CN113037498A - Safety authentication method of off-line equipment - Google Patents
Safety authentication method of off-line equipment Download PDFInfo
- Publication number
- CN113037498A CN113037498A CN202110276384.XA CN202110276384A CN113037498A CN 113037498 A CN113037498 A CN 113037498A CN 202110276384 A CN202110276384 A CN 202110276384A CN 113037498 A CN113037498 A CN 113037498A
- Authority
- CN
- China
- Prior art keywords
- slave device
- random number
- count value
- master device
- slave
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a safety authentication method of off-line equipment, which comprises the steps of executing a first authentication step after a master device is connected with a slave device for the first time, and reading a slave device counting value stored in the slave device after the slave device passes the first authentication; when the master device is subsequently connected with the slave device, executing a subsequent authentication step: the slave device calculates the identification code through a hash algorithm to obtain a first hash value, 5 the identification code and the first hash value are sent to the master device, the master device judges whether the first hash value is correct, if the first hash value is correct, an instruction of increasing 1 to the count value is sent to the slave device, and the count value of the slave device is read; the master device determines whether the read slave device count value is greater than the count value recorded by the master device plus 1, and if so, does not pass authentication of the slave device. The invention can realize the safety certification of the off-line equipment quickly and with low cost.
Description
Technical Field
The invention belongs to the field of security authentication of master and slave equipment, and particularly relates to a security authentication method of offline equipment.
Background
With the development of electronic technology, some electronic devices need to be securely authenticated for use, for example, an authenticated device is a slave device, a device for performing security authentication is a master device, when the slave device needs to perform security authentication, the slave device needs to be connected to the master device, and the master device reads data of the slave device and checks the data of the slave device to determine whether the slave device passes the security authentication.
Generally, when the master device performs security authentication on the slave device, data such as a slave device ID number or a key needs to be acquired from the server, and therefore, the master device needs to provide a network communication module to realize communication with the server. However, some master devices are not able to communicate with the server based on security considerations, such devices are often referred to as offline devices. Since the offline device is not in network connection with network devices such as a server, the master device cannot upload the ID numbers of the slave devices to the server for comparison during security authentication, and the master device itself cannot store the ID numbers of all the slave devices, the slave devices cannot perform one-object-one-code authentication in the conventional offline device.
At present, a single symmetric encryption algorithm or an asymmetric encryption algorithm is adopted, that is, the same or corresponding encryption and decryption algorithms are run on the master device and the slave device, when the symmetric encryption algorithm is adopted, the master device and the slave device need to store the same key, and if the key of one of the master device or the slave device is broken, all the master device and the slave device are all broken; when the asymmetric encryption algorithm is adopted, the algorithm has large calculation amount, high power consumption, long safety authentication time and increased corresponding physical cost of the master device and the slave device.
Disclosure of Invention
The invention aims to provide a safety authentication method of off-line equipment, which has the advantages of good safety, short authentication time and less calculation amount.
In order to achieve the purpose of the invention, the security authentication method of the off-line equipment provided by the invention comprises the steps of executing the first authentication step after the master equipment is connected with the slave equipment for the first time, and reading the slave equipment counting value stored in the slave equipment after the slave equipment passes the first authentication; when the master device is subsequently connected with the slave device, executing a subsequent authentication step: the slave equipment calculates the identification code through a hash algorithm to obtain a first hash value, sends the identification code and the first hash value to the master equipment, and the master equipment judges whether the first hash value is correct or not, if the first hash value is correct, sends an instruction of increasing 1 to the slave equipment, and reads the slave equipment count value of the slave equipment; the master device determines whether the read slave device count value is greater than the count value recorded by the master device plus 1, and if so, does not pass authentication of the slave device.
According to the scheme, the ID of the slave device is calculated by the master device and the slave device through a hash algorithm, if the hash value of the slave device is incorrect, the slave device cannot pass the authentication of the slave device, and each slave device can be ensured to have a unique identification code, so that one object and one code are realized. In addition, after the slave device is connected to the master device each time, the count value of the slave device is increased by 1, so that the master device can judge whether the count value of the slave device is correct, and if the count value is incorrect, the slave device is considered to be illegally read or connected by other master devices, and the safety authentication of the slave device is not passed.
Therefore, the scheme of the invention can ensure the safety of the slave equipment authentication, does not need to use a very complex algorithm to carry out a large amount of encryption and decryption calculation, does not need to store the identification codes of all the slave equipment by the master equipment, has lower generation cost of the master equipment and the slave equipment, and has shorter time required by the authentication.
Preferably, if the slave device count value read by the master device is equal to the count value recorded by the master device plus 1, the count value stored by the master device is incremented by 1 through the authentication of the slave device.
Therefore, after the slave device passes the authentication each time, the master device increases the recorded count value by 1, namely, the count value is synchronized with the count value of the slave device, and the accuracy of the subsequent authentication is ensured.
A further scheme is that, if the slave device count value read by the master device is smaller than the count value recorded by the master device plus 1, the master device writes the recorded count value into the slave device, and after the slave device updates the count value, the slave device count value of the slave device is read again.
Therefore, if the count value of the slave device is smaller, the slave device does not update the count value of the slave device in time, at this time, the master device updates the count value of the slave device and reads the count value of the slave device again to judge whether the slave device passes the authentication, so that on one hand, the safety of the slave device authentication can be improved, and on the other hand, the situation that the slave device is mistakenly considered to pass the safety authentication after the slave device is illegally rewritten can be avoided.
Further, after reading the slave device count value of the slave device again, sending an instruction of increasing the count value by 1 to the slave device, and judging whether the slave device count value returned by the slave device is equal to the count value recorded by the master device and increased by 1.
Thus, by sending the instruction of increasing the count value by 1 to the slave device again and reading the count value of the slave device again, it can be determined whether the slave device has a fault, thereby ensuring that the currently authenticated slave device is a non-faulty slave device.
Further, the first authentication step comprises: the slave device calculates the identification code through a Hash algorithm to obtain a second Hash value, sends the identification code and the second Hash value to the master device, and the master device judges whether the second Hash value is correct or not, and if the second Hash value is incorrect, the authentication is terminated.
It can be seen that when the master device and the slave device are authenticated for the first time, the identification code of the slave device needs to be authenticated, so as to ensure that the currently authenticated slave device is a slave device that meets the requirements.
If the master device confirms that the second hash value is correct, the slave device generates a first random number and a second random number, encrypts the first random number and the second random number by using a first key to generate a first ciphertext and a second ciphertext, splices the first ciphertext and the second ciphertext to form first spliced data, and sends the first spliced data to the master device.
Further, after receiving the first concatenation data, the master device decrypts to obtain a first random number and a second random number, generates a third random number, moves the second random number by a preset number to form a fourth random number, generates a second key by using the first random number, encrypts the third random number and the fourth random number by using the second key to form a third ciphertext and a fourth ciphertext, concatenates the third ciphertext and the fourth ciphertext to form second concatenation data, and sends the second concatenation data to the slave device.
Further, after receiving the second splicing data, the slave device calculates a second key, decrypts the second key to obtain a third random number and a fourth random number, and determines the matching between the second random number and the fourth random number, and if the second random number and the fourth random number are not matched, the authentication fails.
Therefore, whether the slave device passes the authentication or not is judged through the matching of the second random number and the fourth random number, and the authentication efficiency can be improved.
Further, if the second random number is matched with the fourth random number, the third random number is moved by a preset number to form a fifth random number, the fifth random number is encrypted by using a second key to form third splicing data, and the third splicing data is sent to the main device.
Further, after receiving the third splicing data, the master device calculates a fifth random number, determines the matching between the fifth random number and the third random number, and if the fifth random number and the third random number are matched, the master device passes the first authentication of the slave device.
Therefore, whether the slave device passes the authentication or not can be efficiently confirmed through the calculation, the calculation amount of the master device and the slave device is small, and the efficiency of offline device authentication is improved.
Drawings
Fig. 1 is a block diagram of a master device and a slave device to which the security authentication method of the offline device of the present invention is applied.
Fig. 2 is a flowchart of an embodiment of a security authentication method for an offline device according to the present invention.
Fig. 3 is a flowchart of the first authentication of the slave device in the embodiment of the security authentication method of the offline device of the present invention.
Fig. 4 is a flowchart of the subsequent authentication of the slave device in the embodiment of the security authentication method for the offline device of the present invention.
The invention is further explained with reference to the drawings and the embodiments.
Detailed Description
Referring to fig. 1, the offline device includes a master device 10 and a slave device 20, and neither the master device 10 nor the slave device 20 is provided with a network communication module, that is, is not provided with a module such as WIFI or bluetooth, and does not communicate with a server, so that neither the master device 10 nor the slave device 20 can obtain data such as a slave device identification code from the server.
The master device 10 is provided with a master controller 11, an authentication assistance processor 12, a master device communication interface module 13, and a nonvolatile memory 14, and the slave device 20 is provided with an authentication assistance processor 22, a slave device communication interface module 23, and a nonvolatile memory 24. The main controller 11 is a main control unit of the main device 10, and for example, an MCU chip is selected; the authentication assisting processor 12 of the host device 10 is a processing module that performs a security authentication process, and communicates with the host controller 11 via the I2C bus. The authentication assistance processor 22 of the slave device 20 is a processing module that performs a security authentication procedure in correspondence with the authentication assistance processor 12 of the master device 10.
The master device communication interface module 13 and the slave device communication interface module 23 perform data communication with each other, and both communication interface modules execute the same communication data protocol, for example, they may be a contact data interface, which may be a single bus data interface, an I2C communication interface, or the like, or a contactless interface, which may be a NFC/RFID-like wireless communication interface.
The nonvolatile memories 14 and 24 of the master device 10 and the slave device 20 are both memories with an electrical erasing function, in which data can still be stored in case of power failure, the nonvolatile memory 14 is used for storing data such as an identification code, a key, and a count value of the master device 10, and the nonvolatile memory 24 is used for storing data such as an identification code, a key, and a count value of the slave device 20, and in the embodiment, the nonvolatile memories 14 and 24 are not limited to flash, EEPROM, FRAM, MTP, and the like.
In this embodiment, the master device 10 is applied to perform security authentication on the slave device 20, specifically, the security authentication is divided into a first authentication step of the slave device and a subsequent authentication step of the slave device. The first authentication step of the slave device is an authentication step executed when the slave device accesses the communication interface of the master device for the first time, and the subsequent authentication step of the slave device is an authentication step executed between the master device and the slave device every time the slave device works after passing the first authentication.
Referring to fig. 2, step S1 is first executed, and the master device determines whether to connect to the slave device, that is, whether there is a slave device to establish a connection with the master device. For example, the master device monitors the access of the slave device through pressure or interface level change or field intensity change, if the master device confirms the connection to the slave device, step S2 is executed, whether the slave device accesses the master device for the first time is judged, if yes, step S3 is executed, the slave device first authentication step is executed, otherwise, step S4 is executed, and the slave device subsequent authentication step is executed.
Referring to fig. 3, if the slave device is connected to the master device for the first time, the master controller of the master device sends a security authentication start instruction to the authentication assistance processor of the master device through the I2C bus, and at this time, the authentication assistance processor of the master device sends a "find slave" instruction to the slave device through the master device communication interface module.
After receiving the "find slave" instruction, the slave device executes step S11, and sends the identification code P of the current slave device and the second hash value Q to the authentication assistance processor of the master device, using the second hash value Q calculated by the hash algorithm with its own identification code. The hash algorithm used in this embodiment is a universal hash algorithm, including but not limited to SHA-1, SHA-3, SHA-256, and other hash algorithms.
After the authentication assistance processor of the master device receives the identification code P and the second hash value Q transmitted from the slave device, step S12 is executed to determine whether the received second hash value Q is correct. Specifically, the master device calculates a hash value Q1 according to the device identification code P by the same hash algorithm, determines whether the second hash value Q is equal to the calculated hash value Q1, if so, performs step S13, and if the second hash value Q is not equal to the hash value Q1, performs step S20, without passing the authentication of the slave device, that is, terminates the authentication.
If the second hash value Q is equal to the hash value Q1, the authentication assistance processor of the master device sends an instruction of "start authentication procedure" to the slave device through the communication interface module, at this time, the slave device executes step S13, and two sets of random numbers RndK and RndB are generated inside the authentication assistance processor of the slave device, where the random number RndK is a first random number and the random number RndB is a second random number. Then, the authentication assisting processor of the slave device uses the internally stored first key K to encrypt the random number RndB and the random number RndK respectively by using a symmetric encryption algorithm of the first key K and a ciphertext block chaining mode calculation procedure with all zeros as initial values to generate a ciphertext ek (RndB) and a ciphertext ek (RndK), wherein the ciphertext ek (RndK) is a first ciphertext, and the ciphertext ek (RndK) is a second ciphertext. Then, the ciphertext EK (rndb) and the ciphertext EK (rndk) are spliced to obtain first splicing data EK1, and the first splicing data EK1 is sent to the master device. In this embodiment, the symmetric encryption algorithm is an encryption algorithm in which the master device and the slave device have the same key and the same algorithm structure, and includes, but is not limited to, symmetric encryption algorithms such as 3DES, AES, SM7, and the like.
After receiving the first splicing data EK1, the master device executes step S14, decrypts the first splicing data EK1 using a symmetric encryption algorithm and a ciphertext block chaining mode calculation procedure with all zeros as initial values to obtain a random number RndB and a random number RndK, and generates a random number RndB 'after circularly left-shifting by 1 byte based on the random number RndB, wherein the random number RndB' is a fourth random number. Meanwhile, the authentication assistance processor of the main device internally generates a random number RndA, and the random number RndA is a third random number. The master device performs exclusive or on the first key K stored in the authentication assistance processor and the random number RndK to obtain a new key, namely, a second key K1 is obtained, a symmetric encryption algorithm with an initial value of ciphertext ek (Rndb) and a ciphertext block chaining mode calculation process with an initial value of all zero are used, the random number RndA is encrypted by the second key K1 to generate ciphertext ek (RndA), and the ciphertext ek (RndA) is a third ciphertext. Then, a symmetric encryption algorithm with an initial value of ciphertext ek (RndA) and a ciphertext block chaining mode calculation process are used for encrypting the random number RndB ' by using a second key K1 to generate a ciphertext ek (RndB '), and the ciphertext ek (RndB ') is a fourth ciphertext. Finally, the ciphertext EK (rnda) and the ciphertext EK (RndB') are spliced to obtain second spliced data EK2, and the second spliced data EK2 is sent to the slave device.
After receiving the second concatenated data EK2 from the authentication assisting processor of the device, step S14 is executed to perform xor between the stored first key K and the random number RndK to obtain a second key K1, and the second concatenated data EK2 is decrypted by using a symmetric encryption algorithm with initial values of ciphertext EK (RndB) and ciphertext EK (RndA) and a ciphertext block chaining mode calculation process, that is, the data with data EK (RndA) i (RndB ') is decrypted to obtain the random number RndA and the random number RndB'.
Since the random number RndB 'is generated by cyclically shifting the random number RndB by 1 byte left based on the random number RndB, the present embodiment can determine whether the algorithm used by the slave device is consistent with the algorithm used by the master device by comparing the consistency between the random number RndB' and the random number RndB, and further confirm whether the authentication of the slave device needs to be terminated. Therefore, step S16 is performed to determine the matching of the second random number with the fourth random number, i.e., whether the random number RndB' is obtained by cyclically shifting left by 1 byte on the basis of the random number RndB, and if not, step S20 is performed not to pass the authentication of the slave device and to return an error code.
If the result of the determination in step S16 is yes, step S17 is executed, the slave device generates a random number RndA 'after circularly shifting the random number RndA by 1 byte left, the random number RndA' is a fifth random number, generates third splicing data EK3 by encrypting the random number RndA 'with a second key K1 using a symmetric encryption algorithm whose initial value is a ciphertext EK (RndB') and a ciphertext block chaining mode calculation procedure, and sends the third splicing data EK3 to the master device.
After receiving the third splicing data EK3, the master device executes step S17, and decrypts the third splicing data EK3 with the second key K1 using the symmetric encryption algorithm with the initial value of the ciphertext EK (RndB ') and the ciphertext block chaining mode calculation procedure to obtain the random number RndA'. Then, step S18 is executed to determine whether the third random number matches the fourth random number, i.e., to determine the matching between the random number RndA' and the random number RndA. Since the random number RndA 'is obtained by cyclic shift based on the random number RndA, the master device needs to determine whether the random number RndA' and the random number RndA satisfy the cyclic shift relationship. If so, step S18 is performed, the first authentication of the slave device is passed, otherwise, step S20 is performed, the first authentication of the slave device is not passed.
Of course, after the slave device passes the first authentication, the authentication assistance processor of the master device sends an instruction of "reading the count value" to the slave device through the master device communication interface module, and the slave device sends the stored count value to the master device. In this embodiment, a count value of the slave device is stored in the nonvolatile memory of the slave device, where the count value is used to represent the number of times of connection between the slave device and the master device, and if the slave device successfully passes the authentication of the master device, the count value needs to be increased by 1, and when the master device subsequently authenticates the slave device, whether the slave device passes the authentication is determined according to the count value.
Referring to fig. 4, when the slave device is subsequently authenticated, after the slave device is connected to the master device, the master controller of the master device sends a secure authentication start instruction to the authentication assisting processor through the I2C bus, and the authentication assisting processor of the master device sends a "find slave device" instruction to the slave device through the master device communication interface module. When receiving the command of "finding the slave", the slave first executes step S21, and transmits the identification code P of the current slave and the first hash value Q11 to the authentication assistance processor of the master device, using the first hash value Q11 calculated by the hash algorithm on the identification code of the slave.
The identification code P of the slave device and the first hash value Q11 received by the authentication assistance processor of the master device calculate the identification code P of the slave device through the same hash algorithm and obtain a hash value Q12, and then the master device determines whether the hash value Q11 and the hash value Q12 are equal, if so, performs step S23, and if not, performs step S28, and does not pass the authentication of the slave device, that is, terminates the authentication.
If the hash value Q11 and the hash value Q12 are equal, the master device performs step S23, transmits an instruction to the slave device to increment the count value by 1, and then transmits an instruction to read the count value to the slave device. At this time, the slave device increments the count value stored by itself by 1, and transmits the updated count value to the master device.
Then, the master device performs step S24 to determine whether the count value sent by the slave device is greater than the count value recorded by the master device plus 1. For example, before step S23 is not executed, if the count values recorded by the master device and the slave device are the same, and both are 5, step S23 is executed, the count value of the slave device is 6, and the count value of the master device is 5, the count value of the master device is 1 less than the count value of the slave device. If the result of the determination of step S24 is yes, it indicates that the count value of the slave device is a value greater than 6, such as 7 or 8, at which point step S28 is executed, in which case the slave device is considered to have been illegally read and not to pass the authentication of the slave device.
If the determination of step S24 is no, step S25 is performed, it is determined whether the count value of the slave device is equal to the count value of the master device plus 1, if yes, indicating that the slave device has not been illegally read, step S26 is performed, the master device updates its own stored count value, and step S27 is performed, passing the subsequent authentication of the slave device.
If the count value of the slave device is not greater than the count value of the master device plus 1 or not, i.e. the determination result of step S25 is no, indicating that the count value of the slave device is less than the count value of the master device plus 1, e.g. the count value of the slave device is less than or equal to the count value of the master device, step S29 is executed, the master device sends an instruction of "writing the count value" to the slave device, i.e. the count value in the master device is sent to the slave device, and the slave device writes the received count value into the non-volatile memory, thereby realizing the update of the count value of the slave device.
Then, step S23 is executed, and the master device sends an instruction to the slave device again to increment the count value by 1, and reads the count value of the slave device again, and continues to execute the subsequent authentication step.
It should be noted that, in the above embodiment, the fourth random number is obtained by cyclically shifting the second random number by 1 byte, and the number of bits of the cyclic shift may be set according to actual situations, for example, shifting by 2 bytes.
Therefore, the invention can realize the safety authentication of the slave equipment under the condition that the master equipment and the slave equipment are not connected with each other through a network, and the slave equipment is determined not to be read by other master equipment or illegally tampered with data by setting the counting value between the master equipment and the slave equipment, thereby realizing the safety authentication of the slave equipment. In addition, since the identification code of the slave device is identified and calculated through the hash algorithm, the slave device can realize one-object-one code, and the master device can realize the safety authentication of the slave device even under the condition that the identification code of the slave device does not need to be recorded.
In addition, the authentication method can also be applied to printer consumable authentication, medical instrument consumable authentication, authentication pairing of low-cost consumables and offline equipment and the like.
Finally, it should be emphasized that the present invention is not limited to the above-described embodiments, for example, the change of the type of the hash algorithm used, or the change of the key used by the master device and the slave device, etc., and these changes should be included in the protection scope of the claims of the present invention.
Claims (10)
1. The safety authentication method of the off-line equipment is characterized by comprising the following steps:
after the master device is connected with the slave device for the first time, executing a first authentication step, and reading a slave device count value stored in the slave device after the slave device passes the first authentication;
when the master device is subsequently connected with the slave device, executing a subsequent authentication step:
the slave device calculates an identification code through a hash algorithm to obtain a first hash value, sends the identification code and the first hash value to the master device, and the master device judges whether the first hash value is correct or not, if so, sends an instruction of increasing a count value by 1 to the slave device, and reads a slave device count value of the slave device;
the master device judges whether the read slave device count value is larger than the count value recorded by the master device plus 1, if so, the slave device does not pass the authentication.
2. The security authentication method of the offline device according to claim 1, wherein:
if the slave device count value read by the master device is equal to the count value recorded by the master device plus 1, the count value stored by the master device is increased by 1 through the authentication of the slave device.
3. The security authentication method of the offline device according to claim 1, wherein:
and if the slave device count value read by the master device is smaller than the count value recorded by the master device plus 1, the master device writes the recorded count value into the slave device, and reads the slave device count value of the slave device again after the slave device updates the count value.
4. The security authentication method of the offline device according to claim 3, wherein:
and after reading the slave device count value of the slave device again, sending an instruction of adding 1 to the count value to the slave device, and judging whether the slave device count value returned by the slave device is equal to the count value recorded by the master device plus 1.
5. The security authentication method of the offline device according to any one of claims 1 to 4, wherein:
the first authentication step includes:
the slave device calculates the identification code through a Hash algorithm to obtain a second Hash value, the identification code and the second Hash value are sent to the master device, the master device judges whether the second Hash value is correct or not, and if the second Hash value is incorrect, authentication is terminated.
6. The security authentication method of the offline device according to claim 5, wherein:
if the master device confirms that the second hash value is correct, the slave device generates a first random number and a second random number, encrypts the first random number by using a first key to generate a first ciphertext and a second ciphertext, splices the first ciphertext and the second ciphertext to form first spliced data, and sends the first spliced data to the master device.
7. The security authentication method of the offline device according to claim 6, wherein:
after receiving the first splicing data, the master device decrypts to obtain the first random number and the second random number, generates a third random number, moves the second random number by a preset number to form a fourth random number, uses the first random number to generate a second key, applies the second key to encrypt the third random number and the fourth random number to form a third ciphertext and a fourth ciphertext, splices the third ciphertext and the fourth ciphertext to form second splicing data, and sends the second splicing data to the slave device.
8. The security authentication method of the offline device according to claim 7, wherein:
and after receiving the second splicing data, the slave device calculates the second key, decrypts the second key to obtain the third random number and the fourth random number, and judges the matching between the second random number and the fourth random number, wherein if the second random number is not matched with the fourth random number, the authentication fails.
9. The security authentication method of the offline device according to claim 8, wherein:
and if the second random number is matched with the fourth random number, moving the third random number by a preset number to form a fifth random number, encrypting the fifth random number by using the second key to form third splicing data, and sending the third splicing data to the main equipment.
10. The security authentication method of the offline device according to claim 9, wherein:
and after receiving the third splicing data, the master device calculates the fifth random number, judges the matching property of the fifth random number and the third random number, and passes the first authentication of the slave device if the fifth random number is matched with the third random number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110276384.XA CN113037498B (en) | 2021-03-15 | 2021-03-15 | Safety authentication method of off-line equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110276384.XA CN113037498B (en) | 2021-03-15 | 2021-03-15 | Safety authentication method of off-line equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113037498A true CN113037498A (en) | 2021-06-25 |
| CN113037498B CN113037498B (en) | 2022-11-25 |
Family
ID=76468816
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110276384.XA Active CN113037498B (en) | 2021-03-15 | 2021-03-15 | Safety authentication method of off-line equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113037498B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113569223A (en) * | 2021-06-30 | 2021-10-29 | 珠海晶通科技有限公司 | Safety authentication method for off-line equipment |
| CN114978785A (en) * | 2022-08-03 | 2022-08-30 | 中科雨辰科技有限公司 | Control method for special machine interconnection authentication |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005210271A (en) * | 2004-01-21 | 2005-08-04 | Mitsubishi Electric Corp | Device to be authenticated, authentication device, authentication system, digital authentication method, and digital authentication integrated circuit |
| JP2010108054A (en) * | 2008-10-28 | 2010-05-13 | Mitsubishi Electric Corp | Authentication system, authentication method, authentication program, authentication apparatus, and request device |
| WO2013005929A2 (en) * | 2011-07-06 | 2013-01-10 | 삼성에스디에스(주) | Method and apparatus for authenticating a recipient of a security token |
| US20150270975A1 (en) * | 2014-03-20 | 2015-09-24 | Certicom Corp. | Method for validating messages |
| CN107818622A (en) * | 2017-12-13 | 2018-03-20 | 美的集团股份有限公司 | Offline verification method and system |
| WO2019170111A1 (en) * | 2018-03-07 | 2019-09-12 | 华为技术有限公司 | Management method for offline management instruction and terminal |
-
2021
- 2021-03-15 CN CN202110276384.XA patent/CN113037498B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005210271A (en) * | 2004-01-21 | 2005-08-04 | Mitsubishi Electric Corp | Device to be authenticated, authentication device, authentication system, digital authentication method, and digital authentication integrated circuit |
| JP2010108054A (en) * | 2008-10-28 | 2010-05-13 | Mitsubishi Electric Corp | Authentication system, authentication method, authentication program, authentication apparatus, and request device |
| WO2013005929A2 (en) * | 2011-07-06 | 2013-01-10 | 삼성에스디에스(주) | Method and apparatus for authenticating a recipient of a security token |
| US20150270975A1 (en) * | 2014-03-20 | 2015-09-24 | Certicom Corp. | Method for validating messages |
| CN107818622A (en) * | 2017-12-13 | 2018-03-20 | 美的集团股份有限公司 | Offline verification method and system |
| WO2019170111A1 (en) * | 2018-03-07 | 2019-09-12 | 华为技术有限公司 | Management method for offline management instruction and terminal |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113569223A (en) * | 2021-06-30 | 2021-10-29 | 珠海晶通科技有限公司 | Safety authentication method for off-line equipment |
| CN113569223B (en) * | 2021-06-30 | 2024-02-09 | 珠海晶通科技有限公司 | Security authentication method for offline equipment |
| CN114978785A (en) * | 2022-08-03 | 2022-08-30 | 中科雨辰科技有限公司 | Control method for special machine interconnection authentication |
| CN114978785B (en) * | 2022-08-03 | 2022-10-25 | 中科雨辰科技有限公司 | Control method for special machine interconnection authentication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113037498B (en) | 2022-11-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7617395B2 (en) | Battery and authentication requesting device | |
| US10581589B2 (en) | Method for the authentication of a first electronic entity by a second electronic entity, and electronic entity implementing such a method | |
| US20190007215A1 (en) | In-vehicle information communication system and authentication method | |
| CN113037498B (en) | Safety authentication method of off-line equipment | |
| CN113569223B (en) | Security authentication method for offline equipment | |
| CN109560931B (en) | Equipment remote upgrading method based on certificate-free system | |
| CN109218025B (en) | Method, security device and security system | |
| US10581811B2 (en) | Method and system for asymmetric key derivation | |
| CN112182551B (en) | PLC equipment identity authentication system and PLC equipment identity authentication method | |
| CN112711761B (en) | Controller safety protection method, main chip of controller and controller | |
| CN102982265B (en) | Authentication method for storing basic input and output system (BIOS) setting | |
| EP3157185A1 (en) | Electronic device and data verification method | |
| WO2019142307A1 (en) | Semiconductor device, update data-providing method, update data-receiving method, and program | |
| CN112347481B (en) | Safe starting method, controller and control system | |
| CN110610360B (en) | Hardware wallet binding authorization method and device | |
| CN115037474B (en) | USB PD protocol chip and identity authentication method | |
| KR20190108888A (en) | Electronic device and certification method in electronic device | |
| CN114448607A (en) | Offline device security authentication system based on PUF technology and implementation method | |
| CN104380305A (en) | Method for backing-up data outside of a secure microcircuit | |
| JP7397403B2 (en) | Electronic information storage medium, authentication code generation method, authentication code verification method, and program | |
| US20230224284A1 (en) | Method of controlling security key of vehicle | |
| CN114866309B (en) | Data transmission method, system, equipment and medium | |
| JP6487352B2 (en) | Authentication handover method, authentication handover system, authentication apparatus, service providing terminal, service using terminal, and program | |
| JPWO2020044624A1 (en) | Mutual authentication method and communication system | |
| KR20230016493A (en) | Apparatus for controlling a vehicle and controlling method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Security authentication methods for offline devices Effective date of registration: 20230330 Granted publication date: 20221125 Pledgee: Guangfa Bank Co.,Ltd. Zhuhai Jinwan Branch Pledgor: ZHUHAI CRYSTONE TECHNOLOGY Co.,Ltd. Registration number: Y2023980036691 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |