CN111132163B - Authentication method and system for wireless security equipment and application program - Google Patents

Authentication method and system for wireless security equipment and application program Download PDF

Info

Publication number
CN111132163B
CN111132163B CN201911384416.7A CN201911384416A CN111132163B CN 111132163 B CN111132163 B CN 111132163B CN 201911384416 A CN201911384416 A CN 201911384416A CN 111132163 B CN111132163 B CN 111132163B
Authority
CN
China
Prior art keywords
application program
authentication
information
equipment
wireless security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911384416.7A
Other languages
Chinese (zh)
Other versions
CN111132163A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201911384416.7A priority Critical patent/CN111132163B/en
Publication of CN111132163A publication Critical patent/CN111132163A/en
Application granted granted Critical
Publication of CN111132163B publication Critical patent/CN111132163B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/48Security arrangements using identity modules using secure binding, e.g. securely binding identity modules to devices, services or applications

Abstract

The present invention relates to the field of communications, and in particular, to a method and a system for authenticating a wireless security device and an application program. The method comprises the steps that an application program obtains first device information of mobile equipment and an application identifier of the application program and sends the first device information and the application identifier of the application program to wireless safety equipment, the wireless safety equipment judges whether the first device information and the application identifier of the application program are stored in the wireless safety equipment, if yes, authentication is successful, otherwise, an authentication code is generated and displayed, when the authentication code input by a user is received, whether the authentication code input by the user is matched with the authentication code generated by the wireless safety equipment is judged, if yes, the authentication is successful, the first device information and the application identifier are stored, otherwise, the authentication is failed, and the method is ended. The invention improves the safety and reliability of the communication between the application program and the wireless safety equipment, and solves the problem that the application program is wrongly bound to the wireless safety equipment after a plurality of wireless safety equipment and the same mobile equipment are bound.

Description

Authentication method and system for wireless security equipment and application program
Technical Field
The present invention relates to the field of communications, and in particular, to a method and a system for authenticating a wireless security device and an application.
Background
Before the mobile device establishes communication with the wireless security device, a binding relationship needs to be established with the wireless security device. In the prior art, as long as the mobile device and the wireless security device have established a binding relationship, the application program running on the mobile device can communicate with the wireless security device without being authenticated by the wireless security device, so that the unauthenticated application program on the mobile device can communicate with the wireless security device, and the security and reliability of the communication between the application program and the wireless security device are reduced. And after the binding relationship between a plurality of wireless safety devices and the same mobile device is established, the situation that the application program running on the mobile device is bound to the wireless safety devices by mistake easily occurs.
Disclosure of Invention
In order to solve the defects of the prior art, the invention provides a method and a system for authenticating a wireless security device and an application program.
In a first aspect, the present invention provides a method for authenticating a wireless security device and an application, including the following steps:
step S1: an application program and wireless security equipment negotiate a session key, first equipment information of mobile equipment and an application identifier of the application program are obtained, the session key is used for encrypting the first equipment information and the application identifier to obtain a first authentication information ciphertext, and the first authentication information ciphertext is sent to the wireless security equipment;
step S2: the wireless security device receives a first authentication information ciphertext sent by the application program, decrypts the first authentication information ciphertext by using the session key to obtain first device information and an application identifier, judges whether the first device information and the application identifier are stored in the wireless security device, if so, sends first authentication success information to the application program, executes step S3, otherwise, generates and displays an authentication code, sends first authentication failure information to the application program, and executes step S4;
and step S3: the application program receives the first authentication success information, communicates with the wireless safety equipment and finishes;
and step S4: the application program receives the first authentication failure information, prompts a user to input an authentication code displayed by the wireless security equipment, and sends the authentication code input by the user to the wireless security equipment when recognizing that the user inputs the authentication code;
step S5: the wireless security equipment receives an authentication code input by a user, judges whether the authentication code input by the user is matched with an authentication code generated by the wireless security equipment, if so, stores the first equipment information and the application identifier, sends second authentication success information to the application program, and executes the step S7, otherwise, sends second authentication failure information to the application program, and executes the step S6;
step S6: the application program receives the second authentication failure information and ends;
step S7: and the application program receives the second authentication success information, communicates with the wireless safety equipment and finishes.
In a second aspect, the present invention provides an authentication system for a wireless security device and an application, comprising: an application and a wireless security device;
the application program comprises: the system comprises a negotiation acquisition sending module, a first receiving communication module, a first receiving sending module, a first receiving ending module and a second receiving communication module;
the negotiation acquisition sending module is used for negotiating a session key with the wireless security device, acquiring first device information of the mobile device and an application identifier of the application program, encrypting the first device information and the application identifier by using the session key to obtain a first authentication information ciphertext, and sending the first authentication information ciphertext to the wireless security device;
the first receiving communication module is used for receiving the first authentication success information, communicating with the wireless safety equipment and ending;
the first receiving and sending module is used for receiving the first authentication failure information, prompting a user to input an authentication code displayed by the wireless security equipment, and sending the authentication code input by the user to the wireless security equipment when the authentication code input by the user is identified;
the first receiving ending module is used for receiving the second authentication failure information and ending;
the second receiving communication module is used for receiving the second authentication success information, communicating with the wireless safety equipment and ending;
the wireless security device specifically includes: the receiving encryption judging module and the receiving judging and sending module;
the receiving encryption judgment module is used for receiving a first authentication information ciphertext sent by the application program, decrypting the first authentication information ciphertext by using the session key to obtain first device information and an application identifier, judging whether the first device information and the application identifier are stored in the wireless security device, if so, sending first authentication success information to the application program to trigger the first receiving communication module, otherwise, generating and displaying an authentication code, sending first authentication failure information to the application program to trigger the first receiving and sending module;
the receiving, judging and sending module is used for receiving an authentication code input by a user, judging whether the authentication code input by the user is matched with an authentication code generated by the wireless security device, if so, storing the first device information and the application identifier, sending second authentication success information to the application program, and triggering the second receiving communication module, otherwise, sending second authentication failure information to the application program, and triggering the first receiving ending module.
Compared with the prior art, the invention has the following advantages:
according to the authentication method for the wireless safety equipment and the application program, even if the binding relationship between the mobile equipment and the wireless safety equipment is established, when the application program running on the mobile equipment establishes communication with the wireless safety equipment, the wireless safety equipment still needs to authenticate the application program, the method improves the safety and reliability of the communication between the application program and the wireless safety equipment, and solves the problem that the application program is mistakenly bound with the wireless safety equipment after the binding relationship between a plurality of wireless safety equipment and the same mobile equipment is established.
Drawings
Fig. 1 is a flowchart of an authentication method for a wireless security device and an application according to embodiment 1 of the present invention;
fig. 2 is a flowchart of an authentication method for a wireless security device and an application according to embodiment 2 of the present invention;
fig. 3 is a flowchart of an authentication method for a wireless security device and an application according to embodiment 3 of the present invention;
fig. 4 is a flowchart of an authentication method for a wireless security device and an application according to embodiment 4 of the present invention;
fig. 5 is a block diagram of an authentication system of a wireless security device and an application according to embodiment 5 of the present invention.
Detailed Description
The present application provides a method and a system for authenticating a wireless security device and an application program, and the following detailed description is provided with reference to the accompanying drawings. Examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
It will be understood by those within the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention are described in further detail below with reference to the accompanying drawings.
Example 1
An embodiment 1 of the present invention provides an authentication method for a wireless security device and an application, where the method is applied to a system having an application and a wireless security device, where the application is software matched with the wireless security device and installed on a mobile device, and after the mobile device is paired with the wireless security device through the application, an execution process of the method is as shown in fig. 1, and the method includes the following steps:
step S1: the application program and the wireless security equipment negotiate a session key, first equipment information of the mobile equipment and an application identifier of the application program are obtained, the session key is used for encrypting the first equipment information and the application identifier to obtain a first authentication information ciphertext, and the first authentication information ciphertext is sent to the wireless security equipment;
optionally, in step S1 of this embodiment, the negotiating, by the application program, a session key with the wireless security device specifically includes:
step A1: the application program sends a request for negotiating a session key to the wireless security device;
step A2: the wireless security equipment receives a session key negotiation request sent by an application program, generates a session key and sends the session key to the application program;
step A3: the application receives the session key sent by the wireless security device.
Optionally, in step S1 of this embodiment, before acquiring the first device information of the mobile device and the application identifier of the application program, the method further includes:
step B1: the application program judges whether the application program stores the device identifier of the mobile device, if so, the step B3 is executed, otherwise, the step B2 is executed;
and step B2: the application program generates and stores the device identifier, and executes the step B3;
and step B3: the method comprises the steps that an application program obtains a device identifier and converts the device identifier into first device information according to a first preset format;
optionally, in step S1 of this embodiment, the encrypting the first device information and the application identifier by using the session key to obtain the first authentication information ciphertext specifically includes:
step C1: the application program generates first authentication information according to the acquired first device information and an application identifier of the application program;
and step C2: the application program encrypts the first authentication information by using the session key to obtain a first authentication information ciphertext;
step S2: the wireless security equipment receives a first authentication information ciphertext sent by an application program, decrypts the ciphertext by using a session key to obtain first equipment information and an application identifier, judges whether the wireless security equipment stores the first equipment information and the application identifier, if so, sends first authentication success information to the application program, and executes step S3, otherwise, generates and displays an authentication code, sends first authentication failure information to the application program, and executes step S4;
optionally, in step S2 of this embodiment, the determining whether the wireless security device stores the first device information and the application identifier specifically includes: the wireless security device acquires a pre-stored authentication list, judges whether the first device information and the application identifier obtained by decryption are stored in the authentication list, if so, sends first authentication success information to the application program, and executes the step S3, otherwise, generates and displays an authentication code, sends first authentication failure information to the application program, and executes the step S4.
And step S3: the application program receives the first authentication success information, communicates with the wireless safety equipment and finishes;
and step S4: the application program receives the first authentication failure information, prompts a user to input an authentication code displayed by the wireless safety equipment, and sends the authentication code input by the user to the wireless safety equipment when recognizing that the user inputs the authentication code;
optionally, step S4 in this embodiment further includes: and the application program judges whether the user inputs the authentication code, if so, the application program sends the authentication code input by the user to the wireless safety equipment, otherwise, the application program is disconnected with the wireless safety equipment, and the operation is finished.
Further, the application program determines whether the user inputs the authentication code specifically as follows: and the application program judges whether the user inputs the authentication code within the first preset time, if so, the authentication code input by the user occurs to the wireless safety equipment, otherwise, the application program judges that the time is out, the application program is disconnected with the wireless safety equipment, and the operation is finished.
For example: the first preset time is 60 seconds;
step S5: the wireless security equipment receives an authentication code input by a user, judges whether the authentication code input by the user is matched with an authentication code generated by the wireless security equipment, if so, stores first equipment information and an application identifier, sends second authentication success information to an application program, and executes the step S7, otherwise, sends second authentication failure information to the application program, and executes the step S6;
optionally, in step S5 of this embodiment, the step of storing the first device information and the application identifier specifically includes: the wireless security equipment sequentially stores corresponding first equipment information and application identifiers according to an authentication sequence of the application program, the number of the first equipment information and the application identifiers stored by the wireless security equipment is limited, when the number of the first equipment information and the application identifiers stored by the wireless security equipment reaches the maximum value, the first equipment information and the application identifiers which are stored firstly are removed, and the first equipment information and the application identifiers which are successfully authenticated at this time are stored;
for example: the maximum number of the first device information and the application identifier stored by the wireless security device is 3.
Step S6: the application program receives the second authentication failure information and ends;
step S7: and the application program receives the second authentication success information, communicates with the wireless safety equipment and finishes.
In this embodiment, the first device information and the application identifier are used as a piece of authentication information, and the first device information and the application identifier are regarded as a whole in the authentication and storage process of the wireless security device for the first device information and the application identifier.
According to the authentication method for the wireless safety equipment and the application program, even if the binding relationship between the mobile equipment and the wireless safety equipment is established, when the application program running on the mobile equipment establishes communication with the wireless safety equipment, the wireless safety equipment still needs to authenticate the application program, the method improves the safety and reliability of the communication between the application program and the wireless safety equipment, and solves the problem that the application program is mistakenly bound with the wireless safety equipment after the binding relationship between a plurality of wireless safety equipment and the same mobile equipment is established.
Example 2
An embodiment 2 of the present invention provides an authentication method for a wireless security device and an application program, where the method is applied to a system having an application program and a wireless security device, the application program is software matched with the wireless security device and installed on a mobile device, and after the mobile device establishes pairing with the wireless security device through the application program, an execution process of the method is as shown in fig. 2, and the method includes the following steps:
step 101: the application program sends a request for negotiating a session key to the wireless security device;
optionally, the wireless security device may be a bluetooth device, an NFC device, or the like;
step 102: the wireless security equipment receives a session key negotiation request sent by an application program, generates a session key and sends the session key to the application program;
step 103: the application program receives the session key sent by the wireless security device, judges whether the application program stores the device identifier of the mobile device, if so, executes step 105, otherwise, executes step 104;
optionally, the device identifier of a mobile device uniquely corresponds to said mobile device for distinguishing between different mobile devices;
step 104: the application generates and saves the device identifier, and executes step 105;
step 105: the method comprises the steps that an application program obtains a device identifier and converts the device identifier into first device information according to a first preset format;
step 106: the application program acquires an application identifier of the application program, and first authentication information is generated according to the first device information and the application identifier;
optionally, the application identifier of an application uniquely corresponds to the application for distinguishing between different applications;
optionally, the application identifiers of different applications running on the same mobile device are different, and the application identifiers of the same application running on different mobile devices are the same;
step 107: the application program encrypts the first authentication information by using the session key to obtain a first authentication information ciphertext and sends the first authentication information ciphertext to the wireless security device;
step 108: the wireless security equipment receives the first authentication information ciphertext, decrypts the first authentication information by using the session key to obtain first authentication information, acquires first equipment information from the first authentication information, and converts the first authentication information into second equipment information according to a second preset format;
step 109: the wireless security device uses the first device information as a key to encrypt the second device information to obtain second authentication information;
step 110: the wireless security device acquires the authentication list, judges whether the second authentication information is in the authentication list, if so, sends first authentication success information to the application program, and executes step 111, otherwise, executes step 112;
step 111: the application program receives the first authentication success information, communicates with the wireless safety equipment and finishes;
step 112: the wireless security equipment generates and displays an authentication code and sends first authentication failure information to the application program;
step 113: the application program receives the first authentication failure information and prompts a user to input an authentication code displayed by the wireless security equipment;
step 114: the application program judges whether the user inputs the authentication code, if so, the authentication code input by the user is sent to the wireless safety equipment, otherwise, the operation is finished;
optionally, step 114 is specifically: and the application program judges whether the user inputs the authentication code within the first preset time, if so, the authentication code input by the user is generated to the wireless safety equipment, otherwise, the application program judges that the time is out and ends.
Step 115: the wireless security device receives an authentication code input by a user, judges whether the received authentication code is matched with an authentication code generated by the wireless security device, if so, executes step 117, otherwise, sends second authentication failure information to the application program, and executes step 116;
step 116: the application program receives the second authentication failure information and ends;
step 117: the wireless security device stores the second authentication information in the authentication list, sends a second authentication success information to the application program, and executes step 118;
step 118: and the application program receives the second authentication success information, communicates with the wireless safety equipment and finishes.
According to the authentication method for the wireless safety equipment and the application program, even if the binding relationship between the mobile equipment and the wireless safety equipment is established, when the application program running on the mobile equipment establishes communication with the wireless safety equipment, the wireless safety equipment still needs to authenticate the application program, the method improves the safety and reliability of the communication between the application program and the wireless safety equipment, and solves the problem that the application program is mistakenly bound with the wireless safety equipment after the binding relationship between a plurality of wireless safety equipment and the same mobile equipment is established.
Example 3
Embodiment 3 of the present invention provides an authentication method for a wireless security device and an application program, where this embodiment is applied to a system having an application program and a wireless security device, the application program is software matched with the wireless security device, the application program is an application program that runs on a foreground of a mobile device, and is installed on the mobile device, and the application program does not include an application program that runs on a background; the mobile device further comprises: an operating system, wherein the operating system (hereinafter referred to as system) is an apple IOS system, and the method is shown in fig. 3, and includes the following steps:
step 201: scanning wireless security equipment around the application program, judging whether the wireless security equipment is scanned, if so, executing step 202, otherwise, continuing to execute step 201;
optionally, in this embodiment, step 201 specifically includes: the method comprises the steps that an application program calls a first system function of the mobile equipment, wireless safety equipment around the application program is scanned, the name of the wireless safety equipment is obtained from a broadcast data packet of the scanned wireless safety equipment, whether the obtained name of the wireless safety equipment is the same as the name of the wireless safety equipment or not is judged, if yes, the wireless safety equipment is judged to be scanned, and if not, the wireless safety equipment is judged not to be scanned;
optionally, in this embodiment, the name of the wireless security device is specifically: BK _ FT7052;
optionally, in this embodiment, step 201 is more specifically: the method comprises the steps that an application program calls a first system function of the mobile device to scan wireless safety devices around the application program, when the wireless safety devices are scanned, the system obtains names of the wireless safety devices through a second callback system function, whether the obtained names of the wireless safety devices are BK _ FT7052 or not is judged, if yes, the wireless safety devices are scanned, and otherwise, the wireless safety devices are not scanned;
optionally, in this embodiment, the first function is specifically:
-(void)scanForPeripheralsWithServices:(nullable NSArray<CBUUID*>*)serviceUUIDs options:(nullable NSDictionary<NSString*,id>*)options;
the second function is specifically:
-(void)centralManager:(CBCentralManager*)central didDiscoverPeripheral:(CBPeripheral*)peripheral advertisementData:(NSDictionary<NSString*,id>*)advertisementData RSSI:(NSNumber*)RSSI;
step 202: connecting the wireless safety equipment, judging whether the connection is successful, if so, executing the step 203, otherwise, ending;
optionally, in this embodiment, step 202 specifically includes: the application program calls a third function of the mobile equipment system to connect the wireless security equipment, judges whether the connection with the wireless security equipment is successful or not by judging the type of a system callback function, if the callback function is a fourth function, the connection with the wireless security equipment is judged to be successful, and if the callback function is a fifth function, the connection with the wireless security equipment is judged to be failed;
specifically, in this embodiment, the third function is specifically:
-(void)connectPeripheral:(CBPeripheral*)peripheral options:(nullable NSDictionary<NSString*,id>*)options;
the fourth function is specifically:
-(void)centralManager:(CBCentralManager*)central didConnectPeripheral:(CBPeripheral*)peripheral;
the fifth function is specifically:
-(void)centralManager:(CBCentralManager*)central didFailToConnectPeripheral:(CBPeripheral*)peripheral error:(NSError*)error;
step 203: judging whether the application program and the wireless safety equipment are paired, if so, executing a step 205, otherwise, executing a step 204;
optionally, in this embodiment, step 203 specifically includes: the application program obtains a first parameter of a sixth function return value called back by the system, the first parameter of the sixth function return value is compared with a first parameter stored in a pre-stored connected list one by one, if the first parameter of the sixth function return value is not in the connected list and the system calls back the sixth function for the first time, the application program is judged to be unpaired with the wireless safety equipment, and if the first parameter of the sixth function return value is in the connected list and the system does not call back the sixth function for the first time, the application program is judged to be paired with the wireless safety equipment;
optionally, in this embodiment, the sixth function is specifically:
-(void)peripheral:(CBPeripheral*)aPeripheral didUpdateValueForCharacteristic:(CBCharacteristic*)characteristic error;
step 204: waiting for the user to confirm pairing, when the user confirms pairing, pairing with the wireless security equipment, and judging whether pairing is successful, if so, executing the step 205, otherwise, disconnecting the connection, and ending;
optionally, in step 204 of this embodiment, waiting for the user to confirm the pairing specifically includes: when the application program judges that the application program is not paired with the wireless safety equipment, the mobile equipment where the application program is located displays a pairing waiting interface for the user to confirm, when the pairing confirmation instruction of the user is received within second preset time, step 205 is executed, and when the pairing confirmation instruction of the user is not received within the second preset time, the mobile equipment is disconnected with the wireless safety equipment, and the operation is finished;
optionally, in this embodiment, step 204 specifically includes: the application program judges whether the pairing with the wireless security equipment is successful or not by judging whether the system calls back the seventh function, if the system calls back the seventh function, the pairing is successful, and if not, the pairing is failed;
optionally, in this embodiment, the seventh function is specifically: - (void) callBackBTBondedmethod (id) cbPeripheral;
step 205: sending a negotiation session key request to the wireless security device;
optionally, the application program sends a request for negotiating a session key to the wireless security device, receives session key data returned by the wireless security device, and decrypts the session key data to obtain a session key;
optionally, in this embodiment, the session key negotiation request sent by the application program to the wireless security device specifically includes: 611B000000000000000080S000000000000000000000000000000008S60000000000006D;
the received session key data returned by the wireless security device is specifically: 828S000000S00000005A9D9EF2EA1839CC06639A7C15A92EE2843602D2507092867FC8D99F22B7F6BD9CBEBD44C5DD93094DA174DDA2C4A28D027041A9EE469AD8BCE4ED23B32D0A51A4F92948AAACFF7B82185A55B 91B 8D 7280 FB 1CAB5 3467B1FF9B2E6365B89C1DEA44FF5C 7C 0C8520F4413F 4434 zxft 4220 ED 4234 FFC 1C039897B814D7B1C22 AAE;
the session key obtained by decryption is specifically: 0120668AA4F3631738E6F946D240A49234661E06736B1EDD086B7857948AD219FB6F7A6A45AAF6699B353B68CF07F27S77A68233E5EABB22F3B828D6DBD96287C18D1FB071C70B0A77E9DBDEDA84435EB795925B47808B123E65A3ED7261A17BAFSCEE2D90CDD46608B762474BB5F4AEFA1B047276E9ED4D0C1F48C40 AF3;
optionally, in this embodiment, after the application program sends the request for negotiating the session key to the wireless security device, if the session key returned by the wireless security device is not received, the connection is disconnected, and the process is ended;
step 206: receiving a session key sent by the wireless security device, judging whether the session key contains a device identifier of the mobile device, if so, executing step 208, otherwise, executing step 207;
optionally, the device identifier of a mobile device uniquely corresponds to said mobile device for distinguishing between different mobile devices;
optionally, in this embodiment, the application program searches for the first storage area of the application program, determines whether the first storage area is empty, determines that the application program does not include the device identifier if the first storage area is empty, execute step 207, and determines that the application program includes the device identifier if the first storage area is not empty, execute step 208;
step 207: generating a device identifier and saving the device identifier in an application program;
optionally, in this embodiment, the application generates the device identifier by calling an eighth function of the system, and stores the generated device identifier;
optionally, in this embodiment, the eighth function is specifically: NSString getuuidlemanager ();
step 208: acquiring a device identifier, and converting the device identifier into first device information according to a first preset format;
optionally, in this embodiment, step 208 specifically includes: the application program acquires the device identifier, removes the connector "-" contained in the acquired device identifier, and then uses the removed connector "-" as the first device information of the mobile device and stores the first device information;
optionally, in this embodiment, the device identifier obtained by the application program is specifically: CC15ADDF-C1E0-44F3-A674-5EC7E15E7AFF;
the first device information obtained after conversion according to the first preset format specifically includes: CC15ADDFC1E044F3a6745EC7E15E7AFF;
step 209: acquiring manufacturer information of the mobile equipment and an application identifier of an application program;
optionally, the vendor information of the mobile device specifically includes: information such as the device name, the device model, the manufacturer name and the like of the mobile device;
optionally, the application identifier of an application uniquely corresponds to the application for distinguishing between different applications;
optionally, the application identifiers of different applications running on the same mobile device are different, and the application identifiers of the same application running on different mobile devices are the same;
optionally, in this embodiment, the vendor information specifically includes: 46545361666549444465706172746D656E74;
the application identifier is specifically: 636F6D2E6674736166652E494342434E6577554944656D6F;
step 210: generating first authentication information according to the first device information, the manufacturer information and the application identifier;
optionally, in this embodiment, step 210 specifically includes: the application program sequentially splices the first equipment information, the manufacturer information and the application identification to obtain splicing information, and adds a first identification code in front of the splicing information to generate first authentication information;
for example: in this embodiment, the first identification code is: 8010;
the first device information is specifically: CC15ADDFC1E044F3a6745EC7E15E7AFF; wherein the content of the first and second substances,
the manufacturer information is specifically: 811246545361666549444465706172746D656E748218;
the application identifier is: 636F6D2E6674736166652E494342434E6577554944656D6F;
the first authentication information generated according to the second preset format specifically includes: 80SCC15ADDFC1E044F3A6745EC7E15E7AFF811246545361666549444465706172746D656E748218636F6D2E6674736166652E494342434E6577554944656D6F;
step 211: encrypting the generated first authentication information by using the session key to obtain a first authentication information ciphertext, and sending the first authentication information ciphertext to the wireless security device;
optionally, in this embodiment, the first authentication information ciphertext obtained by encrypting, by the application program, the generated first authentication information using the negotiated session key specifically includes: EA9041631C63D94B9C7D7F3797EE6E9F13CA20208502C46CB37EF0S508B741D91C45D6C4C86DFAD9ADA525E3B159F064A1BE4745F40C8E423E23063BE85A19B9492DF4D116BA4A183C1D167D3CCE1AA;
step 212: receiving the authentication result returned by the wireless security device, determining the type of the authentication result, executing step 213 when the authentication result is the first authentication failure information, and executing step 215 when the authentication result is the first authentication success information;
optionally, in this embodiment, the application program obtains data on the 8 th byte of the authentication result returned by the wireless security device, and if the data on the 8 th byte is 0xS, it determines that the returned authentication result is first authentication failure information, and performs step 213, and if the data on the 8 th byte is 0x00, it determines that the returned authentication result is first authentication success information, and performs step 215;
for example: the authentication result is as follows: 820S000000S4S000096, if the data of the 8 th byte is 0xS, the authentication result is judged to be first authentication failure information;
for example: the authentication result is as follows: 820S000000S400000096, if the data of the 8 th byte is 0x00, the authentication result is judged to be first authentication success information;
optionally, in this embodiment, when the application receives the first authentication failure information returned by the wireless security device, the application generates an input authentication code session box on the mobile device;
step 213: prompting a user to input an authentication code, and sending the authentication code input by the user to the wireless safety equipment after the user inputs the authentication code;
optionally, in this embodiment, step 213 specifically includes: the application program waits for the user to input a corresponding authentication code in an authentication code input session frame generated by the mobile equipment according to the authentication code displayed on the wireless safety equipment, and sends the authentication code input by the user to the wireless safety equipment;
optionally, in this embodiment, the length of the authentication code is 6 bytes;
for example: the 6 bytes of authentication code is: 456384;
step 214: receiving an authentication result returned by the wireless security device, judging the type of the authentication result, executing step 215 when the authentication result is second authentication success information, and disconnecting and ending when the authentication result is second authentication failure information;
optionally, in this embodiment, the application program obtains data on the 4 th byte of the authentication result returned by the wireless security device, if the data on the 4 th byte of the authentication result is 0x00 and the total length of the data of the authentication result is equal to the sum of the data on the second byte and 6, it is determined that the authentication result is second authentication success information, otherwise, it is determined that the authentication result is second authentication failure information, the connection with the wireless security device is disconnected, and the process is ended;
step 215: and communicating with the wireless safety equipment, and ending.
According to the authentication method for the wireless safety equipment and the application program, even if the binding relationship between the mobile equipment and the wireless safety equipment is established, when the application program running on the mobile equipment establishes communication with the wireless safety equipment, the wireless safety equipment still needs to authenticate the application program, the method improves the safety and reliability of the communication between the application program and the wireless safety equipment, and solves the problem that the application program is mistakenly bound with the wireless safety equipment after the binding relationship between a plurality of wireless safety equipment and the same mobile equipment is established.
Example 4
Embodiment 4 of the present invention provides an authentication method for a wireless security device and an application program, which is applied to the wireless security device, and as shown in fig. 3, the authentication method includes the following steps:
step 300: powering on and initializing;
step 301: judging whether the connection with the application program is performed, if so, executing step 302, otherwise, continuing to execute step 301;
step 302: pairing with an application program;
step 303: receiving a session key negotiation request sent by an application program, generating a session key, and sending the session key to the application program;
optionally, in this embodiment, the session key sent to the application program is specifically: 828S000000S00000005A9D9EF2EA1839CC06639A7C15A92EE2843602D2507092867FC8D99F22B7F6BD9CBEBD44C5DD93094DA174DDA2C4A28D027041A9EE469AD8BCE4ED23B32D0A51A4F92948AAACFF7B82185A55B91ED 8D 7280CEAB1CAB5DB3467B1FF9B2E6365B89C1DEA44FF5C 0C8520F4413F94544 FFt 4234 FFF 21C1C039897B814D7B1C22 AAE;
step 304: receiving a first authentication information ciphertext sent by an application program, and decrypting the first authentication information ciphertext by using a session key to obtain first authentication information;
optionally, the wireless security device decrypts the first authentication information ciphertext using the negotiated session key to obtain first authentication information;
optionally, the first authentication ciphertext specifically is: EA9041631C63D94B9C7D7F3797EE6E9F13CA20208502C46CB37EF0S508B741D91C45D6C4C86DFAD9ADA525E3B159F064A1BE4745F40C8E423E23063BE85A19B9492DF4D116BA4A183C1D167D3CCE1AA;
the first authentication information is specifically: 80SCC15ADDFC1E044F3A6745EC7E15E7AFF811246545361666549444465706172746D656E748218636F6D2E6674736166652E494342434E6577554944656D6F;
step 305: generating second equipment information according to the first authentication information and a second preset format;
optionally, in this embodiment, step 305 specifically includes: the wireless safety equipment removes the first identification code from the first authentication information sent by the application program to obtain second equipment information;
for example: the second device information is:
CC15ADDFC1E044F3A6745EC7E15E7AFF46545361666549444465706172746D656E74636F6D2E6674736166652E494342434E6577554944656D6F;
step 306: encrypting the second equipment information by using a first preset function to obtain a first encrypted ciphertext, performing Hash operation on the first encrypted ciphertext by using a second preset function to obtain a first Hash result, and performing operation on the first Hash result by using a third preset function to obtain second authentication information;
optionally, in this embodiment, the wireless security device encrypts the second device information using an SM4 function to obtain a first encrypted ciphertext, performs a hash operation on the first encrypted ciphertext using an SM3 function to obtain a first hash result, and performs an operation on the first hash result using an SHA1 function to obtain second authentication information;
optionally, the encrypting, by the wireless security device, the second device information using the SM4 function specifically includes: the wireless security equipment uses the first equipment information as a secret key, and symmetrically encrypts the second equipment information by using an SM4 function to obtain a first encryption ciphertext;
optionally, the performing the hash operation on the first encrypted ciphertext by using the SM3 function specifically includes: the wireless security equipment uses the first equipment information as a secret key, and uses an SM3 function to carry out Hash operation on the first encrypted ciphertext to obtain a first Hash result;
optionally, the operation on the first hash result by using the SHA1 function specifically includes: the wireless security device takes the first device information as a secret key, and calculates the first hash result by using an SHA1 function to obtain second authentication information;
optionally, the length of the first encrypted ciphertext is the same as the length of the second device information; the length of the first hash result is 32 bytes; the length of the second authentication information is 20 bytes;
for example: the first encrypted ciphertext is: 4DD56CDA4B635445DEF21B9AA3DADBC0BF339C8A4DED5F8a94317E3D61C9DES57a563A6D49296EDF97C 6BAC758486FDBBF47E3CB4AE6E4CD56EDB5475D7B1;
the first hash result obtained is:
8389D5214840A7E703C1C77617E2C21DBF39C5F4B0E2F0156AA6DC3560BD9898;
the second authentication information: 5D972D06936B80437E81305C0E 0CAEEC716439;
step 307: acquiring an authentication list, judging whether the second authentication information is in the authentication list, if so, executing step 309, otherwise, executing step 308;
optionally, in one possible embodiment, the second authentication information includes: first device information, vendor information, and an application identifier; for the same mobile device, the corresponding first device information and the manufacturer information are the same, and the corresponding application identifiers of different application programs running on the mobile device are different, so that different second authentication information can be obtained; if a certain application program triggers the corresponding mobile device to be connected with the wireless security device, when other application programs trigger the same mobile device to be connected with the wireless security device again, the wireless security device still initiates pairing authentication to the mobile device due to the fact that the second authentication information is different;
step 308: generating and displaying an authentication code, sending first authentication failure information to the application program, and executing step 310;
optionally, the wireless security device generates an authentication code with a preset length by using a random number algorithm, and displays the authentication code with the preset length on a screen;
optionally, in this embodiment, the length of the authentication code is 6 bytes;
step 309: sending first authentication success information to the application program;
step 310: receiving an authentication code sent by an application program, judging whether the authentication code sent by the application program is matched with an authentication code generated by the wireless security equipment, if so, executing step 312, otherwise, executing step 311;
step 311: sending second authentication failure information to the application program;
step 312: and sending second authentication success information to the application program.
According to the authentication method for the wireless safety equipment and the application program, even if the binding relationship between the mobile equipment and the wireless safety equipment is established, when the application program running on the mobile equipment establishes communication with the wireless safety equipment, the wireless safety equipment still needs to authenticate the application program, the method improves the safety and reliability of the communication between the application program and the wireless safety equipment, and solves the problem that the application program is mistakenly bound with the wireless safety equipment after the binding relationship between a plurality of wireless safety equipment and the same mobile equipment is established.
Example 5
An embodiment 5 of the present invention provides an authentication system for a wireless security device and an application program, including: an application 50 and a wireless security device 51;
the application 50 includes: a negotiation acquisition sending module 501, a first receiving communication module 503, a first receiving sending module 504, a first receiving ending module 506 and a second receiving communication module 507;
a negotiation obtaining and sending module 501, configured to negotiate a session key with the wireless security device 51, obtain first device information of the mobile device and an application identifier of the application program, encrypt the first device information and the application identifier using the session key to obtain a first authentication information ciphertext, and send the first authentication information ciphertext to the wireless security device 51;
the first receiving communication module 503 is configured to receive the first authentication success information, communicate with the wireless security device 51, and end;
a first receiving and sending module 504, configured to receive the first authentication failure information, prompt the user to input the authentication code displayed by the wireless security device 51, and send the authentication code input by the user to the wireless security device 51 when the user input authentication code is identified;
a first receiving end module 506, configured to receive the second authentication failure information, and end;
the second receiving communication module 507, configured to receive the second authentication success information, communicate with the wireless security device 51, and then end;
the wireless security device 51 specifically includes: a receiving encryption judgment module 502 and a receiving judgment sending module 505;
a receiving encryption judgment module 502, configured to receive a first authentication information ciphertext sent by the first receiving and sending module 504, decrypt the first authentication information ciphertext with a session key to obtain first device information and an application identifier, judge whether the wireless security device 51 stores the first device information and the application identifier, if yes, send first authentication success information to the first receiving communication module 503, trigger the first receiving communication module 503, otherwise, generate and display an authentication code, send first authentication failure information to the first receiving and sending module 504, and trigger the first receiving and sending module 504;
a receiving, judging and sending module 505, configured to receive the authentication code input by the user, judge whether the authentication code input by the user matches the authentication code generated by the receiving encryption judging module 502, if yes, store the first device information and the application identifier, send second authentication success information to the application program 50, and trigger the second receiving and communicating module 507, otherwise, send second authentication failure information to the application program 50, and trigger the first receiving and ending module 506.
Optionally, in the application 50, the negotiation acquisition sending module 501 includes: a negotiation session key unit; the negotiation session key unit specifically includes a first sending subunit and a first receiving subunit, and the wireless security device includes a receiving and sending subunit:
a first sending subunit, configured to send a negotiation session key request to the wireless security device 51;
a receiving and sending subunit, configured to receive a session key negotiation request sent by an application program, generate a session key, and send the session key to the application program;
a first receiving subunit, configured to receive the session key sent by the wireless security device 51.
Optionally, the negotiation acquisition sending module 501 further includes: a first receiving unit; the first receiving unit specifically includes:
a first judging subunit, configured to judge whether the application program 50 stores the device identifier of the mobile device, if yes, trigger the acquiring and saving subunit, and otherwise trigger the first generating subunit;
the first generation subunit is used for generating and storing the equipment identifier and triggering the acquisition and storage subunit;
and the acquisition and storage subunit is used for acquiring the device identifier and converting the device identifier into the first device information according to a first preset format.
Optionally, the first determining subunit is specifically configured to search the first storage area of the application program 50, determine whether the first storage area is empty, determine that the device identifier of the mobile device is stored in the application program if the first storage area is not empty, trigger the obtaining and saving subunit, and determine that the device identifier of the mobile device is not stored in the application program 50 if the first storage area is empty, and trigger the first generating subunit.
Optionally, the obtaining and saving subunit is specifically configured to obtain the device identifier, and remove a connector "-" included in the device identifier to obtain the first device information of the mobile device.
Optionally, the negotiation acquisition sending module 501 further includes: a first encryption unit; the first encryption unit specifically includes:
the first obtaining subunit is configured to generate first authentication information according to the obtained first device information and the application identifier of the application program;
and the first encryption subunit is used for encrypting the first authentication information by using the session key to obtain a first authentication information ciphertext.
Optionally, the receiving encryption determining module 502 includes:
the receiving and decrypting unit is used for receiving the first authentication information ciphertext, decrypting the first authentication information ciphertext by using the session key to obtain first authentication information, and acquiring first equipment information from the first authentication information;
the first conversion unit is used for converting the first authentication information into second equipment information according to a second preset format;
a first encryption unit, configured to encrypt the second device information using the first device information as a key to obtain second authentication information;
a first determining unit, configured to obtain a pre-stored authentication list, determine whether the second authentication information is in the authentication list, if so, send first authentication success information to the application program 50, and trigger the first receiving and communicating module 503, otherwise, generate and display an authentication code, send first authentication failure information to the application program 50, and trigger the first receiving and sending module 506.
Optionally, the first encryption unit is specifically configured to encrypt the second device information by using a first preset function to obtain a first encrypted ciphertext, perform a hash operation on the first encrypted ciphertext by using a second preset function to obtain a first hash result, and perform an operation on the first hash result by using a third preset function to obtain the second authentication information.
Optionally, the first preset function used by the first encryption unit is specifically: an SM4 function; the second preset function used is specifically: an SM3 function; the third preset function used is specifically: the SHA1 function.
Optionally, the receiving encryption determining module 502 is specifically configured to obtain a stored authentication list, determine whether the decrypted first device information and application identifier are stored in the authentication list, if so, send first authentication success information to the application program 50 to trigger the first receiving communication module 503, otherwise, generate and display an authentication code, send first authentication failure information to the application program 50, and trigger the first receiving sending module 504.
Optionally, the first receiving and sending module 504 is further configured to determine whether the user inputs the authentication code, and if so, send the authentication code input by the user to the wireless security device 51, otherwise, end.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all such changes or substitutions should be covered by the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (22)

1. A method for authenticating a wireless security device and an application program, wherein the application program is matched with the wireless security device and is installed on a mobile device, and the method is established after the mobile device is paired with the wireless security device through the application program, and comprises the following steps:
step S1: an application program and wireless security equipment negotiate a session key, first equipment information of mobile equipment and an application identifier of the application program are obtained, the session key is used for encrypting the first equipment information and the application identifier to obtain a first authentication information ciphertext, and the first authentication information ciphertext is sent to the wireless security equipment;
step S2: the wireless security device receives a first authentication information ciphertext sent by the application program, decrypts the ciphertext by using the session key to obtain first device information and an application identifier, judges whether the first device information and the application identifier are stored in the wireless security device, if so, sends first authentication success information to the application program, and executes step S3, otherwise, generates and displays an authentication code, sends first authentication failure information to the application program, and executes step S4;
and step S3: the application program receives the first authentication success information, communicates with the wireless safety equipment and finishes;
and step S4: the application program receives the first authentication failure information, prompts a user to input an authentication code displayed by the wireless security equipment, and sends the authentication code input by the user to the wireless security equipment when recognizing that the user inputs the authentication code;
step S5: the wireless security equipment receives an authentication code input by a user, judges whether the authentication code input by the user is matched with an authentication code generated by the wireless security equipment, if so, stores the first equipment information and the application identifier, sends second authentication success information to the application program, and executes the step S7, otherwise, sends second authentication failure information to the application program, and executes the step S6;
step S6: the application program receives the second authentication failure information and ends;
step S7: and the application program receives the second authentication success information, communicates with the wireless safety equipment and finishes.
2. The method as claimed in claim 1, wherein in step S1, the negotiating the session key between the application and the wireless security device specifically includes:
step A1: the application program sends a request for negotiating a session key to the wireless security device;
step A2: the wireless security equipment receives a session key negotiation request sent by the application program, generates a session key and sends the session key to the application program;
step A3: the application program receives the session key sent by the wireless security device.
3. The method according to claim 1, wherein in step S1, before the obtaining the first device information of the mobile device and the application identifier of the application program, further comprising:
step B1: the application program judges whether the application program stores the equipment identifier of the mobile equipment, if so, the step B3 is executed, otherwise, the step B2 is executed;
and step B2: the application program generates and stores the device identifier, and executes the step B3;
and step B3: and the application program acquires the device identifier and converts the device identifier into first device information according to a first preset format.
4. The method according to claim 3, wherein the step B1 is specifically: the application program searches a first storage area of the application program, judges whether the first storage area is empty, judges that the application program stores the equipment identifier of the mobile equipment if the first storage area is not empty, and executes step B3, judges that the application program does not store the equipment identifier of the mobile equipment if the first storage area is empty, and executes step B2.
5. The method according to claim 3, wherein step B3 is in particular: and the application program acquires the equipment identifier, and removes the connector contained in the equipment identifier to be used as the first equipment information of the mobile equipment.
6. The method according to claim 1, wherein in step S1, the encrypting the first device information and the application identifier by using the session key to obtain a first authentication information ciphertext specifically includes:
step C1: the application program generates first authentication information according to the acquired first device information and an application identifier of the application program;
and step C2: and the application program encrypts the first authentication information by using the session key to obtain a first authentication information ciphertext.
7. The method according to claim 6, wherein the step S2 is specifically:
step D1: the wireless security equipment receives the first authentication information ciphertext, decrypts the first authentication information ciphertext by using the session key to obtain first authentication information, and acquires first equipment information from the first authentication information;
step D2: the wireless security equipment converts the first authentication information into second equipment information according to a second preset format;
and D3: the wireless security device uses the first device information as a key to encrypt the second device information to obtain second authentication information;
step D4: and the wireless safety equipment acquires a pre-stored authentication list, judges whether the second authentication information is in the authentication list, if so, sends first authentication success information to the application program, and executes the step S3, otherwise, generates and displays an authentication code, sends first authentication failure information to the application program, and executes the step S4.
8. The method according to claim 7, wherein said step D3 is in particular: the wireless security device encrypts the second device information by using a first preset function to obtain a first encrypted ciphertext, performs hash operation on the first encrypted ciphertext by using a second preset function to obtain a first hash result, and performs operation on the first hash result by using a third preset function to obtain second authentication information.
9. The method according to claim 8, wherein the first predetermined function is specifically: an SM4 function; the second preset function is specifically: an SM3 function; the third preset function is specifically: the SHA1 function.
10. The method according to claim 1, wherein in step S2, the step of determining whether the wireless security device stores the decrypted first device information and the application identifier specifically includes: the wireless security device acquires a stored authentication list, judges whether the first device information and the application identifier obtained by decryption are stored in the authentication list, if so, sends first authentication success information to the application program, and executes the step S3, otherwise, generates and displays an authentication code, sends first authentication failure information to the application program, and executes the step S4.
11. The method of claim 1, wherein the step S4 further comprises: and the application program judges whether the user inputs the authentication code, if so, the application program sends the authentication code input by the user to the wireless safety equipment, and if not, the application program ends.
12. A system for authenticating a wireless security device with an application, comprising: the application program is software matched with the wireless security device and is installed on a mobile device, and the mobile device is paired with the wireless security device through the application program;
the application program comprises: the system comprises a negotiation acquisition sending module, a first receiving communication module, a first receiving sending module, a first receiving ending module and a second receiving communication module;
the negotiation acquisition sending module is used for negotiating a session key with the wireless security device, acquiring first device information of the mobile device and an application identifier of the application program, encrypting the first device information and the application identifier by using the session key to obtain a first authentication information ciphertext, and sending the first authentication information ciphertext to the wireless security device;
the first receiving communication module is used for receiving the first authentication success information, communicating with the wireless safety equipment and ending;
the first receiving and sending module is used for receiving the first authentication failure information, prompting a user to input an authentication code displayed by the wireless safety equipment, and sending the authentication code input by the user to the wireless safety equipment when the authentication code input by the user is identified;
the first receiving ending module is used for receiving the second authentication failure information and ending;
the second receiving communication module is used for receiving the second authentication success information, communicating with the wireless safety equipment and ending;
the wireless security device specifically includes: the receiving encryption judging module and the receiving judging and sending module;
the receiving encryption judgment module is used for receiving a first authentication information ciphertext sent by the application program, decrypting the first authentication information ciphertext by using the session key to obtain first device information and an application identifier, judging whether the first device information and the application identifier are stored in the wireless security device, if so, sending first authentication success information to the application program to trigger the first receiving communication module, otherwise, generating and displaying an authentication code, sending first authentication failure information to the application program to trigger the first receiving and sending module;
the receiving, judging and sending module is used for receiving an authentication code input by a user, judging whether the authentication code input by the user is matched with an authentication code generated by the wireless security device, if so, storing the first device information and the application identifier, sending second authentication success information to the application program, and triggering the second receiving communication module, otherwise, sending second authentication failure information to the application program, and triggering the first receiving ending module.
13. The system of claim 12, wherein in the application, the negotiation acquisition sending module comprises: a negotiation session key unit; the negotiation session key unit specifically includes a first sending subunit and a first receiving subunit, and the wireless security device includes a receiving and sending subunit:
the first sending subunit is configured to send a negotiation session key request to the wireless security device;
the receiving and sending subunit is configured to receive a session key negotiation request sent by the application program, generate a session key, and send the session key to the application program;
the first receiving subunit is configured to receive a session key sent by the wireless security device.
14. The system of claim 12, wherein in the application program, the negotiation acquisition sending module further comprises: a first receiving unit; the first receiving unit specifically includes:
the first judging subunit is used for judging whether the application program stores the equipment identifier of the mobile equipment, if so, the acquiring and storing subunit is triggered, otherwise, the first generating subunit is triggered;
the first generation subunit is configured to generate and store a device identifier, and trigger the acquisition and storage subunit;
the acquiring and storing subunit is configured to acquire the device identifier and convert the device identifier into first device information according to a first preset format.
15. The system according to claim 14, wherein the first determining subunit is specifically configured to search for a first storage area of the application program, determine whether the first storage area is empty, determine that a device identifier of a mobile device is stored in the application program if the first storage area is not empty, trigger the acquiring and saving subunit, and determine that no device identifier of a mobile device is stored in the application program if the first storage area is empty, and trigger the first generating subunit.
16. The system according to claim 14, wherein the acquisition and storage subunit is specifically configured to acquire the device identifier, and remove a connector included in the device identifier to obtain the first device information of the mobile device.
17. The system of claim 12, wherein in the application program, the negotiation acquisition sending module further comprises: a first encryption unit; the first encryption unit specifically includes:
the first obtaining subunit is configured to generate first authentication information according to the obtained first device information and the application identifier of the application program;
and the first encryption subunit is used for encrypting the first authentication information by using the session key to obtain a first authentication information ciphertext.
18. The system of claim 17, wherein the wireless security device, the receive encryption decision module comprises:
a receiving and decrypting unit, configured to receive the first authentication information ciphertext, decrypt the first authentication information ciphertext using the session key to obtain the first authentication information, and obtain first device information from the first authentication information;
the first conversion unit is used for converting the first authentication information into second equipment information according to a second preset format;
a first encryption unit, configured to encrypt the second device information using the first device information as a key to obtain second authentication information;
and the first judging unit is used for acquiring a pre-stored authentication list, judging whether the second authentication information is in the authentication list, if so, sending first authentication success information to the application program and triggering the first receiving communication module, otherwise, generating and displaying an authentication code, sending first authentication failure information to the application program and triggering the first receiving and sending module.
19. The system according to claim 18, wherein the first encryption unit is specifically configured to encrypt the second device information using a first preset function to obtain a first encrypted ciphertext, perform a hash operation on the first encrypted ciphertext using a second preset function to obtain a first hash result, and perform an operation on the first hash result using a third preset function to obtain the second authentication information.
20. The system according to claim 19, wherein the first preset function used by the first encryption unit is specifically: an SM4 function; the second preset function used is specifically: an SM3 function; the third preset function used is specifically: the SHA1 function.
21. The system according to claim 12, wherein in the wireless security device, the encryption reception determination module is specifically configured to obtain a stored authentication list, determine whether the decrypted first device information and application identifier are stored in the authentication list, if so, send first authentication success information to the application program to trigger the first communication reception module, otherwise, generate and display an authentication code, send first authentication failure information to the application program to trigger the first transmission reception module.
22. The system of claim 12, wherein the first receiving and sending module is further configured to determine whether the user inputs an authentication code, and if so, send the authentication code input by the user to the wireless security device, otherwise, end.
CN201911384416.7A 2019-12-28 2019-12-28 Authentication method and system for wireless security equipment and application program Active CN111132163B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911384416.7A CN111132163B (en) 2019-12-28 2019-12-28 Authentication method and system for wireless security equipment and application program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911384416.7A CN111132163B (en) 2019-12-28 2019-12-28 Authentication method and system for wireless security equipment and application program

Publications (2)

Publication Number Publication Date
CN111132163A CN111132163A (en) 2020-05-08
CN111132163B true CN111132163B (en) 2022-11-04

Family

ID=70505744

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911384416.7A Active CN111132163B (en) 2019-12-28 2019-12-28 Authentication method and system for wireless security equipment and application program

Country Status (1)

Country Link
CN (1) CN111132163B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1886963A (en) * 2003-11-27 2006-12-27 纳格拉卡德股份有限公司 Method for the authentication of applications
WO2013009120A2 (en) * 2011-07-13 2013-01-17 (주)시루정보 Mobile communication terminal and apparatus and method for authenticating applications
CN103685384A (en) * 2012-09-12 2014-03-26 中兴通讯股份有限公司 User authentication method and device for preventing malicious harassment
CN104283853A (en) * 2013-07-08 2015-01-14 华为技术有限公司 Method, terminal device and network device for improving information safety

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8800058B2 (en) * 2011-07-27 2014-08-05 Microsoft Corporation Licensing verification for application use

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1886963A (en) * 2003-11-27 2006-12-27 纳格拉卡德股份有限公司 Method for the authentication of applications
WO2013009120A2 (en) * 2011-07-13 2013-01-17 (주)시루정보 Mobile communication terminal and apparatus and method for authenticating applications
CN103685384A (en) * 2012-09-12 2014-03-26 中兴通讯股份有限公司 User authentication method and device for preventing malicious harassment
CN104283853A (en) * 2013-07-08 2015-01-14 华为技术有限公司 Method, terminal device and network device for improving information safety

Also Published As

Publication number Publication date
CN111132163A (en) 2020-05-08

Similar Documents

Publication Publication Date Title
CN112311544B (en) Method and system for communication between server and authenticator
CN107071709B (en) Pairing method and device with Bluetooth equipment
CN110177354B (en) Wireless control method and system for vehicle
CN105847247B (en) Authentication system and working method thereof
CN109120649B (en) Key agreement method, cloud server, device, storage medium and system
CN112291774B (en) Method and system for communicating with authenticator
CN108809643B (en) Method, system and device for device and cloud to negotiate key
CN110192381B (en) Key transmission method and device
CN112291773B (en) Authenticator and communication method thereof
CN105450269A (en) Method and device for realizing safe interaction and pairing authentication between Bluetooth devices
CN110730441B (en) Bluetooth device and working method thereof
CN107969001B (en) Bluetooth pairing bidirectional authentication method and device
CN109145628B (en) Data acquisition method and system based on trusted execution environment
WO2016115807A1 (en) Wireless router access processing method and device, and wireless router access method and device
CN104836784A (en) Information processing method, client, and server
CN114125832B (en) Network connection method, terminal, network equipment to be distributed and storage medium
CN110190950B (en) Method and device for realizing security signature
CN109068321A (en) Method, system, mobile terminal and the smart home device of consult session key
CN108600224B (en) Diagnostic device and method for secure access to a diagnostic device
CN111148275B (en) Communication method, device and system based on equipment code
CN111132163B (en) Authentication method and system for wireless security equipment and application program
CN110913380B (en) Method and device for communication with Bluetooth equipment based on applet platform
CN114254342A (en) Communication connection method, system, device, storage medium and processor
EP2389031A1 (en) Secure handoff method and system
WO2012068801A1 (en) Authentication method for mobile terminal and mobile terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant