number by using a public key of the second device to obtain a third random number ciphertext, obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, and sends second negotiation information to the second terminal, wherein the second negotiation information at least comprises: second signature information and a third random number ciphertext;
the first terminal authenticates the identity of the second terminal based on the second terminal public key to ensure the validity of the second terminal, decrypts the second random number ciphertext by using a private key of the first terminal after the authentication is successful to obtain a second random number, generates a third random number, and obtains a transmission key based on the second random number and the third random number according to a first preset algorithm; the third random number can be generated by the first terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the third random number is ensured; the second terminal public key is used for encrypting the third random number, and a third random number ciphertext generated by encrypting the second terminal public key can only be decrypted by using the second terminal private key, and the second terminal private key is stored in the second terminal security chip and cannot be obtained by the outside, so that the security of the third random number is ensured;
the second terminal receives the second negotiation data, performs signature verification operation on the second signature information based on the first terminal public key, decrypts a third random number ciphertext by using a second terminal private key after the signature verification is successful to obtain a third random number, and obtains a transmission key based on the second random number and the third random number according to a first preset algorithm; the second terminal generates a transmission key to generate feedback information and sends the transmission key to generate feedback information to the first terminal;
the second terminal decrypts the third random number ciphertext by using a private key thereof to obtain a third random number, and obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, and the first terminal and the second terminal respectively obtain the transmission key according to the first preset algorithm based on the second random number and the third random number, so that the two terminals are ensured to negotiate the same transmission key, the transmission key does not need to be sent out, the transmission key is prevented from leaking in the communication process, and the communication safety is improved;
the first terminal receives the transmission key to generate feedback information, generates threshold pulse number N, encrypts the threshold pulse number N by using the transmission key to generate threshold pulse number ciphertext, and sends the threshold pulse number ciphertext to the second terminal;
the first terminal generates a threshold pulse number N, and encrypts the threshold pulse number N by using a transmission key to generate a threshold pulse number ciphertext, wherein the transmission key is obtained by the first terminal and the second terminal according to a first preset algorithm based on a second random number and a third random number respectively, only stored in the first terminal and the second terminal, and cannot be obtained by the outside, so that the safety of the threshold pulse number N is ensured;
the second terminal receives the threshold pulse number ciphertext, decrypts the threshold pulse number ciphertext by using the transmission key, and obtains and stores the threshold pulse number N;
the second terminal decrypts the threshold pulse number ciphertext by using the transmission key to obtain and store the threshold pulse number N, thereby realizing the threshold pulse number N negotiation between the first terminal and the second terminal and simultaneously ensuring the safety of the negotiation process.
Scheme 3:
the first terminal generates a first random number and sends the first random number and a CA certificate of the first terminal to the second terminal;
the first random number can be generated by the first terminal according to an external random noise signal or an internal random number generator, so that the external unavailability of the first random number is ensured;
the second terminal receives the first random number and the CA certificate of the first terminal, generates N2, performs authentication operation on the CA certificate of the first terminal, acquires a first terminal public key after the authentication is successful, performs signature operation on the first random number by using a second terminal private key, generates first signature information, performs encryption operation on N2 by using the first terminal public key, generates an N2 ciphertext, and sends first negotiation information to the first terminal, wherein the first negotiation information at least comprises: the CA certificate, the first signature information and the N2 ciphertext of the second terminal;
n2 can be generated by the second terminal according to the external random noise signal, or generated by the internal random number generator, so as to ensure the external unavailability of N2; the second terminal obtains a first terminal public key based on the first terminal CA certificate, and encrypts the N2 by using the first terminal public key, because an N2 ciphertext generated by encrypting the first terminal public key can only be decrypted by using the first terminal private key, and the first terminal private key is stored in the first terminal security chip and cannot be obtained by the outside, the security of the N2 is ensured;
the first terminal receives the first negotiation data, carries out authentication operation on a CA (certificate authority) certificate of the second terminal, carries out signature verification operation on first signature information based on a public key of the second terminal after the authentication is successful, carries out decryption operation on an N2 ciphertext by using a first equipment private key after the signature verification is successful, obtains N2, carries out signature operation on N2 by using the first equipment private key, and generates second signature information; the first terminal generates N1, encrypts the N1 by using a public key of the second device to obtain an N1 ciphertext, generates a threshold pulse number N according to a second preset algorithm based on N1 and N2, and sends second negotiation information to the second terminal, wherein the second negotiation information at least comprises: second signature information, N1 ciphertext;
the first terminal authenticates the identity of the second terminal based on the second terminal public key to ensure the validity of the second terminal, after the authentication is successful, the first terminal decrypts the N2 ciphertext by using the own private key to obtain N2 to generate N1, and the number N of threshold pulses is obtained based on N1 and N2 according to a second preset algorithm; n1 may be generated by the first terminal according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure the external unavailability of N1; the N1 is encrypted by using the second terminal public key, and since the N1 ciphertext generated by encrypting the second terminal public key can only be decrypted by using the second terminal private key, the second terminal private key is stored in the second terminal security chip and cannot be obtained by the outside, the security of the N1 is ensured;
the second terminal receives the second negotiation data, performs signature verification operation on the second signature information based on the first terminal public key, decrypts the N1 ciphertext by using the second terminal private key after the signature verification is successful to obtain N1, and obtains the number N of threshold pulses based on N11 and N2 according to a second preset algorithm;
the second terminal decrypts the N1 ciphertext by using a private key thereof to obtain N1, and obtains the number N of threshold pulses according to a second preset algorithm based on N1 and N2, and the first terminal and the second terminal respectively obtain the number N of the threshold pulses according to the second preset algorithm based on N1 and N2, so that the two parties can negotiate the same number N of the threshold pulses, the number N of the threshold pulses does not need to be sent out, the leakage of the number N of the threshold pulses in the communication process is avoided, and the communication safety is improved.
Through the negotiation process of the threshold pulse number N, the safety of the generation of the threshold pulse number N can be ensured, the threshold pulse number N is prevented from being acquired externally, and further, the negotiation process of the threshold pulse number N can be generated by renegotiation before information interaction every time, so that the safety of the threshold pulse number N is further ensured.
Optionally, the communication method adopted by the first terminal and the second terminal includes: the short-range wireless communication mode may include the following communication protocols: bluetooth communication protocol, infrared IrDA communication protocol, RFID communication protocol, ZigBee communication protocol, Ultra WideBand (Ultra WideBand) communication protocol, short range communication (NFC) communication protocol, WiMedia communication protocol, GPS communication protocol, DECT communication protocol, wireless 1394 communication protocol, and dedicated wireless communication protocol, although the following communication protocols that may appear in the future are equivalent to the above-mentioned communication protocols: the time required for data to propagate under the maximum transmission distance supported by the communication protocol is less than the time required for data to be tampered by an external device.
As can be seen from the above, with the data communication method provided in this embodiment, when the first terminal finishes sending the pending data packet, the first terminal starts to record the first terminal pulse number of the communication carrier signal sent by the first terminal, and receives the response data packet only when the first terminal pulse number meets the threshold range; the second terminal starts to record the pulse number of the second terminal of the communication carrier signal received by the second terminal after receiving the second terminal, and only sends a response data packet when the pulse number of the second terminal reaches N, the first terminal and the second terminal simultaneously send and receive data by detecting the pulse number, the timing accuracy of the two terminals is greatly improved, thereby ensuring that the first terminal and the second terminal only send and receive the response data packet at a specific high-accuracy moment, even if the response data packet sent by the second terminal to the first terminal is intercepted by a third party in the transmission process, because the tampering time of the data by the third party is in the millisecond level and is far greater than the timing accuracy of the first terminal, the first terminal does not receive the response data packet at the specific moment and immediately stops the communication flow, when the data tampered by the third party reaches the first terminal, the first terminal already stops the communication flow, thereby putting an end to the risk that the data received by the first terminal is tampered by the outside in the transmission process, the reliability of the response data packet received by the first terminal is greatly improved, in addition, N is larger than or equal to omega, the second terminal can be ensured to complete the processing operation of the data packet to be processed before the response data packet needs to be sent and generate the response data packet, and the communication method and the communication system can be compatible with the existing communication protocol by using lambda which is larger than or equal to N.
Example 2
In the present embodiment, as shown in fig. 3, during the communication between the first terminal 201 and the second terminal 202, the first terminal 201 always generates a communication carrier signal, and the second terminal 202 receives the communication carrier signal, in terms of communication technology, the communication carrier signal is an electric wave generated by an oscillator and transmitted on a communication channel, and is modulated to transmit data, and in the present embodiment, the communication carrier is generated by the first terminal 201 as a carrier for transmitting data information.
A first terminal 201 for transmitting a communication data signal carrying data packets to be processed,
the communication data signal is obtained by modulating the data packet to be processed on a communication carrier signal by the first terminal 201, the communication carrier signal is an unmodulated periodic oscillation signal, the communication carrier signal may be a sine wave or a non-sine wave (such as a periodic pulse sequence), and a signal generated by modulating the data packet to be processed on the communication carrier signal is called a communication data signal and contains full-wave characteristics of the data packet to be processed. The frequency of the communication carrier signal is generally required to be much higher than the bandwidth of the data packet modulation signal to be processed, otherwise aliasing occurs, and the transmission signal is distorted. By using communication data signal transmission, the first terminal 201 loads the signal of the data packet to be processed to the communication carrier signal for data transmission, so as to ensure that the data packet to be processed is correctly sent out.
Starting to record the first terminal pulse number of the communication carrier signal sent by the first terminal 201 when the first terminal 201 finishes sending the data packet to be processed; the communication data signal is obtained by modulating a data packet to be processed on a communication carrier signal by the first terminal 201;
in the field of communications, a pulse signal is a discrete signal and can have various forms, such as a spike pulse signal, a triangular pulse signal, and the like. Most commonly found inThe pulse signal of (a) is a rectangular wave, i.e., a square wave, in the form of a periodic high level or a periodic low level. In this embodiment, the first terminal 201 and the second terminal 202 transmit and receive signals by recording the number of pulses of the pulse signal. When the first terminal 201 finishes sending the data packet to be processed, recording the pulse number of the communication carrier signal in real time from the number 0, so as to obtain the first terminal pulse number of the communication carrier signal sent by the first terminal 201 in real time; or, when the first terminal 201 finishes sending the to-be-processed data packet, detecting the current number of pulses by using a pulse detection element inside the first terminal 201, setting the current number of pulses as the first initial number of pulses, and then starting to detect the change of the number of pulses of the communication carrier signal in real time, so as to obtain the difference value of the pulses of the communication carrier signal relative to the first initial number of pulses in real time. The pulse number variation speed of the communication carrier signal is positively correlated with the frequency of the communication carrier signal, and by detecting the first terminal pulse number of the communication carrier signal sent by the first terminal 201 at a certain T moment, the time interval between the T moment and the moment when the first terminal 201 finishes sending the to-be-processed data packet can be accurately recorded based on the pulse number, for example, when the frequency of the communication carrier signal is ν, the duration of one period is ν
That is to say two adjacent pulses are spaced apart by a time interval of
Since the frequency of the communication carrier signal is generally very high, for example, 13.56MHz and 2.4GHz, when the frequency adopted by the communication carrier signal is 2.4GHz, the interval time between two adjacent pulses is about 0.4 nsec, and it can be seen that the detection accuracy can be greatly improved by the first terminal 201 detecting the time interval by measuring the number change of the communication carrier signal pulses.
A second terminal 202 for receiving a communication data signal carrying data packets to be processed,
the second terminal 202 receives the data packet data signal to be processed according to the frequency of the communication carrier signal, the amplitude of the meaningful signal wave is different from the amplitude of the meaningless signal wave, and the effective signal is extracted to be the data signal of the required data packet to be processed, so that the data packet to be processed is efficiently obtained.
When the second terminal 202 finishes receiving the data packet to be processed, starting to record the number of second terminal pulses of the communication carrier signal received by the second terminal 202, and generating a response data packet based on the data packet to be processed;
when the second terminal 202 finishes receiving the data packet to be processed, recording the pulse number of the communication carrier signal in real time from the number 0, so as to obtain the pulse number of the second terminal of the communication carrier signal received by the second terminal 202 in real time; or, when the second terminal 202 finishes receiving the to-be-processed data packet, detecting the current number of pulses by using a pulse detection element inside the second terminal 202, setting the current number of pulses as a second initial number of pulses, and then starting to detect the change of the number of pulses of the communication carrier signal in real time, so as to obtain the difference value of the pulses of the communication carrier signal relative to the second initial number of pulses in real time, and performing a processing operation on the received to-be-processed data packet to generate a response data packet; the second terminal 202 performs timing by detecting the communication carrier signal sent by the first terminal 201, and the time interval can be measured without setting elements such as a timer, a crystal oscillator, a power supply and the like in the second terminal 202, so that the production cost of the second terminal 202 is reduced; by detecting the number of pulses of the first terminal of the communication carrier signal received by the second terminal 202 at a certain time T, the time interval between the time T and the time when the second terminal 202 finishes receiving the data packet to be processed can be accurately recorded based on the number of pulses, for example, when the frequency of the communication carrier signal is v, the duration of one period is vThat is to say two adjacent pulses are spaced apart by a time interval of
Since the frequency of the communication carrier signal is typically very high, e.g., 13.56MHz, 2.4GHz, when the communication carrier signal is usedWhen the frequency is 2.4GHz, the interval time between two adjacent pulses is about 0.4 nanosecond, and thus, the detection precision can be greatly improved by detecting the time interval by measuring the number change of communication carrier signal pulses by the second terminal 202;
the first terminal 201 and the second terminal 202 perform time detection based on the pulse number change of the same communication carrier signal, after the first terminal 201 finishes sending the pending data packet, the pulse number change of the communication carrier signal starts to be detected at time T1, and after the second terminal 202 finishes receiving the pending data packet, the pulse number change of the communication carrier signal starts to be detected at time T2, where T2 is T1+ Δ T1+ Δ T2, the first terminal 201 splits the pending data packet into x data blocks for sending, where Δ T1 is a transmission time of an x-th data block in the pending data packet between the first terminal 201 and the second terminal 202, and Δ T2 is a time difference between a time when the x-th data block arrives at the second terminal 202 and a time when the second terminal 202 receives the x-th data block of the pending data packet; the data packet to be processed is transmitted at the speed of light during transmission, and the transmission time Δ T1 of the last data block of the data packet to be processed is the ratio of the transmission distance S to the speed of light C, i.e., Δ T1 is S/C, since C is 3 × 108m/s, so Δ T1 is a minimum; in general, during the interaction process of the data packets, the two communicating parties split the data packet to be transmitted into a plurality of data blocks for transmission, in this embodiment, it is assumed that the data packet to be transmitted is split into x data blocks for transmission, before the first terminal 201 finishes transmitting the last data block, that is, the xth data block, the second terminal 202 has started receiving the first data block in the data packet to be processed, at time T1+ Δ T1, the second terminal 202 has already received x-1 data blocks in the data packet to be processed, Δ T2 is a time difference between the time when the xth data block reaches the second terminal 202 and the time when the xth data block of the data packet to be processed is received by the second terminal 202, and therefore, Δ T2 is also an extremely small value, and therefore, in the communication method provided in this embodiment, the first terminal 201 and the second terminal 202 can be regarded as equivalent to perform timing based on the communication carrier signal simultaneously, therefore, the synchronism and the accuracy of the timing results of the two parties are ensured;
after receiving the data packet to be processed, the second terminal 202 performs an authentication operation on the data packet to be processed, extracts key information in the data packet to be processed after the authentication is successful, processes the key information, and generates a response data packet, for example, in transaction communication, after receiving the data packet to be processed, the second terminal 202 performs a signature verification operation on the data packet to be processed, confirms that the identity of the first terminal 201 is legal, extracts and displays key information such as a transaction account number, a transaction amount and the like in the data packet to be processed, after the confirmation of a user, the second terminal 202 performs a signature operation on the key information by using a private key of the second terminal 202, generates signature data, and generates the response data packet based on the signature data and a certificate of the second terminal 202, thereby ensuring the security of communication.
The second terminal 202 is configured to send the response data packet to the first terminal 201 when it is recorded that the number of pulses of the second terminal reaches the threshold number of pulses N;
the second terminal 202 detects a variation difference of the number of pulses of the communication carrier signal at the current time with respect to the second starting number of pulses in real time, and when the variation difference reaches a threshold number of pulses N, sends the generated response packet to the first terminal 201, where the threshold number of pulses N may be stored in factory setting information for the first terminal 201 and the second terminal 202, or the threshold number of pulses N may be generated by negotiation for the first terminal 201 and the second terminal 202, or the threshold number of pulses N may be carried in a communication protocol of the first terminal 201 and the second terminal 202, where, optionally, ω is not less than N and not more than λ, ω is a pulse number variation value generated by a predetermined completion time for the communication carrier signal to process the received data sent by the first terminal 201 through the second terminal 202, and the predetermined completion time is a longest time required for the second terminal 202 to process the data sent by the first terminal 201, n is larger than or equal to ω, which can ensure that the second terminal 202 completes the processing operation on the data packet to be processed and generates a response data packet before the response data packet needs to be sent, and ensure that the normal communication between the first terminal 201 and the second terminal 202 is realized; λ is a pulse number variation value generated when a communication carrier signal passes through a frame waiting time specified by a communication protocol used by the first terminal 201 and the second terminal 202, where the frame waiting time is an effective waiting time after a to-be-processed data packet specified in the communication protocol is sent out, and when the frame waiting time is exceeded, a communication failure is determined, and λ is not less than N, which can ensure that the second terminal 202 sends a response data packet to the first terminal 201 within the frame waiting time, is compatible with the existing communication protocol, and ensures that normal communication can be performed between the first terminal 201 and the second terminal 202 under the existing communication protocol; the second terminal 202 sends out the response data packet only at a specific time point by detecting the number of pulses and sending out the response data packet when the second number of pulses reaches the threshold number of pulses N, and meanwhile, the accuracy of the sending time of the response data packet is ensured.
A first terminal 201 for detecting that the number of pulses of the first terminal reaches a threshold number of pulses, allowing to start receiving the response packet,
in this embodiment, the first terminal 201 and the second terminal 202 communicate by using a short-range wireless communication method, which may include the following communication protocols: a bluetooth communication protocol, an infrared IrDA communication protocol, an RFID communication protocol, a ZigBee communication protocol, an Ultra WideBand (Ultra WideBand) communication protocol, a short-range communication (NFC) communication protocol, a WiMedia communication protocol, a GPS communication protocol, a DECT communication protocol, a wireless 1394 communication protocol, and a dedicated wireless communication protocol, when the above-mentioned short-range wireless communication mode is used for communication, the distance between the first terminal 201 and the second terminal 202 is negligible with respect to the transmission distance of the data signal in a unit time, for example, when the bluetooth communication protocol is used for communication, the distance between the first terminal 201 and the second terminal 202 is less than 10 meters, and data between the first terminal 201 and the second terminal 202 is wirelessly transmitted at the speed of light, so that in the short-range wireless communication mode, the data transmission time between the first terminal 201 and the second terminal 202 is extremely short, about 30ns, and can be ignored, that is to say, after the first terminal 201 sends the data packet, the second terminal 202 can immediately receive the data packet, and when the first terminal 201 receives the response data packet sent by the second terminal 202 when detecting that the number of pulses of the second terminal reaches the threshold number of pulses N, the number of pulses of the first terminal detected by the first terminal 201 is also N; the first terminal 201 only allows the response data packet to start to be received when detecting that the number of pulses of the first terminal reaches the threshold number of pulses N, otherwise, the first terminal 201 does not allow the data information sent from the outside to be received, which greatly improves the reliability of the received response data packet. In this embodiment, the first terminal 201 and the second terminal 202 may be any devices capable of performing data interactive communication, optionally, the first terminal 201 may be a card reader, a computer, a mobile phone, a router, a vehicle-mounted device, a server, and the like, and the second terminal 202 may be a smart card, an identification card, an intelligent key device, a mobile phone, a computer, a router, a smart home, a wearable device, and the like, during data communication, the first terminal 201 and the second terminal 202 transmit and receive the response data packet at a specific high-precision moment by detecting the number of pulses, so as to greatly improve the precision of timing between the two parties, thereby ensuring that the first terminal 201 and the second terminal 202 transmit and receive the response data packet only at the specific high-precision moment, even if the response data packet sent by the second terminal 202 to the first terminal 201 is intercepted by a third party during transmission, since the tampering time of the third party to the data is in millisecond level, the timing precision of the first terminal 201 is much higher than that of the first terminal 201, the first terminal 201 does not receive the response data packet at a specific moment and immediately stops the communication process, and when the data tampered by the third party reaches the first terminal 201, the first terminal 201 terminates the communication process, so that the risk that the data received by the first terminal 201 is tampered by the outside in the transmission process is eliminated, and the reliability of the response data packet received by the first terminal 201 is greatly improved.
Optionally, the first terminal 201 is further configured to generate a communication request, and send the communication request to the second terminal 202; the second terminal 202 is further configured to receive the communication request, generate a first negotiation data packet based on the communication request, and send the first negotiation data packet to the first terminal 201; the first terminal 201 is further configured to receive the first negotiation data, perform authentication operation on the second terminal 202 based on the first negotiation data, generate a second negotiation data packet after the authentication is successful, and send the second negotiation data packet to the second terminal 202; the second terminal 202 is further configured to receive a second negotiation data packet, perform authentication operation on the first terminal 201 based on the second negotiation data packet, generate a threshold pulse number N after the authentication is successful, perform encryption operation on the threshold pulse number N, generate a threshold pulse number ciphertext, and send the threshold pulse number ciphertext to the first terminal 201, where N is not greater than λ, and λ is a pulse number generated when a communication carrier signal passes through a frame waiting time specified by a communication protocol used by the first terminal 201 and the second terminal 202; the frame waiting time refers to effective waiting time after a to-be-processed data packet specified in a communication protocol is sent out, communication failure is judged after the frame waiting time is exceeded, the communication protocol adopted by the first terminal and the second terminal can be a current general communication protocol and a communication protocol which may appear in the future, such as an ISO14443 communication protocol and an ISO15693 communication protocol, and λ is not less than N and not more than λ can ensure that the second terminal 202 sends a response data packet to the first terminal 201 within the frame waiting time, and the frame waiting time is compatible with the existing communication protocol and ensures that normal communication can be carried out between the first terminal 201 and the second terminal 202 under the existing communication protocol;
optionally, ω ≦ N ≦ λ, where ω is a pulse number variation value generated by the predetermined completion time for the communication carrier signal to process the received data sent by the first terminal 201 through the second terminal 202, and the first terminal 201 may be obtained in various manners, including but not limited to the following manners: ω may be obtained by the first terminal 201 through external key input, ω may be obtained by the second terminal 202 sending to the first terminal 201, ω may be obtained by scanning a code for the first terminal 201, and ω may be obtained by the first terminal 201 according to factory preset information; n is larger than or equal to ω, which can ensure that the second terminal 202 completes the processing operation on the data packet to be processed and generates a response data packet before the response data packet needs to be sent, and ensure that the normal communication between the first terminal 201 and the second terminal 202 is realized;
the first terminal 201 is further configured to receive the threshold pulse number ciphertext, perform decryption operation on the threshold pulse number ciphertext, obtain and store the threshold pulse number N.
Specifically, the following 3 implementation schemes provided in this embodiment may be included, but are not limited to:
scheme 1:
the first terminal 201 generates a first random number and sends the first random number to the second terminal 202;
the first random number may be generated by the first terminal 201 according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure external unavailability of the first random number;
the second terminal 202 receives the first random number, generates a second random number, signs the first random number with a second device private key, generates first signature information, and sends a first negotiation packet to the first terminal 201, where the first negotiation packet at least includes: the CA certificate, the first signature information, and the second random number of the second terminal 202;
the second random number may be generated by the second terminal 202 according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure external unavailability of the second random number; the second device signs the first random number based on its own private key, and sends its own CA certificate to the first terminal 201, so that the first terminal 201 authenticates its own legitimacy;
first terminal 201 receives first negotiation data, carries out authentication operation on the CA certificate of second terminal 202, after the authentication is successful, obtains second terminal 202 public key, carries out signature verification operation on first signature information based on second terminal 202 public key, after the signature verification is successful, utilizes first equipment private key to carry out signature operation on second random number, generates second signature information, and sends second negotiation data packet to second terminal 202, wherein, the second negotiation data packet at least includes: the CA certificate and the second signature information of the first terminal 201;
the first terminal 201 performs identity authentication on the second terminal 202 based on the public key of the second terminal 202 to ensure the validity of the second terminal 202, and after the authentication is successful, the first device performs signature operation on a second random number based on a private key of the first device and sends a CA certificate of the first device to the second terminal 202 so that the second terminal 202 authenticates the validity of the first device;
the second terminal 202 receives the second negotiation data, performs authentication operation on the CA certificate of the first terminal 201, obtains the public key of the first terminal 201 after the authentication is successful, performs signature verification operation on the second signature information based on the public key of the first terminal 201, generates the threshold pulse number N after the signature verification is successful, performs encryption operation on the threshold pulse number N by using the public key of the first terminal 201, generates a threshold pulse number ciphertext, and sends the threshold pulse number ciphertext to the first terminal 201;
the second terminal 202 performs identity authentication on the first terminal 201 based on the first terminal 201 public key to ensure the validity of the first terminal 201, generates a threshold pulse number N after the authentication is successful, and performs encryption operation on the threshold pulse number by using the first terminal 201 public key to generate a threshold pulse number ciphertext, wherein the threshold pulse number ciphertext generated by performing the encryption operation on the threshold pulse number by using the first terminal 201 public key can only be decrypted by using the first terminal 201 private key, and the first terminal 201 private key is stored in the first terminal 201 security chip and cannot be obtained outside, so that the security of the threshold pulse number N is ensured;
the first terminal 201 receives the threshold pulse number ciphertext, decrypts the threshold pulse number ciphertext by using a private key of the first terminal 201 to obtain and store the threshold pulse number N;
the first terminal 201 decrypts the threshold pulse number ciphertext by using its own private key, obtains and stores the threshold pulse number N, realizes the threshold pulse number N negotiation between the first terminal 201 and the second terminal 202, and simultaneously ensures the security of the negotiation process.
Scheme 2:
the first terminal 201 generates a first random number and transmits the first random number and the CA certificate of the first terminal 201 to the second terminal 202;
the first random number may be generated by the first terminal 201 according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure external unavailability of the first random number;
the second terminal 202 receives the first random number and the CA certificate of the first terminal 201, generates a second random number, performs authentication operation on the CA certificate of the first terminal 201, obtains a public key of the first terminal 201 after the authentication is successful, performs signature operation on the first random number by using a private key of the second terminal 202, generates first signature information, performs encryption operation on the second random number by using the public key of the first terminal 201, generates a second random number ciphertext, and sends first negotiation information to the first terminal 201, wherein the first negotiation information at least includes: the CA certificate, the first signature information, and the second random number ciphertext of the second terminal 202;
the second random number may be generated by the second terminal 202 according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure external unavailability of the second random number; the second terminal 202 obtains the first terminal 201 public key based on the first terminal 201CA certificate, and encrypts the second random number by using the first terminal 201 public key, because the second random number ciphertext generated by encrypting the first terminal 201 public key can only be decrypted by using the first terminal 201 private key, and the first terminal 201 private key is stored in the first terminal 201 security chip and cannot be obtained outside, the security of the second random number is ensured;
the first terminal 201 receives the first negotiation data, performs authentication operation on a CA certificate of the second terminal 202, performs signature verification operation on first signature information based on a public key of the second terminal 202 after the authentication is successful, performs decryption operation on a second random number ciphertext by using a first device private key after the signature verification is successful, obtains a second random number, performs signature operation on the second random number by using a first device private key, and generates second signature information; the first terminal 201 generates a third random number, encrypts the third random number by using the public key of the second device to obtain a third random number ciphertext, obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, and sends second negotiation information to the second terminal 202, where the second negotiation information at least includes: second signature information and a third random number ciphertext;
the first terminal 201 performs identity authentication on the second terminal 202 based on the public key of the second terminal 202 to ensure the validity of the second terminal 202, decrypts the second random number ciphertext by using the private key of the first terminal after the authentication is successful to obtain a second random number, generates a third random number, and obtains a transmission key based on the second random number and the third random number according to a first preset algorithm; the third random number may be generated by the first terminal 201 according to an external random noise signal, or may be generated according to an internal random number generator, so as to ensure external unavailability of the third random number; the public key of the second terminal 202 is used for encrypting the third random number, and as the third random number ciphertext generated by encrypting the public key of the second terminal 202 can only be decrypted by the private key of the second terminal 202, the private key of the second terminal 202 is stored in the security chip of the second terminal 202 and cannot be obtained by the outside, the security of the third random number is ensured;
the second terminal 202 receives the second negotiation data, performs signature verification operation on the second signature information based on the public key of the first terminal 201, decrypts a third random number ciphertext by using a private key of the second terminal 202 after the signature verification is successful to obtain a third random number, and obtains a transmission key according to a first preset algorithm based on the second random number and the third random number; the second terminal 202 generates transmission key generation feedback information and sends the transmission key generation feedback information to the first terminal 201;
the second terminal 202 decrypts the third random number ciphertext by using a private key thereof to obtain a third random number, and obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, because the first terminal 201 and the second terminal 202 respectively obtain the transmission key according to the first preset algorithm based on the second random number and the third random number, the two parties are ensured to negotiate out the same transmission key, the transmission key does not need to be sent out, the transmission key is prevented from being leaked out in the communication process, and the communication security is improved;
the first terminal 201 receives the transmission key to generate feedback information, generates the number N of threshold pulses, encrypts the number N of threshold pulses by using the transmission key to generate a threshold pulse number ciphertext, and sends the threshold pulse number ciphertext to the second terminal 202;
the first terminal 201 generates a threshold pulse number N, and encrypts the threshold pulse number by using a transmission key to generate a threshold pulse number ciphertext, wherein the transmission key is obtained by the first terminal 201 and the second terminal 202 based on a second random number and a third random number respectively according to a first preset algorithm, only stored in the first terminal 201 and the second terminal 202, and not obtained outside, so that the security of the threshold pulse number N is ensured;
the second terminal 202 receives the threshold pulse number ciphertext, decrypts the threshold pulse number ciphertext by using the transmission key, obtains the threshold pulse number N and stores the threshold pulse number N;
the second terminal 202 decrypts the threshold pulse number ciphertext by using the transmission key to obtain and store the threshold pulse number N, so as to implement negotiation of the threshold pulse number N between the first terminal 201 and the second terminal 202, and ensure the security of the negotiation process.
Scheme 3:
the first terminal 201 generates a first random number and transmits the first random number and the CA certificate of the first terminal 201 to the second terminal 202;
the first random number may be generated by the first terminal 201 according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure external unavailability of the first random number;
the second terminal 202 receives the first random number and the CA certificate of the first terminal 201, generates a second random number, performs authentication operation on the CA certificate of the first terminal 201, obtains a public key of the first terminal 201 after the authentication is successful, performs signature operation on the first random number by using a private key of the second terminal 202, generates first signature information, performs encryption operation on the second random number by using the public key of the first terminal 201, generates a second random number ciphertext, and sends first negotiation information to the first terminal 201, wherein the first negotiation information at least includes: the CA certificate, the first signature information, and the second random number ciphertext of the second terminal 202;
the second random number may be generated by the second terminal 202 according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure external unavailability of the second random number; the second terminal 202 obtains the first terminal 201 public key based on the first terminal 201CA certificate, and encrypts the second random number by using the first terminal 201 public key, because the second random number ciphertext generated by encrypting the first terminal 201 public key can only be decrypted by using the first terminal 201 private key, and the first terminal 201 private key is stored in the first terminal 201 security chip and cannot be obtained outside, the security of the second random number is ensured;
the first terminal 201 receives the first negotiation data, performs authentication operation on a CA certificate of the second terminal 202, performs signature verification operation on first signature information based on a public key of the second terminal 202 after the authentication is successful, performs decryption operation on a second random number ciphertext by using a first device private key after the signature verification is successful, obtains a second random number, performs signature operation on the second random number by using a first device private key, and generates second signature information; the first terminal 201 generates a third random number, encrypts the third random number by using the public key of the second device to obtain a third random number ciphertext, obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, and sends second negotiation information to the second terminal 202, where the second negotiation information at least includes: second signature information and a third random number ciphertext;
the first terminal 201 performs identity authentication on the second terminal 202 based on the public key of the second terminal 202 to ensure the validity of the second terminal 202, decrypts the second random number ciphertext by using the private key of the first terminal after the authentication is successful to obtain a second random number, generates a third random number, and obtains a transmission key based on the second random number and the third random number according to a first preset algorithm; the third random number may be generated by the first terminal 201 according to an external random noise signal, or may be generated according to an internal random number generator, so as to ensure external unavailability of the third random number; the public key of the second terminal 202 is used for encrypting the third random number, and as the third random number ciphertext generated by encrypting the public key of the second terminal 202 can only be decrypted by the private key of the second terminal 202, the private key of the second terminal 202 is stored in the security chip of the second terminal 202 and cannot be obtained by the outside, the security of the third random number is ensured;
the second terminal 202 receives the second negotiation data, performs signature verification operation on the second signature information based on the public key of the first terminal 201, decrypts a third random number ciphertext by using a private key of the second terminal 202 after the signature verification is successful to obtain a third random number, and obtains a transmission key according to a first preset algorithm based on the second random number and the third random number; the second terminal 202 generates a threshold pulse number N, encrypts the threshold pulse number N by using the transmission key to generate a threshold pulse number ciphertext, and sends the threshold pulse number ciphertext to the first terminal 201;
the second terminal 202 decrypts the third random number ciphertext by using a private key thereof to obtain a third random number, and obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, because the first terminal 201 and the second terminal 202 respectively obtain the transmission key according to the first preset algorithm based on the second random number and the third random number, the two parties are ensured to negotiate out the same transmission key, the transmission key does not need to be sent out, the transmission key is prevented from being leaked out in the communication process, and the communication security is improved; the second terminal 202 generates a threshold pulse number N, and encrypts the threshold pulse number N by using transmission to generate a threshold pulse number ciphertext, because the transmission key is obtained by the first terminal 201 and the second terminal 202 according to a first preset algorithm based on a second random number and a third random number, respectively, and is only stored in the first terminal 201 and the second terminal 202, which cannot be obtained from the outside, the security of the threshold pulse number N is ensured;
the first terminal 201 receives the threshold pulse number ciphertext, decrypts the threshold pulse number ciphertext by using the transmission key, obtains the threshold pulse number N and stores the threshold pulse number N;
the first terminal 201 decrypts the threshold pulse number ciphertext by using the transmission key, obtains and stores the threshold pulse number N, realizes negotiation of the threshold pulse number N between the first terminal 201 and the second terminal 202, and simultaneously ensures the security of the negotiation process.
Through the negotiation process of the threshold pulse number N, the safety of the generation of the threshold pulse number N can be ensured, the threshold pulse number N is prevented from being acquired externally, and further, the negotiation process of the threshold pulse number N can be generated by renegotiation before information interaction every time, so that the safety of the threshold pulse number N is further ensured.
Optionally, the factory preset information of the first terminal 201 and the second terminal 202 stores a threshold pulse number N, where N is equal to or less than λ, and λ is a pulse number generated when the communication carrier signal passes through a frame waiting time specified by a communication protocol adopted by the first terminal 201 and the second terminal 202;
the threshold pulse number N is stored in the factory preset information of the first terminal 201 and the second terminal 202, so that the threshold pulse number N does not need to be transmitted between the first terminal 201 and the second terminal 202, the threshold pulse number N is prevented from being intercepted outside in the transmission process, and the safety of the threshold pulse number N is ensured; λ is a pulse number variation value generated when a communication carrier signal passes through a frame waiting time specified by a communication protocol used by the first terminal 201 and the second terminal 202, where the frame waiting time is an effective waiting time after a to-be-processed data packet specified in the communication protocol is sent out, and when the frame waiting time is exceeded, it is determined that communication fails, and λ is not less than N, which can ensure that the second terminal 202 sends a response data packet to the first terminal 201 within the frame waiting time, and is compatible with an existing communication protocol, and ensures that normal communication can be performed between the first terminal 201 and the second terminal 202 under the existing communication protocol.
Optionally, the first terminal 201 and the second terminal 202 perform data interaction based on a pulse communication protocol, and perform a verification operation on the number N of received threshold pulses based on an anti-tampering verification value, where the pulse communication protocol is a communication protocol that at least includes the number N of threshold pulses in transmission data; or the pulse communication protocol is a communication protocol which at least comprises a threshold pulse number N and an anti-tampering check value in transmission data, wherein the anti-tampering check value is used for checking the threshold pulse number N;
the communication protocol adopted by the first terminal 201 and the second terminal 202 may specify that the threshold pulse number N is carried in the communication data, after the first terminal 201 and the second terminal 202 receive the data packet in the communication process, the threshold pulse number N in the data packet is read, and timing communication is performed based on the threshold pulse number N in the data packet, further, the communication protocol adopted by the first terminal 201 and the second terminal 202 may specify that the threshold pulse number N and the tamper-proof check value are carried in the communication data at the same time, after the first terminal 201 and the second terminal 202 receive the data packet in the communication process, the threshold pulse number N and the tamper-proof check value in the data packet are read, the tamper-proof check value is a check value generated based on the threshold pulse number N, for example, the tamper-proof check value is obtained by performing digest operation on the threshold pulse number N, after the first terminal 201 and the second terminal 202 receive the data packet in the communication process, reading the threshold pulse number N in the data packet to perform a verification operation, wherein once the first terminal 201 and the second terminal 202 receive the data packet in the communication process, the read threshold pulse number N in the data packet is tampered by others, the verification fails, and after the verification succeeds, the first terminal 201 and the second terminal 202 perform timing communication based on the threshold pulse number N in the data packet; optionally, the number N of the threshold pulses and the tamper-resistant check value may be attached to a data header or a data trailer of a communication data packet specified by an existing communication protocol, and of course, the present invention is not limited thereto; by writing the threshold pulse number N into the transmission protocol, it is ensured that each data packet includes the information of the threshold pulse number N, and the first terminal 201 and the second terminal 202 do not need to store the threshold pulse number N, so that a third party is prevented from breaking through a storage module of the first terminal 201 or the second terminal 202 to obtain the threshold pulse number N, and meanwhile, the communication efficiency is improved;
the threshold number of pulses N is generated by the first terminal 201 based on ω, where N is not less than ω, where ω is the number of pulses generated by the second terminal 202 during a predetermined completion time of the processing of the received data sent by the first terminal 201 by the communication carrier signal,
the first terminal 201 may obtain ω in a variety of ways, including but not limited to the following: ω may be obtained by the first terminal 201 through external key input, ω may be obtained by the second terminal 202 sending to the first terminal 201, ω may be obtained by scanning a code for the first terminal 201, and ω may be obtained by the first terminal 201 according to factory preset information; n ≧ ω can ensure that the second terminal 202 completes the processing operation on the to-be-processed packet and generates the response packet before the response packet needs to be sent, ensure that the normal communication between the first terminal 201 and the second terminal 202 is realized,
optionally, ω ≦ N ≦ λ, where λ is a pulse number variation value generated by the communication carrier signal passing through the frame waiting time specified by the communication protocol employed by the first terminal 201 and the second terminal 202; the frame waiting time refers to effective waiting time after a to-be-processed data packet specified in a communication protocol is sent out, communication failure is judged after the frame waiting time is exceeded, and lambda is not less than N, so that the second terminal 202 can send a response data packet to the first terminal 201 within the frame waiting time, the existing communication protocol is compatible, and normal communication can be carried out between the first terminal 201 and the second terminal 202 under the existing communication protocol;
after the first terminal 201 generates the threshold pulse number N, the threshold pulse number N may be sent to the second terminal 202 by using the following method:
the first terminal 201 encrypts the threshold pulse number N by using the public key of the second terminal 202 to generate a threshold pulse number ciphertext, and sends the threshold pulse number ciphertext to the second terminal 202; because the threshold pulse number ciphertext generated by encrypting the threshold pulse number by using the public key of the second terminal 202 can only be decrypted by using the private key of the second terminal 202, and the private key of the second terminal 202 is stored in the security chip of the second terminal 202 and cannot be obtained by the outside, the security of the threshold pulse number N is ensured; the second terminal 202 receives the threshold pulse number ciphertext, decrypts the threshold pulse number ciphertext by using a private key of the second terminal 202 to obtain and store the threshold pulse number N, so that the first terminal 201 sends the generated threshold pulse number N to the second terminal 202, and meanwhile, the safety of the sending process of the threshold pulse number N is ensured; alternatively, the first and second electrodes may be,
the first terminal 201 generates a first random number and transmits the first random number and the CA certificate of the first terminal 201 to the second terminal 202;
the first random number may be generated by the first terminal 201 according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure external unavailability of the first random number;
the second terminal 202 receives the first random number and the CA certificate of the first terminal 201, generates a second random number, performs authentication operation on the CA certificate of the first terminal 201, obtains a public key of the first terminal 201 after the authentication is successful, performs signature operation on the first random number by using a private key of the second terminal 202, generates first signature information, performs encryption operation on the second random number by using the public key of the first terminal 201, generates a second random number ciphertext, and sends first negotiation information to the first terminal 201, wherein the first negotiation information at least includes: the CA certificate, the first signature information, and the second random number ciphertext of the second terminal 202;
the second random number may be generated by the second terminal 202 according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure external unavailability of the second random number; the second terminal 202 obtains the first terminal 201 public key based on the first terminal 201CA certificate, and encrypts the second random number by using the first terminal 201 public key, because the second random number ciphertext generated by encrypting the first terminal 201 public key can only be decrypted by using the first terminal 201 private key, and the first terminal 201 private key is stored in the first terminal 201 security chip and cannot be obtained outside, the security of the second random number is ensured;
the first terminal 201 receives the first negotiation data, performs authentication operation on a CA certificate of the second terminal 202, performs signature verification operation on first signature information based on a public key of the second terminal 202 after the authentication is successful, performs decryption operation on a second random number ciphertext by using a first device private key after the signature verification is successful, obtains a second random number, performs signature operation on the second random number by using a first device private key, and generates second signature information; the first terminal 201 generates a third random number, encrypts the third random number by using the public key of the second device to obtain a third random number ciphertext, obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, and sends second negotiation information to the second terminal 202, where the second negotiation information at least includes: second signature information and a third random number ciphertext;
the first terminal 201 performs identity authentication on the second terminal 202 based on the public key of the second terminal 202 to ensure the validity of the second terminal 202, decrypts the second random number ciphertext by using the private key of the first terminal after the authentication is successful to obtain a second random number, generates a third random number, and obtains a transmission key based on the second random number and the third random number according to a first preset algorithm; the third random number may be generated by the first terminal 201 according to an external random noise signal, or may be generated according to an internal random number generator, so as to ensure external unavailability of the third random number; the public key of the second terminal 202 is used for encrypting the third random number, and as the third random number ciphertext generated by encrypting the public key of the second terminal 202 can only be decrypted by the private key of the second terminal 202, the private key of the second terminal 202 is stored in the security chip of the second terminal 202 and cannot be obtained by the outside, the security of the third random number is ensured;
the second terminal 202 receives the second negotiation data, performs signature verification operation on the second signature information based on the public key of the first terminal 201, decrypts a third random number ciphertext by using a private key of the second terminal 202 after the signature verification is successful to obtain a third random number, and obtains a transmission key according to a first preset algorithm based on the second random number and the third random number; the second terminal 202 generates transmission key generation feedback information and sends the transmission key generation feedback information to the first terminal 201;
the second terminal 202 decrypts the third random number ciphertext by using a private key thereof to obtain a third random number, and obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, because the first terminal 201 and the second terminal 202 respectively obtain the transmission key according to the first preset algorithm based on the second random number and the third random number, the two parties are ensured to negotiate out the same transmission key, the transmission key does not need to be sent out, the transmission key is prevented from being leaked out in the communication process, and the communication security is improved;
the first terminal 201 receives the transmission key to generate feedback information, encrypts the generated threshold pulse number N by using the transmission key to generate a threshold pulse number ciphertext, and sends the threshold pulse number ciphertext to the second terminal 202;
the first terminal 201 encrypts the threshold pulse number N by using the transmission key to generate a threshold pulse number ciphertext, and because the transmission key is obtained by the first terminal 201 and the second terminal 202 according to a first preset algorithm based on the second random number and the third random number, respectively, the transmission key is only stored in the first terminal 201 and the second terminal 202, and cannot be obtained by the outside, the security of the threshold pulse number N is ensured;
the second terminal 202 receives the threshold pulse number ciphertext, decrypts the threshold pulse number ciphertext by using the transmission key, obtains the threshold pulse number N and stores the threshold pulse number N;
the second terminal 202 decrypts the threshold pulse number ciphertext by using the transmission key to obtain and store the threshold pulse number N, so that the first terminal 201 sends the generated threshold pulse number N to the second terminal 202, and meanwhile, the safety of the threshold pulse number N sending process is ensured.
Optionally, the number N of threshold pulses is generated by negotiation between the first terminal 201 and the second terminal 202, where the negotiation includes: the first terminal 201 generates N and sends the N to the second terminal 202, and the second terminal 202 sends response information to the first terminal 201 after successfully authenticating the first terminal 201; or the second terminal 202 generates N and sends N to the first terminal 201, and the first terminal 201 sends response information to the second terminal 202 after successfully authenticating the second terminal 202; or the first terminal 201 generates N1 and transmits N1 to the second terminal 202, the second terminal 202 generates N2 and transmits N2 to the first terminal 201, and the first terminal 201 and the second terminal 202 generate N by using N1 and N2 based on the same algorithm;
the negotiation process may include, but is not limited to, the following 3 implementation schemes provided by this embodiment:
scheme 1:
the first terminal 201 generates a first random number and sends the first random number to the second terminal 202;
the first random number may be generated by the first terminal 201 according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure external unavailability of the first random number;
the second terminal 202 receives the first random number, generates a second random number, signs the first random number with a second device private key, generates first signature information, and sends a first negotiation packet to the first terminal 201, where the first negotiation packet at least includes: the CA certificate, the first signature information, and the second random number of the second terminal 202;
the second random number may be generated by the second terminal 202 according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure external unavailability of the second random number; the second device signs the first random number based on its own private key, and sends its own CA certificate to the first terminal 201, so that the first terminal 201 authenticates its own legitimacy;
first terminal 201 receives first negotiation data, carries out authentication operation on the CA certificate of second terminal 202, after the authentication is successful, obtains second terminal 202 public key, carries out signature verification operation on first signature information based on second terminal 202 public key, after the signature verification is successful, utilizes first equipment private key to carry out signature operation on second random number, generates second signature information, and sends second negotiation data packet to second terminal 202, wherein, the second negotiation data packet at least includes: the CA certificate and the second signature information of the first terminal 201;
the first terminal 201 performs identity authentication on the second terminal 202 based on the public key of the second terminal 202 to ensure the validity of the second terminal 202, and after the authentication is successful, the first device performs signature operation on a second random number based on a private key of the first device and sends a CA certificate of the first device to the second terminal 202 so that the second terminal 202 authenticates the validity of the first device;
the second terminal 202 receives the second negotiation data, performs authentication operation on the CA certificate of the first terminal 201, obtains the public key of the first terminal 201 after the authentication is successful, performs signature verification operation on the second signature information based on the public key of the first terminal 201, generates the threshold pulse number N after the signature verification is successful, performs encryption operation on the threshold pulse number N by using the public key of the first terminal 201, generates a threshold pulse number ciphertext, and sends the threshold pulse number ciphertext to the first terminal 201;
the second terminal 202 performs identity authentication on the first terminal 201 based on the first terminal 201 public key to ensure the validity of the first terminal 201, generates the threshold pulse number N after the authentication is successful, and performs encryption operation on the threshold pulse number N by using the first terminal 201 public key to generate a threshold pulse number ciphertext, because the threshold pulse number ciphertext generated by performing the encryption operation on the threshold pulse number N by using the first terminal 201 public key can only be decrypted by using the first terminal 201 private key, and the first terminal 201 private key is stored inside the first terminal 201 security chip and cannot be obtained outside, the security of the threshold pulse number N is ensured.
The first terminal 201 receives the threshold pulse number ciphertext, decrypts the threshold pulse number ciphertext by using a private key of the first terminal 201 to obtain and store the threshold pulse number N;
the first terminal 201 decrypts the threshold pulse number ciphertext by using its own private key, obtains and stores the threshold pulse number N, implements negotiation of the threshold pulse number N between the first terminal 201 and the second terminal 202, and simultaneously ensures security of the negotiation process.
Scheme 2:
the first terminal 201 generates a first random number and transmits the first random number and the CA certificate of the first terminal 201 to the second terminal 202;
the first random number may be generated by the first terminal 201 according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure external unavailability of the first random number;
the second terminal 202 receives the first random number and the CA certificate of the first terminal 201, generates a second random number, performs authentication operation on the CA certificate of the first terminal 201, obtains a public key of the first terminal 201 after the authentication is successful, performs signature operation on the first random number by using a private key of the second terminal 202, generates first signature information, performs encryption operation on the second random number by using the public key of the first terminal 201, generates a second random number ciphertext, and sends first negotiation information to the first terminal 201, wherein the first negotiation information at least includes: the CA certificate, the first signature information, and the second random number ciphertext of the second terminal 202;
the second random number may be generated by the second terminal 202 according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure external unavailability of the second random number; the second terminal 202 obtains the first terminal 201 public key based on the first terminal 201CA certificate, and encrypts the second random number by using the first terminal 201 public key, because the second random number ciphertext generated by encrypting the first terminal 201 public key can only be decrypted by using the first terminal 201 private key, and the first terminal 201 private key is stored in the first terminal 201 security chip and cannot be obtained outside, the security of the second random number is ensured;
the first terminal 201 receives the first negotiation data, performs authentication operation on a CA certificate of the second terminal 202, performs signature verification operation on first signature information based on a public key of the second terminal 202 after the authentication is successful, performs decryption operation on a second random number ciphertext by using a first device private key after the signature verification is successful, obtains a second random number, performs signature operation on the second random number by using a first device private key, and generates second signature information; the first terminal 201 generates a third random number, encrypts the third random number by using the public key of the second device to obtain a third random number ciphertext, obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, and sends second negotiation information to the second terminal 202, where the second negotiation information at least includes: second signature information and a third random number ciphertext;
the first terminal 201 performs identity authentication on the second terminal 202 based on the public key of the second terminal 202 to ensure the validity of the second terminal 202, decrypts the second random number ciphertext by using the private key of the first terminal after the authentication is successful to obtain a second random number, generates a third random number, and obtains a transmission key based on the second random number and the third random number according to a first preset algorithm; the third random number may be generated by the first terminal 201 according to an external random noise signal, or may be generated according to an internal random number generator, so as to ensure external unavailability of the third random number; the public key of the second terminal 202 is used for encrypting the third random number, and as the third random number ciphertext generated by encrypting the public key of the second terminal 202 can only be decrypted by the private key of the second terminal 202, the private key of the second terminal 202 is stored in the security chip of the second terminal 202 and cannot be obtained by the outside, the security of the third random number is ensured;
the second terminal 202 receives the second negotiation data, performs signature verification operation on the second signature information based on the public key of the first terminal 201, decrypts a third random number ciphertext by using a private key of the second terminal 202 after the signature verification is successful to obtain a third random number, and obtains a transmission key according to a first preset algorithm based on the second random number and the third random number; the second terminal 202 generates transmission key generation feedback information and sends the transmission key generation feedback information to the first terminal 201;
the second terminal 202 decrypts the third random number ciphertext by using a private key thereof to obtain a third random number, and obtains a transmission key according to a first preset algorithm based on the second random number and the third random number, because the first terminal 201 and the second terminal 202 respectively obtain the transmission key according to the first preset algorithm based on the second random number and the third random number, the two parties are ensured to negotiate out the same transmission key, the transmission key does not need to be sent out, the transmission key is prevented from being leaked out in the communication process, and the communication security is improved;
the first terminal 201 receives the transmission key to generate feedback information, generates the number N of threshold pulses, encrypts the number N of threshold pulses by using the transmission key to generate a threshold pulse number ciphertext, and sends the threshold pulse number ciphertext to the second terminal 202;
the first terminal 201 generates a threshold pulse number N, and encrypts the threshold pulse number N by using a transmission key to generate a threshold pulse number ciphertext, wherein the transmission key is obtained by the first terminal 201 and the second terminal 202 based on a second random number and a third random number respectively according to a first preset algorithm, only stored in the first terminal 201 and the second terminal 202, and not obtained outside, so that the security of the threshold pulse number N is ensured;
the second terminal 202 receives the threshold pulse number ciphertext, decrypts the threshold pulse number ciphertext by using the transmission key, obtains the threshold pulse number N and stores the threshold pulse number N;
the second terminal 202 decrypts the threshold pulse number ciphertext by using the transmission key to obtain and store the threshold pulse number N, so as to implement the threshold pulse number N negotiation between the first terminal 201 and the second terminal 202, and ensure the security of the negotiation process.
Scheme 3:
the first terminal 201 generates a first random number and transmits the first random number and the CA certificate of the first terminal 201 to the second terminal 202;
the first random number may be generated by the first terminal 201 according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure external unavailability of the first random number;
the second terminal 202 receives the first random number and the CA certificate of the first terminal 201, generates N2, performs authentication operation on the CA certificate of the first terminal 201, obtains a public key of the first terminal 201 after the authentication is successful, performs signature operation on the first random number by using a private key of the second terminal 202, generates first signature information, performs encryption operation on N2 by using the public key of the first terminal 201, generates an N2 ciphertext, and sends first negotiation information to the first terminal 201, where the first negotiation information at least includes: the CA certificate, the first signature information, and the N2 ciphertext of the second terminal 202;
n2 may be generated by the second terminal 202 according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure the external unavailability of N2; the second terminal 202 obtains the first terminal 201 public key based on the first terminal 201CA certificate, and encrypts N2 by using the first terminal 201 public key, because the N2 ciphertext generated by using the first terminal 201 public key for encryption can only be decrypted by using the first terminal 201 private key, and the first terminal 201 private key is stored in the first terminal 201 security chip and cannot be obtained outside, the security of N2 is ensured;
the first terminal 201 receives the first negotiation data, performs authentication operation on a CA certificate of the second terminal 202, performs signature verification operation on first signature information based on a public key of the second terminal 202 after the authentication is successful, performs decryption operation on an N2 ciphertext by using a first device private key after the signature verification is successful, obtains N2, performs signature operation on N2 by using the first device private key, and generates second signature information; the first terminal 201 generates N1, encrypts the N1 by using the public key of the second device to obtain an N1 ciphertext, generates the number N of threshold pulses according to a second preset algorithm based on the N1 and the N2, and sends second negotiation information to the second terminal 202, where the second negotiation information at least includes: second signature information, N1 ciphertext;
the first terminal 201 performs identity authentication on the second terminal 202 based on the public key of the second terminal 202 to ensure the validity of the second terminal 202, decrypts the N2 ciphertext by using the private key of the first terminal after the authentication is successful to obtain N2, generates N1, and obtains the number N of threshold pulses according to a second preset algorithm based on N1 and N2; n1 may be generated by the first terminal 201 according to an external random noise signal, or may be generated by an internal random number generator, so as to ensure the external unavailability of N1; the public key of the second terminal 202 is used for encrypting the N1, and since the N1 ciphertext generated by encrypting the public key of the second terminal 202 can only be decrypted by the private key of the second terminal 202, and the private key of the second terminal 202 is stored in the security chip of the second terminal 202 and cannot be obtained by the outside, the security of the N1 is ensured;
the second terminal 202 receives the second negotiation data, performs signature verification operation on the second signature information based on the public key of the first terminal 201, decrypts the N1 ciphertext by using the private key of the second terminal 202 after the signature verification is successful, obtains N1, and obtains the number N of threshold pulses according to a second preset algorithm based on N11 and N2;
the second terminal 202 decrypts the N1 ciphertext by using its own private key, to obtain N1, and obtains the number N of threshold pulses according to the second preset algorithm based on N1 and N2, and since the first terminal 201 and the second terminal 202 obtain the number N of threshold pulses according to the second preset algorithm based on N1 and N2, respectively, it is ensured that both parties negotiate the same number N of threshold pulses, and the number N of threshold pulses does not need to be sent out, so that the number N of threshold pulses is prevented from leaking in the communication process, and the security of communication is improved.
Through the negotiation process of the threshold pulse number N, the safety of the generation of the threshold pulse number N can be ensured, the threshold pulse number N is prevented from being acquired externally, and further, the negotiation process of the threshold pulse number N can be generated by renegotiation before information interaction every time, so that the safety of the threshold pulse number N is further ensured.
Optionally, the communication method adopted by the first terminal 201 and the second terminal 202 includes: the short-range wireless communication mode may include the following communication protocols: bluetooth communication protocol, infrared IrDA communication protocol, RFID communication protocol, ZigBee communication protocol, Ultra WideBand (Ultra WideBand) communication protocol, short range communication (NFC) communication protocol, WiMedia communication protocol, GPS communication protocol, DECT communication protocol, wireless 1394 communication protocol, and dedicated wireless communication protocol, although the following communication protocols that may appear in the future are equivalent to the above-mentioned communication protocols: the time required for data to propagate under the maximum transmission distance supported by the communication protocol is less than the time required for data to be tampered by an external device.
As can be seen from the above, with the data communication system provided in this embodiment, when the first terminal 201 finishes sending the pending data packet, it starts to record the first terminal pulse number of the communication carrier signal sent by the first terminal 201, and only receives the response data packet when the first terminal pulse number meets the threshold range; the second terminal 202 starts to record the number of second terminal pulses of the communication carrier signal received by the second terminal 202 after receiving is completed, and only when the number of second terminal pulses reaches N, the response data packet is sent, and the first terminal 201 and the second terminal 202 simultaneously send and receive data by detecting the number of pulses, so that the timing accuracy of both sides is greatly improved, thereby ensuring that the first terminal 201 and the second terminal 202 only send and receive the response data packet at a specific high-accuracy moment, even if the response data packet sent by the second terminal 202 to the first terminal 201 is intercepted by a third party in the transmission process, because the tampering time of the data by the third party is in the millisecond level and is far greater than the timing accuracy of the first terminal 201, the first terminal 201 stops the communication flow immediately when the data tampered by the third party reaches the first terminal 201, the first terminal 201 has already terminated the communication flow, therefore, the risk that the data received by the first terminal 201 is tampered by the outside in the transmission process is eliminated, the reliability of the response data packet received by the first terminal 201 is greatly improved, in addition, N is larger than or equal to omega, the second terminal 202 can be ensured to complete the processing operation of the data packet to be processed before the response data packet needs to be sent and generate the response data packet, and the communication method and the system can be compatible with the existing communication protocol when N is larger than or equal to lambda.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (10)
1. A data communication method, wherein a first terminal always generates a communication carrier signal during communication between the first terminal and a second terminal, the method comprising the steps of:
the first terminal sends a communication data signal carrying a data packet to be processed, and the number of first terminal pulses of the communication carrier signal sent by the first terminal is recorded when the first terminal sends the data packet to be processed; the communication data signal is obtained by modulating the data packet to be processed on the communication carrier signal by the first terminal;
the second terminal receives the communication data signal carrying the data packet to be processed, starts to record the second terminal pulse number of the communication carrier signal received by the second terminal when the second terminal receives the data packet to be processed, and generates a response data packet based on the data packet to be processed;
when the second terminal records that the number of the pulses of the second terminal reaches a threshold pulse number N, the second terminal sends the response data packet to the first terminal;
and when the first terminal records that the number of the first terminal pulses reaches the threshold pulse number N, allowing the first terminal to start receiving the response data packet.
2. The method according to claim 1, wherein before the first terminal sends the communication data signal carrying the pending data packet, further comprising the steps of:
the first terminal generates a communication request and sends the communication request to the second terminal;
the second terminal receives the communication request, generates a first negotiation data packet based on the communication request, and sends the first negotiation data packet to the first terminal;
the first terminal receives the first negotiation data, carries out authentication operation on the second terminal based on the first negotiation data, generates a second negotiation data packet after the authentication is successful, and sends the second negotiation data packet to the second terminal;
the second terminal receives the second negotiation data packet, performs authentication operation on the first terminal based on the second negotiation data packet, generates the threshold pulse number N after the authentication is successful, performs encryption operation on the threshold pulse number N, generates a threshold pulse number ciphertext, and transmits the threshold pulse number ciphertext to the first terminal, wherein N is less than or equal to lambda, and lambda is the pulse number generated when the communication carrier signal passes through the frame waiting time specified by the communication protocol adopted by the first terminal and the second terminal;
and the first terminal receives the threshold pulse number ciphertext, decrypts the threshold pulse number ciphertext to obtain and store the threshold pulse number N.
3. The method according to claim 1, wherein the factory preset information of the first terminal and the second terminal stores the threshold number of pulses N, where N is less than or equal to λ, where λ is a number of pulses generated by the communication carrier signal passing through a frame waiting time specified by a communication protocol employed by the first terminal and the second terminal.
4. The method according to claim 1, wherein the first terminal and the second terminal perform data interaction based on a pulse communication protocol, and perform a check operation on the received threshold pulse number N based on a tamper-proof check value, wherein the pulse communication protocol is a communication protocol that at least includes the threshold pulse number N and the tamper-proof check value in transmitted data;
the threshold pulse number N is generated by the first terminal based on ω, where N is not less than ω, where ω is a pulse number generated by the second terminal for processing the received data sent by the first terminal by the communication carrier signal within a predetermined completion time, or,
the threshold pulse number N is generated by negotiation between the first terminal and the second terminal, where the negotiation includes: the first terminal generates the N and sends the N to the second terminal, and the second terminal sends response information to the first terminal after the first terminal is successfully authenticated; or the second terminal generates the N and sends the N to the first terminal, and the first terminal sends response information to the second terminal after the second terminal is successfully authenticated; or, the first terminal generates N1 and transmits the N1 to the second terminal, the second terminal generates N2 and transmits the N2 to the first terminal, and the first terminal and the second terminal respectively generate the N by using the N1 and the N2 based on the same algorithm, wherein the N1 and the N2 are random numbers generated according to an external random noise signal or an internal random number generator.
5. The method according to any one of claims 1 to 3, wherein the communication method adopted by the first terminal and the second terminal comprises: short-range wireless communication mode.
6. A data communication system comprising at least a first terminal and a second terminal, wherein said first terminal always generates a communication carrier signal during communication between said first terminal and said second terminal,
the first terminal is configured to send a communication data signal carrying a data packet to be processed, and start to record a first terminal pulse number of the communication carrier signal sent by the first terminal when the first terminal finishes sending the data packet to be processed; the communication data signal is obtained by modulating the data packet to be processed on the communication carrier signal by the first terminal;
the second terminal is configured to receive the communication data signal carrying the to-be-processed data packet, start recording a second terminal pulse number of the communication carrier signal received by the second terminal when the second terminal finishes receiving the to-be-processed data packet, and generate a response data packet based on the to-be-processed data packet;
the second terminal is used for sending the response data packet to the first terminal when the number of the pulses of the second terminal is recorded to reach a threshold number of pulses N;
and the first terminal is used for allowing the response data packet to start to be received when the number of the pulses of the first terminal reaches the threshold number of pulses N.
7. The system of claim 6,
the first terminal is also used for generating a communication request and sending the communication request to the second terminal;
the second terminal is further configured to receive the communication request, generate a first negotiation data packet based on the communication request, and send the first negotiation data packet to the first terminal;
the first terminal is further configured to receive the first negotiation data, perform authentication operation on the second terminal based on the first negotiation data, generate a second negotiation data packet after the authentication is successful, and send the second negotiation data packet to the second terminal;
the second terminal is further configured to receive the second negotiation data packet, perform authentication operation on the first terminal based on the second negotiation data packet, after the authentication is successful, generate the threshold pulse number N, perform encryption operation on the threshold pulse number N, generate a threshold pulse number ciphertext, and send the threshold pulse number ciphertext to the first terminal, where N is equal to or less than λ, and λ is a number of pulses generated when the communication carrier signal passes through a frame waiting time specified by a communication protocol employed by the first terminal and the second terminal;
and the first terminal is further configured to receive the threshold pulse number ciphertext, perform decryption operation on the threshold pulse number ciphertext, obtain and store the threshold pulse number N.
8. The system according to claim 6, wherein said threshold number of pulses N is stored in factory preset information of said first terminal and said second terminal, where N is less than or equal to λ, and λ is a number of pulses generated by said communication carrier signal passing through a frame waiting time specified by a communication protocol employed by said first terminal and said second terminal.
9. The system according to claim 6, wherein the first terminal and the second terminal perform data interaction based on a pulse communication protocol, and perform a check operation on the received threshold pulse number N based on a tamper-proof check value, wherein the pulse communication protocol is a communication protocol that at least includes the threshold pulse number N and the tamper-proof check value in transmitted data;
the threshold pulse number N is generated by the first terminal based on ω, where N is not less than ω, where ω is a pulse number generated by the second terminal for processing the received data sent by the first terminal by the communication carrier signal within a predetermined completion time, or,
the threshold pulse number N is generated by negotiation between the first terminal and the second terminal, where the negotiation includes: the first terminal generates the N and sends the N to the second terminal, and the second terminal sends response information to the first terminal after the first terminal is successfully authenticated; or the second terminal generates the N and sends the N to the first terminal, and the first terminal sends response information to the second terminal after the second terminal is successfully authenticated; or, the first terminal generates N1 and transmits the N1 to the second terminal, the second terminal generates N2 and transmits the N2 to the first terminal, and the first terminal and the second terminal respectively generate the N by using the N1 and the N2 based on the same algorithm, wherein the N1 and the N2 are random numbers generated according to an external random noise signal or an internal random number generator.
10. The system according to any one of claims 6 to 8, wherein the communication method adopted by the first terminal and the second terminal comprises: short-range wireless communication mode.
Priority Applications (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610639419.0A CN107690141B (en) | 2016-08-05 | 2016-08-05 | Data communication method and system |
| SG11201900994TA SG11201900994TA (en) | 2016-08-05 | 2017-08-04 | Data communication method and system |
| EP17836422.0A EP3496359A4 (en) | 2016-08-05 | 2017-08-04 | Data communication method and system |
| US16/323,498 US10979899B2 (en) | 2016-08-05 | 2017-08-04 | Data communication method and system |
| PCT/CN2017/095990 WO2018024241A1 (en) | 2016-08-05 | 2017-08-04 | Data communication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610639419.0A CN107690141B (en) | 2016-08-05 | 2016-08-05 | Data communication method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107690141A CN107690141A (en) | 2018-02-13 |
| CN107690141B true CN107690141B (en) | 2020-02-21 |
Family
ID=61151149
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610639419.0A Active CN107690141B (en) | 2016-08-05 | 2016-08-05 | Data communication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107690141B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104883360A (en) * | 2015-05-05 | 2015-09-02 | 中国科学院信息工程研究所 | ARP spoofing fine-grained detecting method and system |
| CN104901953A (en) * | 2015-05-05 | 2015-09-09 | 中国科学院信息工程研究所 | Distributed detection method and system for ARP (Address Resolution Protocol) cheating |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7418240B2 (en) * | 2002-05-03 | 2008-08-26 | Broadcom Corporation | Dynamic adaptation of impaired RF communication channels in a communication system |
| US7701382B2 (en) * | 2003-09-15 | 2010-04-20 | Broadcom Corporation | Radar detection circuit for a WLAN transceiver |
| CN103685117B (en) * | 2012-09-05 | 2017-05-24 | 京信通信系统(中国)有限公司 | Method and device for signal processing and signal processing cascade unit |
| US9930523B2 (en) * | 2014-03-11 | 2018-03-27 | Ecole Polytechnique Federale De Lausanne (Epfl) | Method and device for proving his identity |
| US9379746B2 (en) * | 2014-06-30 | 2016-06-28 | Texas Instruments Incorporated | Isolation circuits for digital communications and methods to provide isolation for digital communications |
-
2016
- 2016-08-05 CN CN201610639419.0A patent/CN107690141B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104883360A (en) * | 2015-05-05 | 2015-09-02 | 中国科学院信息工程研究所 | ARP spoofing fine-grained detecting method and system |
| CN104901953A (en) * | 2015-05-05 | 2015-09-09 | 中国科学院信息工程研究所 | Distributed detection method and system for ARP (Address Resolution Protocol) cheating |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107690141A (en) | 2018-02-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200120508A1 (en) | Ehf secure communication device | |
| US20190165947A1 (en) | Signatures for near field communications | |
| US7512236B1 (en) | System and method for secure mobile commerce | |
| US10979899B2 (en) | Data communication method and system | |
| ES2624298T3 (en) | Procedure to operate a communications system | |
| CN107690144B (en) | Data communication method and system | |
| CN106027250A (en) | Identity card information safety transmission method and system | |
| US10609552B2 (en) | System and method for data communication protection | |
| CN106027249B (en) | Identity card card reading method and system | |
| Radu et al. | Practical EMV relay protection | |
| CN107690133B (en) | Data communication method and system | |
| CN107690143B (en) | Data communication method and system | |
| CN107690141B (en) | Data communication method and system | |
| CN107689946B (en) | Data communication method and data communication system | |
| JP6698880B2 (en) | Safe communication method and system | |
| CN107690142B (en) | Data communication method and system | |
| CN107688760B (en) | Data communication method and data communication system | |
| CN112688774A (en) | Secure communication method and system for protecting key negotiation by using timing communication | |
| CN107688749B (en) | Secure communication method and system | |
| US10567956B2 (en) | Data communication method and system | |
| CN112713991A (en) | Secure communication method and system for protecting key negotiation by using timing communication | |
| CN107688761B (en) | Data communication method and data communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220411 Address after: Tiantianrong building, No. 1, Zhongguancun, Beiqing Road, Haidian District, Beijing 100094 Patentee after: TENDYRON Corp. Address before: 100086 room 603, building 12, taiyueyuan, Haidian District, Beijing Patentee before: Li Ming |