CN109495885A - Authentication method, mobile terminal, management system and Bluetooth IC - Google Patents
Authentication method, mobile terminal, management system and Bluetooth IC Download PDFInfo
- Publication number
- CN109495885A CN109495885A CN201710821473.1A CN201710821473A CN109495885A CN 109495885 A CN109495885 A CN 109495885A CN 201710821473 A CN201710821473 A CN 201710821473A CN 109495885 A CN109495885 A CN 109495885A
- Authority
- CN
- China
- Prior art keywords
- authentication key
- bluetooth
- authentication
- mobile terminal
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
Abstract
The present invention provides a kind of authentication method, mobile terminal, management system and Bluetooth IC, is related to field of communication technology.This method comprises: obtaining the authentication key and authentication information of Bluetooth integrated circuit IC card;Encrypted authentication information is obtained in the safety zone of mobile terminal to the encrypted authentication information according to the authentication key;The encrypted authentication information is sent to Bluetooth IC, is authenticated.The solution of the present invention solves the verification process that existing mobile terminal is connect with Bluetooth IC, lacks the safeguard measure of data processing, there are higher information leakage risk, the problem of some potential safety problems is caused to user.
Description
Technical field
The present invention relates to field of communication technology, a kind of authentication method, mobile terminal, management system and bluetooth IC are particularly related to
Card.
Background technique
With the development of technology, by integrating the phases such as low-power consumption bluetooth communication module in standard finance Integrated circuit IC card
Component is closed, the data channel between the mobile intelligent terminals such as traditional financial IC card and mobile phone, plate is established, has financial IC card
Standby networked capabilities, from line under extend on line.This Creative product released towards mobile Internet and mobile payment field
On the one hand as Bluetooth IC has payment function under all lines of traditional financial IC card;On the other hand it is connect by bluetooth communication
Mouth is connected with mobile intelligent terminal, and providing on line for holder the functions such as has card pay, supplement with money in the air, downloads in the air.
Wherein, it in order to guarantee the safety in utilization of Bluetooth IC, before mobile terminal and Bluetooth IC are communicated, needs pair
The bluetooth connection of mobile terminal and Bluetooth IC is authenticated, it is necessary to the transmission of data can be carried out after certification passes through.So
And the verification process that existing mobile terminal is connect with Bluetooth IC, lack the safeguard measure of data processing, there are higher letters
Disclosure risk is ceased, some potential safety problems is caused to user.
Summary of the invention
The object of the present invention is to provide a kind of authentication method, mobile terminal, management system and Bluetooth ICs, pass through increase pair
The protection of data processing in verification process reduces the risk of information leakage, improves the safety of mobile terminal.
In order to achieve the above objectives, the embodiment of the present invention provides a kind of authentication method, comprising:
Obtain the authentication key and authentication information of Bluetooth integrated circuit IC card;
Encryption certification is obtained in the safety zone of mobile terminal to the encrypted authentication information according to the authentication key
Information;
The encrypted authentication information is sent to Bluetooth IC, is authenticated.
Wherein, the step of obtaining the authentication key and authentication information of Bluetooth integrated circuit IC card, comprising:
Obtain the first identification information of Bluetooth IC;
According to first identification information, the authentication key of Bluetooth IC is obtained;
The bluetooth connection with the Bluetooth IC is established, and receives the authentication information that the Bluetooth IC is sent.
Wherein, the step of obtaining the first identification information of Bluetooth IC, comprising:
Detect the prestored information of Bluetooth IC in the terminal;
It extracts in the prestored information, the first identification information of the Bluetooth IC.
Wherein, according to first identification information, the step of obtaining the authentication key of Bluetooth IC, comprising:
According to first identification information, the certification of the Bluetooth IC is inquired in the safety zone of mobile terminal
Key;
If not inquiring the authentication key in the safety zone, authentication key inquiry is initiated to management system, is obtained
Obtain the authentication key of the Bluetooth IC.
Wherein, the step of initiating authentication key inquiry to management system, obtaining the authentication key of the Bluetooth IC, packet
It includes:
Authentication key inquiry request is sent to management system, the authentication key inquiry request includes the first identity mark
Know the second identification information of information and the mobile terminal;
The authentication key of the encryption of the management system feedback is received, the authentication key of the encryption is based on the movement
The public key of terminal encrypts the authentication key of the Bluetooth IC;
Based on the private key of the mobile terminal, the authentication key of the encryption is decrypted, obtains the Bluetooth IC
Authentication key.
Wherein, after the step of obtaining the authentication key of Bluetooth IC, further includes:
If the not stored authentication key for having the Bluetooth IC in the safety zone, by the first of the Bluetooth IC
Identification information and the authentication key are stored in the safety zone.
In order to achieve the above objectives, the embodiment of the present invention provides a kind of authentication method, comprising:
Receive the authentication key inquiry request that mobile terminal is sent;
According to the authentication key inquiry request, the authentication key of Bluetooth IC is obtained;
The authentication key is sent to the mobile terminal.
Wherein, the authentication key inquiry request includes: the first identification information of the Bluetooth IC and described
Second identification information of mobile terminal;
According to the authentication key inquiry request, the step of obtaining the authentication key of Bluetooth IC, comprising:
According to first identification information and second identification information, in itself storage letter of management system
The authentication key of the encryption of the Bluetooth IC is inquired in breath, the authentication key of the encryption is the public affairs based on the mobile terminal
Key encrypts the authentication key of the Bluetooth IC;
If not inquiring the authentication key of the encryption, Xiang Suoshu Bluetooth IC is initiated authentication key and is generated, and obtains institute
State the authentication key of the encryption of Bluetooth IC feedback.
Wherein, Xiang Suoshu Bluetooth IC initiates authentication key generation, and obtains recognizing for the encryption that the Bluetooth IC is fed back
The step of demonstrate,proving key, comprising:
It sends authentication key and generates request to the Bluetooth IC, it includes that authentication key is raw that the authentication key, which generates request,
At the public key of instruction and the mobile terminal;
Receive the authentication key of the encryption of the Bluetooth IC feedback.
Wherein, after the step of obtaining the authentication key of encryption of the Bluetooth IC feedback, further includes:
By the first identification information of the Bluetooth IC, the second identification information of the mobile terminal and described
The authentication key of encryption is stored.
In order to achieve the above objectives, the embodiment of the present invention provides a kind of authentication method, comprising:
After establishing the bluetooth connection with mobile terminal, authentication information is sent to the mobile terminal;
Receive the encrypted authentication information that the mobile terminal is sent;
Based on the authentication key of itself, the encrypted authentication information is decrypted;
According to after decryption information and the authentication information authenticated.
Wherein, according to after decryption information and the authentication information authenticated the step of, comprising:
Information after decryption is compared with the authentication information, obtains a comparison result;
If the comparison result indicates that the information after decryption is identical as the authentication information, certification passes through;
If the comparison result indicates that the information after the decryption is different from the authentication information, authentification failure, disconnect
With the bluetooth connection of the mobile terminal.
Wherein, the method also includes:
It receives the authentication key that management system is sent and generates request, it includes that authentication key is raw that the authentication key, which generates request,
At the public key of instruction and the mobile terminal;
Instruction, which is generated, according to the authentication key generates an authentication key;
The authentication key is encrypted based on the public key, the authentication key of encryption, which is fed back to the management, is
System.
Wherein, before generating the step of instruction generates an authentication key according to the authentication key, comprising:
According to the Pubic-Key search with the presence or absence of the authentication key of the encryption of the corresponding public key;
If it exists, the authentication key of the encryption is sent to the management system;
If it does not exist, it executes and the step of instruction generates an authentication key is generated according to the authentication key.
In order to achieve the above objectives, the embodiment of the present invention provides a kind of mobile terminal, including processor and transceiver,
In,
The processor is used to obtain the authentication key and authentication information of Bluetooth integrated circuit IC card;According to the certification
Key obtains encrypted authentication information in the safety zone of mobile terminal to the encrypted authentication information;
The transceiver is used to the encrypted authentication information being sent to Bluetooth IC, is authenticated.
Wherein, the processor is also used to obtain the first identification information of Bluetooth IC;According to first identity
Identification information obtains the authentication key of Bluetooth IC;
The transceiver is also used to establish the bluetooth connection with the Bluetooth IC, and receives what the Bluetooth IC was sent
Authentication information.
Wherein, the processor is also used to detect the prestored information of Bluetooth IC in the terminal;It is prestored described in extraction
In information, the first identification information of the Bluetooth IC.
Wherein, the processor is also used to according to first identification information, in the safety zone of mobile terminal
Inquire the authentication key of the Bluetooth IC;
If the transceiver is also used to not inquire the authentication key in the safety zone, initiated to management system
Authentication key inquiry, obtains the authentication key of the Bluetooth IC.
Wherein, the transceiver is also used to send authentication key inquiry request to management system, the authentication key inquiry
Request includes the second identification information of first identification information and the mobile terminal;Receive the management system
The authentication key of the encryption of feedback, the authentication key of the encryption are the public keys based on the mobile terminal to the Bluetooth IC
Authentication key encrypted;
The processor is also used to the private key based on the mobile terminal, and the authentication key of the encryption is decrypted,
Obtain the authentication key of the Bluetooth IC.
Wherein, if the processor is also used to the not stored authentication key for having the Bluetooth IC in the safety zone,
Then the first identification information of the Bluetooth IC and the authentication key are stored in the safety zone.
In order to achieve the above objectives, the embodiment of the present invention provides a kind of management system, including processor and transceiver,
In,
The transceiver is used to receive the authentication key inquiry request of mobile terminal transmission;
The processor is used to obtain the authentication key of Bluetooth IC according to the authentication key inquiry request;
The transceiver is also used to the authentication key being sent to the mobile terminal.
Wherein, the authentication key inquiry request includes: the first identification information of the Bluetooth IC and described
Second identification information of mobile terminal;
The processor is also used to managed according to first identification information and second identification information
The authentication key of the encryption of the Bluetooth IC is inquired in itself storage information of system, the authentication key of the encryption is to be based on
The public key of the mobile terminal encrypts the authentication key of the Bluetooth IC;
If the transceiver is also used to not inquire the authentication key of the encryption, it is close that Xiang Suoshu Bluetooth IC initiates certification
Key generates, and obtains the authentication key of the encryption of the Bluetooth IC feedback.
Wherein, the transceiver is also used to send authentication key and generates request to the Bluetooth IC, the authentication key
Generating request includes the public key that authentication key generates instruction and the mobile terminal;Receive the encryption of the Bluetooth IC feedback
Authentication key.
Wherein, the processor is also used to the first identification information of the Bluetooth IC, the mobile terminal
Second identification information and the authentication key of the encryption are stored.
In order to achieve the above objectives, the embodiment of the present invention provides a kind of Bluetooth IC, including processor and transceiver,
In,
The transceiver is for establishing and after the bluetooth connection of mobile terminal, sending authentication information to the mobile terminal;
Receive the encrypted authentication information that the mobile terminal is sent;
The processor is used for the authentication key based on itself, and the encrypted authentication information is decrypted;According to decryption
Information and the authentication information afterwards is authenticated.
Wherein, the processor is also used to for the information after decryption being compared with the authentication information, obtains a comparison
As a result;If the comparison result indicates that the information after decryption is identical as the authentication information, certification passes through;If the comparison knot
Fruit indicates that the information after the decryption is different from the authentication information, then authentification failure, disconnects the bluetooth with the mobile terminal
Connection.
Wherein, the authentication key that the transceiver is also used to receive management system transmission generates request, the authentication key
Generating request includes the public key that authentication key generates instruction and the mobile terminal;
The processor, which is also used to generate instruction according to the authentication key, generates an authentication key;
The transceiver is also used to encrypt the authentication key based on the public key, and the authentication key of encryption is anti-
It is fed to the management system.
Wherein, the processor is also used to the certification according to the Pubic-Key search with the presence or absence of the encryption of the corresponding public key
Key;
The transceiver is also used to send the authentication key of the encryption if it exists to the management system;If it does not exist,
It executes and the step of instruction generates an authentication key is generated according to the authentication key.
In order to achieve the above objectives, the embodiment of the present invention provides a kind of mobile terminal, including transceiver, memory, processing
Device and it is stored in the computer program that can be run on the memory and on the processor;The processor executes the meter
The authentication method for being as above applied to mobile terminal is realized when calculation machine program.
In order to achieve the above objectives, the embodiment of the present invention provides a kind of management system, including transceiver, memory, processing
Device and it is stored in the computer program that can be run on the memory and on the processor;The processor executes the meter
The authentication method for being as above applied to management system is realized when calculation machine program.
In order to achieve the above objectives, the embodiment of the present invention provides a kind of Bluetooth IC, including transceiver, memory, processing
Device and it is stored in the computer program that can be run on the memory and on the processor;The processor executes the meter
The authentication method for being as above applied to Bluetooth IC is realized when calculation machine program.
In order to achieve the above objectives, the embodiment of the present invention provides a kind of computer readable storage medium, is stored thereon with meter
Calculation machine program is realized as above when the computer program is executed by processor applied to the step in the authentication method of mobile terminal
Suddenly.
In order to achieve the above objectives, the embodiment of the present invention provides a kind of computer readable storage medium, is stored thereon with meter
Calculation machine program is realized as above when the computer program is executed by processor applied to the step in the authentication method of management system
Suddenly.
In order to achieve the above objectives, the embodiment of the present invention provides a kind of computer readable storage medium, is stored thereon with meter
Calculation machine program is realized as above when the computer program is executed by processor applied to the step in the authentication method of Bluetooth IC
Suddenly.
The advantageous effects of the above technical solutions of the present invention are as follows:
The authentication method of the embodiment of the present invention will pass through the authentication key and authentication information for obtaining Bluetooth IC, according to
The authentication key, to the encrypted authentication information, obtains an encrypted authentication information in safety zone, later by the encrypted authentication information
It is sent to Bluetooth IC to be authenticated, not only completes the certification for establishing connection between mobile terminal and Bluetooth IC, and due to
It is completed in safe zone using the process that the authentication key of Bluetooth IC encrypts authentication information, to authentication information
Ciphering process carried out more effective protection, reduce the risk of information leakage, improve the safety of mobile terminal.
Detailed description of the invention
Fig. 1 is one of the flow chart of authentication method applied to mobile terminal of the embodiment of the present invention;
Fig. 2 is the two of the flow chart of the authentication method applied to mobile terminal of the embodiment of the present invention;
Fig. 3 is the three of the flow chart of the authentication method applied to mobile terminal of the embodiment of the present invention;
Fig. 4 is the applicating flow chart of the authentication method of the embodiment of the present invention;
Fig. 5 is the connection schematic diagram of each equipment in Fig. 4;
Fig. 6 is the flow chart of the authentication method applied to management system of the embodiment of the present invention;
Fig. 7 is the flow chart of the authentication method applied to Bluetooth IC of the embodiment of the present invention;
Fig. 8 is the structure chart of the mobile terminal of the embodiment of the present invention;
Fig. 9 is the structure chart of the management system of the embodiment of the present invention;
Figure 10 is the structure chart of the Bluetooth IC of the embodiment of the present invention;
Figure 11 is the structure chart of the mobile terminal of another embodiment of the present invention;
Figure 12 is the structure chart of the management system of another embodiment of the present invention;
Figure 13 is the structure chart of the Bluetooth IC of another embodiment of the present invention.
Specific embodiment
To keep the technical problem to be solved in the present invention, technical solution and advantage clearer, below in conjunction with attached drawing and tool
Body embodiment is described in detail.
The present invention is directed to the verification process that existing mobile terminal is connect with bluetooth card, and the protection for lacking data processing is arranged
It applies, there are higher information leakage risk, the problem of some potential safety problems is caused to user, provides a kind of authenticating party
Method reduces the risk of information leakage, improves mobile terminal by increasing the protection to the data processing in verification process
Safety.
As shown in Figure 1, a kind of authentication method of the embodiment of the present invention, comprising:
Step 101, the authentication key and authentication information of Bluetooth integrated circuit IC card are obtained;
Step 102, it is obtained according to the authentication key in the safety zone of mobile terminal to the encrypted authentication information
Encrypted authentication information;
Step 103, the encrypted authentication information is sent to Bluetooth IC, is authenticated.
In this embodiment, the safety zone of mobile terminal is and normal application runtime environment REE (Rich
Execution Environment) logic isolation, due to the sensitive data (such as key, privacy of user data) wherein saved
It will not be opened to the side REE, even if (Application Programming Interface, application program are compiled by API
Journey interface) it can not be fetched into, it ensure that the safety for being loaded into code therein and data, confidentiality and integrality.Together
When, and safety zone provides the performing environment of an isolation, and the security feature provided includes: isolated execution, trusted application
Integrality, the confidentiality of trust data, secure storage etc..So the authentication method of the embodiment of the present invention, walks through step 101-
Rapid 103, by the authentication key and authentication information by obtaining the Bluetooth IC, according to the authentication key in safety zone to this
Encrypted authentication information obtains an encrypted authentication information, and the encrypted authentication information is sent to Bluetooth IC later and is authenticated, no
The certification that connection is established between mobile terminal and Bluetooth IC has been only completed it, and due to using the authentication key of Bluetooth IC to recognizing
The process that card information is encrypted is completed in safe zone, has carried out more effective guarantor to the ciphering process of authentication information
Shield, reduces the risk of information leakage, improves the safety of mobile terminal.
Preferably, safety zone is the credible performing environment TEE (Trusted on mobile terminal primary processor
Execution Environment), the performing environment of an isolation is provided for the encryption of authentication information.And authentication key is pair
Claim key, in order to the encryption of mobile terminal side and the decryption of Bluetooth IC side.
Wherein, as shown in Fig. 2, step 101 includes:
Step 1011, the first identification information of Bluetooth IC is obtained;
Step 1012, according to first identification information, the authentication key of Bluetooth IC is obtained;
Step 1013, the bluetooth connection with the Bluetooth IC is established, and receives the certification letter that the Bluetooth IC is sent
Breath.
Here, 1011- step 1013 through the above steps will obtain the first identity letter of the Bluetooth IC first
Breath, since first identification information is as unique identification corresponding with the Bluetooth IC, later, it will be able to according to this first
Identification information completes the acquisition of the authentication key of the Bluetooth IC, then, establishes the bluetooth connection with the Bluetooth IC, and
The authentication information of Bluetooth IC transmission is received, so as to subsequent processing.
Wherein, the first identification information of Bluetooth IC can be card the sequence number cardID, Huo Zheji of Bluetooth IC
At circuit card identification code ICCID, will not enumerate herein.And authentication information can be Bluetooth IC in bluetooth connection success
Afterwards, which generates one group of random number or character string etc..
In an embodiment of the present invention, the frequent operation to reduce verification process, it is preferred that the authentication key of Bluetooth IC
A corresponding mobile terminal is unique constant, so, after step 1012, further includes:
If the not stored authentication key for having the Bluetooth IC in the safety zone, by the first of the Bluetooth IC
Identification information and the authentication key are stored in the safety zone.
Because the data of TEE are stored in mobile device chip, these data realize completely isolated with the external world, avoid
The generation of leakage.Therefore in recognizing safety zone when the not stored authentication key got, safety zone will be stored it in
In domain, certainly, for that the first identification information of Bluetooth IC and authentication key associated storage can be existed convenient for inquiring and applying
In safety zone, in this way, can directly inquire required content in subsequent processing, process flow is simplified, has improved place
Manage efficiency.
It should be appreciated that the first identification information of the Bluetooth IC, can by popping up corresponding input frame, by
User is actively entered, still, artificial input mode often error rate with higher, so, specifically, step 1011 includes:
Detect the prestored information of Bluetooth IC in the terminal;
It extracts in the prestored information, the first identification information of the Bluetooth IC.
Here, the preparatory information by detection Bluetooth IC in the terminal, will extract this from the prestored information
First identification information of Bluetooth IC reduces error rate, and verification process is not required to due to inputting without user
Additional interaction is unaware to user, improves the using effect of mobile terminal.
After getting the first identification information of Bluetooth IC, as shown in Figure 1, just will be according to first identity
Information obtains the authentication key of Bluetooth IC.Specifically, step 102 includes:
According to first identification information, the certification of the Bluetooth IC is inquired in the safety zone of mobile terminal
Key;
If not inquiring the authentication key in the safety zone, authentication key inquiry is initiated to management system, is obtained
Obtain the authentication key of the Bluetooth IC.
As shown in the above, it is stored with the authentication key got in the safety zone of mobile terminal, therefore, this
In, the authentication key of the Bluetooth IC will be inquired in safe zone according to first identification information, if inquiring the indigo plant
The authentication key of tooth IC card, it will be able to continue subsequent step using the authentication key;If do not inquire the authentication key it is necessary to
Management system initiates authentication key inquiry, to obtain the authentication key of the Bluetooth IC.
In the embodiment of the present invention, one group of unsymmetrical key: public key and private key will be all preset before mobile terminal factory, wherein
Private key is stored in the TEE of mobile terminal, and public key will upload to management system.Certification for mobile terminal and Bluetooth IC
Management system is stored with: the public key of mobile terminal factory preset identification information corresponding with the mobile terminal, Bluetooth IC
An identification information mobile terminal corresponding with the Bluetooth IC received authentication key.Wherein, in management system
Authentication key is preferred, is to obtain after the authentication key is encrypted based on the public key of mobile terminal, improves the pipe
The safety of authentication key in reason system.
Therefore, further specifically, initiate authentication key inquiry to management system as shown in figure 3, in above-mentioned steps,
The step of obtaining the authentication key of the Bluetooth IC, comprising:
Step 301, authentication key inquiry request is sent to management system, and the authentication key inquiry request includes described the
Second identification information of one identification information and the mobile terminal;
Step 302, the authentication key of the encryption of the management system feedback is received, the authentication key of the encryption is to be based on
The public key of the mobile terminal encrypts the authentication key of the Bluetooth IC;
Step 303, the private key based on the mobile terminal, is decrypted the authentication key of the encryption, described in acquisition
The authentication key of Bluetooth IC.
Here, such as step 301, by transmission include the first identification information (identification information of Bluetooth IC) and
The authentication key inquiry request of second identification information (identification information of mobile terminal) is to management system, so that management
System can be anti-by the authentication key of the encryption of the Bluetooth IC by first identification information and the second identification information
It is fed to the mobile terminal, wherein the authentication key of the encryption is authentication key of the public key based on mobile terminal to Bluetooth IC
It is encrypted.Later, such as step 302, mobile terminal can receive the certification of the encryption of management system feedback
Key.Then, such as step 303, mobile terminal is based on its own private key, the authentication key of the encryption can be decrypted, most
The authentication key of the Bluetooth IC is obtained eventually, for the subsequent encryption to authentication information.
Wherein, the second identification information i.e. the identification information of mobile terminal, can be equipment serial number
DeciceID or international mobile subscriber identity IMSI etc. are capable of the information of user's unique identification mobile terminal, herein no longer
It enumerates.
It should also be appreciated that the management system in the embodiment, the authentication key of one mobile terminal of correspondence of storage
It is to be sent by Bluetooth IC, therefore, if certification needed for only feeding back mobile terminal by the content stored in the management system
The problem of can not feeding back will be present in key, it is necessary to which Bluetooth IC provides.The management system receive authentication key inquiry ask
After asking, obtains the authentication key of Bluetooth IC and is specifically included the step of the mobile terminal with feeding back:
According to the first identification information and the second identification information, inquired in itself storage information of management system
The authentication key of the encryption of Bluetooth IC;If not inquiring authentication key, authentication key is initiated to Bluetooth IC and is generated, and is obtained
The authentication key of the encryption of Bluetooth IC feedback.
Management system can be believed first by the first identification information and the second identification information, the storage at its own
It is inquired in breath, if inquiring the authentication key of the encryption of the Bluetooth IC, it will be able to directly be fed back to mobile terminal;If not
It inquires, it is necessary to authentication key, which is initiated, to Bluetooth IC generates, thus, the certification for obtaining the encryption of Bluetooth IC feedback is close
Key.
Management system will send authentication key and generate request to the Bluetooth IC, include since the authentication key generates request
Authentication key generates instruction and the public key of the mobile terminal, after Bluetooth IC receives authentication key generation request, it will be able to root
Instruction is generated according to authentication key and generates an authentication key, and the authentication key is encrypted based on public key, is recognized encrypted
Card key feeds back to management system.
In general, Bluetooth IC is directed to same mobile terminal, an authentication key can be only generated, so, recognize receiving
Demonstrate,prove key generate request after, can first inquire whether the authentication key of the encryption of the existing correspondence public key, if it exists then directly into
Row feedback;Authentication key is generated in safe unit SE it is necessary to elder generation if it does not exist, public key is then based on and the authentication key is carried out
Encryption, the authentication key of encryption is fed back.
The safety of data, the data transmitted between management system and Bluetooth IC will be based on when wherein, to guarantee transmission
The key of negotiation carries out encrypted transmission.It is sent out again specifically, management system will generate authentication key after request carries out transmission encryption
It send, Bluetooth IC decrypts the authentication key and generates request later, completes the generation of authentication key and based on mobile terminal public key
Encryption after, retransmited after the authentication key of encryption being carried out transmission encryption, management system receive Bluetooth IC send number
According to the authentication key that can just access encryption after transmission decryption need to be carried out.
Illustrate the application of the authentication method of the embodiment of the present invention below with reference to Fig. 4 and Fig. 5:
S401, the cardID of acquisition for mobile terminal Bluetooth IC are inquired and be whether there is the corresponding certification of the cardID in TEE
Key, such as there is no S402 is executed, there are execution S411;
S402 sends authentication key inquiry request to management system, which includes the mobile terminal
DeciceID and cardID;
S403, management system are inquired the corresponding use mobile terminal public key pub_dev of the deciceID and cardID and are added
Close authentication key whether there is, and such as there is no S404 is executed, there are execution S409;
S404, the authentication key for sending encryption generate request to Bluetooth IC, and it includes certification which, which generates request,
Key generates instruction and the public key of the mobile terminal;
S405, Bluetooth IC decrypted authentication key generate request, and whether inquiry has generated recognizing for the encryption of the corresponding public key
Key is demonstrate,proved, S406 is executed if not generating, has generated and executed S407;
S406 is generated authentication key in SE, and is encrypted using the public key of mobile terminal to authentication key;
S407 is sent to management system after carrying out transmission encryption to the authentication key of encryption;
S408, management system save the authentication key of deciceID, cardID and encryption to the data deciphering received;
The authentication key of encryption is sent to the mobile terminal by S409, management system;
S410 after mobile terminal receives the authentication key of encryption, solves it using the private key of the mobile terminal in TEE
It is close, authentication key is obtained, and cardID and authentication key are stored in TEE;
S411, mobile terminal initiate Bluetooth connection request;
S412, Bluetooth IC and mobile terminal establish bluetooth connection success, and return authentication random number is to mobile terminal;
S413 recognizes this using the corresponding authentication key of the cardID in TEE after mobile terminal receives certification random number
Random number encryption is demonstrate,proved, Bluetooth IC is sent to;
S414 after Bluetooth IC receives the certification random number of encryption, is decrypted using the authentication key of itself, if after decryption
Information therewith previous existence at certification random number it is identical, certification pass through, mobile terminal can with Bluetooth IC by establish bluetooth connect
Connect transmission data;Otherwise authentification failure, Bluetooth IC actively disconnect bluetooth connection.
In this way, in the verification process of mobile terminal and Bluetooth IC bluetooth connection, authentication key be generated in SE, and
It is stored in management system with ciphertext form, and in the terminal, authentication key is stored in TEE, is based on authentication key pair
The encryption for authenticating random number is also to carry out in TEE, effectively prevents information leakage.
In conclusion the authentication method of the embodiment of the present invention, by the authentication key and certification by obtaining Bluetooth IC
Information obtains an encrypted authentication information to the encrypted authentication information in safety zone according to the authentication key, later by the encryption
Authentication information is sent to Bluetooth IC and is authenticated, and not only completes and establishes recognizing for connection between mobile terminal and Bluetooth IC
Card, and since the process for using the authentication key of Bluetooth IC to encrypt authentication information is completed in safe zone,
More effective protection has been carried out to the ciphering process of authentication information, the risk of information leakage has been reduced, improves mobile terminal
Safety.
As shown in fig. 6, the embodiments of the present invention also provide a kind of authentication methods, comprising:
Step 601, the authentication key inquiry request that mobile terminal is sent is received;
Step 602, according to the authentication key inquiry request, the authentication key of Bluetooth IC is obtained;
Step 603, the authentication key is sent to the mobile terminal.
By a upper embodiment it is found that in the safety zone of mobile terminal, if not inquiring the authentication key of Bluetooth IC,
Authentication key inquiry will be initiated, to management system to obtain the authentication key of the Bluetooth IC.Therefore, according to above-mentioned steps
601- step 603, management system will receive the authentication key inquiry request of mobile terminal transmission, then looked into according to the authentication key
It askes request to go to obtain the authentication key of Bluetooth IC, the authentication key is finally sent to the mobile terminal, so that mobile whole
End can complete the encryption to authentication information based on the authentication key of Bluetooth IC, to realize certification.
Management system in the embodiment is stored with: the public key of mobile terminal factory preset body corresponding with the mobile terminal
Part identification information, the certification of the identification information of a Bluetooth IC mobile terminal corresponding with the Bluetooth IC received are close
Key.Wherein, the authentication key in management system is preferred, is that the authentication key is encrypted based on the public key of mobile terminal
It obtains afterwards, improves the safety of authentication key in the management system.Therefore in the embodiment of the present invention, the authentication key is looked into
Asking request includes: the first identification information of the Bluetooth IC and the second identification information of the mobile terminal;
Step 602, comprising:
According to first identification information and second identification information, in itself storage letter of management system
The authentication key of the encryption of the Bluetooth IC is inquired in breath, the authentication key of the encryption is the public affairs based on the mobile terminal
Key encrypts the authentication key of the Bluetooth IC;
If not inquiring the authentication key of the encryption, Xiang Suoshu Bluetooth IC is initiated authentication key and is generated, and obtains institute
State the authentication key of the encryption of Bluetooth IC feedback.
Here, the first identification information is the identification information of Bluetooth IC, and the second identification information is mobile
The identification information of terminal.So after receiving authentication key inquiry request, i.e., by the first identification information in it
With the second identification information, the authentication key of the encryption of the Bluetooth IC is first inquired in a management system, if inquiring the indigo plant
The authentication key of the encryption of tooth IC card, it will be able to directly be fed back to mobile terminal;If not inquiring, it is necessary to bluetooth IC
Card is initiated authentication key and is generated, thus, obtain the authentication key of the encryption of Bluetooth IC feedback.
It is generated specifically, initiating authentication key to the Bluetooth IC, and obtain the encryption of the Bluetooth IC feedback
The step of authentication key, comprising:
It sends authentication key and generates request to the Bluetooth IC, it includes that authentication key is raw that the authentication key, which generates request,
At the public key of instruction and the mobile terminal;
Receive the authentication key of the encryption of the Bluetooth IC feedback.
Here, management system will send authentication key and generate request to the Bluetooth IC, since authentication key generation is asked
It asks and generates instruction and the public key of the mobile terminal including authentication key, after Bluetooth IC receives authentication key generation request, just
Instruction can be generated according to authentication key and generates an authentication key, and the authentication key is encrypted based on public key, will be encrypted
Authentication key afterwards feeds back to management system.
And process is obtaining the encryption of the Bluetooth IC feedback on the basis of the above embodiments to simplify the process
After the step of authentication key, further includes:
By the first identification information of the Bluetooth IC, the second identification information of the mobile terminal and described
The authentication key of encryption is stored.
In this way, the mobile terminal is in the authentication key that the management system requested Bluetooth IC encrypts, it will be able to its from
Associated storage in body storage information inquires the authentication key of required encryption.
To sum up, the authentication method of the embodiment of the present invention is applied to management system, can receive the certification of mobile terminal transmission
Then key inquiry request goes the authentication key for obtaining Bluetooth IC, finally by the certification according to the authentication key inquiry request
Key is sent to the mobile terminal, so that mobile terminal adds authentication information based on the authentication key completion of Bluetooth IC
Close, to realize certification, and during effectively preventing information leakage.
As shown in fig. 7, the embodiments of the present invention also provide a kind of authentication methods, comprising:
Step 701, after establishing the bluetooth connection with mobile terminal, authentication information is sent to the mobile terminal;
Step 702, the encrypted authentication information that the mobile terminal is sent is received;
Step 703, based on the authentication key of itself, the encrypted authentication information is decrypted;
Step 704, according to after decryption information and the authentication information authenticated.
The authentication method of the embodiment of the present invention is applied to Bluetooth IC, after establishing the bluetooth connection with mobile terminal, hair
Send authentication information to mobile terminal, by receiving the encrypted authentication information of mobile terminal transmission, based on the authentication key of itself,
The encrypted authentication information is decrypted, and is authenticated according to the authentication information of information and transmission after decryption.In this way, bluetooth
IC card can be realized as the certification of the connection with mobile terminal, and the information leakage during effectively preventing.
Wherein, step 704, comprising:
Information after decryption is compared with the authentication information, obtains a comparison result;
If the comparison result indicates that the information after decryption is identical as the authentication information, certification passes through;
If the comparison result indicates that the information after the decryption is different from the authentication information, authentification failure, disconnect
With the bluetooth connection of the mobile terminal.
Through the above steps, Bluetooth IC, can be by the letter after decryption after receiving encrypted authentication information and being decrypted
Breath is compared with the authentication information generated and sent before, obtains a comparison result, then by the comparison result, ties comparing
When fruit indicates that the information after decryption is identical as authentication information, certification passes through;Information and certification after comparison result indicates decryption
When information difference, authentification failure disconnects the bluetooth connection with mobile terminal.
In addition, in embodiment by the above-mentioned authentication method applied to management system, it can be realized that, management system
When the authentication key for the encryption for not inquiring the Bluetooth IC in the storage information of its own, it can initiate to authenticate to Bluetooth IC
Key generates, thus, obtain the authentication key of the encryption of Bluetooth IC feedback.So on the basis of the above embodiments, the reality
It applies in example, further includes:
It receives the authentication key that management system is sent and generates request, it includes that authentication key is raw that the authentication key, which generates request,
At the public key of instruction and the mobile terminal;
Instruction, which is generated, according to the authentication key generates an authentication key;
The authentication key is encrypted based on the public key, the authentication key of encryption, which is fed back to the management, is
System.
In this way, Bluetooth IC by receive management system transmission authentication key generate request after, by the authentication key
The authentication key for generating request generates instruction and generates an authentication key, and generates the public key of request to the certification based on authentication key
Key is encrypted, and encrypted authentication key is fed back to management system, is forwarded to mobile terminal by management system, to complete
Subsequent certification.
In general, Bluetooth IC is directed to same mobile terminal, an authentication key can be only generated, so, according to
Authentication key generated before the step of instruction generates an authentication key, comprising:
According to the Pubic-Key search with the presence or absence of the authentication key of the encryption of the corresponding public key;
If it exists, the authentication key of the encryption is sent to the management system;
If it does not exist, it executes and the step of instruction generates an authentication key is generated according to the authentication key.
Here, the authentication key that whether there is the encryption of the corresponding public key by inquiring according to public key, will be right
Should public key encryption authentication key in the presence of, be sent directly to management system through it;In the absence of, just execute certification it is close
The generation of key and encrypting step realize the purpose of simple flow.
To sum up, the authentication method of the embodiment of the present invention, Bluetooth IC will be sent out after establishing the bluetooth connection with mobile terminal
Send authentication information to mobile terminal, by receiving the encrypted authentication information of mobile terminal transmission, based on the authentication key of itself,
The encrypted authentication information is decrypted, and is authenticated according to the authentication information of information and transmission after decryption.In this way, bluetooth
IC card can be realized as the certification of the connection with mobile terminal, and the information leakage during effectively preventing.
As shown in figure 8, a kind of mobile terminal 800 of the embodiment of the present invention, including processor 810 and transceiver 820,
In,
The processor is used to obtain the authentication key and authentication information of Bluetooth integrated circuit IC card;According to the certification
Key obtains encrypted authentication information in the safety zone of mobile terminal to the encrypted authentication information;
The transceiver is used to the encrypted authentication information being sent to Bluetooth IC, is authenticated.
Wherein, the processor is also used to obtain the first identification information of Bluetooth IC;According to first identity
Identification information obtains the authentication key of Bluetooth IC;
The transceiver is also used to establish the bluetooth connection with the Bluetooth IC, and receives what the Bluetooth IC was sent
Authentication information.
Wherein, the processor is also used to detect the prestored information of Bluetooth IC in the terminal;It is prestored described in extraction
In information, the first identification information of the Bluetooth IC.
Wherein, the processor is also used to according to first identification information, in the safety zone of mobile terminal
Inquire the authentication key of the Bluetooth IC;
If the transceiver is also used to not inquire the authentication key in the safety zone, initiated to management system
Authentication key inquiry, obtains the authentication key of the Bluetooth IC.
Wherein, the transceiver is also used to send authentication key inquiry request to management system, the authentication key inquiry
Request includes the second identification information of first identification information and the mobile terminal;Receive the management system
The authentication key of the encryption of feedback, the authentication key of the encryption are the public keys based on the mobile terminal to the Bluetooth IC
Authentication key encrypted;
The processor is also used to the private key based on the mobile terminal, and the authentication key of the encryption is decrypted,
Obtain the authentication key of the Bluetooth IC.
Wherein, if the processor is also used to the not stored authentication key for having the Bluetooth IC in the safety zone,
Then the first identification information of the Bluetooth IC and the authentication key are stored in the safety zone.
The mobile terminal of the embodiment recognizes the authentication key and authentication information by obtaining Bluetooth IC according to this
Key is demonstrate,proved in safety zone to the encrypted authentication information, an encrypted authentication information is obtained, later sends the encrypted authentication information
It is authenticated to Bluetooth IC, not only completes the certification for establishing connection between mobile terminal and Bluetooth IC, and due to using
The process that the authentication key of Bluetooth IC encrypts authentication information is completed in safe zone, is added to authentication information
Close process has carried out more effective protection, reduces the risk of information leakage, improves the safety of mobile terminal.
As shown in figure 9, the management system 900 of the embodiment of the present invention, including processor 910 and transceiver 920, wherein
The transceiver is used to receive the authentication key inquiry request of mobile terminal transmission;
The processor is used to obtain the authentication key of Bluetooth IC according to the authentication key inquiry request;
The transceiver is also used to the authentication key being sent to the mobile terminal.
Wherein, the authentication key inquiry request includes: the first identification information of the Bluetooth IC and described
Second identification information of mobile terminal;
The processor is also used to managed according to first identification information and second identification information
The authentication key of the encryption of the Bluetooth IC is inquired in itself storage information of system, the authentication key of the encryption is to be based on
The public key of the mobile terminal encrypts the authentication key of the Bluetooth IC;
If the transceiver is also used to not inquire the authentication key of the encryption, it is close that Xiang Suoshu Bluetooth IC initiates certification
Key generates, and obtains the authentication key of the encryption of the Bluetooth IC feedback.
Wherein, the transceiver is also used to send authentication key and generates request to the Bluetooth IC, the authentication key
Generating request includes the public key that authentication key generates instruction and the mobile terminal;Receive the encryption of the Bluetooth IC feedback
Authentication key.
Wherein, the processor is also used to the first identification information of the Bluetooth IC, the mobile terminal
Second identification information and the authentication key of the encryption are stored.
Management system in the embodiment can receive the authentication key inquiry request of mobile terminal transmission, then basis
The authentication key inquiry request goes to obtain the authentication key of Bluetooth IC, and the authentication key is finally sent to the mobile terminal,
So that mobile terminal completes the encryption to authentication information based on the authentication key of Bluetooth IC, to realize certification, and effectively
Information leakage during avoiding.
As shown in Figure 10, the embodiments of the present invention also provide a kind of Bluetooth ICs 1000, including processor 1010 and receipts
Send out device 1020, wherein
The transceiver is for establishing and after the bluetooth connection of mobile terminal, sending authentication information to the mobile terminal;
Receive the encrypted authentication information that the mobile terminal is sent;
The processor is used for the authentication key based on itself, and the encrypted authentication information is decrypted;According to decryption
Information and the authentication information afterwards is authenticated.
Wherein, the processor is also used to for the information after decryption being compared with the authentication information, obtains a comparison
As a result;If the comparison result indicates that the information after decryption is identical as the authentication information, certification passes through;If the comparison knot
Fruit indicates that the information after the decryption is different from the authentication information, then authentification failure, disconnects the bluetooth with the mobile terminal
Connection.
Wherein, the authentication key that the transceiver is also used to receive management system transmission generates request, the authentication key
Generating request includes the public key that authentication key generates instruction and the mobile terminal;
The processor, which is also used to generate instruction according to the authentication key, generates an authentication key;
The transceiver is also used to encrypt the authentication key based on the public key, and the authentication key of encryption is anti-
It is fed to the management system.
Wherein, the processor is also used to the certification according to the Pubic-Key search with the presence or absence of the encryption of the corresponding public key
Key;
The transceiver is also used to send the authentication key of the encryption if it exists to the management system;If it does not exist,
It executes and the step of instruction generates an authentication key is generated according to the authentication key.
The Bluetooth IC of the embodiment will send authentication information to movement after establishing the bluetooth connection with mobile terminal
Terminal, by receiving the encrypted authentication information of mobile terminal transmission, based on the authentication key of itself, to the encrypted authentication information
It is decrypted, and is authenticated according to the authentication information of information and transmission after decryption.In this way, Bluetooth IC can be realized as with
The connection of mobile terminal authenticates, and the information leakage during effectively preventing.
A kind of mobile terminal of another embodiment of the present invention, as shown in figure 11, including transceiver 1110, memory 1120,
Processor 1100 and it is stored in the computer program that can be run on the memory 1120 and on the processor 1100;It is described
Processor 1100 realizes the above-mentioned authentication method applied to mobile terminal when executing the computer program.
The transceiver 1110, for sending and receiving data under the control of processor 1100.
Wherein, in Figure 11, bus architecture may include the bus and bridge of any number of interconnection, specifically by processor
The various circuits for the memory that 1100 one or more processors represented and memory 1120 represent link together.Total coil holder
Structure can also link together various other circuits of such as peripheral equipment, voltage-stablizer and management circuit or the like, this
It is all a bit it is known in the art, therefore, it will not be further described herein.Bus interface provides interface.Transceiver
1110 can be multiple element, that is, include transmitter and receiver, provide for logical with various other devices over a transmission medium
The unit of letter.For different user equipmenies, user interface 1130, which can also be, the interface for needing equipment external is inscribed, even
The equipment connect includes but is not limited to keypad, display, loudspeaker, microphone, control stick etc..
Processor 1100, which is responsible for management bus architecture and common processing, memory 1120, can store processor 1100 and exists
Execute used data when operation.
The management system of another embodiment of the present invention, as shown in figure 12, including transceiver 1210, memory 1220, processing
Device 1200 and it is stored in the computer program that can be run on the memory 1220 and on the processor 1200;The processing
Device 1200 realizes the above-mentioned authentication method applied to management system when executing the computer program.
The transceiver 1210, for sending and receiving data under the control of processor 1200.
Wherein, in Figure 12, bus architecture may include the bus and bridge of any number of interconnection, specifically by processor
The various circuits for the memory that 1200 one or more processors represented and memory 1220 represent link together.Total coil holder
Structure can also link together various other circuits of such as peripheral equipment, voltage-stablizer and management circuit or the like, this
It is all a bit it is known in the art, therefore, it will not be further described herein.Bus interface provides interface.Transceiver
1210 can be multiple element, that is, include transmitter and transceiver, provide for logical with various other devices over a transmission medium
The unit of letter.Processor 1200 is responsible for management bus architecture and common processing, memory 1220 can store processor 1200
The used data when executing operation.
The Bluetooth IC of another embodiment of the present invention, as shown in figure 13, including transceiver 1310, memory 1320, processing
Device 1300 and it is stored in the computer program that can be run on the memory 1320 and on the processor 1300;The processing
Device 1300 realizes the authentication method for being as above applied to Bluetooth IC when executing the computer program.
In Figure 13, bus architecture (is represented) with bus 1330, and bus 1330 may include any number of interconnection
Bus and bridge, bus 1330 will include the one or more processors represented by processor 1300 and what memory 1320 represented deposits
The various circuits of reservoir link together.Bus 1330 can also will peripheral equipment, voltage-stablizer and management circuit etc.
Etc various other circuits link together, these are all it is known in the art, therefore, herein no longer carries out it into one
Step description.Bus interface 1340 provides interface between bus 1330 and transceiver 1310.Transceiver 1310 can be a member
Part is also possible to multiple element, such as multiple receivers and transmitter, provide for over a transmission medium with various other devices
The unit of communication.The data handled through processor 1300 are transmitted on the radio medium by antenna 1350, further, antenna
1350 also receive data and transfer data to processor 1300.
Processor 1300 is responsible for management bus 1330 and common processing, can also provide various functions, including timing, outside
Enclose interface, voltage adjusting, power management and other control functions.And memory 1320 can be used for storage processor 1300
The used data when executing operation.
Optionally, processor 1300 can be CPU, ASIC, FPGA or CPLD.
A kind of computer readable storage medium of the embodiment of the present invention is stored thereon with computer program, the computer
It is realized when program is executed by processor as above applied to the step in the authentication method of mobile terminal, and identical technology can be reached
Effect, to avoid repeating, which is not described herein again.Wherein, the computer readable storage medium, such as read-only memory (Read-
Only Memory, abbreviation ROM), random access memory (Random Access Memory, abbreviation RAM), magnetic disk or light
Disk etc..
A kind of computer readable storage medium of the embodiment of the present invention is stored thereon with computer program, the computer
It is realized when program is executed by processor as above applied to the step in the authentication method of management system, and identical technology can be reached
Effect, to avoid repeating, which is not described herein again.Wherein, the computer readable storage medium, such as read-only memory (Read-
Only Memory, abbreviation ROM), random access memory (Random Access Memory, abbreviation RAM), magnetic disk or light
Disk etc..
A kind of computer readable storage medium of the embodiment of the present invention is stored thereon with computer program, the computer
It is realized when program is executed by processor as above applied to the step in the authentication method of Bluetooth IC, and identical technology can be reached
Effect, to avoid repeating, which is not described herein again.Wherein, the computer readable storage medium, such as read-only memory (Read-
Only Memory, abbreviation ROM), random access memory (Random Access Memory, abbreviation RAM), magnetic disk or light
Disk etc..
Explanation is needed further exist for, this terminal described in this description includes but is not limited to smart phone, plate electricity
Brain etc., and described many functional components are all referred to as module, specifically to emphasize the independence of its implementation.
In the embodiment of the present invention, module can use software realization, to be executed by various types of processors.Citing comes
It says, the executable code module of a mark may include the one or more physics or logical block of computer instruction, citing
For, object, process or function can be built as.Nevertheless, the executable code of institute's mark module is without physically
It is located together, but may include the different instructions being stored in different positions, be combined together when in these command logics
When, it constitutes module and realizes the regulation purpose of the module.
In fact, executable code module can be the either many item instructions of individual instructions, and can even be distributed
It on multiple and different code segments, is distributed in distinct program, and is distributed across multiple memory devices.Similarly, it grasps
Making data can be identified in module, and can realize according to any form appropriate and be organized in any appropriate class
In the data structure of type.The operation data can be used as individual data collection and be collected, or can be distributed on different location
(including in different storage device), and at least partly can only be present in system or network as electronic signal.
When module can use software realization, it is contemplated that the level of existing hardware technique, it is possible to implemented in software
Module, without considering the cost, those skilled in the art can build corresponding hardware circuit to realize correspondence
Function, the hardware circuit includes conventional ultra-large integrated (VLSI) circuit or gate array and such as logic core
The existing semiconductor of piece, transistor etc either other discrete elements.Module can also use programmable hardware device, such as
Field programmable gate array, programmable logic array, programmable logic device etc. are realized.
Above-mentioned exemplary embodiment is described with reference to those attached drawings, many different forms and embodiment be it is feasible and
Without departing from spirit of that invention and teaching, therefore, the present invention should not be construed the limitation become in this proposed exemplary embodiment.
More precisely, these exemplary embodiments are provided so that the present invention can be perfect and complete, and can be by the scope of the invention
It is communicated to those those of skill in the art.In those schemas, size of components and relative size be perhaps based on it is clear for the sake of
And it is exaggerated.Term used herein is based only on description particular example embodiment purpose, and being not intended to, which becomes limitation, uses.Such as
Ground is used at this, unless the interior text clearly refers else, otherwise the singular " one ", "one" and "the" be intended to by
Those multiple forms are also included in.Those term "comprising"s and/or " comprising " will become further apparent when being used in this specification,
It indicates the presence of the feature, integer, step, operation, component and/or component, but is not excluded for one or more other features, whole
Number, step, operation, component, component and/or the presence of its group or increase.Unless otherwise indicated, narrative tense, a value range packet
Bound containing the range and any subrange therebetween.
The above is a preferred embodiment of the present invention, it is noted that for those skilled in the art
For, without departing from the principles of the present invention, it can also make several improvements and retouch, these improvements and modifications
It should be regarded as protection scope of the present invention.
Claims (34)
1. a kind of authentication method characterized by comprising
Obtain the authentication key and authentication information of Bluetooth integrated circuit IC card;
Encrypted authentication information is obtained in the safety zone of mobile terminal to the encrypted authentication information according to the authentication key;
The encrypted authentication information is sent to Bluetooth IC, is authenticated.
2. authentication method according to claim 1, which is characterized in that obtain Bluetooth integrated circuit IC card authentication key with
And the step of authentication information, comprising:
Obtain the first identification information of Bluetooth IC;
According to first identification information, the authentication key of Bluetooth IC is obtained;
The bluetooth connection with the Bluetooth IC is established, and receives the authentication information that the Bluetooth IC is sent.
3. authentication method according to claim 2, which is characterized in that obtain the first identification information of Bluetooth IC
Step, comprising:
Detect the prestored information of Bluetooth IC in the terminal;
It extracts in the prestored information, the first identification information of the Bluetooth IC.
4. authentication method according to claim 2, which is characterized in that according to first identification information, obtain blue
The step of authentication key of tooth IC card, comprising:
According to first identification information, the certification that the Bluetooth IC is inquired in the safety zone of mobile terminal is close
Key;
If not inquiring the authentication key in the safety zone, authentication key inquiry is initiated to management system, obtains institute
State the authentication key of Bluetooth IC.
5. authentication method according to claim 4, which is characterized in that initiate authentication key inquiry to management system, obtain
The step of authentication key of the Bluetooth IC, comprising:
Authentication key inquiry request is sent to management system, the authentication key inquiry request includes the first identity letter
Second identification information of breath and the mobile terminal;
The authentication key of the encryption of the management system feedback is received, the authentication key of the encryption is based on the mobile terminal
Public key the authentication key of the Bluetooth IC encrypted;
Based on the private key of the mobile terminal, the authentication key of the encryption is decrypted, obtains recognizing for the Bluetooth IC
Demonstrate,prove key.
6. authentication method according to claim 2, which is characterized in that obtain Bluetooth IC authentication key the step of it
Afterwards, further includes:
If the not stored authentication key for having the Bluetooth IC in the safety zone, by the first identity of the Bluetooth IC
Identification information and the authentication key are stored in the safety zone.
7. a kind of authentication method characterized by comprising
Receive the authentication key inquiry request that mobile terminal is sent;
According to the authentication key inquiry request, the authentication key of Bluetooth IC is obtained;
The authentication key is sent to the mobile terminal.
8. authentication method according to claim 7, which is characterized in that the authentication key inquiry request includes: the indigo plant
First identification information of tooth IC card and the second identification information of the mobile terminal;
According to the authentication key inquiry request, the step of obtaining the authentication key of Bluetooth IC, comprising:
According to first identification information and second identification information, in itself storage information of management system
The authentication key of the encryption of the Bluetooth IC is inquired, the authentication key of the encryption is the public key pair based on the mobile terminal
What the authentication key of the Bluetooth IC was encrypted;
If not inquiring the authentication key of the encryption, Xiang Suoshu Bluetooth IC is initiated authentication key and is generated, and obtains the indigo plant
The authentication key of the encryption of tooth IC card feedback.
9. authentication method according to claim 8, which is characterized in that Xiang Suoshu Bluetooth IC is initiated authentication key and is generated,
And the step of obtaining the authentication key of encryption of the Bluetooth IC feedback, comprising:
It sends authentication key and generates request to the Bluetooth IC, it includes that authentication key generation refers to that the authentication key, which generates request,
Enable the public key with the mobile terminal;
Receive the authentication key of the encryption of the Bluetooth IC feedback.
10. authentication method according to claim 8, which is characterized in that obtaining the encryption of the Bluetooth IC feedback
After the step of authentication key, further includes:
By the first identification information of the Bluetooth IC, the second identification information of the mobile terminal and the encryption
Authentication key stored.
11. a kind of authentication method characterized by comprising
After establishing the bluetooth connection with mobile terminal, authentication information is sent to the mobile terminal;
Receive the encrypted authentication information that the mobile terminal is sent;
Based on the authentication key of itself, the encrypted authentication information is decrypted;
According to after decryption information and the authentication information authenticated.
12. authentication method according to claim 11, which is characterized in that according to after decryption information and the authentication information
The step of being authenticated, comprising:
Information after decryption is compared with the authentication information, obtains a comparison result;
If the comparison result indicates that the information after decryption is identical as the authentication information, certification passes through;
If the comparison result indicates that the information after the decryption is different from the authentication information, authentification failure, disconnection and institute
State the bluetooth connection of mobile terminal.
13. authentication method according to claim 11, which is characterized in that further include:
It receives the authentication key that management system is sent and generates request, it includes that authentication key generation refers to that the authentication key, which generates request,
Enable the public key with the mobile terminal;
Instruction, which is generated, according to the authentication key generates an authentication key;
The authentication key is encrypted based on the public key, the authentication key of encryption is fed back into the management system.
14. authentication method according to claim 13, which is characterized in that generated generating instruction according to the authentication key
Before the step of one authentication key, comprising:
According to the Pubic-Key search with the presence or absence of the authentication key of the encryption of the corresponding public key;
If it exists, the authentication key of the encryption is sent to the management system;
If it does not exist, it executes and the step of instruction generates an authentication key is generated according to the authentication key.
15. a kind of mobile terminal, which is characterized in that including processor and transceiver, wherein
The processor is used to obtain the authentication key and authentication information of Bluetooth integrated circuit IC card;It is close according to the certification
Key obtains encrypted authentication information in the safety zone of mobile terminal to the encrypted authentication information;
The transceiver is used to the encrypted authentication information being sent to Bluetooth IC, is authenticated.
16. mobile terminal according to claim 15, which is characterized in that the processor is also used to obtain Bluetooth IC
First identification information;According to first identification information, the authentication key of Bluetooth IC is obtained;
The transceiver is also used to establish the bluetooth connection with the Bluetooth IC, and receives the certification that the Bluetooth IC is sent
Information.
17. mobile terminal according to claim 16, which is characterized in that the processor is also used to detect Bluetooth IC and exists
Prestored information in mobile terminal;It extracts in the prestored information, the first identification information of the Bluetooth IC.
18. mobile terminal according to claim 16, which is characterized in that the processor is also used to according to first body
Part identification information, inquires the authentication key of the Bluetooth IC in the safety zone of mobile terminal;
If the transceiver is also used to not inquire the authentication key in the safety zone, initiate to authenticate to management system
Key inquiry, obtains the authentication key of the Bluetooth IC.
19. mobile terminal according to claim 18, which is characterized in that the transceiver is also used to send authentication key and looks into
Request is ask to management system, the authentication key inquiry request includes first identification information and the mobile terminal
Second identification information;The authentication key of the encryption of the management system feedback is received, the authentication key of the encryption is base
The authentication key of the Bluetooth IC is encrypted in the public key of the mobile terminal;
The processor is also used to the private key based on the mobile terminal, and the authentication key of the encryption is decrypted, and obtains
The authentication key of the Bluetooth IC.
20. mobile terminal according to claim 16, which is characterized in that if the processor is also used to the safety zone
In the not stored authentication key for having the Bluetooth IC, then by the first identification information of the Bluetooth IC and the certification
Key storage is in the safety zone.
21. a kind of management system, which is characterized in that including processor and transceiver, wherein
The transceiver is used to receive the authentication key inquiry request of mobile terminal transmission;
The processor is used to obtain the authentication key of Bluetooth IC according to the authentication key inquiry request;
The transceiver is also used to the authentication key being sent to the mobile terminal.
22. management system according to claim 21, which is characterized in that the authentication key inquiry request includes: described
First identification information of Bluetooth IC and the second identification information of the mobile terminal;
The processor is also used to according to first identification information and second identification information, in management system
Itself storage information in inquire the Bluetooth IC encryption authentication key, the authentication key of the encryption is based on described
The public key of mobile terminal encrypts the authentication key of the Bluetooth IC;
If the transceiver is also used to not inquire the authentication key of the encryption, it is raw that Xiang Suoshu Bluetooth IC initiates authentication key
At, and obtain the authentication key of the encryption of the Bluetooth IC feedback.
23. management system according to claim 22, which is characterized in that it is raw that the transceiver is also used to send authentication key
At request to the Bluetooth IC, it includes that authentication key generates instruction and the mobile terminal that the authentication key, which generates request,
Public key;Receive the authentication key of the encryption of the Bluetooth IC feedback.
24. management system according to claim 22, which is characterized in that the processor is also used to the Bluetooth IC
The first identification information, the second identification information of the mobile terminal and the authentication key of the encryption deposited
Storage.
25. a kind of Bluetooth IC, which is characterized in that including processor and transceiver, wherein
The transceiver is for establishing and after the bluetooth connection of mobile terminal, sending authentication information to the mobile terminal;It receives
The encrypted authentication information that the mobile terminal is sent;
The processor is used for the authentication key based on itself, and the encrypted authentication information is decrypted;After decryption
Information and the authentication information are authenticated.
26. Bluetooth IC according to claim 25, which is characterized in that the processor be also used to decrypt after information
It is compared with the authentication information, obtains a comparison result;If the comparison result indicates that the information after decryption is recognized with described
It is identical to demonstrate,prove information, then certification passes through;If the comparison result indicates that the information after the decryption is different from the authentication information,
Authentification failure disconnects the bluetooth connection with the mobile terminal.
27. Bluetooth IC according to claim 25, which is characterized in that the transceiver is also used to receive management system hair
The authentication key sent generates request, and it includes that authentication key generates instruction and the mobile terminal that the authentication key, which generates request,
Public key;
The processor, which is also used to generate instruction according to the authentication key, generates an authentication key;
The transceiver is also used to encrypt the authentication key based on the public key, and the authentication key of encryption is fed back to
The management system.
28. Bluetooth IC according to claim 27, which is characterized in that the processor is also used to be looked into according to the public key
Ask the authentication key of the encryption with the presence or absence of the corresponding public key;
The transceiver is also used to send the authentication key of the encryption if it exists to the management system;If it does not exist, it executes
The step of instruction generates an authentication key is generated according to the authentication key.
29. a kind of mobile terminal, including transceiver, memory, processor and it is stored on the memory and can be at the place
The computer program run on reason device;It is characterized in that, being realized when the processor executes the computer program as right is wanted
Seek the described in any item authentication methods of 1-6.
30. a kind of management system, including transceiver, memory, processor and it is stored on the memory and can be at the place
The computer program run on reason device;It is characterized in that, being realized when the processor executes the computer program as right is wanted
Seek the described in any item authentication methods of 7-10.
31. a kind of Bluetooth IC, including transceiver, memory, processor and it is stored on the memory and can be at the place
The computer program run on reason device;It is characterized in that, being realized when the processor executes the computer program as right is wanted
Seek the described in any item authentication methods of 11-14.
32. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The step in authentication method as claimed in any one of claims 1 to 6 is realized when being executed by processor.
33. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
It realizes when being executed by processor such as the step in the described in any item authentication methods of claim 7-10.
34. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
It realizes when being executed by processor such as the step in the described in any item authentication methods of claim 11-14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710821473.1A CN109495885B (en) | 2017-09-13 | 2017-09-13 | Authentication method, mobile terminal, management system and Bluetooth IC card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710821473.1A CN109495885B (en) | 2017-09-13 | 2017-09-13 | Authentication method, mobile terminal, management system and Bluetooth IC card |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109495885A true CN109495885A (en) | 2019-03-19 |
| CN109495885B CN109495885B (en) | 2021-09-14 |
Family
ID=65687228
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710821473.1A Active CN109495885B (en) | 2017-09-13 | 2017-09-13 | Authentication method, mobile terminal, management system and Bluetooth IC card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109495885B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111262889A (en) * | 2020-05-06 | 2020-06-09 | 腾讯科技(深圳)有限公司 | Authority authentication method, device, equipment and medium for cloud service |
| CN111787514A (en) * | 2020-06-28 | 2020-10-16 | 海尔优家智能科技(北京)有限公司 | Method and device for acquiring equipment control data, storage medium and electronic device |
| CN113141604A (en) * | 2021-04-27 | 2021-07-20 | 河北爱其科技有限公司 | Bluetooth safety communication system |
| CN116580489A (en) * | 2023-07-13 | 2023-08-11 | 鼎铉商用密码测评技术(深圳)有限公司 | Access control equipment, access control card and card sender control method, equipment and medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101577906A (en) * | 2009-06-12 | 2009-11-11 | 大唐微电子技术有限公司 | Smart card and terminal capable of realizing machine card security authentication |
| CN101583124A (en) * | 2009-06-10 | 2009-11-18 | 大唐微电子技术有限公司 | Authentication method and system of subscriber identity module and terminal |
| CN101883357A (en) * | 2010-06-22 | 2010-11-10 | 北京握奇数据系统有限公司 | Method, device and system for mutual authentication between terminal and intelligent card |
| CN105007274A (en) * | 2015-07-27 | 2015-10-28 | 尤磊 | Mobile terminal-based identity authentication system and method |
| CN105975867A (en) * | 2016-04-28 | 2016-09-28 | 东莞市华睿电子科技有限公司 | Data processing method |
| CN106161359A (en) * | 2015-04-02 | 2016-11-23 | 阿里巴巴集团控股有限公司 | The method and device of certification user, the method and device of registration wearable device |
| CN106293080A (en) * | 2016-07-29 | 2017-01-04 | 维沃移动通信有限公司 | The method of a kind of user profile process and mobile terminal |
| CN106506472A (en) * | 2016-11-01 | 2017-03-15 | 黄付营 | A kind of safe mobile terminal digital certificate method and system |
| CN106656457A (en) * | 2015-10-30 | 2017-05-10 | 深圳市中兴微电子技术有限公司 | Method, device and system for safe access of data based on VPN |
| CN106657551A (en) * | 2016-12-05 | 2017-05-10 | 惠州Tcl移动通信有限公司 | Method and system for preventing mobile terminal from being unlocked |
-
2017
- 2017-09-13 CN CN201710821473.1A patent/CN109495885B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101583124A (en) * | 2009-06-10 | 2009-11-18 | 大唐微电子技术有限公司 | Authentication method and system of subscriber identity module and terminal |
| CN101577906A (en) * | 2009-06-12 | 2009-11-11 | 大唐微电子技术有限公司 | Smart card and terminal capable of realizing machine card security authentication |
| CN101883357A (en) * | 2010-06-22 | 2010-11-10 | 北京握奇数据系统有限公司 | Method, device and system for mutual authentication between terminal and intelligent card |
| CN106161359A (en) * | 2015-04-02 | 2016-11-23 | 阿里巴巴集团控股有限公司 | The method and device of certification user, the method and device of registration wearable device |
| CN105007274A (en) * | 2015-07-27 | 2015-10-28 | 尤磊 | Mobile terminal-based identity authentication system and method |
| CN106656457A (en) * | 2015-10-30 | 2017-05-10 | 深圳市中兴微电子技术有限公司 | Method, device and system for safe access of data based on VPN |
| CN105975867A (en) * | 2016-04-28 | 2016-09-28 | 东莞市华睿电子科技有限公司 | Data processing method |
| CN106293080A (en) * | 2016-07-29 | 2017-01-04 | 维沃移动通信有限公司 | The method of a kind of user profile process and mobile terminal |
| CN106506472A (en) * | 2016-11-01 | 2017-03-15 | 黄付营 | A kind of safe mobile terminal digital certificate method and system |
| CN106657551A (en) * | 2016-12-05 | 2017-05-10 | 惠州Tcl移动通信有限公司 | Method and system for preventing mobile terminal from being unlocked |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111262889A (en) * | 2020-05-06 | 2020-06-09 | 腾讯科技(深圳)有限公司 | Authority authentication method, device, equipment and medium for cloud service |
| CN111262889B (en) * | 2020-05-06 | 2020-09-04 | 腾讯科技(深圳)有限公司 | Authority authentication method, device, equipment and medium for cloud service |
| CN111787514A (en) * | 2020-06-28 | 2020-10-16 | 海尔优家智能科技(北京)有限公司 | Method and device for acquiring equipment control data, storage medium and electronic device |
| CN111787514B (en) * | 2020-06-28 | 2024-03-22 | 海尔优家智能科技(北京)有限公司 | Method and device for acquiring equipment control data, storage medium and electronic device |
| CN113141604A (en) * | 2021-04-27 | 2021-07-20 | 河北爱其科技有限公司 | Bluetooth safety communication system |
| CN116580489A (en) * | 2023-07-13 | 2023-08-11 | 鼎铉商用密码测评技术(深圳)有限公司 | Access control equipment, access control card and card sender control method, equipment and medium |
| CN116580489B (en) * | 2023-07-13 | 2023-09-29 | 鼎铉商用密码测评技术(深圳)有限公司 | Access control equipment, access control card and card sender control method, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109495885B (en) | 2021-09-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110995642B (en) | Providing secure connections using pre-shared keys | |
| US11849048B2 (en) | Mutually authenticated ECDHE key exchange for a device and a network using multiple PKI key pairs | |
| TW548535B (en) | Security system | |
| KR101510784B1 (en) | Method of secure personalization of a nfc chipset | |
| CN102572314B (en) | Image sensor and payment authentication method | |
| CN108513704B (en) | Remote distribution method and system of terminal master key | |
| CN106464498B (en) | Method for authenticating a first electronic entity by a second electronic entity and electronic entity | |
| CN106527673A (en) | Method and apparatus for binding wearable device, and electronic payment method and apparatus | |
| CN109756447A (en) | A kind of safety certifying method and relevant device | |
| WO2018090763A1 (en) | Method and device for configuring terminal master key | |
| CN109495885A (en) | Authentication method, mobile terminal, management system and Bluetooth IC | |
| US10404475B2 (en) | Method and system for establishing a secure communication tunnel | |
| CN109218263A (en) | A kind of control method and device | |
| CN106254323A (en) | The exchange method of a kind of TA and SE, TA, SE and TSM platform | |
| CN112672342B (en) | Data transmission method, device, equipment, system and storage medium | |
| CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
| CN105407109A (en) | Data secure transmission method between Bluetooth devices | |
| CN105574720A (en) | Secure information processing method and secure information processing apparatus | |
| CN107493281A (en) | encryption communication method and device | |
| CN106792482A (en) | A kind of method and system for being used between two devices set up near-field communication | |
| Urien et al. | A new cooperative architecture for sharing services managed by secure elements controlled by android phones with IP objects | |
| US20180212784A1 (en) | Method to secure an applicative function in a cloud-based virtual secure element implementation | |
| KR20180093057A (en) | A method and system for secure communication between a mobile unit and a server interlocked with a smartphone | |
| US10616212B2 (en) | Method of sending a data from a secure token to a server | |
| Wognsen et al. | A secure relay protocol for door access control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |