CN108738014A - Wireless radios, certificate server, Verification System and safety certifying method - Google Patents

Wireless radios, certificate server, Verification System and safety certifying method Download PDF

Info

Publication number
CN108738014A
CN108738014A CN201710247144.0A CN201710247144A CN108738014A CN 108738014 A CN108738014 A CN 108738014A CN 201710247144 A CN201710247144 A CN 201710247144A CN 108738014 A CN108738014 A CN 108738014A
Authority
CN
China
Prior art keywords
data
processing
certificate server
wireless radios
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710247144.0A
Other languages
Chinese (zh)
Other versions
CN108738014B (en
Inventor
郭丽敏
俞军
李清
刘丹
王立辉
单伟君
姜焜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Fudan Microelectronics Group Co Ltd
Original Assignee
Shanghai Fudan Microelectronics Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Fudan Microelectronics Group Co Ltd filed Critical Shanghai Fudan Microelectronics Group Co Ltd
Priority to CN201710247144.0A priority Critical patent/CN108738014B/en
Publication of CN108738014A publication Critical patent/CN108738014A/en
Application granted granted Critical
Publication of CN108738014B publication Critical patent/CN108738014B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A kind of wireless radios, certificate server, Verification System and safety certifying method.The wireless radios include:Key storing unit is suitable for storage primary key data;Key updating units, suitable for after the certification request for receiving certificate server transmission, being updated to the primary key data, obtaining updated key data;Encoder is suitable for carrying out coded treatment to the updated key data, obtains corresponding auxiliary data and be sent to certificate server;First processing units, suitable for when receiving the first processing data that the certificate server is sent, being based on the updated key data, inversely processing is carried out to the first processing data, the second data corresponding with the first data, and the 4th data corresponding with third data are obtained respectively;First authentication unit is suitable for being based on second data and the first data, is authenticated to the certificate server.Using said program, authentication security can be improved.

Description

Wireless radios, certificate server, Verification System and safety certifying method
Technical field
The present invention relates to wireless communication technology fields, and in particular to a kind of wireless radios, certificate server, certification system System and safety certifying method.
Background technology
Internet of Things is referred to as after computer, internet, the third wave of world information industry.Radio frequency identification (Radio Frequency Identification, RFID) technology as structure Internet of Things key technology, in recent years by The extensive concern of people.Wireless radios based on RFID are also more and more, for example, smart card, mobile terminal, microprocessor, Computer, router, set-top box etc..
In practical applications, clone, impersonation attack, Replay Attack, malice monitorings, malicious intercepted, it is asynchronous attack etc. be To the primary challenge means of wireless radios.In order to cope with above-mentioned attack, wireless radios before use, it is generally necessary to Certificate server is mutually authenticated, and with the legitimacy of authentication verification both sides, improves the safety subsequently used.
It is all based on fixed key currently, being mutually authenticated between wireless radios and certificate server, it is close using fixation Some random number is encrypted in key, to the legitimacy of authentication verification both sides.
In order to obtain the fixed key, the method for attacker's generally use side channel energy analysis to wireless radios or Certificate server is attacked.Once attacker obtains the key for certification, so that it may be set with largely forging less radio-frequency It is standby, it is follow-up to be effectively ensured using the safety of wireless radios, it cannot be satisfied requirement of the user to safety.
Invention content
Present invention solves the technical problem that being how to improve wireless radios and the peace in certificate server verification process Quan Xing.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of wireless radios, the wireless radios Including:Key storing unit is suitable for storage primary key data;Key updating units, suitable for receiving certificate server hair After the certification request sent, the primary key data are updated, updated key data is obtained;Encoder, be suitable for pair The updated key data carries out coded treatment, obtains corresponding auxiliary data and is sent to certificate server;At first Unit is managed, suitable for when receiving the first processing data that the certificate server is sent, being based on the updated cipher key number According to, inversely processing is carried out to the first processing data, obtains corresponding with the first data the second data respectively, and with third number According to corresponding 4th data, wherein the first processing data are the certificate server to first data and third number According to treated data;First authentication unit, be suitable for be based on second data and the first data, to the certificate server into Row certification.
Optionally, the wireless radios further include:Second processing unit, suitable for working as the certificate server by recognizing When card, be based on the updated key data, the 4th data are handled, obtain second processing Data Concurrent send to The certificate server.
Optionally, the wireless radios further include:First key generation unit is suitable for the updated key Data carry out compression or calculation process, obtain the first key data that length is less than or equal to the updated key data, And the first key data are sent to the first processing units and second processing unit.
Optionally, the first key generation unit is suitable for using first data to the updated cipher key number According to carry out compression or calculation process.
Optionally, the second processing unit will be described updated suitable for when the certificate server passes through certification Key data is encrypted the 4th data as key, obtains the second processing data.
Optionally, the wireless radios further include:Encryption unit, suitable for described in being sent to the auxiliary data Before certificate server, the auxiliary data is encrypted, obtain encryption data and is sent to the certificate server.
Optionally, the wireless radios further include:Data capture unit is suitable for generating first data.
Optionally, the data capture unit is further adapted for generating the 6th data;The second processing unit is suitable for when described When certificate server passes through certification, the 6th data and the 4th data are handled, obtain the second processing number According to.Optionally, the data capture unit is randomizer.
The embodiment of the present invention additionally provides a kind of certificate server, and the certificate server includes:Certification request unit is fitted In generation certification request and it is sent to wireless radios;Decoder receives what the wireless radios were sent suitable for working as When auxiliary data, processing is decoded to the auxiliary data and the primary key data got in advance, obtains decoding data, Wherein, the auxiliary data is that the wireless radios carry out updated key data the data after coded treatment;The Three processing units are suitable for being based on the decoding data, handle the first data and third data, obtain the first processing data And it is sent to the wireless radios.
Optionally, the certificate server further includes:Fourth processing unit, suitable for receiving the wireless radios When the second processing data of transmission, it is based on the decoding data, inversely processing is carried out to the second processing data, obtains the 5th number According to, wherein the second processing data are that the wireless radios are based on the updated key data, to the 4th data The data obtained after being handled;Second authentication unit is suitable for being based on the 5th data and third data, wirelessly be penetrated to described Frequency equipment is authenticated.
Optionally, the certificate server further includes:Second Key generating unit, suitable for pressing the decoding data Contracting or calculation process obtain the second key data that length is less than or equal to the decoding data, and by second cipher key number According to being sent to the third processing unit and fourth processing unit.
Optionally, second Key generating unit, suitable for being pressed the decoding data using first data Contracting or calculation process.
Optionally, the third processing unit, is suitable for using the decoding data as key, to first data and the Three data are encrypted, and obtain the first processing data.
Optionally, the certificate server further includes:Decryption unit receives the wireless radios transmission suitable for working as Encryption data when, the encryption data is decrypted, ciphertext data is obtained.
Optionally, the certificate server further includes:Data generating unit is suitable for generating the third data.
Optionally, the data generating unit is randomizer.
The embodiment of the present invention additionally provides a kind of less radio-frequency Verification System, and the less radio-frequency Verification System includes above-mentioned Any wireless radios and any of the above-described kind of certificate server.
The embodiment of the present invention additionally provides another wireless radios, and the wireless radios include:Key storage Unit is suitable for storage primary key data;Key updating units, suitable in the certification request for receiving certificate server transmission Afterwards, the primary key data are updated, obtain updated key data;Encoder is suitable for described updated Key data carries out coded treatment, obtains corresponding auxiliary data and is sent to certificate server;First processing units are suitable for When receiving the first processing data that the certificate server is sent, inversely processing is carried out to the first processing data, is obtained respectively Obtain the second data corresponding with the first data, and the 4th data corresponding with third data, wherein the first processing data It is the certificate server to the data after first data and third data processing;First authentication unit is suitable for being based on institute The second data and the first data are stated, the certificate server is authenticated;Second processing unit is suitable for working as the authentication service When device passes through certification, it is based on the updated key data, the 4th data are handled, obtains second processing data And it is sent to the certificate server.
The embodiment of the present invention additionally provides another certificate server, and the certificate server includes:Certification request unit, Suitable for generating certification request and being sent to wireless radios;Decoder receives the wireless radios transmission suitable for working as Auxiliary data when, processing is decoded to the auxiliary data and the primary key data got in advance, obtains solution yardage According to, wherein the auxiliary data is that the wireless radios carry out updated key data the data after coded treatment; Third processing unit obtains the first processing Data Concurrent and send to the nothing suitable for handling the first data and third data Line radio-frequency apparatus, fourth processing unit, suitable for when receiving the second processing data that the wireless radios are sent, being based on The decoding data carries out inversely processing to the second processing data, obtains the 5th data, wherein the second processing data It is based on the updated key data, the data obtained after handling the 4th data for the wireless radios;The Two authentication units are suitable for being based on the 5th data and third data, are authenticated to the wireless radios.
The embodiment of the present invention additionally provides another less radio-frequency Verification System, and the less radio-frequency Verification System includes upper State any wireless radios and any of the above-described kind of certificate server.
The embodiment of the present invention additionally provides another wireless radios, and the wireless radios include:Key storage Unit is suitable for storage primary key data;Key updating units, suitable in the certification request for receiving certificate server transmission Afterwards, the primary key data are updated, obtain updated key data;Encoder is suitable for described updated Key data carries out coded treatment, obtains corresponding auxiliary data and is sent to certificate server;Second processing unit is suitable for base In the updated key data, the third data are handled, second processing Data Concurrent is obtained and send to described and recognize Demonstrate,prove server.
The embodiment of the present invention additionally provides another certificate server, and the certificate server includes:Certification request unit, Suitable for generating certification request and being sent to wireless radios;Decoder receives the wireless radios transmission suitable for working as Auxiliary data when, processing is decoded to the auxiliary data and the primary key data got in advance, obtains solution yardage According to, wherein the auxiliary data is that the wireless radios carry out updated key data the data after coded treatment; Fourth processing unit, suitable for when receiving the second processing data that the wireless radios are sent, being based on the solution yardage According to second processing data progress inversely processing, the 5th data of acquisition, wherein the second processing data are described wireless Radio-frequency apparatus is based on the updated key data, the data obtained after handling the third data;Second certification Unit is suitable for being based on the 5th data and third data, is authenticated to the wireless radios.
The embodiment of the present invention additionally provides another less radio-frequency Verification System, and the less radio-frequency Verification System includes upper The wireless radios and above-mentioned certificate server stated.
The embodiment of the present invention additionally provides a kind of safety certifying method of preventing side-channel energy spectrometer, the method includes: Certificate server sends certification request to wireless radios;The wireless radios are receiving the certificate server hair When the certification request sent, primary key data are updated, and coded treatment, acquisition pair are carried out to updated key data The auxiliary data answered simultaneously is sent to the certificate server;The certificate server is based on the primary key data got in advance Processing is decoded to the auxiliary data, obtains decoding data, and be based on the first data of the decoding data pair and third number According to being handled, obtains the first processing Data Concurrent and send to the wireless radios;The wireless radios are based on described Updated key data carries out inversely processing to the first processing data, obtains the second number corresponding with the first data respectively According to, and the 4th data corresponding with third data, and second data and the first data are based on, to the certificate server It is authenticated.
Optionally, the method further includes:The wireless radios are based on when the certificate server passes through certification The updated key data handles the 4th data, obtains second processing Data Concurrent and send to the certification Server;The certificate server is based on the decoding data, and inversely processing is carried out to the second processing data, obtains the 5th number According to, and the 5th data and third data are based on, the wireless radios are authenticated.
Optionally, before the first data of the certificate server pair and third data are handled, the method is also wrapped It includes:The certificate server carries out compression or calculation process to the decoding data, obtains length and is less than or equal to the decoding Second key data of data;Before the processing of the wireless radios pair first data are handled, the method is also wrapped It includes:The wireless radios carry out compression or calculation process to the updated key data, obtain length and are less than or wait In the first key data of the updated key data.
Optionally, described before the auxiliary data is sent to the certificate server by the wireless radios Method further includes:The auxiliary data is encrypted in the wireless radios, obtains encryption data;In the certification Before server is decoded processing to the auxiliary data, the method further includes:The certificate server is to the encryption Auxiliary data afterwards is decrypted, and obtains ciphertext data.
Optionally, before the certificate server sends certification request to wireless radios, the method further includes:Institute Certificate server is stated to read the primary key data from the wireless radios and store.
The embodiment of the present invention additionally provides the safety certifying method of another preventing side-channel energy spectrometer, the method packet It includes:Certificate server sends certification request to wireless radios;The wireless radios are receiving the authentication service When the certification request that device is sent, primary key data are updated, and coded treatment is carried out to updated key data, are obtained It obtains corresponding auxiliary data and is sent to the certificate server;The primary key data that the certificate server is got in advance It is decoded processing, obtains decoding data, and handle the first data and third data, obtains the first processing Data Concurrent It send to the wireless radios;The wireless radios to it is described first processing data carry out inversely processing, respectively obtain with Corresponding second data of first data, and the 4th data corresponding with third data, and it is based on second data and first Data are authenticated the certificate server;The wireless radios are based on when the certificate server passes through certification The updated key data handles the 4th data, obtains second processing Data Concurrent and send to the certification Server;The certificate server is based on the decoding data, and inversely processing is carried out to the second processing data, obtains the 5th number According to, and the 5th data and third data are based on, the wireless radios are authenticated.
The embodiment of the present invention additionally provides the safety certifying method of another preventing side-channel energy spectrometer, the method packet It includes:Certificate server sends certification request to wireless radios;The wireless radios are receiving the authentication service When the certification request that device is sent, primary key data are updated, and coded treatment is carried out to updated key data, are obtained It obtains corresponding auxiliary data and is sent to the certificate server;The certificate server is based on the primary key got in advance Data are decoded processing to the auxiliary data, obtain decoding data, and third data are sent to the less radio-frequency and are set It is standby;The wireless radios are based on the updated key data, to the third data after receiving third data It is handled, obtains second processing Data Concurrent and send to the certificate server;The certificate server is based on the solution yardage According to, inversely processing is carried out to the second processing data, obtains the 5th data, and be based on the 5th data and third data, it is right The wireless radios are authenticated.
Compared with the existing technology, this have the advantage that:
Using the above scheme, since wireless radios are before being every time authenticated certificate server, key updating list Member can be updated the primary key data stored, it is possible thereby to so that be based on updated key data pair the every time When one processing data carry out inversely processing, generated intermediate data is random, so as to prevent attacker from passing through side channel The method analysis of energy spectrometer obtains the updated key data, improves wireless radios and certificate server verification process In safety.
Since second processing unit can be handled the 4th data based on updated key data, and update Key data afterwards is different when each certificate server is authenticated the wireless radios, it is possible thereby to so that Two processing units when handling the 4th data, are all based on a different updated key data, institute every time The intermediate data of generation is random, so as to prevent attacker from obtaining second by the method analysis that side channel energy is analyzed Updated key data used in processing unit further increases in wireless radios and certificate server verification process Safety.
Compression or calculation process are carried out to updated key data by first key generation unit, key can be improved Complexity, improve the safety of certification.
Compression or calculation process are carried out to decoding data by the second Key generating unit, the complexity of key can be improved Degree, improves the safety of certification.
Before auxiliary data is sent to the certificate server, the auxiliary data is encrypted, will be added Close treated that auxiliary data is retransmited to the certificate server, can prevent attacker from passing through auxiliary data to analyze prediction Primary key data, and then prevent from forging wireless radios, it is taken with certification so as to further increase wireless radios The safety being engaged in device verification process.
It using the above scheme, can be to being deposited since wireless radios are before being every time authenticated certificate server The primary key data of storage are updated, it is possible thereby to so that the auxiliary data that sends every time of wireless radios is different, into And make the decoding data that decoder exports every time different, it is carried out every time based on the first data of decoding data pair and third data A different decoding data is all based on when processing, generated intermediate data is random, so as to prevent attacker logical The method analysis for crossing side channel energy analysis obtains the decoding data, improves wireless radios and certificate server verification process In safety.
Since fourth processing unit can be handled the second processing data based on decoding data, and decoding data It is different when each certificate server is authenticated the wireless radios, it is possible thereby to which so that fourth processing unit is every It is secondary to be all based on a different decoding data when carrying out inversely processing to second processing data, generated intermediate data be with Machine, it is solved used in fourth processing unit so as to prevent attacker from being obtained by the method analysis that side channel energy is analyzed Code data, further increase wireless radios and the safety in certificate server verification process.
Description of the drawings
Fig. 1 is a kind of structural schematic diagram of less radio-frequency Verification System in the embodiment of the present invention;
Fig. 2 is the structural schematic diagram of another less radio-frequency Verification System in the embodiment of the present invention;
Fig. 3 is the structural schematic diagram of another less radio-frequency Verification System in the embodiment of the present invention;
Fig. 4 is the structural schematic diagram of another less radio-frequency Verification System in the embodiment of the present invention;
Fig. 5 is the data interaction flow diagram in a kind of verification process in the embodiment of the present invention.
Specific implementation mode
It is all based on fixed key currently, being mutually authenticated between wireless radios and certificate server.It is fixed based on this When key carries out safety certification, intermediate data will produce.The power consumption of generated intermediate data exists certain with the fixed key Correlation.Therefore, the method that side channel energy analysis may be used in attacker, analyzes the power consumption of the median, Finally obtain the key.
Once attacker obtains the key for certification, so that it may follow-up to use to forge wireless radios in large quantities The safety of wireless radios cannot be effectively ensured, and cannot be satisfied requirement of the user to safety.
In view of the above-mentioned problems, an embodiment of the present invention provides a kind of wireless radios, the wireless radios are each Before being authenticated to certificate server, key updating units can be updated the primary key data stored, thus may be used So that every time be based on updated key data pair first handle data carry out inversely processing when, generated intermediate data be with Machine value carries so as to prevent attacker from obtaining the updated key data by the method analysis that side channel energy is analyzed High wireless radios and the safety in certificate server verification process.
In view of the above-mentioned problems, the embodiment of the present invention additionally provides a kind of certificate server, since wireless radios are every It is secondary the certificate server is authenticated before, the primary key data stored can be updated, it is possible thereby to so that nothing The auxiliary data that line radio-frequency apparatus is sent every time is different, so that the decoding data that decoder exports every time is different, often It is secondary when being handled based on the first data of decoding data pair and third data, generated intermediate data be it is random, so as to To prevent attacker from obtaining the updated key data by the method analysis that side channel energy is analyzed, improves less radio-frequency and set Safety in the standby verification process with certificate server.
It is understandable to enable above-mentioned purpose, feature and the advantageous effect of the present invention to become apparent, below in conjunction with the accompanying drawings to this The specific embodiment of invention is described in detail.
First, the present invention is more clearly understood for the ease of those skilled in the art, to less radio-frequency certification system System is described as follows:
Referring to Fig.1, the less radio-frequency Verification System may include:Wireless radios 10 and certificate server 20.Institute Wireless radios 10 are stated to be authenticated certificate server 20 after the certification request for receiving certificate server 20. The wireless radios 10 and certificate server 20 are described in detail separately below:
Referring to Fig.1, an embodiment of the present invention provides a kind of wireless radios 10, the wireless radios 10 can wrap It includes:Key storing unit 101, key updating units 102, encoder 103, first processing units 104 and the first authentication unit 105.Wherein:
The key storing unit 101 is suitable for storage primary key data R0;
The key updating units 102, suitable for receive certificate server 20 transmission certification request Q after, to described Primary key data R0 is updated, and obtains updated key data D0;
The encoder 103 is suitable for carrying out coded treatment to the updated key data D0, obtains corresponding auxiliary Data P0 is simultaneously sent to certificate server 20;
The first processing units 104, suitable in the first processing data T1 for receiving the transmission of the certificate server 20 When, it is based on the updated key data D0, inversely processing is carried out to the first processing data T1, is obtained respectively and the first number According to the corresponding second data W2 of W1, and fourth data W4 corresponding with third data W3.Wherein, the first processing data T1 It is the certificate server 20 to the first data W1 and third data W3 treated data;
First authentication unit 105 is suitable for being based on the second data W2 and the first data W1, to the authentication service Device 20 is authenticated.
The embodiment of the present invention additionally provides a kind of certificate server 20, and the certificate server 20 may include:
Certification request unit 201, suitable for generating certification request Q and being sent to wireless radios 10;
Decoder 202, suitable for when receive the wireless radios 10 transmission auxiliary data P0 when, to the auxiliary The data P0 and primary key data R0 got in advance is decoded processing, obtains decoding data D1, wherein the supplementary number It is the data after the wireless radios 10 carry out updated key data D0 coded treatment according to P0;
Third processing unit 203 is suitable for being based on the decoding data D1, at the first data W1 and third data W3 Reason obtains the first processing data T1 and is sent to the wireless radios 10.
In specific implementation, before wireless radios 10 are authenticated certificate server 20, certificate server 20 can With the primary key data R0 stored from reading key storing unit 101 in wireless radios 10, and it is stored in certification clothes It is engaged in the database of device 20.Initial phase of the above process as less radio-frequency Verification System, usually in a secure environment into Row, and only carry out primary.After initialization procedure, the data on wireless radios 10 for reading primary key data R0 Interface is closed forever.Wherein, the primary key data R0 stored in the key storing unit 101 can be fixed data, It can be random data, not be restricted specifically.
In specific implementation, certification request unit 201 can send certification to wireless radios 10 in several cases Q is asked, is not restricted specifically.For example, certification request unit 201 can be after receiving certification control instruction, to less radio-frequency Equipment 10 sends certification request Q, can also be sent out to wireless radios 10 when certificate server detects wireless radios Send certification request Q.
In specific implementation, key updating units 102, can after the certification request Q for receiving the transmission of certificate server 20 To be based on random number, several bits or whole bits to the primary key data R0 are updated.For example, key is more If new unit 102 can utilize a certain random number to execute xor operation with the kilo byte in primary key data R0, updated Key data D0 afterwards.
In specific implementation, encoder 103 may be used various ways and be compiled to the updated key data D0 Code processing, is not restricted specifically, as long as after corresponding coded treatment, can obtain corresponding auxiliary data P0.For example, institute It states encoder 103 and the coding mode of Golay codes, Reed-Muller codes or BCH code may be used to the updated cipher key number Coded treatment is carried out according to D0.It when specific coding, can also be encoded using random number, to enhance obtained auxiliary data P0 Randomness.
In specific implementation, after decoder 202 receives auxiliary data P0, to the auxiliary data P0 and primary key number It is decoded processing according to R0, obtains decoding data D1.It is understood that the decoder 202 is to the auxiliary data P0's Decoding process, it is corresponding to the updated coding mode of key data D0 with the encoder 102.
In specific implementation, after third processing unit 203 obtains decoding data D1, to the first data W1 and third data W3 It is handled, obtains the first processing data T1.The first processing units 104 are after receiving the first processing data T1, to institute State the first processing data T1 and carry out inversely processing, obtain second data W2 corresponding with the first data W1 respectively, and with third number According to the corresponding 4th data W4 of W3.
Wherein, after the third processing unit 203 can first splice the first data W1 and third data W3, Obtain spliced data W1 | | W3, then to spliced data W1 | | W3 is correspondingly handled, so as to first processing units 104 after carrying out inversely processing to the first processing data T1, can recover the second data W2 and the 4th data W4.
In specific implementation, the third processing unit 203 is to spliced data W1 | | when W3 is handled, Ke Yicun In a variety of processing modes, including but not limited to encryption etc..For example, the third processing unit 203 can pass through crypto-operation Mode, to spliced data W1 | | W3 processing.Wherein, selected cryptographic algorithm can be symmetric cryptographic algorithm, example Such as, DES algorithms, RC2 algorithms, RC4 algorithms, RC5 algorithms and Blowfish algorithms etc.;Can also be asymmetric cryptographic algorithm, example Such as RSA Algorithm, ECC algorithm and Knapsack algorithms.Wherein, the cryptographic algorithm can also include but not limited to above-mentioned standard Algorithm and the custom algorithm of simplification
It is understood that since the first processing units 104 and the processing procedure of the third processing unit 203 are mutual Inverse, therefore, those skilled in the art are referred to the above-mentioned description to third processing unit 203, select the third processing single The inversely processing algorithm of member 203 handles the first processing data T1.For example, the third processing unit 203 selects Des encryption algorithm is selected to spliced data W1 | | when W3 is encrypted, the first processing units 103 can select pair The DES decipherment algorithms pair first answered handle data T1 and are decrypted.
In specific implementation, the third processing unit 203 is based on the decoding data D1 to spliced data W1 | | It, can be based on the first response data D1 obtained after being decoded to the auxiliary data P0 to spliced number when W3 is handled According to W1 | | W3 processing.It, can will be described for example, when the processing mode of the third processing unit 203 is encryption First response data D1 is as key, to spliced data W1 | | W3 processing.
It should be noted that in specific implementation, the first data W1 can be what wireless radios 10 generated, Can be what wireless radios 10 were got from miscellaneous equipment or device, it is specific unrestricted.In the implementation of the present invention In example, in order to obtain higher safety, the first data W1 can be taken out at random from the set comprising finite number value It takes, and the numerical value extracted every time is different.Certainly, the first data W1 may be random number, as long as so that every time The first data W1 in certification is all different.
It should be noted that in specific implementation, the third data W3 can be what certificate server 20 generated, also may be used Think what certificate server 20 was got from miscellaneous equipment or device, it is specific unrestricted.In one embodiment of this invention, In order to obtain higher safety, the third data W3 can be randomly selected from the set comprising finite number value, And the numerical value extracted every time is different.Certainly, the third data W3 may be random number, as long as so that every time in certification Third data W3 be all different.
After obtaining the second data W2, first authentication unit 104 can be by the second data W2 and the first data W1 It is compared, the certificate server 20 is authenticated, and authentication output result Out1.Specifically, if the two is identical, institute Certificate server 20 is stated by certification, i.e., the described certificate server 20 is legal server.If the two is different, the certification Server 20 is not authenticated, i.e., the described certificate server 20 is illegal server.
Since wireless radios 10 are in 20 each verification process of certificate server, key updating units 102 can be right Primary key data R0 is updated, so that third processing unit 203 and first processing units 104 are every time to respective counts It is random according to generated intermediate data when being handled, so that attacker is difficult to by analyzing intermediate data and power consumption Relationship, obtain updated key data or decoding data or primary key data R0, therefore less radio-frequency can be improved and set Safety in standby 10 pairs of 20 verification process of certificate server.
Fig. 2 is the structural schematic diagram of another less radio-frequency Verification System provided in an embodiment of the present invention.Reference Fig. 2, with Embodiment shown in Fig. 1 the difference is that, the wireless radios 10 can also include:
Second processing unit 106, suitable for when the certificate server 20 passes through certification, being based on the updated key Data D0 obtains second processing data T2 and is sent to the certificate server 20 to the 4th data W4 processing.
The certificate server 20 can also include:
Fourth processing unit 204, suitable for receive the wireless radios 10 transmission second processing data W2 when, Based on the decoding data D1, inversely processing is carried out to the second processing data T2, obtains the 5th data W5, wherein described the Two processing data T2 are that the wireless radios 10 are based on the updated key data D0, to the 4th data W4 into The data obtained after row processing;
Second authentication unit 205 is suitable for being based on the 5th data W5 and third data W3, to the wireless radios 10 are authenticated.
When the certificate server 20 passes through certification, the second processing unit 106 continues to the 4th data W4 It is handled, obtains second processing data T2.The fourth processing unit 204 is when receiving second processing data T2, to institute State second processing data T2 and carry out inversely processing, obtain the 5th data W5, finally by the second authentication unit 205 by the 5th data W5 with Third data W3 is compared, and authentication output result Out2.If the two is identical, the wireless radios 10 are by recognizing Card, i.e., the described wireless radios 10 are legitimate device, and otherwise the wireless radios 10 are not authenticated, i.e., described wireless Radio-frequency apparatus 10 is illegality equipment.
Since key updating units 102 can be updated primary key data R0 in each verification process, therefore more Key data D0 and decoding data D1 after new is different in each verification process, and second processing unit 106 and the is everywhere Generated intermediate data is also random during unit 204 is managed to corresponding data processing, therefore attacker is difficult to pass through The relationship for analyzing intermediate data and power consumption, obtains updated key data D0 or decoding data D1 or primary key data R0, therefore certificate server 20 can be improved to the safety in 10 verification process of wireless radios.
In specific implementation, when the second processing unit 106 is based on D0 couples of the 4th data W4 of updated key data It, can be directly using D0 pairs of the 4th data W4 processing of the updated key data, for example, will be described when being handled Updated key data D0 is encrypted the 4th data W4 as key.
The second processing unit 106 can also first splice the 4th data W4 and the 6th data W6, be spliced Data W4 afterwards | | W6 recycles the updated key data D0 to spliced data W4 | | W6 processing.For example, Using the updated key data D0 as key, to spliced data W4 | | W6 is encrypted.
It is understood that since the second processing unit 106 is mutual with the processing procedure of the fourth processing unit 204 Inverse, therefore, those skilled in the art are referred to the above-mentioned description to second processing unit 106, select the second processing list The inversely processing algorithm of member 106 carries out inversely processing to the first processing data T1.For example, the second processing unit 106 Des encryption algorithm can be selected to spliced data W4 | | when W6 is encrypted, the fourth processing unit 204 can be with Select corresponding DES decipherment algorithms that second processing data T2 is decrypted.
In specific implementation, it is referred to the above-mentioned description to the first data W1 and implements the 6th data W6, herein not It repeats again.
In one embodiment of this invention, with reference to Fig. 2, the wireless radios 10 can also include:Data acquisition list Member 107 is suitable for generating the first data W1.It, can be respectively by first after the data capture unit 107 generates the first data W1 Data W1 is sent to the first authentication unit 105 and third processing unit 203.In specific implementation, the data capture unit 107 are further adapted for generating the 6th data W6, and generated 6th data W6 is sent to second processing unit 106.
In one embodiment of this invention, the certificate server 20 can also include:Data generating unit 206, is suitable for The third data W3 is generated, and the third data W3 is sent to third processing unit 203 and the second authentication unit 205.
In specific implementation, the data capture unit 107 and data generating unit 206 can be randomizer, To further enhance the randomness in 106 processing procedure of third processing unit 203 and second processing unit, certification safety is improved Property.
In specific implementation, those skilled in the art are referred to the above-mentioned description to the third processing unit 203, real The second processing unit 106 is applied, and implements the fourth process with reference to the above-mentioned description to the first processing units 104 Unit 204, details are not described herein again.
In specific implementation, for wireless radios 10, first processing units 104 and second processing unit 106 can be with Updated key data D0 is based on to handle corresponding data;Alternatively, first processing units 104 are based on updated close Key data D0 handles corresponding data, and second processing unit 106 based on the key data after non-update to corresponding data It is handled;Alternatively, first processing units 104 are handled corresponding data based on the key data after non-update, and second Processing unit 106 is handled corresponding data based on updated key data D0.It is understood that first processing units 104 and second processing unit 106 when can be based on updated key data D0 and handling corresponding data, less radio-frequency The authentication security higher of Verification System.
Accordingly for certificate server 20, third processing unit 203 and fourth processing unit 204 can be based on solution Code data D1 handles corresponding data;Alternatively, third processing unit 203 be based on decoding data D1 to corresponding data at Reason, and fourth processing unit 204 is handled corresponding data based on non-decoding data;Alternatively, third processing unit 203 is based on Non- decoding data handles corresponding data, and fourth processing unit 204 be based on decoding data D1 to corresponding data at Reason.It is understood that third processing unit 203 and fourth processing unit 204 can be based on decoding data D1 to respective counts When according to being handled, the authentication security higher of less radio-frequency Verification System.
Fig. 3 is another less radio-frequency Verification System provided in an embodiment of the present invention.With reference to Fig. 3, with reality shown in Figure 2 Apply example the difference is that, the wireless radios 10 can also include:
First key generation unit 108 is obtained suitable for carrying out compression or calculation process to the updated key data D0 Length is less than or equal to the first key data D2 of the updated key data D0, and by the first key data D2 It is sent to the first processing units 104 and second processing unit 106.
The certificate server 20 can also include:
It is small to obtain length suitable for carrying out compression or calculation process to the decoding data D1 for second Key generating unit 207 In or equal to the decoding data the second key data D3, and the second key data D3 is sent to the third and is handled Unit 203 and fourth processing unit 204.
In specific implementation, first key generation unit 108 is suitable for compressing the updated key data D0 Or calculation process.For example, the length of the updated key data D0 is 300Byte, through first key generation unit 108 After compression or calculation process, the length of the data of first key data D2 can be 128bit, wherein 1Byte=8bits.
Similarly, the second Key generating unit 207 is suitable for carrying out compression or calculation process to the decoding data D1, obtains Length is less than or equal to the second key data D3 of the decoding data, and will the secondth key data transmission D3 to described 203 and fourth processing unit 204.
In specific implementation, first key generation unit 108 and the processing procedure phase of the second Key generating unit 207 Together, specific compression algorithm or arithmetic operation are unrestricted, for example, the method that adjacent bit position carries out exclusive or may be used, it is right The updated key data D0 and decoding data D1 is compressed, and hash algorithm can also be used to described updated close Key data D0 and decoding data D1 carry out corresponding arithmetic operation.
In specific implementation, whether first key data D2 is sent to the first processing units 104 and second processing list Whether member 106 and the second key data D3 are sent to the third processing unit 203 and fourth processing unit 204, Ke Yigen It is configured according to actual conditions.
For example, being carried out when the first processing units 104 are based on D0 couples first processing data T1 of updated key data When inversely processing, first key data D2 is sent to first processing units 104 by the first key generation unit 108, otherwise without First key data D2 must be sent to first processing units 104.When third processing unit 203 is based on D1 pairs first of decoding data When data W1 and third data W3 are handled, the second key data D3 is sent to by second Key generating unit 207 Otherwise second key data D3 need not be sent to third processing unit 203 by three processing units 203.
Fig. 4 is another less radio-frequency Verification System provided in an embodiment of the present invention.It is different from embodiment shown in Fig. 3 Place is that the wireless radios 10 can also include:
Encryption unit 109, suitable for before the auxiliary data P0 is sent to the certificate server 20, to described auxiliary It helps data P0 to be encrypted, obtain encryption data P1 and is sent to the certificate server 20.
Correspondingly, the certificate server 20 can also include:Decryption unit 208, suitable for described wirelessly penetrating when receiving When the encryption data P1 that frequency equipment 10 is sent, the encryption data P1 is decrypted, ciphertext data P2 is obtained.
In specific implementation, the encryption unit 109 is used to solve for encrypted key and the decryption unit 208 Close key can be fixed key, or the key stream generated using random number, it is specific unrestricted.Also, it is described Encryption unit 109 can be encrypted the auxiliary data P0 using symmetric cryptographic algorithm, and asymmetric cryptography can also be utilized The auxiliary data P0 is encrypted in algorithm, specific unrestricted.
It is understood that when encrypted auxiliary data P1 is decrypted in the decryption unit 208, selected solution Close algorithm is corresponding with 109 selected cryptographic algorithm of encryption unit.For example, the cryptographic algorithm that the encryption unit 109 selects For des encryption algorithm when, the decryption unit 208 can select corresponding DES decipherment algorithms.Pass through the solution of decryption unit 208 It is close, ciphertext data P2 can be obtained, to be decoded to ciphertext data P2 and primary key data R0 by decoder 202 Reason obtains decoding D1.
Auxiliary data P0 is encrypted by encryption unit 109, and then encryption data P1 is sent to certificate server 20, it analyzes auxiliary data so as to prevent attacker from passing through and obtains primary key data R0, further increase less radio-frequency The safety of Verification System.
Based on above-described embodiment, in specific implementation, the wireless radios 10 can also include second processing unit 106, but do not include first processing units 104 and the first authentication unit 105, correspondingly, the certificate server 20 may include Fourth processing unit 204 and the second authentication unit 205, but do not include third processing unit 203.In other words, it is being embodied In, unilateral authentication can be carried out to wireless radios 10 by certificate server 20.At this point, certificate server 20 can produce in advance Raw third data W3, and third data W3 is sent to wireless radios 10.The second processing unit of wireless radios 10 106 can be based on the updated key data D0, and to third data W3 processing, it is concurrent to obtain second processing data T2 It send to the certificate server 20.
In summary, the less radio-frequency Verification System of the embodiment of the present invention, since key updating units 102 are in each certification Primary key data R0 can be updated in the process so that corresponding position in wireless radios 10 and certificate server 20 The intermediate data that reason unit generates every time is all random, therefore can prevent attacker from being obtained by side channel energy analysis method Updated key data or primary key data R0 are obtained, also it is prevented that forging wireless radios 10, raising authenticated Safety in journey.
In order to make those skilled in the art more fully understand and realize the present invention, below to above-mentioned less radio-frequency Verification System Corresponding authentication method is described in detail.
With reference to Fig. 5, the embodiment of the present invention additionally provides a kind of authentication method, and the authentication method may include walking as follows Suddenly:
S51:Certificate server 20 sends certification request to wireless radios 10;
S52:Wireless radios 10 are when receiving the certification request that the certificate server 20 is sent, to primary key number It is updated according to R0, and coded treatment is carried out to updated key data D0, obtained corresponding auxiliary data P0 and be sent to The certificate server 20;
S53:Certificate server 20 is decoded place based on the primary key data R0 got in advance to auxiliary data P0 Reason obtains decoding data D1, and is based on D1 couples of the first data W1 of decoding data and third data W3 processing, obtains at first Reason data T1 is simultaneously sent to the wireless radios 10;
S54:The wireless radios 10 are based on the updated key data D0, to the first processing data T1 Inversely processing is carried out, obtains second data W2 corresponding with the first data W1, and the 4th number corresponding with third data W3 respectively According to W4, and it is based on the second data W2 and the first data W1, the certificate server 20 is authenticated.
In one embodiment of this invention, the authentication method can also include the following steps:
Step S55:The wireless radios 10 are when the certificate server 20 passes through certification, based on after the update Key data D0 to the 4th data W4 processing, obtain second processing data T2 and be simultaneously sent to the certificate server 20;
Step S56:The certificate server 20 is based on the decoding data D1, is carried out to the second processing data T2 inverse Processing obtains the 5th data W5, and is based on the 5th data W5 and third data W3, is carried out to the wireless radios 10 Certification.
In another embodiment of the invention, the authentication method can not include step S54, but include step S55 and Step S56 carries out unilateral authentication by certificate server to wireless radios.It is described wirelessly to penetrate also, in step S55 Frequency equipment 10 can be directly based upon the updated key data D0 to third data W3 processing, obtain second processing number According to T2 and it is sent to the certificate server 20.Wherein, the third data W3 can be that certificate server is generated and sent out in advance Give wireless radios.
Wherein, certificate server 20 can be based on decoding data D1, to the first data W1 and third data W3 processing, But inversely processing is carried out to second processing data T2 based on non-decoding data.Correspondingly, the wireless radios 10 can be based on D0 pairs first of updated key data processing data T1 carries out inversely processing, but based on the key data after non-update to described the Four data W4 processing.
Certificate server 20 can also be based on non-decoding data, to the first data W1 and third data W3 processing, but Inversely processing is carried out to second processing data T2 based on decoding data D1.Correspondingly, the wireless radios 10 can be based on non- Updated key data pair first handles data T1 and carries out inversely processing, but based on updated key data D0 to the described 4th Data W4 processing.
Certificate server 20 can also both be based on decoding data D1, to the first data W1 and third data W3 processing, Inversely processing is carried out to second processing data T2 also based on decoding data D1.Correspondingly, the wireless radios 10 can both bases Key data pair first after non-update handles data T1 and carries out inversely processing, also based on updated key data D0 to described 4th data W4 processing.
In specific implementation, in order to reduce the certificate server 20 to the first data W1 and third data W3 processing Complexity, the certificate server 20, can be first to described before handling the first data W1 and third data W3 Decoding data D1 carries out compression or calculation process, obtains the second key data that length is less than or equal to the decoding data D1 D3.It correspondingly, can be first to described updated before the wireless radios 10 handle the first processing data T1 Key data D0 carries out compression or calculation process, and it is first close less than or equal to the updated key data D0 to obtain length Key data D2.
In specific implementation, in order to further increase the safety in data exchange process, the wireless radios 10 Before the auxiliary data P0 is sent to the certificate server 20, can place first be encrypted to the auxiliary data P0 Reason obtains encryption data P1.It correspondingly, can before the certificate server 20 is decoded processing to the encryption data P1 First encryption data P1 to be decrypted, ciphertext data P2 is obtained, and then decoded again to the ciphertext data P2.
It should be noted that in the above embodiment of the present invention, the wireless radios are based on wireless radio-frequency Equipment, including but not limited to smart card, mobile terminal, microprocessor, computer, router, set-top box etc..It is specific no matter institute State wireless radios the form of expression how, not enough at limitation of the present invention, and protection scope of the present invention it It is interior.
It should be noted that in the above embodiment of the present invention, the certificate server is and the wireless radios The less radio-frequency server of adaptation.For example, when the wireless radios are smart card, the certificate server can be Card Reader Device.Also, the certificate server can be an independent private server, can also provide other services simultaneously, such as One piece of dedicated memory block and memory field can be opened up on other servers, to provide performance monitoring service.Certainly, either Using the certificate server of which kind of mode, as long as data interaction can be carried out with the wireless radios.
As shown in the above, the authentication method in the embodiment of the present invention, during being mutually authenticated, by original Key data is updated, and can so that generated intermediate data has certain randomness in each verification process, in turn It can prevent attacker from obtaining intermediate data and carry out side channel capacity analysis, improve the safety in verification process.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can It is completed with instructing relevant hardware by program, which can be stored in a computer readable storage medium, storage Medium may include:ROM, RAM, disk or CD etc..
Although present disclosure is as above, present invention is not limited to this.Any those skilled in the art are not departing from this It in the spirit and scope of invention, can make various changes or modifications, therefore protection scope of the present invention should be with claim institute Subject to the range of restriction.

Claims (31)

1. a kind of wireless radios, which is characterized in that including:
Key storing unit is suitable for storage primary key data;
Key updating units, suitable for receive certificate server transmission certification request after, to the primary key data into Row update, obtains updated key data;
Encoder is suitable for carrying out coded treatment to the updated key data, obtains corresponding auxiliary data and be sent to Certificate server;
First processing units, suitable for when receiving the first processing data that the certificate server is sent, being based on the update Key data afterwards carries out inversely processing to the first processing data, obtains the second data corresponding with the first data respectively, with And the 4th data corresponding with third data, wherein the first processing data are the certificate server to first number According to and third data processing after data;
First authentication unit is suitable for being based on second data and the first data, is authenticated to the certificate server.
2. wireless radios as described in claim 1, which is characterized in that further include:
Second processing unit, suitable for when the certificate server passes through certification, the updated key data being based on, to institute It states the 4th data to be handled, obtains second processing Data Concurrent and send to the certificate server.
3. wireless radios as claimed in claim 2, which is characterized in that further include:
It is small to obtain length suitable for carrying out compression or calculation process to the updated key data for first key generation unit In or equal to the updated key data first key data, and the first key data are sent to described first Processing unit and second processing unit.
4. wireless radios as claimed in claim 3, which is characterized in that the first key generation unit is suitable for utilizing First data carry out compression or calculation process to the updated key data.
5. wireless radios as claimed in claim 2, which is characterized in that the second processing unit, suitable for recognizing when described When card server passes through certification, using the updated key data as key, the 4th data are encrypted, Obtain the second processing data.
6. wireless radios as described in claim 1, which is characterized in that further include:
Encryption unit, suitable for before the auxiliary data is sent to the certificate server, being carried out to the auxiliary data Encryption obtains encryption data and is sent to the certificate server.
7. wireless radios as claimed in claim 2, which is characterized in that further include:
Data capture unit is suitable for generating first data.
8. wireless radios as claimed in claim 7, which is characterized in that
The data capture unit is further adapted for generating the 6th data;
The second processing unit, suitable for when the certificate server passes through certification, to the 6th data and the described 4th Data are handled, and the second processing data are obtained.
9. wireless radios as claimed in claim 8, which is characterized in that the data capture unit is random number Device.
10. a kind of certificate server, which is characterized in that including:
Certification request unit, suitable for generating certification request and being sent to wireless radios;
Decoder, suitable for when receiving the auxiliary data that the wireless radios are sent, to the auxiliary data and in advance The primary key data got are decoded processing, obtain decoding data, wherein the auxiliary data is the less radio-frequency Equipment carries out updated key data the data after coded treatment;
Third processing unit is suitable for being based on the decoding data, handle the first data and third data, obtains at first Reason Data Concurrent is sent to the wireless radios.
11. certificate server as claimed in claim 10, which is characterized in that further include:
Fourth processing unit, suitable for when receiving the second processing data that the wireless radios are sent, being based on the solution Code data carry out inversely processing to the second processing data, obtain the 5th data, wherein the second processing data are described Wireless radios are based on the updated key data, the data obtained after handling the 4th data;
Second authentication unit is suitable for being based on the 5th data and third data, is authenticated to the wireless radios.
12. certificate server as claimed in claim 11, which is characterized in that further include:
Second Key generating unit obtains length and is less than or equal to suitable for carrying out compression or calculation process to the decoding data Second key data of the decoding data, and second key data is sent to the third processing unit and everywhere Manage unit.
13. certificate server as claimed in claim 12, which is characterized in that second Key generating unit is suitable for utilizing First data carry out compression or calculation process to the decoding data.
14. certificate server as claimed in claim 11, which is characterized in that the third processing unit is suitable for the solution Code data are encrypted first data and third data as key, obtain the first processing data.
15. certificate server as claimed in claim 10, which is characterized in that further include:
Decryption unit, suitable for when receiving the encryption data that the wireless radios are sent, being carried out to the encryption data Decryption, obtains ciphertext data.
16. certificate server as claimed in claim 10, which is characterized in that further include:
Data generating unit is suitable for generating the third data.
17. certificate server as claimed in claim 16, which is characterized in that the data generating unit is random number Device.
18. a kind of less radio-frequency Verification System, which is characterized in that set including claim 1~9 any one of them less radio-frequency Standby and claim 10~17 any one of them certificate server.
19. a kind of wireless radios, which is characterized in that including:
Key storing unit is suitable for storage primary key data;
Key updating units, suitable for receive certificate server transmission certification request after, to the primary key data into Row update, obtains updated key data;
Encoder is suitable for carrying out coded treatment to the updated key data, obtains corresponding auxiliary data and be sent to Certificate server;
First processing units, when suitable for handling data receive the certificate server transmission first, at described first It manages data and carries out inversely processing, obtain the second data corresponding with the first data, and the 4th number corresponding with third data respectively According to, wherein the first processing data are the certificate server to the data after first data and third data processing;
First authentication unit is suitable for being based on second data and the first data, is authenticated to the certificate server;
Second processing unit, suitable for when the certificate server passes through certification, the updated key data being based on, to institute It states the 4th data to be handled, obtains second processing Data Concurrent and send to the certificate server.
20. a kind of certificate server, which is characterized in that including:
Certification request unit, suitable for generating certification request and being sent to wireless radios;
Decoder, suitable for when receiving the auxiliary data that the wireless radios are sent, to the auxiliary data and in advance The primary key data got are decoded processing, obtain decoding data, wherein the auxiliary data is the less radio-frequency Equipment carries out updated key data the data after coded treatment;
Third processing unit obtains the first processing Data Concurrent and send to institute suitable for handling the first data and third data State wireless radios,
Fourth processing unit, suitable for when receiving the second processing data that the wireless radios are sent, being based on the solution Code data carry out inversely processing to the second processing data, obtain the 5th data, wherein the second processing data are described Wireless radios are based on the updated key data, the data obtained after handling the 4th data;
Second authentication unit is suitable for being based on the 5th data and third data, is authenticated to the wireless radios.
21. a kind of less radio-frequency Verification System, which is characterized in that including the wireless radios and right described in claim 19 It is required that the certificate server described in 20.
22. a kind of wireless radios, which is characterized in that including:
Key storing unit is suitable for storage primary key data;
Key updating units, suitable for receive certificate server transmission certification request after, to the primary key data into Row update, obtains updated key data;
Encoder is suitable for carrying out coded treatment to the updated key data, obtains corresponding auxiliary data and be sent to Certificate server;
Second processing unit is suitable for being based on the updated key data, handle third data, obtains second processing Data Concurrent is sent to the certificate server.
23. a kind of certificate server, which is characterized in that including:
Certification request unit, suitable for generating certification request and being sent to wireless radios;
Decoder, suitable for when receiving the auxiliary data that the wireless radios are sent, to the auxiliary data and in advance The primary key data got are decoded processing, obtain decoding data, wherein the auxiliary data is the less radio-frequency Equipment carries out updated key data the data after coded treatment;
Fourth processing unit, suitable for when receiving the second processing data that the wireless radios are sent, being based on the solution Code data carry out inversely processing to the second processing data, obtain the 5th data, wherein the second processing data are described Wireless radios are based on the updated key data, the data obtained after handling third data;
Second authentication unit is suitable for being based on the 5th data and third data, is authenticated to the wireless radios.
24. a kind of less radio-frequency Verification System, which is characterized in that including the wireless radios and right described in claim 22 It is required that the certificate server described in 23.
25. a kind of safety certifying method of preventing side-channel energy spectrometer, which is characterized in that including:
Certificate server sends certification request to wireless radios;
The wireless radios carry out primary key data when receiving the certification request that the certificate server is sent Update, and coded treatment is carried out to updated key data, it obtains corresponding auxiliary data and is sent to the authentication service Device;
The certificate server is decoded processing based on the primary key data got in advance to the auxiliary data, obtains Decoding data, and handled based on the first data of the decoding data pair and third data, obtain the first processing Data Concurrent It send to the wireless radios;
The wireless radios are based on the updated key data, and inversely processing is carried out to the first processing data, point Not Huo get the second data corresponding with the first data, and the 4th data corresponding with third data, and being counted based on described second According to and the first data, the certificate server is authenticated.
26. the safety certifying method of preventing side-channel energy spectrometer as claimed in claim 25, which is characterized in that further include:
The wireless radios are based on the updated key data, to institute when the certificate server passes through certification It states the 4th data to be handled, obtains second processing Data Concurrent and send to the certificate server;The certificate server is based on The decoding data carries out inversely processing to the second processing data, obtains the 5th data, and based on the 5th data and the Three data are authenticated the wireless radios.
27. the safety certifying method of preventing side-channel energy spectrometer as claimed in claim 26, which is characterized in that
Before the first data of the certificate server pair and third data are handled, further include:The certificate server pair The decoding data carries out compression or calculation process, obtains the second key data that length is less than or equal to the decoding data;
Before the processing of the wireless radios pair first data are handled, further include:The wireless radios are to institute It states updated key data and carries out compression or calculation process, obtain length and be less than or equal to the updated key data First key data.
28. the safety certifying method of preventing side-channel energy spectrometer as claimed in claim 26, which is characterized in that
Before the auxiliary data is sent to the certificate server by the wireless radios, further include:It is described wireless The auxiliary data is encrypted in radio-frequency apparatus, obtains encryption data;
Before the certificate server is decoded processing to the auxiliary data, further include:The certificate server is to institute It states encrypted auxiliary data to be decrypted, obtains ciphertext data.
29. the safety certifying method of preventing side-channel energy spectrometer as claimed in claim 26, which is characterized in that in the certification Before server sends certification request to wireless radios, further include:
The certificate server reads the primary key data from the wireless radios and stores.
30. a kind of safety certifying method of preventing side-channel energy spectrometer, which is characterized in that including:
Certificate server sends certification request to wireless radios;
The wireless radios carry out primary key data when receiving the certification request that the certificate server is sent Update, and coded treatment is carried out to updated key data, it obtains corresponding auxiliary data and is sent to the authentication service Device;
The certificate server is decoded processing based on the primary key data got in advance to the auxiliary data, obtains Decoding data, and the first data and third data are handled, it obtains the first processing Data Concurrent and send to the less radio-frequency Equipment;
The wireless radios carry out inversely processing to the first processing data, obtain corresponding with the first data second respectively Data, and the 4th data corresponding with third data, and second data and the first data are based on, to the authentication service Device is authenticated;
The wireless radios are based on the updated key data, to institute when the certificate server passes through certification It states the 4th data to be handled, obtains second processing Data Concurrent and send to the certificate server;
The certificate server is based on the decoding data, carries out inversely processing to the second processing data, obtains the 5th data, And the 5th data and third data are based on, the wireless radios are authenticated.
31. a kind of safety certifying method of preventing side-channel energy spectrometer, which is characterized in that including:
Certificate server sends certification request to wireless radios;
The wireless radios carry out primary key data when receiving the certification request that the certificate server is sent Update, and coded treatment is carried out to updated key data, it obtains corresponding auxiliary data and is sent to the authentication service Device;
The certificate server is decoded processing based on the primary key data got in advance to the auxiliary data, obtains Decoding data, and third data are sent to the wireless radios;
The wireless radios are based on the updated key data, to the third number after receiving third data According to being handled, obtains second processing Data Concurrent and send to the certificate server;
The certificate server is based on the decoding data, carries out inversely processing to the second processing data, obtains the 5th data, And the 5th data and third data are based on, the wireless radios are authenticated.
CN201710247144.0A 2017-04-14 2017-04-14 Wireless radio frequency equipment, authentication server, authentication system and security authentication method Active CN108738014B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710247144.0A CN108738014B (en) 2017-04-14 2017-04-14 Wireless radio frequency equipment, authentication server, authentication system and security authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710247144.0A CN108738014B (en) 2017-04-14 2017-04-14 Wireless radio frequency equipment, authentication server, authentication system and security authentication method

Publications (2)

Publication Number Publication Date
CN108738014A true CN108738014A (en) 2018-11-02
CN108738014B CN108738014B (en) 2021-09-21

Family

ID=63925078

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710247144.0A Active CN108738014B (en) 2017-04-14 2017-04-14 Wireless radio frequency equipment, authentication server, authentication system and security authentication method

Country Status (1)

Country Link
CN (1) CN108738014B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101631017A (en) * 2008-07-14 2010-01-20 索尼株式会社 Information processing device, computer program, and information processing system
US8397988B1 (en) * 2002-08-09 2013-03-19 Britesmart Llc Method and system for securing a transaction using a card generator, a RFID generator, and a challenge response protocol
CN105025404A (en) * 2014-04-21 2015-11-04 许丰 Secure Bluetooth headset

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8397988B1 (en) * 2002-08-09 2013-03-19 Britesmart Llc Method and system for securing a transaction using a card generator, a RFID generator, and a challenge response protocol
CN101631017A (en) * 2008-07-14 2010-01-20 索尼株式会社 Information processing device, computer program, and information processing system
CN105025404A (en) * 2014-04-21 2015-11-04 许丰 Secure Bluetooth headset

Also Published As

Publication number Publication date
CN108738014B (en) 2021-09-21

Similar Documents

Publication Publication Date Title
CN113497778B (en) Data transmission method and device
JP6417036B2 (en) Entity authentication method and apparatus based on pre-shared key
EP3624418B1 (en) Method for data transmission, battery management system, and storage medium
CN104468089A (en) Data protecting apparatus and method thereof
CN108509787B (en) Program authentication method
CN110381055B (en) RFID system privacy protection authentication protocol method in medical supply chain
CN109150526A (en) Cryptographic key negotiation method, equipment, terminal, storage medium and system
CN110519052B (en) Data interaction method and device based on Internet of things operating system
CN109067517B (en) Encryption and decryption device, encryption and decryption method and communication method of hidden key
CN107493171A (en) Wireless radios, certificate server and authentication method
CN111064572B (en) Data communication method and device
CN105791258A (en) Data transmission method, terminal and open platform
KR100968494B1 (en) Tag security processing method using One Time Password
Mousavi et al. Security of Internet of Things using RC4 and ECC algorithms (case study: smart irrigation systems)
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN109922022A (en) Internet of Things communication means, platform, terminal and system
Hendaoui et al. UAP: A unified authentication platform for IoT environment
CN106790135B (en) Data encryption method and system based on cloud and communication equipment
CN109547303A (en) Control method and relevant device
CN111355588B (en) Wearable device double-factor authentication method and system based on PUF and fingerprint characteristics
CN112583807A (en) Verification method, verification device, electronic equipment and storage medium
Wu et al. Attack and countermeasure on interlock-based device pairing schemes
CN116743372A (en) Quantum security protocol implementation method and system based on SSL protocol
CN107493572B (en) Wireless radio frequency equipment, authentication server and authentication method
CN108738014A (en) Wireless radios, certificate server, Verification System and safety certifying method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant