CN109639638A - A kind of command authority method of dynamic security - Google Patents
A kind of command authority method of dynamic security Download PDFInfo
- Publication number
- CN109639638A CN109639638A CN201811325055.4A CN201811325055A CN109639638A CN 109639638 A CN109639638 A CN 109639638A CN 201811325055 A CN201811325055 A CN 201811325055A CN 109639638 A CN109639638 A CN 109639638A
- Authority
- CN
- China
- Prior art keywords
- destination
- data
- synchronizer
- identity information
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0457—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
Abstract
The invention discloses a kind of command authority methods of dynamic security, the order sends data from the starting point of link to destination, the order include it is encrypted after dynamic data and it is encrypted after order data, the dynamic data is to change in each link transmission with the variation of a synchronizer, the synchronizer generates the variation of refreshing at least once in each link transmission, which includes pending order;Destination obtains the synchronizer in order data and dynamic data to the data deciphering being transmitted to, and judges whether the order data and synchronizer meet every Rule of judgment, and then decides whether that the order in the order data is allowed to be performed.It has the following advantages: realize the dynamic transmission of data, anti-data re-transmitting, can support offline authorization, the anti-overall safety performance for cracking, improving system.
Description
Technical field
The present invention relates to a kind of command authority methods of dynamic security.
Background technique
In the prior art, the intelligent terminals such as the intelligent lock of end are carried out far by main website or portable mobile apparatus
When Cheng Shouquan sends order, order data guarantees the transmission of data generally by the mode of encryption during transmission
Safety.But the safety for only guaranteeing system by encrypting this behave is inadequate, and there are also other to be left to be desired for system
Place because main website toward contact can have following defects that 1 when carrying out the transmission of order data, the more of order data occurs
Secondary retransmission case causes the intelligent terminal of end to duplicate operation, makes the intelligent terminals such as intelligent lock repeat to unlock, gives system
Bring security risk;2, after leaving main website, it cannot achieve offline Authorized operation;3, same commands data are likely to occur in chain
Being transmitted several times in road is easy to be cracked after the order data is trapped, to reduce system safety coefficient;4, Wu Fagen
Empowerment management is carried out according to different attributes (such as time, personnel, equipment).
Summary of the invention
The present invention provides a kind of command authority methods of dynamic security, and which overcome existing skills described in background technology
The deficiency of art.
The technical solution adopted by the present invention to solve the technical problems is:
A kind of command authority method of dynamic security, the order send data, the life from the starting point of link to destination
Enable include it is encrypted after dynamic data and it is encrypted after order data, the dynamic data be in each link transmission with
The variation of a synchronizer and change, the synchronizer generated in each link transmission refreshing at least once change
Change, which includes pending order;
Destination obtains the synchronizer in order data and dynamic data to the data deciphering being transmitted to, and judges the life
It enables whether data and synchronizer meet every Rule of judgment, and then decides whether that the order in the order data is allowed to be held
Row.
Among one embodiment: the synchronizer changes with the refreshing that each link transmission follows increasing function.
Among one embodiment: also including the section definition of the synchronizer, the judgement item of the destination in the order data
Part includes: to decrypt obtained synchronizer whether in the section, if meeting the Rule of judgment, conversely, being then unsatisfactory for.
Among one embodiment: the Rule of judgment of the destination further include: the synchronizer and last link decrypted
Whether the synchronizer in transmission is equal, if differing, meets the Rule of judgment, conversely, being then unsatisfactory for.
Among one embodiment: the also identity information comprising the identity information of starting point, destination in the order data, the mesh
End Rule of judgment further include: whether the identity information for the starting point decrypted and the identity information of destination correspond to, if
It is corresponding, then meet Rule of judgment, conversely, being then unsatisfactory for.
Among one embodiment: the encryption and decryption processes of the synchronizer include:
Ciphering process: encrypting destination identity information by key K to obtain encrypted destination identity information,
Dynamic data is encrypted by the encrypted destination identity information again, the destination identity information in the ciphering process
It is that starting point is obtained by external input;
Decrypting process: it is executed in destination, destination identity information is encrypted by key K to obtain encrypted mesh
End identity information, then dynamic data is decrypted by the encrypted destination identity information, the mesh of the decrypting process
End identity information be stored in the destination.
Among one embodiment: between starting point and destination have an at least transfer end, the order by link starting point
Data are sent to destination behind transfer end, which is sent to transfer end and retransmits to purpose after encrypting in starting point
End, the synchronizer and dynamic data refresh generation in transfer end, then are sent to destination after dynamic data is encrypted;The life
Enable further include in data the transfer end identity information.
Among one embodiment: the ciphering process is executed in starting point.
Among one embodiment: the ciphering process executes at transfer end;Or, in starting point by key K to destination identity
Information is encrypted to obtain encrypted destination identity information and is sent to transfer end, then by after the encryption in transfer end
Destination identity information synchronizer is encrypted.
Among one embodiment: there are multiple transfer ends, the order is successively backward through multiple transfer ends by the starting point of link
Destination sends data, and the synchronizer and dynamic data generate primary refresh in each transfer end being successively transferred to.
Among one embodiment: the synchronizer is the time.
Among one embodiment: the starting point is main website, which is portable mobile apparatus, which is that intelligence is whole
End.
The technical program compared with the background art, it has the following advantages:
1, in data include the dynamic data for refreshing variation in each link transmission with synchronizer and changing, thus real
The dynamic transmission of existing data, and data are different during each link transmission, prevent from being cracked easily after being trapped,
The safety of improve data transfer.
2, the Rule of judgment of the destination further include: the synchronizer decrypted is synchronous in last link transmission
Whether the factor is equal, if differing, meets the Rule of judgment, conversely, being then unsatisfactory for;The Rule of judgment ensures destination upper one
Data that are secondary and this time obtaining are different, and are prevented the possibility of data re-transmitting, are improved the security performance of whole system.
3, the synchronizer can be the parameter that time, personnel, equipment etc. have certain attribute, by be added it is synchronous because
Son realizes empowerment management according to different attributes convenient for system.
4, after encrypted order data is sent to transfer end by starting point, transfer end can deposit the order data
Storage under transfer end and starting point off-line case, still can carry out the dynamic transmission of data to destination by transfer end and award
Power realizes offline authorization.
Specific embodiment
Embodiment one:
A kind of command authority method of dynamic security, the order send data, the life from the starting point of link to destination
Enable include it is encrypted after dynamic data and it is encrypted after order data, the dynamic data be in each link transmission with
The variation of a synchronizer and change, the synchronizer generated in each link transmission refreshing at least once change
Change, which includes pending order;
Destination obtains the synchronizer in order data and dynamic data to the data deciphering being transmitted to, and judges the life
It enables whether data and synchronizer meet every Rule of judgment, and then decides whether that the order in the order data is allowed to be held
Row.
The synchronizer changes with the refreshing that each link transmission follows increasing function.When the synchronizer can be
Between, personnel, equipment etc., the present embodiment is using the time as synchronizer.
It also include the section definition of the synchronizer in the order data, the Rule of judgment of the destination includes following three
It is a:
(1) whether the synchronizer that decryption obtains is in the section, if meeting the Rule of judgment, conversely, being then discontented with
Foot.
(2) whether the synchronizer that decryption obtains and the synchronizer in last link transmission are equal, full if differing
Foot Rule of judgment, conversely, being then unsatisfactory for.
(3) the also identity information comprising the identity information of starting point, destination in the order data, the starting decrypted
Whether the identity information at end and the identity information of destination correspond to, if corresponding, meet Rule of judgment, conversely, being then unsatisfactory for.
When above three Rule of judgment is all satisfied, then destination is allowed to execute order.
The encryption and decryption processes of the dynamic data include:
Ciphering process: it is executed in starting point, destination identity information is encrypted by key K to obtain encrypted mesh
End identity information, then dynamic data is encrypted by the encrypted destination identity information, in the ciphering process
Destination identity information is that starting point is obtained by external input, such as directly inputs destination to starting point by input equipment
Identity information sends destination identity information to starting point by portable mobile apparatus.
Decrypting process: it is executed in destination, destination identity information is encrypted by key K to obtain encrypted mesh
End identity information, then dynamic data is decrypted by the encrypted destination identity information, the mesh of the decrypting process
End identity information be stored in the destination.
The encryption of dynamic data and order data passes through same key K and is encrypted.
Embodiment two:
Have an at least transfer end, order backward through transfer end by the starting point of link between starting point and destination
Destination sends data, which is sent to transfer end and retransmits to destination after encrypting in starting point, the synchronization because
Son and dynamic data refresh generation in transfer end, then are sent to destination after dynamic data is encrypted;In the order data also
Identity information including the transfer end.
In the present embodiment, the ciphering process of dynamic data are as follows: destination identity information is carried out by key K in starting point
Encryption obtains encrypted destination identity information and is sent to transfer end, then passes through the encrypted destination in transfer end
Identity information encrypts dynamic data.In the present embodiment, the decrypting process of dynamic data is identical as embodiment one;It is another
In preferred embodiment, the ciphering process of the synchronizer can be executed only at transfer end.In the present embodiment, when which is
Between, which is dynamic data.
Technical solution described in the present embodiment includes: in the program that starting point executes
CT1=E (IDb, K);Destination identity information is encrypted by key K to obtain data CT1;
CT2=E (IDt | IDm | IDb | IDu | A | Rang (Smin, Smax ...) | C1, K);By key K to starting point body
Part Information ID t, transfer end identity information IDm, destination identity information IDb, subscriber identity information IDu, pending order A, together
The section definition Rang (Smin, Smax ...) and other qualifications C1 for walking the factor are encrypted to obtain order data CT2;
CT3=CT1 | CT2;Data CT1 and CT2 are integrated.
Technical solution described in the present embodiment includes: in the program that transfer end executes
Si=IS (S);Primary incremental refreshing variation is carried out to synchronizer S and obtains synchronizer Si (dynamic data), IS
() is increasing function, using synchronizer as dynamic data in the present embodiment, when the synchronizer is the time, and the incremental letter
Obtained synchronizer is real-time time value after number refreshes, can guarantee the synchronizer (dynamic data) after refreshing every time all with
Difference before;
CTsi=E (Si, CT1);By being sent to the data CT1 at transfer end from starting point to the synchronizer Si after refreshing
It is encrypted to obtain encrypted dynamic data CTsi;
CTsi2=CTsi | CT2;Order data CT2 and dynamic data CT1 are integrated.
Technical solution described in the present embodiment includes: in the program that destination executes
CT4=E (IDb, K);The destination identity information for being stored in destination is encrypted to obtain data by key K
CT4;
PTsi=DE (CTsi, CT4);CTsi is decrypted by data CT4 to obtain synchronizer PTsi (PTsi etc.
In Si);
PT2 (IDt | IDm | IDb | IDu | A | Rang (Smin, Smax ...) | C1)=DE (CT2, K);Pass through K pairs of key
CT2 be decrypted to obtain order data PT2 (IDt | IDm | IDb | IDu | A | Rang (Smin, Smax ...) | C1);
CK(PTsi,Rang(Smin,Smax,…));Judge synchronizer whether definition section Rang (Smin,
Smax ...) in, guarantee the validity of the order, such as when the synchronizer is the time, which guarantees the order
Timeliness;
CK(PTsi,Sl);Judge whether current synchronizer and last synchronizer are identical, prevent data re-transmitting
The case where occur;
CK(IDt|IDm|IDb|IDu|A|C1);Judge whether the relevant information in order data correctly corresponds to;
Sl=PTsi;Current dynamic factor PTsi is saved, as comparison other next time;
Meet above three Rule of judgment, destination can be allowed to execute order A.Above-mentioned encryption method can be used AES,
The Encryption Algorithm such as RSA are encrypted.
The present embodiment is in intelligent lock system in application, order transmission is command authority behavior, above-mentioned starting point
As main website, transfer end are portable mobile apparatus (such as mobile phone), and destination is intelligent terminal (such as intelligent lock), logical when needing
, can be by mobile phone to main website application when crossing mobile phone to main website application authorization unlocking, main website and mobile phone are according still further to described in the present embodiment
Licensing scheme issue authorized order (including dynamic data and order data), realize securely unlocking.
Embodiment three:
The present embodiment three and the difference of embodiment two are: have multiple transfer ends, the order by link starting point according to
Secondary to send data to destination behind multiple transfer ends, the synchronizer and dynamic data are at each transfer end being successively transferred to
In generate it is primary refresh, finally send data to destination.
Example IV:
The present embodiment four and the difference of embodiment two and three are: after related data is sent to transfer end by starting point,
Transfer end is stored, and then, main website can be offline with transfer end, and data (packet only can also be sent to destination by transfer end
Include order data and dynamic data).
The above is only the preferred embodiment of the present invention, the range implemented of the present invention that therefore, it cannot be limited according to, i.e., according to
Equivalent changes and modifications made by the invention patent range and description, should still be within the scope of the present invention.
Claims (12)
1. a kind of command authority method of dynamic security, it is characterised in that:
The order sends data from the starting point of link to destination, the order include it is encrypted after dynamic data and encrypted
Order data afterwards, the dynamic data are to change in each link transmission with the variation of a synchronizer, this is same
The step factor generates the variation of refreshing at least once in each link transmission, which includes pending order;
Destination obtains the synchronizer in order data and dynamic data to the data deciphering being transmitted to, and judges the command number
Whether meet every Rule of judgment according to synchronizer, and then decides whether that the order in the order data is allowed to be performed.
2. a kind of command authority method of dynamic security according to claim 1, it is characterised in that: the synchronizer with
Each link transmission follows the refreshing variation of increasing function.
3. a kind of command authority method of dynamic security according to claim 2, it is characterised in that: in the order data also
Section definition comprising the synchronizer, the Rule of judgment of the destination include: whether to decrypt obtained synchronizer in the area
In, if meeting the Rule of judgment, conversely, being then unsatisfactory for.
4. a kind of command authority method of dynamic security according to claim 3, it is characterised in that: the judgement of the destination
Condition further include: whether the synchronizer decrypted and the synchronizer in last link transmission are equal, full if differing
Foot Rule of judgment, conversely, being then unsatisfactory for.
5. a kind of command authority method of dynamic security according to claim 4, it is characterised in that: in the order data also
The identity information of identity information, destination comprising starting point, the Rule of judgment of the destination further include: the starting decrypted
Whether the identity information at end and the identity information of destination correspond to, if corresponding, meet Rule of judgment, conversely, being then unsatisfactory for.
6. a kind of command authority method of dynamic security according to claim 5, it is characterised in that: the dynamic data adds
It is close to include: with decrypting process
Ciphering process: destination identity information is encrypted by key K to obtain encrypted destination identity information, then is led to
It crosses the encrypted destination identity information to encrypt dynamic data, the destination identity information in the ciphering process has been
Beginning is obtained by external input;
Decrypting process: it is executed in destination, destination identity information is encrypted by key K to obtain encrypted destination
Identity information, then dynamic data is decrypted by the encrypted destination identity information, the destination of the decrypting process
Identity information is stored in the destination.
7. a kind of command authority method of dynamic security according to claim 6, it is characterised in that: starting point and destination
Between have an at least transfer end, the order from the starting point of link behind transfer end to destination send data, the command number
It retransmits according to transfer end is sent to after encrypting in starting point to destination, the synchronizer and dynamic data are brushed in transfer end
It is new to generate, then destination is sent to after dynamic data is encrypted;It further include the identity information at the transfer end in the order data.
8. a kind of command authority method of dynamic security according to claim 6, it is characterised in that: the ciphering process is rising
Beginning executes.
9. a kind of command authority method of dynamic security according to claim 7, it is characterised in that: the ciphering process is in
Turn end to execute;Or, being encrypted to obtain encrypted destination identity letter to destination identity information by key K in starting point
Transfer end is ceased and be sent to, then synchronizer is encrypted by the encrypted destination identity information in transfer end.
10. a kind of command authority method of dynamic security according to claim 7, it is characterised in that: have multiple transfers
End, the order successively send data, the synchronizer and dynamic number to destination behind multiple transfer ends from the starting point of link
Once refresh according to being generated in each transfer end being successively transferred to.
11. a kind of command authority method of dynamic security according to claim 1 to 10, it is characterised in that: should
Synchronizer is the time.
12. a kind of command authority method of dynamic security according to claim 7, it is characterised in that: based on the starting point
It stands, which is portable mobile apparatus, which is intelligent terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811325055.4A CN109639638B (en) | 2018-11-08 | 2018-11-08 | Dynamic safe command authorization method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811325055.4A CN109639638B (en) | 2018-11-08 | 2018-11-08 | Dynamic safe command authorization method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109639638A true CN109639638A (en) | 2019-04-16 |
| CN109639638B CN109639638B (en) | 2021-06-25 |
Family
ID=66067516
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811325055.4A Active CN109639638B (en) | 2018-11-08 | 2018-11-08 | Dynamic safe command authorization method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109639638B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007060888A1 (en) * | 2005-11-25 | 2007-05-31 | Matsushita Electric Industrial Co., Ltd. | Portable terminal |
| CN105701896A (en) * | 2016-02-29 | 2016-06-22 | 宇龙计算机通信科技(深圳)有限公司 | Fingerprint authorization unlocking method and device and terminals |
| CN205665755U (en) * | 2016-05-10 | 2016-10-26 | 南京中科道置智能科技有限公司 | Yard entrance guard's device is swept to shockproof type intelligence |
| CN106056713A (en) * | 2016-06-08 | 2016-10-26 | 珠海明居智能科技有限公司 | Remote authorization method for combination locks |
| CN106097511A (en) * | 2016-06-23 | 2016-11-09 | 林海航 | A kind of electronic lock keyless access system of random key |
| US20170110144A1 (en) * | 2015-10-16 | 2017-04-20 | Google Inc. | Hotword recognition |
| CN106761052A (en) * | 2017-02-15 | 2017-05-31 | 北京航空航天大学 | A kind of automobile door control remote-control key radio frequency Replay Attack system of defense based on timestamp |
-
2018
- 2018-11-08 CN CN201811325055.4A patent/CN109639638B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007060888A1 (en) * | 2005-11-25 | 2007-05-31 | Matsushita Electric Industrial Co., Ltd. | Portable terminal |
| US20170110144A1 (en) * | 2015-10-16 | 2017-04-20 | Google Inc. | Hotword recognition |
| CN105701896A (en) * | 2016-02-29 | 2016-06-22 | 宇龙计算机通信科技(深圳)有限公司 | Fingerprint authorization unlocking method and device and terminals |
| CN205665755U (en) * | 2016-05-10 | 2016-10-26 | 南京中科道置智能科技有限公司 | Yard entrance guard's device is swept to shockproof type intelligence |
| CN106056713A (en) * | 2016-06-08 | 2016-10-26 | 珠海明居智能科技有限公司 | Remote authorization method for combination locks |
| CN106097511A (en) * | 2016-06-23 | 2016-11-09 | 林海航 | A kind of electronic lock keyless access system of random key |
| CN106761052A (en) * | 2017-02-15 | 2017-05-31 | 北京航空航天大学 | A kind of automobile door control remote-control key radio frequency Replay Attack system of defense based on timestamp |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109639638B (en) | 2021-06-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106161402B (en) | Encryption equipment key injected system, method and device based on cloud environment | |
| CN108683501B (en) | Multiple identity authentication system and method with timestamp as random number based on quantum communication network | |
| CN101409619B (en) | Flash memory card and method for implementing virtual special network key exchange | |
| CN107094076B (en) | Secret communication method based on quantum true random number and communication system | |
| CN109391468A (en) | A kind of authentication method and system | |
| CN109714760B (en) | Authority access control method suitable for intelligent equipment in direct connection communication environment | |
| CN107769913A (en) | A kind of communication means and system based on quantum UKey | |
| CN109714170B (en) | Data isolation method in alliance chain and corresponding alliance chain system | |
| CN110535641A (en) | Key management method and device, computer equipment and storage medium | |
| CN112487443A (en) | Energy data fine-grained access control method based on block chain | |
| CN107707562A (en) | A kind of method, apparatus of asymmetric dynamic token Encrypt and Decrypt algorithm | |
| CN104125239B (en) | A kind of method for network authorization transmitted based on data link encryption and system | |
| CN105897748A (en) | Symmetric secrete key transmission method and device | |
| CN110460436A (en) | Hardware device key management method, system, storage medium and computer equipment | |
| CN105262586B (en) | The method for distributing key and device of automobile burglar equipment | |
| CN101931623A (en) | Safety communication method suitable for remote control with limited capability at controlled end | |
| TWI422241B (en) | Spectrum authorization and related communications methods and apparatus | |
| CN108718237A (en) | A kind of modified AKA identity authorization systems and method based on pool of symmetric keys | |
| CN104753682A (en) | Generating system and method of session keys | |
| CN114499857A (en) | Method for realizing data correctness and consistency in big data quantum encryption and decryption | |
| CN107070637A (en) | A kind of data encryption/decryption method of overlapping packet | |
| CN102281303A (en) | Data exchange method | |
| CN114070579A (en) | Industrial control service authentication method and system based on quantum key | |
| CN109544765A (en) | A kind of electric power lock management method and system | |
| CN105915345A (en) | Realization method for authorized production and reform in home gateway device production testing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210928 Address after: 361000 3F, angye building north, Pioneer Park, torch hi tech Zone, Xiamen City, Fujian Province Patentee after: HASO (XIAMEN) INFO. Co.,Ltd. Address before: 3 / F, angye building, Pioneer Park, torch hi tech Zone, Xiamen, Fujian, 361000 Patentee before: Li Pingchuan |
|
| TR01 | Transfer of patent right |