CN108738014A - Wireless radios, certificate server, Verification System and safety certifying method - Google Patents
Wireless radios, certificate server, Verification System and safety certifying method Download PDFInfo
- Publication number
- CN108738014A CN108738014A CN201710247144.0A CN201710247144A CN108738014A CN 108738014 A CN108738014 A CN 108738014A CN 201710247144 A CN201710247144 A CN 201710247144A CN 108738014 A CN108738014 A CN 108738014A
- Authority
- CN
- China
- Prior art keywords
- data
- processing
- certificate server
- wireless radios
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A kind of wireless radios, certificate server, Verification System and safety certifying method.The wireless radios include:Key storing unit is suitable for storage primary key data;Key updating units, suitable for after the certification request for receiving certificate server transmission, being updated to the primary key data, obtaining updated key data;Encoder is suitable for carrying out coded treatment to the updated key data, obtains corresponding auxiliary data and be sent to certificate server;First processing units, suitable for when receiving the first processing data that the certificate server is sent, being based on the updated key data, inversely processing is carried out to the first processing data, the second data corresponding with the first data, and the 4th data corresponding with third data are obtained respectively;First authentication unit is suitable for being based on second data and the first data, is authenticated to the certificate server.Using said program, authentication security can be improved.
Description
Technical field
The present invention relates to wireless communication technology fields, and in particular to a kind of wireless radios, certificate server, certification system
System and safety certifying method.
Background technology
Internet of Things is referred to as after computer, internet, the third wave of world information industry.Radio frequency identification
(Radio Frequency Identification, RFID) technology as structure Internet of Things key technology, in recent years by
The extensive concern of people.Wireless radios based on RFID are also more and more, for example, smart card, mobile terminal, microprocessor,
Computer, router, set-top box etc..
In practical applications, clone, impersonation attack, Replay Attack, malice monitorings, malicious intercepted, it is asynchronous attack etc. be
To the primary challenge means of wireless radios.In order to cope with above-mentioned attack, wireless radios before use, it is generally necessary to
Certificate server is mutually authenticated, and with the legitimacy of authentication verification both sides, improves the safety subsequently used.
It is all based on fixed key currently, being mutually authenticated between wireless radios and certificate server, it is close using fixation
Some random number is encrypted in key, to the legitimacy of authentication verification both sides.
In order to obtain the fixed key, the method for attacker's generally use side channel energy analysis to wireless radios or
Certificate server is attacked.Once attacker obtains the key for certification, so that it may be set with largely forging less radio-frequency
It is standby, it is follow-up to be effectively ensured using the safety of wireless radios, it cannot be satisfied requirement of the user to safety.
Invention content
Present invention solves the technical problem that being how to improve wireless radios and the peace in certificate server verification process
Quan Xing.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of wireless radios, the wireless radios
Including:Key storing unit is suitable for storage primary key data;Key updating units, suitable for receiving certificate server hair
After the certification request sent, the primary key data are updated, updated key data is obtained;Encoder, be suitable for pair
The updated key data carries out coded treatment, obtains corresponding auxiliary data and is sent to certificate server;At first
Unit is managed, suitable for when receiving the first processing data that the certificate server is sent, being based on the updated cipher key number
According to, inversely processing is carried out to the first processing data, obtains corresponding with the first data the second data respectively, and with third number
According to corresponding 4th data, wherein the first processing data are the certificate server to first data and third number
According to treated data;First authentication unit, be suitable for be based on second data and the first data, to the certificate server into
Row certification.
Optionally, the wireless radios further include:Second processing unit, suitable for working as the certificate server by recognizing
When card, be based on the updated key data, the 4th data are handled, obtain second processing Data Concurrent send to
The certificate server.
Optionally, the wireless radios further include:First key generation unit is suitable for the updated key
Data carry out compression or calculation process, obtain the first key data that length is less than or equal to the updated key data,
And the first key data are sent to the first processing units and second processing unit.
Optionally, the first key generation unit is suitable for using first data to the updated cipher key number
According to carry out compression or calculation process.
Optionally, the second processing unit will be described updated suitable for when the certificate server passes through certification
Key data is encrypted the 4th data as key, obtains the second processing data.
Optionally, the wireless radios further include:Encryption unit, suitable for described in being sent to the auxiliary data
Before certificate server, the auxiliary data is encrypted, obtain encryption data and is sent to the certificate server.
Optionally, the wireless radios further include:Data capture unit is suitable for generating first data.
Optionally, the data capture unit is further adapted for generating the 6th data;The second processing unit is suitable for when described
When certificate server passes through certification, the 6th data and the 4th data are handled, obtain the second processing number
According to.Optionally, the data capture unit is randomizer.
The embodiment of the present invention additionally provides a kind of certificate server, and the certificate server includes:Certification request unit is fitted
In generation certification request and it is sent to wireless radios;Decoder receives what the wireless radios were sent suitable for working as
When auxiliary data, processing is decoded to the auxiliary data and the primary key data got in advance, obtains decoding data,
Wherein, the auxiliary data is that the wireless radios carry out updated key data the data after coded treatment;The
Three processing units are suitable for being based on the decoding data, handle the first data and third data, obtain the first processing data
And it is sent to the wireless radios.
Optionally, the certificate server further includes:Fourth processing unit, suitable for receiving the wireless radios
When the second processing data of transmission, it is based on the decoding data, inversely processing is carried out to the second processing data, obtains the 5th number
According to, wherein the second processing data are that the wireless radios are based on the updated key data, to the 4th data
The data obtained after being handled;Second authentication unit is suitable for being based on the 5th data and third data, wirelessly be penetrated to described
Frequency equipment is authenticated.
Optionally, the certificate server further includes:Second Key generating unit, suitable for pressing the decoding data
Contracting or calculation process obtain the second key data that length is less than or equal to the decoding data, and by second cipher key number
According to being sent to the third processing unit and fourth processing unit.
Optionally, second Key generating unit, suitable for being pressed the decoding data using first data
Contracting or calculation process.
Optionally, the third processing unit, is suitable for using the decoding data as key, to first data and the
Three data are encrypted, and obtain the first processing data.
Optionally, the certificate server further includes:Decryption unit receives the wireless radios transmission suitable for working as
Encryption data when, the encryption data is decrypted, ciphertext data is obtained.
Optionally, the certificate server further includes:Data generating unit is suitable for generating the third data.
Optionally, the data generating unit is randomizer.
The embodiment of the present invention additionally provides a kind of less radio-frequency Verification System, and the less radio-frequency Verification System includes above-mentioned
Any wireless radios and any of the above-described kind of certificate server.
The embodiment of the present invention additionally provides another wireless radios, and the wireless radios include:Key storage
Unit is suitable for storage primary key data;Key updating units, suitable in the certification request for receiving certificate server transmission
Afterwards, the primary key data are updated, obtain updated key data;Encoder is suitable for described updated
Key data carries out coded treatment, obtains corresponding auxiliary data and is sent to certificate server;First processing units are suitable for
When receiving the first processing data that the certificate server is sent, inversely processing is carried out to the first processing data, is obtained respectively
Obtain the second data corresponding with the first data, and the 4th data corresponding with third data, wherein the first processing data
It is the certificate server to the data after first data and third data processing;First authentication unit is suitable for being based on institute
The second data and the first data are stated, the certificate server is authenticated;Second processing unit is suitable for working as the authentication service
When device passes through certification, it is based on the updated key data, the 4th data are handled, obtains second processing data
And it is sent to the certificate server.
The embodiment of the present invention additionally provides another certificate server, and the certificate server includes:Certification request unit,
Suitable for generating certification request and being sent to wireless radios;Decoder receives the wireless radios transmission suitable for working as
Auxiliary data when, processing is decoded to the auxiliary data and the primary key data got in advance, obtains solution yardage
According to, wherein the auxiliary data is that the wireless radios carry out updated key data the data after coded treatment;
Third processing unit obtains the first processing Data Concurrent and send to the nothing suitable for handling the first data and third data
Line radio-frequency apparatus, fourth processing unit, suitable for when receiving the second processing data that the wireless radios are sent, being based on
The decoding data carries out inversely processing to the second processing data, obtains the 5th data, wherein the second processing data
It is based on the updated key data, the data obtained after handling the 4th data for the wireless radios;The
Two authentication units are suitable for being based on the 5th data and third data, are authenticated to the wireless radios.
The embodiment of the present invention additionally provides another less radio-frequency Verification System, and the less radio-frequency Verification System includes upper
State any wireless radios and any of the above-described kind of certificate server.
The embodiment of the present invention additionally provides another wireless radios, and the wireless radios include:Key storage
Unit is suitable for storage primary key data;Key updating units, suitable in the certification request for receiving certificate server transmission
Afterwards, the primary key data are updated, obtain updated key data;Encoder is suitable for described updated
Key data carries out coded treatment, obtains corresponding auxiliary data and is sent to certificate server;Second processing unit is suitable for base
In the updated key data, the third data are handled, second processing Data Concurrent is obtained and send to described and recognize
Demonstrate,prove server.
The embodiment of the present invention additionally provides another certificate server, and the certificate server includes:Certification request unit,
Suitable for generating certification request and being sent to wireless radios;Decoder receives the wireless radios transmission suitable for working as
Auxiliary data when, processing is decoded to the auxiliary data and the primary key data got in advance, obtains solution yardage
According to, wherein the auxiliary data is that the wireless radios carry out updated key data the data after coded treatment;
Fourth processing unit, suitable for when receiving the second processing data that the wireless radios are sent, being based on the solution yardage
According to second processing data progress inversely processing, the 5th data of acquisition, wherein the second processing data are described wireless
Radio-frequency apparatus is based on the updated key data, the data obtained after handling the third data;Second certification
Unit is suitable for being based on the 5th data and third data, is authenticated to the wireless radios.
The embodiment of the present invention additionally provides another less radio-frequency Verification System, and the less radio-frequency Verification System includes upper
The wireless radios and above-mentioned certificate server stated.
The embodiment of the present invention additionally provides a kind of safety certifying method of preventing side-channel energy spectrometer, the method includes:
Certificate server sends certification request to wireless radios;The wireless radios are receiving the certificate server hair
When the certification request sent, primary key data are updated, and coded treatment, acquisition pair are carried out to updated key data
The auxiliary data answered simultaneously is sent to the certificate server;The certificate server is based on the primary key data got in advance
Processing is decoded to the auxiliary data, obtains decoding data, and be based on the first data of the decoding data pair and third number
According to being handled, obtains the first processing Data Concurrent and send to the wireless radios;The wireless radios are based on described
Updated key data carries out inversely processing to the first processing data, obtains the second number corresponding with the first data respectively
According to, and the 4th data corresponding with third data, and second data and the first data are based on, to the certificate server
It is authenticated.
Optionally, the method further includes:The wireless radios are based on when the certificate server passes through certification
The updated key data handles the 4th data, obtains second processing Data Concurrent and send to the certification
Server;The certificate server is based on the decoding data, and inversely processing is carried out to the second processing data, obtains the 5th number
According to, and the 5th data and third data are based on, the wireless radios are authenticated.
Optionally, before the first data of the certificate server pair and third data are handled, the method is also wrapped
It includes:The certificate server carries out compression or calculation process to the decoding data, obtains length and is less than or equal to the decoding
Second key data of data;Before the processing of the wireless radios pair first data are handled, the method is also wrapped
It includes:The wireless radios carry out compression or calculation process to the updated key data, obtain length and are less than or wait
In the first key data of the updated key data.
Optionally, described before the auxiliary data is sent to the certificate server by the wireless radios
Method further includes:The auxiliary data is encrypted in the wireless radios, obtains encryption data;In the certification
Before server is decoded processing to the auxiliary data, the method further includes:The certificate server is to the encryption
Auxiliary data afterwards is decrypted, and obtains ciphertext data.
Optionally, before the certificate server sends certification request to wireless radios, the method further includes:Institute
Certificate server is stated to read the primary key data from the wireless radios and store.
The embodiment of the present invention additionally provides the safety certifying method of another preventing side-channel energy spectrometer, the method packet
It includes:Certificate server sends certification request to wireless radios;The wireless radios are receiving the authentication service
When the certification request that device is sent, primary key data are updated, and coded treatment is carried out to updated key data, are obtained
It obtains corresponding auxiliary data and is sent to the certificate server;The primary key data that the certificate server is got in advance
It is decoded processing, obtains decoding data, and handle the first data and third data, obtains the first processing Data Concurrent
It send to the wireless radios;The wireless radios to it is described first processing data carry out inversely processing, respectively obtain with
Corresponding second data of first data, and the 4th data corresponding with third data, and it is based on second data and first
Data are authenticated the certificate server;The wireless radios are based on when the certificate server passes through certification
The updated key data handles the 4th data, obtains second processing Data Concurrent and send to the certification
Server;The certificate server is based on the decoding data, and inversely processing is carried out to the second processing data, obtains the 5th number
According to, and the 5th data and third data are based on, the wireless radios are authenticated.
The embodiment of the present invention additionally provides the safety certifying method of another preventing side-channel energy spectrometer, the method packet
It includes:Certificate server sends certification request to wireless radios;The wireless radios are receiving the authentication service
When the certification request that device is sent, primary key data are updated, and coded treatment is carried out to updated key data, are obtained
It obtains corresponding auxiliary data and is sent to the certificate server;The certificate server is based on the primary key got in advance
Data are decoded processing to the auxiliary data, obtain decoding data, and third data are sent to the less radio-frequency and are set
It is standby;The wireless radios are based on the updated key data, to the third data after receiving third data
It is handled, obtains second processing Data Concurrent and send to the certificate server;The certificate server is based on the solution yardage
According to, inversely processing is carried out to the second processing data, obtains the 5th data, and be based on the 5th data and third data, it is right
The wireless radios are authenticated.
Compared with the existing technology, this have the advantage that:
Using the above scheme, since wireless radios are before being every time authenticated certificate server, key updating list
Member can be updated the primary key data stored, it is possible thereby to so that be based on updated key data pair the every time
When one processing data carry out inversely processing, generated intermediate data is random, so as to prevent attacker from passing through side channel
The method analysis of energy spectrometer obtains the updated key data, improves wireless radios and certificate server verification process
In safety.
Since second processing unit can be handled the 4th data based on updated key data, and update
Key data afterwards is different when each certificate server is authenticated the wireless radios, it is possible thereby to so that
Two processing units when handling the 4th data, are all based on a different updated key data, institute every time
The intermediate data of generation is random, so as to prevent attacker from obtaining second by the method analysis that side channel energy is analyzed
Updated key data used in processing unit further increases in wireless radios and certificate server verification process
Safety.
Compression or calculation process are carried out to updated key data by first key generation unit, key can be improved
Complexity, improve the safety of certification.
Compression or calculation process are carried out to decoding data by the second Key generating unit, the complexity of key can be improved
Degree, improves the safety of certification.
Before auxiliary data is sent to the certificate server, the auxiliary data is encrypted, will be added
Close treated that auxiliary data is retransmited to the certificate server, can prevent attacker from passing through auxiliary data to analyze prediction
Primary key data, and then prevent from forging wireless radios, it is taken with certification so as to further increase wireless radios
The safety being engaged in device verification process.
It using the above scheme, can be to being deposited since wireless radios are before being every time authenticated certificate server
The primary key data of storage are updated, it is possible thereby to so that the auxiliary data that sends every time of wireless radios is different, into
And make the decoding data that decoder exports every time different, it is carried out every time based on the first data of decoding data pair and third data
A different decoding data is all based on when processing, generated intermediate data is random, so as to prevent attacker logical
The method analysis for crossing side channel energy analysis obtains the decoding data, improves wireless radios and certificate server verification process
In safety.
Since fourth processing unit can be handled the second processing data based on decoding data, and decoding data
It is different when each certificate server is authenticated the wireless radios, it is possible thereby to which so that fourth processing unit is every
It is secondary to be all based on a different decoding data when carrying out inversely processing to second processing data, generated intermediate data be with
Machine, it is solved used in fourth processing unit so as to prevent attacker from being obtained by the method analysis that side channel energy is analyzed
Code data, further increase wireless radios and the safety in certificate server verification process.
Description of the drawings
Fig. 1 is a kind of structural schematic diagram of less radio-frequency Verification System in the embodiment of the present invention;
Fig. 2 is the structural schematic diagram of another less radio-frequency Verification System in the embodiment of the present invention;
Fig. 3 is the structural schematic diagram of another less radio-frequency Verification System in the embodiment of the present invention;
Fig. 4 is the structural schematic diagram of another less radio-frequency Verification System in the embodiment of the present invention;
Fig. 5 is the data interaction flow diagram in a kind of verification process in the embodiment of the present invention.
Specific implementation mode
It is all based on fixed key currently, being mutually authenticated between wireless radios and certificate server.It is fixed based on this
When key carries out safety certification, intermediate data will produce.The power consumption of generated intermediate data exists certain with the fixed key
Correlation.Therefore, the method that side channel energy analysis may be used in attacker, analyzes the power consumption of the median,
Finally obtain the key.
Once attacker obtains the key for certification, so that it may follow-up to use to forge wireless radios in large quantities
The safety of wireless radios cannot be effectively ensured, and cannot be satisfied requirement of the user to safety.
In view of the above-mentioned problems, an embodiment of the present invention provides a kind of wireless radios, the wireless radios are each
Before being authenticated to certificate server, key updating units can be updated the primary key data stored, thus may be used
So that every time be based on updated key data pair first handle data carry out inversely processing when, generated intermediate data be with
Machine value carries so as to prevent attacker from obtaining the updated key data by the method analysis that side channel energy is analyzed
High wireless radios and the safety in certificate server verification process.
In view of the above-mentioned problems, the embodiment of the present invention additionally provides a kind of certificate server, since wireless radios are every
It is secondary the certificate server is authenticated before, the primary key data stored can be updated, it is possible thereby to so that nothing
The auxiliary data that line radio-frequency apparatus is sent every time is different, so that the decoding data that decoder exports every time is different, often
It is secondary when being handled based on the first data of decoding data pair and third data, generated intermediate data be it is random, so as to
To prevent attacker from obtaining the updated key data by the method analysis that side channel energy is analyzed, improves less radio-frequency and set
Safety in the standby verification process with certificate server.
It is understandable to enable above-mentioned purpose, feature and the advantageous effect of the present invention to become apparent, below in conjunction with the accompanying drawings to this
The specific embodiment of invention is described in detail.
First, the present invention is more clearly understood for the ease of those skilled in the art, to less radio-frequency certification system
System is described as follows:
Referring to Fig.1, the less radio-frequency Verification System may include:Wireless radios 10 and certificate server 20.Institute
Wireless radios 10 are stated to be authenticated certificate server 20 after the certification request for receiving certificate server 20.
The wireless radios 10 and certificate server 20 are described in detail separately below:
Referring to Fig.1, an embodiment of the present invention provides a kind of wireless radios 10, the wireless radios 10 can wrap
It includes:Key storing unit 101, key updating units 102, encoder 103, first processing units 104 and the first authentication unit
105.Wherein:
The key storing unit 101 is suitable for storage primary key data R0;
The key updating units 102, suitable for receive certificate server 20 transmission certification request Q after, to described
Primary key data R0 is updated, and obtains updated key data D0;
The encoder 103 is suitable for carrying out coded treatment to the updated key data D0, obtains corresponding auxiliary
Data P0 is simultaneously sent to certificate server 20;
The first processing units 104, suitable in the first processing data T1 for receiving the transmission of the certificate server 20
When, it is based on the updated key data D0, inversely processing is carried out to the first processing data T1, is obtained respectively and the first number
According to the corresponding second data W2 of W1, and fourth data W4 corresponding with third data W3.Wherein, the first processing data T1
It is the certificate server 20 to the first data W1 and third data W3 treated data;
First authentication unit 105 is suitable for being based on the second data W2 and the first data W1, to the authentication service
Device 20 is authenticated.
The embodiment of the present invention additionally provides a kind of certificate server 20, and the certificate server 20 may include:
Certification request unit 201, suitable for generating certification request Q and being sent to wireless radios 10;
Decoder 202, suitable for when receive the wireless radios 10 transmission auxiliary data P0 when, to the auxiliary
The data P0 and primary key data R0 got in advance is decoded processing, obtains decoding data D1, wherein the supplementary number
It is the data after the wireless radios 10 carry out updated key data D0 coded treatment according to P0;
Third processing unit 203 is suitable for being based on the decoding data D1, at the first data W1 and third data W3
Reason obtains the first processing data T1 and is sent to the wireless radios 10.
In specific implementation, before wireless radios 10 are authenticated certificate server 20, certificate server 20 can
With the primary key data R0 stored from reading key storing unit 101 in wireless radios 10, and it is stored in certification clothes
It is engaged in the database of device 20.Initial phase of the above process as less radio-frequency Verification System, usually in a secure environment into
Row, and only carry out primary.After initialization procedure, the data on wireless radios 10 for reading primary key data R0
Interface is closed forever.Wherein, the primary key data R0 stored in the key storing unit 101 can be fixed data,
It can be random data, not be restricted specifically.
In specific implementation, certification request unit 201 can send certification to wireless radios 10 in several cases
Q is asked, is not restricted specifically.For example, certification request unit 201 can be after receiving certification control instruction, to less radio-frequency
Equipment 10 sends certification request Q, can also be sent out to wireless radios 10 when certificate server detects wireless radios
Send certification request Q.
In specific implementation, key updating units 102, can after the certification request Q for receiving the transmission of certificate server 20
To be based on random number, several bits or whole bits to the primary key data R0 are updated.For example, key is more
If new unit 102 can utilize a certain random number to execute xor operation with the kilo byte in primary key data R0, updated
Key data D0 afterwards.
In specific implementation, encoder 103 may be used various ways and be compiled to the updated key data D0
Code processing, is not restricted specifically, as long as after corresponding coded treatment, can obtain corresponding auxiliary data P0.For example, institute
It states encoder 103 and the coding mode of Golay codes, Reed-Muller codes or BCH code may be used to the updated cipher key number
Coded treatment is carried out according to D0.It when specific coding, can also be encoded using random number, to enhance obtained auxiliary data P0
Randomness.
In specific implementation, after decoder 202 receives auxiliary data P0, to the auxiliary data P0 and primary key number
It is decoded processing according to R0, obtains decoding data D1.It is understood that the decoder 202 is to the auxiliary data P0's
Decoding process, it is corresponding to the updated coding mode of key data D0 with the encoder 102.
In specific implementation, after third processing unit 203 obtains decoding data D1, to the first data W1 and third data W3
It is handled, obtains the first processing data T1.The first processing units 104 are after receiving the first processing data T1, to institute
State the first processing data T1 and carry out inversely processing, obtain second data W2 corresponding with the first data W1 respectively, and with third number
According to the corresponding 4th data W4 of W3.
Wherein, after the third processing unit 203 can first splice the first data W1 and third data W3,
Obtain spliced data W1 | | W3, then to spliced data W1 | | W3 is correspondingly handled, so as to first processing units
104 after carrying out inversely processing to the first processing data T1, can recover the second data W2 and the 4th data W4.
In specific implementation, the third processing unit 203 is to spliced data W1 | | when W3 is handled, Ke Yicun
In a variety of processing modes, including but not limited to encryption etc..For example, the third processing unit 203 can pass through crypto-operation
Mode, to spliced data W1 | | W3 processing.Wherein, selected cryptographic algorithm can be symmetric cryptographic algorithm, example
Such as, DES algorithms, RC2 algorithms, RC4 algorithms, RC5 algorithms and Blowfish algorithms etc.;Can also be asymmetric cryptographic algorithm, example
Such as RSA Algorithm, ECC algorithm and Knapsack algorithms.Wherein, the cryptographic algorithm can also include but not limited to above-mentioned standard
Algorithm and the custom algorithm of simplification
It is understood that since the first processing units 104 and the processing procedure of the third processing unit 203 are mutual
Inverse, therefore, those skilled in the art are referred to the above-mentioned description to third processing unit 203, select the third processing single
The inversely processing algorithm of member 203 handles the first processing data T1.For example, the third processing unit 203 selects
Des encryption algorithm is selected to spliced data W1 | | when W3 is encrypted, the first processing units 103 can select pair
The DES decipherment algorithms pair first answered handle data T1 and are decrypted.
In specific implementation, the third processing unit 203 is based on the decoding data D1 to spliced data W1 | |
It, can be based on the first response data D1 obtained after being decoded to the auxiliary data P0 to spliced number when W3 is handled
According to W1 | | W3 processing.It, can will be described for example, when the processing mode of the third processing unit 203 is encryption
First response data D1 is as key, to spliced data W1 | | W3 processing.
It should be noted that in specific implementation, the first data W1 can be what wireless radios 10 generated,
Can be what wireless radios 10 were got from miscellaneous equipment or device, it is specific unrestricted.In the implementation of the present invention
In example, in order to obtain higher safety, the first data W1 can be taken out at random from the set comprising finite number value
It takes, and the numerical value extracted every time is different.Certainly, the first data W1 may be random number, as long as so that every time
The first data W1 in certification is all different.
It should be noted that in specific implementation, the third data W3 can be what certificate server 20 generated, also may be used
Think what certificate server 20 was got from miscellaneous equipment or device, it is specific unrestricted.In one embodiment of this invention,
In order to obtain higher safety, the third data W3 can be randomly selected from the set comprising finite number value,
And the numerical value extracted every time is different.Certainly, the third data W3 may be random number, as long as so that every time in certification
Third data W3 be all different.
After obtaining the second data W2, first authentication unit 104 can be by the second data W2 and the first data W1
It is compared, the certificate server 20 is authenticated, and authentication output result Out1.Specifically, if the two is identical, institute
Certificate server 20 is stated by certification, i.e., the described certificate server 20 is legal server.If the two is different, the certification
Server 20 is not authenticated, i.e., the described certificate server 20 is illegal server.
Since wireless radios 10 are in 20 each verification process of certificate server, key updating units 102 can be right
Primary key data R0 is updated, so that third processing unit 203 and first processing units 104 are every time to respective counts
It is random according to generated intermediate data when being handled, so that attacker is difficult to by analyzing intermediate data and power consumption
Relationship, obtain updated key data or decoding data or primary key data R0, therefore less radio-frequency can be improved and set
Safety in standby 10 pairs of 20 verification process of certificate server.
Fig. 2 is the structural schematic diagram of another less radio-frequency Verification System provided in an embodiment of the present invention.Reference Fig. 2, with
Embodiment shown in Fig. 1 the difference is that, the wireless radios 10 can also include:
Second processing unit 106, suitable for when the certificate server 20 passes through certification, being based on the updated key
Data D0 obtains second processing data T2 and is sent to the certificate server 20 to the 4th data W4 processing.
The certificate server 20 can also include:
Fourth processing unit 204, suitable for receive the wireless radios 10 transmission second processing data W2 when,
Based on the decoding data D1, inversely processing is carried out to the second processing data T2, obtains the 5th data W5, wherein described the
Two processing data T2 are that the wireless radios 10 are based on the updated key data D0, to the 4th data W4 into
The data obtained after row processing;
Second authentication unit 205 is suitable for being based on the 5th data W5 and third data W3, to the wireless radios
10 are authenticated.
When the certificate server 20 passes through certification, the second processing unit 106 continues to the 4th data W4
It is handled, obtains second processing data T2.The fourth processing unit 204 is when receiving second processing data T2, to institute
State second processing data T2 and carry out inversely processing, obtain the 5th data W5, finally by the second authentication unit 205 by the 5th data W5 with
Third data W3 is compared, and authentication output result Out2.If the two is identical, the wireless radios 10 are by recognizing
Card, i.e., the described wireless radios 10 are legitimate device, and otherwise the wireless radios 10 are not authenticated, i.e., described wireless
Radio-frequency apparatus 10 is illegality equipment.
Since key updating units 102 can be updated primary key data R0 in each verification process, therefore more
Key data D0 and decoding data D1 after new is different in each verification process, and second processing unit 106 and the is everywhere
Generated intermediate data is also random during unit 204 is managed to corresponding data processing, therefore attacker is difficult to pass through
The relationship for analyzing intermediate data and power consumption, obtains updated key data D0 or decoding data D1 or primary key data
R0, therefore certificate server 20 can be improved to the safety in 10 verification process of wireless radios.
In specific implementation, when the second processing unit 106 is based on D0 couples of the 4th data W4 of updated key data
It, can be directly using D0 pairs of the 4th data W4 processing of the updated key data, for example, will be described when being handled
Updated key data D0 is encrypted the 4th data W4 as key.
The second processing unit 106 can also first splice the 4th data W4 and the 6th data W6, be spliced
Data W4 afterwards | | W6 recycles the updated key data D0 to spliced data W4 | | W6 processing.For example,
Using the updated key data D0 as key, to spliced data W4 | | W6 is encrypted.
It is understood that since the second processing unit 106 is mutual with the processing procedure of the fourth processing unit 204
Inverse, therefore, those skilled in the art are referred to the above-mentioned description to second processing unit 106, select the second processing list
The inversely processing algorithm of member 106 carries out inversely processing to the first processing data T1.For example, the second processing unit 106
Des encryption algorithm can be selected to spliced data W4 | | when W6 is encrypted, the fourth processing unit 204 can be with
Select corresponding DES decipherment algorithms that second processing data T2 is decrypted.
In specific implementation, it is referred to the above-mentioned description to the first data W1 and implements the 6th data W6, herein not
It repeats again.
In one embodiment of this invention, with reference to Fig. 2, the wireless radios 10 can also include:Data acquisition list
Member 107 is suitable for generating the first data W1.It, can be respectively by first after the data capture unit 107 generates the first data W1
Data W1 is sent to the first authentication unit 105 and third processing unit 203.In specific implementation, the data capture unit
107 are further adapted for generating the 6th data W6, and generated 6th data W6 is sent to second processing unit 106.
In one embodiment of this invention, the certificate server 20 can also include:Data generating unit 206, is suitable for
The third data W3 is generated, and the third data W3 is sent to third processing unit 203 and the second authentication unit 205.
In specific implementation, the data capture unit 107 and data generating unit 206 can be randomizer,
To further enhance the randomness in 106 processing procedure of third processing unit 203 and second processing unit, certification safety is improved
Property.
In specific implementation, those skilled in the art are referred to the above-mentioned description to the third processing unit 203, real
The second processing unit 106 is applied, and implements the fourth process with reference to the above-mentioned description to the first processing units 104
Unit 204, details are not described herein again.
In specific implementation, for wireless radios 10, first processing units 104 and second processing unit 106 can be with
Updated key data D0 is based on to handle corresponding data;Alternatively, first processing units 104 are based on updated close
Key data D0 handles corresponding data, and second processing unit 106 based on the key data after non-update to corresponding data
It is handled;Alternatively, first processing units 104 are handled corresponding data based on the key data after non-update, and second
Processing unit 106 is handled corresponding data based on updated key data D0.It is understood that first processing units
104 and second processing unit 106 when can be based on updated key data D0 and handling corresponding data, less radio-frequency
The authentication security higher of Verification System.
Accordingly for certificate server 20, third processing unit 203 and fourth processing unit 204 can be based on solution
Code data D1 handles corresponding data;Alternatively, third processing unit 203 be based on decoding data D1 to corresponding data at
Reason, and fourth processing unit 204 is handled corresponding data based on non-decoding data;Alternatively, third processing unit 203 is based on
Non- decoding data handles corresponding data, and fourth processing unit 204 be based on decoding data D1 to corresponding data at
Reason.It is understood that third processing unit 203 and fourth processing unit 204 can be based on decoding data D1 to respective counts
When according to being handled, the authentication security higher of less radio-frequency Verification System.
Fig. 3 is another less radio-frequency Verification System provided in an embodiment of the present invention.With reference to Fig. 3, with reality shown in Figure 2
Apply example the difference is that, the wireless radios 10 can also include:
First key generation unit 108 is obtained suitable for carrying out compression or calculation process to the updated key data D0
Length is less than or equal to the first key data D2 of the updated key data D0, and by the first key data D2
It is sent to the first processing units 104 and second processing unit 106.
The certificate server 20 can also include:
It is small to obtain length suitable for carrying out compression or calculation process to the decoding data D1 for second Key generating unit 207
In or equal to the decoding data the second key data D3, and the second key data D3 is sent to the third and is handled
Unit 203 and fourth processing unit 204.
In specific implementation, first key generation unit 108 is suitable for compressing the updated key data D0
Or calculation process.For example, the length of the updated key data D0 is 300Byte, through first key generation unit 108
After compression or calculation process, the length of the data of first key data D2 can be 128bit, wherein 1Byte=8bits.
Similarly, the second Key generating unit 207 is suitable for carrying out compression or calculation process to the decoding data D1, obtains
Length is less than or equal to the second key data D3 of the decoding data, and will the secondth key data transmission D3 to described
203 and fourth processing unit 204.
In specific implementation, first key generation unit 108 and the processing procedure phase of the second Key generating unit 207
Together, specific compression algorithm or arithmetic operation are unrestricted, for example, the method that adjacent bit position carries out exclusive or may be used, it is right
The updated key data D0 and decoding data D1 is compressed, and hash algorithm can also be used to described updated close
Key data D0 and decoding data D1 carry out corresponding arithmetic operation.
In specific implementation, whether first key data D2 is sent to the first processing units 104 and second processing list
Whether member 106 and the second key data D3 are sent to the third processing unit 203 and fourth processing unit 204, Ke Yigen
It is configured according to actual conditions.
For example, being carried out when the first processing units 104 are based on D0 couples first processing data T1 of updated key data
When inversely processing, first key data D2 is sent to first processing units 104 by the first key generation unit 108, otherwise without
First key data D2 must be sent to first processing units 104.When third processing unit 203 is based on D1 pairs first of decoding data
When data W1 and third data W3 are handled, the second key data D3 is sent to by second Key generating unit 207
Otherwise second key data D3 need not be sent to third processing unit 203 by three processing units 203.
Fig. 4 is another less radio-frequency Verification System provided in an embodiment of the present invention.It is different from embodiment shown in Fig. 3
Place is that the wireless radios 10 can also include:
Encryption unit 109, suitable for before the auxiliary data P0 is sent to the certificate server 20, to described auxiliary
It helps data P0 to be encrypted, obtain encryption data P1 and is sent to the certificate server 20.
Correspondingly, the certificate server 20 can also include:Decryption unit 208, suitable for described wirelessly penetrating when receiving
When the encryption data P1 that frequency equipment 10 is sent, the encryption data P1 is decrypted, ciphertext data P2 is obtained.
In specific implementation, the encryption unit 109 is used to solve for encrypted key and the decryption unit 208
Close key can be fixed key, or the key stream generated using random number, it is specific unrestricted.Also, it is described
Encryption unit 109 can be encrypted the auxiliary data P0 using symmetric cryptographic algorithm, and asymmetric cryptography can also be utilized
The auxiliary data P0 is encrypted in algorithm, specific unrestricted.
It is understood that when encrypted auxiliary data P1 is decrypted in the decryption unit 208, selected solution
Close algorithm is corresponding with 109 selected cryptographic algorithm of encryption unit.For example, the cryptographic algorithm that the encryption unit 109 selects
For des encryption algorithm when, the decryption unit 208 can select corresponding DES decipherment algorithms.Pass through the solution of decryption unit 208
It is close, ciphertext data P2 can be obtained, to be decoded to ciphertext data P2 and primary key data R0 by decoder 202
Reason obtains decoding D1.
Auxiliary data P0 is encrypted by encryption unit 109, and then encryption data P1 is sent to certificate server
20, it analyzes auxiliary data so as to prevent attacker from passing through and obtains primary key data R0, further increase less radio-frequency
The safety of Verification System.
Based on above-described embodiment, in specific implementation, the wireless radios 10 can also include second processing unit
106, but do not include first processing units 104 and the first authentication unit 105, correspondingly, the certificate server 20 may include
Fourth processing unit 204 and the second authentication unit 205, but do not include third processing unit 203.In other words, it is being embodied
In, unilateral authentication can be carried out to wireless radios 10 by certificate server 20.At this point, certificate server 20 can produce in advance
Raw third data W3, and third data W3 is sent to wireless radios 10.The second processing unit of wireless radios 10
106 can be based on the updated key data D0, and to third data W3 processing, it is concurrent to obtain second processing data T2
It send to the certificate server 20.
In summary, the less radio-frequency Verification System of the embodiment of the present invention, since key updating units 102 are in each certification
Primary key data R0 can be updated in the process so that corresponding position in wireless radios 10 and certificate server 20
The intermediate data that reason unit generates every time is all random, therefore can prevent attacker from being obtained by side channel energy analysis method
Updated key data or primary key data R0 are obtained, also it is prevented that forging wireless radios 10, raising authenticated
Safety in journey.
In order to make those skilled in the art more fully understand and realize the present invention, below to above-mentioned less radio-frequency Verification System
Corresponding authentication method is described in detail.
With reference to Fig. 5, the embodiment of the present invention additionally provides a kind of authentication method, and the authentication method may include walking as follows
Suddenly:
S51:Certificate server 20 sends certification request to wireless radios 10;
S52:Wireless radios 10 are when receiving the certification request that the certificate server 20 is sent, to primary key number
It is updated according to R0, and coded treatment is carried out to updated key data D0, obtained corresponding auxiliary data P0 and be sent to
The certificate server 20;
S53:Certificate server 20 is decoded place based on the primary key data R0 got in advance to auxiliary data P0
Reason obtains decoding data D1, and is based on D1 couples of the first data W1 of decoding data and third data W3 processing, obtains at first
Reason data T1 is simultaneously sent to the wireless radios 10;
S54:The wireless radios 10 are based on the updated key data D0, to the first processing data T1
Inversely processing is carried out, obtains second data W2 corresponding with the first data W1, and the 4th number corresponding with third data W3 respectively
According to W4, and it is based on the second data W2 and the first data W1, the certificate server 20 is authenticated.
In one embodiment of this invention, the authentication method can also include the following steps:
Step S55:The wireless radios 10 are when the certificate server 20 passes through certification, based on after the update
Key data D0 to the 4th data W4 processing, obtain second processing data T2 and be simultaneously sent to the certificate server
20;
Step S56:The certificate server 20 is based on the decoding data D1, is carried out to the second processing data T2 inverse
Processing obtains the 5th data W5, and is based on the 5th data W5 and third data W3, is carried out to the wireless radios 10
Certification.
In another embodiment of the invention, the authentication method can not include step S54, but include step S55 and
Step S56 carries out unilateral authentication by certificate server to wireless radios.It is described wirelessly to penetrate also, in step S55
Frequency equipment 10 can be directly based upon the updated key data D0 to third data W3 processing, obtain second processing number
According to T2 and it is sent to the certificate server 20.Wherein, the third data W3 can be that certificate server is generated and sent out in advance
Give wireless radios.
Wherein, certificate server 20 can be based on decoding data D1, to the first data W1 and third data W3 processing,
But inversely processing is carried out to second processing data T2 based on non-decoding data.Correspondingly, the wireless radios 10 can be based on
D0 pairs first of updated key data processing data T1 carries out inversely processing, but based on the key data after non-update to described the
Four data W4 processing.
Certificate server 20 can also be based on non-decoding data, to the first data W1 and third data W3 processing, but
Inversely processing is carried out to second processing data T2 based on decoding data D1.Correspondingly, the wireless radios 10 can be based on non-
Updated key data pair first handles data T1 and carries out inversely processing, but based on updated key data D0 to the described 4th
Data W4 processing.
Certificate server 20 can also both be based on decoding data D1, to the first data W1 and third data W3 processing,
Inversely processing is carried out to second processing data T2 also based on decoding data D1.Correspondingly, the wireless radios 10 can both bases
Key data pair first after non-update handles data T1 and carries out inversely processing, also based on updated key data D0 to described
4th data W4 processing.
In specific implementation, in order to reduce the certificate server 20 to the first data W1 and third data W3 processing
Complexity, the certificate server 20, can be first to described before handling the first data W1 and third data W3
Decoding data D1 carries out compression or calculation process, obtains the second key data that length is less than or equal to the decoding data D1
D3.It correspondingly, can be first to described updated before the wireless radios 10 handle the first processing data T1
Key data D0 carries out compression or calculation process, and it is first close less than or equal to the updated key data D0 to obtain length
Key data D2.
In specific implementation, in order to further increase the safety in data exchange process, the wireless radios 10
Before the auxiliary data P0 is sent to the certificate server 20, can place first be encrypted to the auxiliary data P0
Reason obtains encryption data P1.It correspondingly, can before the certificate server 20 is decoded processing to the encryption data P1
First encryption data P1 to be decrypted, ciphertext data P2 is obtained, and then decoded again to the ciphertext data P2.
It should be noted that in the above embodiment of the present invention, the wireless radios are based on wireless radio-frequency
Equipment, including but not limited to smart card, mobile terminal, microprocessor, computer, router, set-top box etc..It is specific no matter institute
State wireless radios the form of expression how, not enough at limitation of the present invention, and protection scope of the present invention it
It is interior.
It should be noted that in the above embodiment of the present invention, the certificate server is and the wireless radios
The less radio-frequency server of adaptation.For example, when the wireless radios are smart card, the certificate server can be Card Reader
Device.Also, the certificate server can be an independent private server, can also provide other services simultaneously, such as
One piece of dedicated memory block and memory field can be opened up on other servers, to provide performance monitoring service.Certainly, either
Using the certificate server of which kind of mode, as long as data interaction can be carried out with the wireless radios.
As shown in the above, the authentication method in the embodiment of the present invention, during being mutually authenticated, by original
Key data is updated, and can so that generated intermediate data has certain randomness in each verification process, in turn
It can prevent attacker from obtaining intermediate data and carry out side channel capacity analysis, improve the safety in verification process.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can
It is completed with instructing relevant hardware by program, which can be stored in a computer readable storage medium, storage
Medium may include:ROM, RAM, disk or CD etc..
Although present disclosure is as above, present invention is not limited to this.Any those skilled in the art are not departing from this
It in the spirit and scope of invention, can make various changes or modifications, therefore protection scope of the present invention should be with claim institute
Subject to the range of restriction.
Claims (31)
1. a kind of wireless radios, which is characterized in that including:
Key storing unit is suitable for storage primary key data;
Key updating units, suitable for receive certificate server transmission certification request after, to the primary key data into
Row update, obtains updated key data;
Encoder is suitable for carrying out coded treatment to the updated key data, obtains corresponding auxiliary data and be sent to
Certificate server;
First processing units, suitable for when receiving the first processing data that the certificate server is sent, being based on the update
Key data afterwards carries out inversely processing to the first processing data, obtains the second data corresponding with the first data respectively, with
And the 4th data corresponding with third data, wherein the first processing data are the certificate server to first number
According to and third data processing after data;
First authentication unit is suitable for being based on second data and the first data, is authenticated to the certificate server.
2. wireless radios as described in claim 1, which is characterized in that further include:
Second processing unit, suitable for when the certificate server passes through certification, the updated key data being based on, to institute
It states the 4th data to be handled, obtains second processing Data Concurrent and send to the certificate server.
3. wireless radios as claimed in claim 2, which is characterized in that further include:
It is small to obtain length suitable for carrying out compression or calculation process to the updated key data for first key generation unit
In or equal to the updated key data first key data, and the first key data are sent to described first
Processing unit and second processing unit.
4. wireless radios as claimed in claim 3, which is characterized in that the first key generation unit is suitable for utilizing
First data carry out compression or calculation process to the updated key data.
5. wireless radios as claimed in claim 2, which is characterized in that the second processing unit, suitable for recognizing when described
When card server passes through certification, using the updated key data as key, the 4th data are encrypted,
Obtain the second processing data.
6. wireless radios as described in claim 1, which is characterized in that further include:
Encryption unit, suitable for before the auxiliary data is sent to the certificate server, being carried out to the auxiliary data
Encryption obtains encryption data and is sent to the certificate server.
7. wireless radios as claimed in claim 2, which is characterized in that further include:
Data capture unit is suitable for generating first data.
8. wireless radios as claimed in claim 7, which is characterized in that
The data capture unit is further adapted for generating the 6th data;
The second processing unit, suitable for when the certificate server passes through certification, to the 6th data and the described 4th
Data are handled, and the second processing data are obtained.
9. wireless radios as claimed in claim 8, which is characterized in that the data capture unit is random number
Device.
10. a kind of certificate server, which is characterized in that including:
Certification request unit, suitable for generating certification request and being sent to wireless radios;
Decoder, suitable for when receiving the auxiliary data that the wireless radios are sent, to the auxiliary data and in advance
The primary key data got are decoded processing, obtain decoding data, wherein the auxiliary data is the less radio-frequency
Equipment carries out updated key data the data after coded treatment;
Third processing unit is suitable for being based on the decoding data, handle the first data and third data, obtains at first
Reason Data Concurrent is sent to the wireless radios.
11. certificate server as claimed in claim 10, which is characterized in that further include:
Fourth processing unit, suitable for when receiving the second processing data that the wireless radios are sent, being based on the solution
Code data carry out inversely processing to the second processing data, obtain the 5th data, wherein the second processing data are described
Wireless radios are based on the updated key data, the data obtained after handling the 4th data;
Second authentication unit is suitable for being based on the 5th data and third data, is authenticated to the wireless radios.
12. certificate server as claimed in claim 11, which is characterized in that further include:
Second Key generating unit obtains length and is less than or equal to suitable for carrying out compression or calculation process to the decoding data
Second key data of the decoding data, and second key data is sent to the third processing unit and everywhere
Manage unit.
13. certificate server as claimed in claim 12, which is characterized in that second Key generating unit is suitable for utilizing
First data carry out compression or calculation process to the decoding data.
14. certificate server as claimed in claim 11, which is characterized in that the third processing unit is suitable for the solution
Code data are encrypted first data and third data as key, obtain the first processing data.
15. certificate server as claimed in claim 10, which is characterized in that further include:
Decryption unit, suitable for when receiving the encryption data that the wireless radios are sent, being carried out to the encryption data
Decryption, obtains ciphertext data.
16. certificate server as claimed in claim 10, which is characterized in that further include:
Data generating unit is suitable for generating the third data.
17. certificate server as claimed in claim 16, which is characterized in that the data generating unit is random number
Device.
18. a kind of less radio-frequency Verification System, which is characterized in that set including claim 1~9 any one of them less radio-frequency
Standby and claim 10~17 any one of them certificate server.
19. a kind of wireless radios, which is characterized in that including:
Key storing unit is suitable for storage primary key data;
Key updating units, suitable for receive certificate server transmission certification request after, to the primary key data into
Row update, obtains updated key data;
Encoder is suitable for carrying out coded treatment to the updated key data, obtains corresponding auxiliary data and be sent to
Certificate server;
First processing units, when suitable for handling data receive the certificate server transmission first, at described first
It manages data and carries out inversely processing, obtain the second data corresponding with the first data, and the 4th number corresponding with third data respectively
According to, wherein the first processing data are the certificate server to the data after first data and third data processing;
First authentication unit is suitable for being based on second data and the first data, is authenticated to the certificate server;
Second processing unit, suitable for when the certificate server passes through certification, the updated key data being based on, to institute
It states the 4th data to be handled, obtains second processing Data Concurrent and send to the certificate server.
20. a kind of certificate server, which is characterized in that including:
Certification request unit, suitable for generating certification request and being sent to wireless radios;
Decoder, suitable for when receiving the auxiliary data that the wireless radios are sent, to the auxiliary data and in advance
The primary key data got are decoded processing, obtain decoding data, wherein the auxiliary data is the less radio-frequency
Equipment carries out updated key data the data after coded treatment;
Third processing unit obtains the first processing Data Concurrent and send to institute suitable for handling the first data and third data
State wireless radios,
Fourth processing unit, suitable for when receiving the second processing data that the wireless radios are sent, being based on the solution
Code data carry out inversely processing to the second processing data, obtain the 5th data, wherein the second processing data are described
Wireless radios are based on the updated key data, the data obtained after handling the 4th data;
Second authentication unit is suitable for being based on the 5th data and third data, is authenticated to the wireless radios.
21. a kind of less radio-frequency Verification System, which is characterized in that including the wireless radios and right described in claim 19
It is required that the certificate server described in 20.
22. a kind of wireless radios, which is characterized in that including:
Key storing unit is suitable for storage primary key data;
Key updating units, suitable for receive certificate server transmission certification request after, to the primary key data into
Row update, obtains updated key data;
Encoder is suitable for carrying out coded treatment to the updated key data, obtains corresponding auxiliary data and be sent to
Certificate server;
Second processing unit is suitable for being based on the updated key data, handle third data, obtains second processing
Data Concurrent is sent to the certificate server.
23. a kind of certificate server, which is characterized in that including:
Certification request unit, suitable for generating certification request and being sent to wireless radios;
Decoder, suitable for when receiving the auxiliary data that the wireless radios are sent, to the auxiliary data and in advance
The primary key data got are decoded processing, obtain decoding data, wherein the auxiliary data is the less radio-frequency
Equipment carries out updated key data the data after coded treatment;
Fourth processing unit, suitable for when receiving the second processing data that the wireless radios are sent, being based on the solution
Code data carry out inversely processing to the second processing data, obtain the 5th data, wherein the second processing data are described
Wireless radios are based on the updated key data, the data obtained after handling third data;
Second authentication unit is suitable for being based on the 5th data and third data, is authenticated to the wireless radios.
24. a kind of less radio-frequency Verification System, which is characterized in that including the wireless radios and right described in claim 22
It is required that the certificate server described in 23.
25. a kind of safety certifying method of preventing side-channel energy spectrometer, which is characterized in that including:
Certificate server sends certification request to wireless radios;
The wireless radios carry out primary key data when receiving the certification request that the certificate server is sent
Update, and coded treatment is carried out to updated key data, it obtains corresponding auxiliary data and is sent to the authentication service
Device;
The certificate server is decoded processing based on the primary key data got in advance to the auxiliary data, obtains
Decoding data, and handled based on the first data of the decoding data pair and third data, obtain the first processing Data Concurrent
It send to the wireless radios;
The wireless radios are based on the updated key data, and inversely processing is carried out to the first processing data, point
Not Huo get the second data corresponding with the first data, and the 4th data corresponding with third data, and being counted based on described second
According to and the first data, the certificate server is authenticated.
26. the safety certifying method of preventing side-channel energy spectrometer as claimed in claim 25, which is characterized in that further include:
The wireless radios are based on the updated key data, to institute when the certificate server passes through certification
It states the 4th data to be handled, obtains second processing Data Concurrent and send to the certificate server;The certificate server is based on
The decoding data carries out inversely processing to the second processing data, obtains the 5th data, and based on the 5th data and the
Three data are authenticated the wireless radios.
27. the safety certifying method of preventing side-channel energy spectrometer as claimed in claim 26, which is characterized in that
Before the first data of the certificate server pair and third data are handled, further include:The certificate server pair
The decoding data carries out compression or calculation process, obtains the second key data that length is less than or equal to the decoding data;
Before the processing of the wireless radios pair first data are handled, further include:The wireless radios are to institute
It states updated key data and carries out compression or calculation process, obtain length and be less than or equal to the updated key data
First key data.
28. the safety certifying method of preventing side-channel energy spectrometer as claimed in claim 26, which is characterized in that
Before the auxiliary data is sent to the certificate server by the wireless radios, further include:It is described wireless
The auxiliary data is encrypted in radio-frequency apparatus, obtains encryption data;
Before the certificate server is decoded processing to the auxiliary data, further include:The certificate server is to institute
It states encrypted auxiliary data to be decrypted, obtains ciphertext data.
29. the safety certifying method of preventing side-channel energy spectrometer as claimed in claim 26, which is characterized in that in the certification
Before server sends certification request to wireless radios, further include:
The certificate server reads the primary key data from the wireless radios and stores.
30. a kind of safety certifying method of preventing side-channel energy spectrometer, which is characterized in that including:
Certificate server sends certification request to wireless radios;
The wireless radios carry out primary key data when receiving the certification request that the certificate server is sent
Update, and coded treatment is carried out to updated key data, it obtains corresponding auxiliary data and is sent to the authentication service
Device;
The certificate server is decoded processing based on the primary key data got in advance to the auxiliary data, obtains
Decoding data, and the first data and third data are handled, it obtains the first processing Data Concurrent and send to the less radio-frequency
Equipment;
The wireless radios carry out inversely processing to the first processing data, obtain corresponding with the first data second respectively
Data, and the 4th data corresponding with third data, and second data and the first data are based on, to the authentication service
Device is authenticated;
The wireless radios are based on the updated key data, to institute when the certificate server passes through certification
It states the 4th data to be handled, obtains second processing Data Concurrent and send to the certificate server;
The certificate server is based on the decoding data, carries out inversely processing to the second processing data, obtains the 5th data,
And the 5th data and third data are based on, the wireless radios are authenticated.
31. a kind of safety certifying method of preventing side-channel energy spectrometer, which is characterized in that including:
Certificate server sends certification request to wireless radios;
The wireless radios carry out primary key data when receiving the certification request that the certificate server is sent
Update, and coded treatment is carried out to updated key data, it obtains corresponding auxiliary data and is sent to the authentication service
Device;
The certificate server is decoded processing based on the primary key data got in advance to the auxiliary data, obtains
Decoding data, and third data are sent to the wireless radios;
The wireless radios are based on the updated key data, to the third number after receiving third data
According to being handled, obtains second processing Data Concurrent and send to the certificate server;
The certificate server is based on the decoding data, carries out inversely processing to the second processing data, obtains the 5th data,
And the 5th data and third data are based on, the wireless radios are authenticated.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710247144.0A CN108738014B (en) | 2017-04-14 | 2017-04-14 | Wireless radio frequency equipment, authentication server, authentication system and security authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710247144.0A CN108738014B (en) | 2017-04-14 | 2017-04-14 | Wireless radio frequency equipment, authentication server, authentication system and security authentication method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108738014A true CN108738014A (en) | 2018-11-02 |
CN108738014B CN108738014B (en) | 2021-09-21 |
Family
ID=63925078
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710247144.0A Active CN108738014B (en) | 2017-04-14 | 2017-04-14 | Wireless radio frequency equipment, authentication server, authentication system and security authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108738014B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101631017A (en) * | 2008-07-14 | 2010-01-20 | 索尼株式会社 | Information processing device, computer program, and information processing system |
US8397988B1 (en) * | 2002-08-09 | 2013-03-19 | Britesmart Llc | Method and system for securing a transaction using a card generator, a RFID generator, and a challenge response protocol |
CN105025404A (en) * | 2014-04-21 | 2015-11-04 | 许丰 | Secure Bluetooth headset |
-
2017
- 2017-04-14 CN CN201710247144.0A patent/CN108738014B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8397988B1 (en) * | 2002-08-09 | 2013-03-19 | Britesmart Llc | Method and system for securing a transaction using a card generator, a RFID generator, and a challenge response protocol |
CN101631017A (en) * | 2008-07-14 | 2010-01-20 | 索尼株式会社 | Information processing device, computer program, and information processing system |
CN105025404A (en) * | 2014-04-21 | 2015-11-04 | 许丰 | Secure Bluetooth headset |
Also Published As
Publication number | Publication date |
---|---|
CN108738014B (en) | 2021-09-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113497778B (en) | Data transmission method and device | |
JP6417036B2 (en) | Entity authentication method and apparatus based on pre-shared key | |
EP3624418B1 (en) | Method for data transmission, battery management system, and storage medium | |
CN104468089A (en) | Data protecting apparatus and method thereof | |
CN108509787B (en) | Program authentication method | |
CN110381055B (en) | RFID system privacy protection authentication protocol method in medical supply chain | |
CN109150526A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
CN110519052B (en) | Data interaction method and device based on Internet of things operating system | |
CN109067517B (en) | Encryption and decryption device, encryption and decryption method and communication method of hidden key | |
CN107493171A (en) | Wireless radios, certificate server and authentication method | |
CN111064572B (en) | Data communication method and device | |
CN105791258A (en) | Data transmission method, terminal and open platform | |
KR100968494B1 (en) | Tag security processing method using One Time Password | |
Mousavi et al. | Security of Internet of Things using RC4 and ECC algorithms (case study: smart irrigation systems) | |
CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
CN109922022A (en) | Internet of Things communication means, platform, terminal and system | |
Hendaoui et al. | UAP: A unified authentication platform for IoT environment | |
CN106790135B (en) | Data encryption method and system based on cloud and communication equipment | |
CN109547303A (en) | Control method and relevant device | |
CN111355588B (en) | Wearable device double-factor authentication method and system based on PUF and fingerprint characteristics | |
CN112583807A (en) | Verification method, verification device, electronic equipment and storage medium | |
Wu et al. | Attack and countermeasure on interlock-based device pairing schemes | |
CN116743372A (en) | Quantum security protocol implementation method and system based on SSL protocol | |
CN107493572B (en) | Wireless radio frequency equipment, authentication server and authentication method | |
CN108738014A (en) | Wireless radios, certificate server, Verification System and safety certifying method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |