CN112954662A - Authentication method for recognizing digital certificate based on NFC - Google Patents
Authentication method for recognizing digital certificate based on NFC Download PDFInfo
- Publication number
- CN112954662A CN112954662A CN202110283429.6A CN202110283429A CN112954662A CN 112954662 A CN112954662 A CN 112954662A CN 202110283429 A CN202110283429 A CN 202110283429A CN 112954662 A CN112954662 A CN 112954662A
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- nfc
- certificate
- user
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3278—RFID or NFC payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3827—Use of message hashing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Abstract
The invention provides an authentication method for identifying a digital certificate based on NFC, which comprises the following steps: the method comprises the steps of firstly carrying out NFC identification, carrying out Hash encryption on identified information, transmitting the information into a background for comparison, comparing a bound digital certificate with a certificate of a user after success, carrying out decryption by adopting an ECC algorithm of large integer decomposition, inquiring a CRL revocation certificate list under the condition of consistency, and finishing authentication of the digital certificate when the state of the certificate is normal.
Description
Technical Field
The invention relates to a digital certificate authentication method, which is characterized in that NFC identification is added on the basis, the digital certificate is decrypted by using an ECC algorithm of large integer decomposition, and SHA-256 is used for verification.
Background
Today with the continuous development of science and technology, shopping is carried out on the network, financial transactions become very normal, and personal information security on the network is required to be guaranteed, so that in this case, a digital certificate is born, and strong identity authentication is provided to solve the security problem.
Disclosure of Invention
Aiming at the defects of the existing digital certificate authentication, the invention aims to provide an authentication method for identifying the digital certificate based on NFC, the provided method improves the digital certificate authentication in the security field, and solves the problem of user identity authentication login.
The method adopted by the invention is as follows: when a user has an authentication request, NFC identification is needed, the user uses slave equipment to carry out close-range contact on NFC master equipment of a terminal, the master equipment can transmit a label with a standard NFC data format through reading information, an SHA-256 algorithm is carried out to encrypt the label into a ciphertext of 256 bits and transmit the ciphertext into a database of a background for comparison, if the information is the same data, the database transmits a corresponding bound digital certificate back, when the NFC identification fails, the reason is reminded by a popup window, if the identification succeeds, the digital certificate is verified, after the digital certificate corresponding to the NFC label is found out from the database, the digital certificate of a user side is obtained for verification, and the decryption is carried out by adopting a large integer decomposition ECC algorithm:
order to
Handle bar
The conversion is made into a binary system,
,
And so on if
Then calculate
Otherwise, get
And then, verifying by using the SHA-256 algorithm, decrypting by using the ECC algorithm, then calculating the hash value by using the SHA-256 algorithm to form a 256-bit hash value, and then verifying by using the SHA-256 algorithm, wherein the values obtained by the current back-end two-time hash algorithm are the same, so that the data transmission is safer because the data is not invaded by the middle in the transmission process.
And simultaneously decrypting and comparing the digital certificates returned by the database, if different results occur, popping windows which fail authentication will occur and the reason of unsuccessful authentication will be explained, if the authentication is successful, next CRL authentication is carried out, namely verification of a revocation list is carried out, abnormal digital certificates such as overdue digital certificates or revocation exist on the CRL, if the digital certificates of the user are the same as those on the CRL, the windows are popped to prompt that the digital certificates fail to be authenticated, and if the abnormal digital certificates are not found, the authentication is completed.
Drawings
Fig. 1 is a flowchart of a method for identifying digital certificate authentication based on NFC.
Detailed description of the preferred embodiments
After the step S101 starts, after the user sends a request for digital certificate authentication in the step S102, in the step S103, judgment of NFC identity recognition at N1 is performed, the user needs to present a slave device of the certificate identity, which is identified by NFC distributed at the time of certificate registration, to make close contact with the NFC master device, the master device obtains a tag of the NFC data format standard in the slave device, performs hash algorithm encryption, and transmits data to the background to judge whether the data is authenticated; when detecting that the database has no information of related identity, the method will enter step S105, pop up a window of authentication failure, and indicate that the database has no information of related digital certificate compared; when the identification is successful, the process will enter step S104, the background database searches the registered bound certificate according to the NFC data tag that has just been imported, after the search, local acquisition is performed in step S106, after the acquisition, step S107 of importing the certificate by the user side will be performed, if the local certificate exists, automatic detection and identification will be performed, after the user imports the certificate, step S108 will be performed, that is, judgment at N2 is performed, an ECC algorithm with large integer decomposition is used to verify whether the digital certificate issued by the CA organization is consistent with the digital certificate of the user side, and the following is an ECC algorithm process with large data decomposition:
suppose a decryption process
In which b is the ciphertext, d is the private key,
due to the fact
Therefore, make
Obtained by the Euler theorem
And are and
k and m are positive integers,
now it is
The operation has been simplified to
And then decrypted using a modulo repeat squaring algorithm. By the formula
Order to
Handle bar
The conversion is made into a binary system,
,
And so on if
Then calculate
Otherwise, get
This concludes the operation.
After ECC algorithm decryption, SHA-256 algorithm is carried out to solve the hash value, and a 256-bit hash value is formed. And then, the SHA-256 algorithm is adopted for verification, and the values obtained by the current back-end two-time Hash algorithm are the same, so that the data is not invaded by the middle in the transmission process, and the data transmission is safer.
After the judgment of step S108 is completed, if the certificate result is not consistent, step S111 is entered to pop window to prompt that the authentication is failed, but when the authentication result is consistent, step S109 is continued, the judgment at N3 is performed, the query is performed according to the information in the CRL revocation certificate list, if the current certificate of the user terminal is found in the CRL, it is indicated that the user certificate is expired or in other abnormal state, and the normal authentication cannot be performed, step S111 is entered to pop window to prompt that the authentication is failed, and if the current required certificate is not found in the CRL, it is indicated that the current digital certificate is still in the normal state. The authentication will continue to step S110 to be successful.
Claims (6)
1. An authentication method for identifying a digital certificate based on NFC is as follows:
when a user has an authentication request, NFC identification is required, the user uses the slave equipment to carry out close-range contact on NFC master equipment of a terminal, the master equipment encrypts a label with a standard NFC data format into a ciphertext of 256 bits by using an SHA-256 algorithm and transmits the ciphertext into a background database for comparison, and if the label has the same data, the database transmits back a correspondingly bound digital certificate; if the identification is successful, the verification of the digital certificate is carried out, after the digital certificate corresponding to the NFC label is found out from the database, the digital certificate of the user side is obtained for verification, after the verification is successful, the further verification of the CRL revocation certificate is carried out, and when the certificate state is detected to be normal, the verification of the digital certificate is completed.
2. The method of claim 1, wherein said digital certificate authentication is characterized by decrypting the digital certificate using an ECC algorithm with large integer decomposition and verifying the digital certificate using SHA-256.
3. The method of claim 1, wherein the NFC identification is in a passive mode.
4. The method of claim 1, wherein the label generating the NFC data format standard is SHA-256 encrypted at user registration, bound to a corresponding digital certificate, database entered, and distributed to the user from the NFC slave device recording the user label.
5. The method of claim 1, wherein said CRL verification uses a CRL revocation list to verify if the digital certificate is expired or has other abnormal status.
6. The method of claim 1, wherein the verification of the digital certificate is performed by decrypting the digital certificate provided by the user and the digital certificate issued by the CA organization according to an algorithm, and comparing the results to determine whether the certificates are consistent.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110283429.6A CN112954662A (en) | 2021-03-17 | 2021-03-17 | Authentication method for recognizing digital certificate based on NFC |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110283429.6A CN112954662A (en) | 2021-03-17 | 2021-03-17 | Authentication method for recognizing digital certificate based on NFC |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112954662A true CN112954662A (en) | 2021-06-11 |
Family
ID=76230209
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110283429.6A Pending CN112954662A (en) | 2021-03-17 | 2021-03-17 | Authentication method for recognizing digital certificate based on NFC |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112954662A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110103586A1 (en) * | 2008-07-07 | 2011-05-05 | Nobre Tacito Pereira | System, Method and Device To Authenticate Relationships By Electronic Means |
| CN104219055A (en) * | 2014-09-10 | 2014-12-17 | 天津大学 | NFC (near field communication)-based point-to-point trusted authentication method |
| CN104657855A (en) * | 2015-03-10 | 2015-05-27 | 王清斌 | Mobile payment identity verification device with NFC interface |
| CN108551455A (en) * | 2018-04-24 | 2018-09-18 | 北京小米移动软件有限公司 | The configuration method and device of smart card |
-
2021
- 2021-03-17 CN CN202110283429.6A patent/CN112954662A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110103586A1 (en) * | 2008-07-07 | 2011-05-05 | Nobre Tacito Pereira | System, Method and Device To Authenticate Relationships By Electronic Means |
| CN104219055A (en) * | 2014-09-10 | 2014-12-17 | 天津大学 | NFC (near field communication)-based point-to-point trusted authentication method |
| CN104657855A (en) * | 2015-03-10 | 2015-05-27 | 王清斌 | Mobile payment identity verification device with NFC interface |
| CN108551455A (en) * | 2018-04-24 | 2018-09-18 | 北京小米移动软件有限公司 | The configuration method and device of smart card |
Non-Patent Citations (1)
| Title |
|---|
| 张文: "一种安全加固的NFC无线通信连接认证加速系统", 《信息网络安全》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2020048241A1 (en) | Blockchain cross-chain authentication method and system, and server and readable storage medium | |
| EP3435591B1 (en) | 1:n biometric authentication, encryption, signature system | |
| US9654468B2 (en) | System and method for secure remote biometric authentication | |
| CN102800141B (en) | A kind of access control method based on two-way authentication and system | |
| US9218473B2 (en) | Creation and authentication of biometric information | |
| US20120155636A1 (en) | On-Demand Secure Key Generation | |
| US8751791B2 (en) | Method and device for confirming authenticity of a public key infrastructure (PKI) transaction event | |
| US20070226516A1 (en) | Data Communication Method and System | |
| US20140075186A1 (en) | Multiple Access Key Fob | |
| CN111769938B (en) | Key management system and data verification system of block chain sensor | |
| CN112448941B (en) | Authentication system and method for authenticating a microcontroller | |
| CA2969332C (en) | A method and device for authentication | |
| US20100235900A1 (en) | Efficient two-factor authentication | |
| Scheirer et al. | Beyond pki: The biocryptographic key infrastructure | |
| US8918844B1 (en) | Device presence validation | |
| CN110290134A (en) | A kind of identity identifying method, device, storage medium and processor | |
| CN112396735A (en) | Internet automobile digital key safety authentication method and device | |
| CN113190860B (en) | Block chain sensor data authentication method and system based on ring signature | |
| CN102970676A (en) | Method for processing original data, internet of thing system and terminal | |
| US8171282B2 (en) | Encryption data integrity check with dual parallel encryption engines | |
| CN103929308A (en) | Information verification method applied to RFID card | |
| TW202211047A (en) | Data acquisition method, apparatus and device, and medium | |
| CN110650019B (en) | RFID authentication method and system based on PUF and security sketch | |
| CN104883260B (en) | Certificate information processing and verification method, processing terminal and authentication server | |
| CN112954662A (en) | Authentication method for recognizing digital certificate based on NFC |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210611 |