CN113365275B - Identity authentication system and method based on infrared communication - Google Patents

Identity authentication system and method based on infrared communication Download PDF

Info

Publication number
CN113365275B
CN113365275B CN202110661877.5A CN202110661877A CN113365275B CN 113365275 B CN113365275 B CN 113365275B CN 202110661877 A CN202110661877 A CN 202110661877A CN 113365275 B CN113365275 B CN 113365275B
Authority
CN
China
Prior art keywords
digital signal
authentication
identity
timestamp
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110661877.5A
Other languages
Chinese (zh)
Other versions
CN113365275A (en
Inventor
马宇辰
夏时雨
云梦泽
刘念
谷延锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin Institute of Technology
Original Assignee
Harbin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin Institute of Technology filed Critical Harbin Institute of Technology
Priority to CN202110661877.5A priority Critical patent/CN113365275B/en
Publication of CN113365275A publication Critical patent/CN113365275A/en
Application granted granted Critical
Publication of CN113365275B publication Critical patent/CN113365275B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption

Abstract

An identity authentication system and method based on infrared communication relates to the field of infrared dot matrix multi-signal processing methods and identity authentication. The problem of current infrared authentication mode authentication inefficiency is solved. Each user side is used for generating a character string with a time stamp and converting the character string into an infrared signal; the receiving end is used for converting each received infrared signal into a digital signal, preliminarily identifying each digital signal through first authentication information in the first database, and sending the qualified digital signal subjected to preliminary identification to the safety authentication server; and the safety authentication server decrypts the received digital signals qualified by the primary certification, matches the digital signals successfully authenticated by the timestamp with corresponding second authentication information in the second database respectively after the timestamp in the decrypted digital signals is successfully authenticated, and sends the matching results serving as authentication results to corresponding user sides. The invention is mainly used for identity authentication.

Description

Identity authentication system and method based on infrared communication
Technical Field
The invention relates to the field of infrared dot matrix multi-signal processing methods and identity authentication.
Background
The current mainstream identity authentication technology comprises NFC authentication, RFID authentication, network authentication, magnetic card authentication and the like;
due to the limitation of communication distance, the NFC authentication and the magnetic card authentication are only suitable for short-distance identity authentication, and are easy to jam in a dense personnel environment, so that the efficiency is low;
due to the particularity of a physical medium of the RFID authentication mode, the RFID authentication mode is high in cost, information in the medium is difficult to protect in a high-strength mode, and the condition that personal privacy is leaked easily occurs;
the network authentication cannot accurately judge the identity and the position of a certifier due to the inherent characteristics of virtualization, anonymity and the like of the internet.
There is also an infrared authentication method in the prior art, which uses infrared communication technology, which uses infrared to transmit data, and is one of wireless communication technologies, which does not need physical connection, is simple and easy to use, and has low implementation cost, so it is widely used in the control of small mobile devices exchanging data and electrical equipment, such as notebook computers, personal digital assistants, mobile phones or data exchange with computers (personal networks), remote controllers of televisions, air conditioners, etc.; however, the infrared authentication method has the following defects that only one-to-one authentication can be realized, that is, only after the first authentication is completed, the next authentication can be performed, the authentication efficiency is low, and congestion is likely to occur when people are dense. Therefore, the above problems need to be solved.
Disclosure of Invention
The invention aims to solve the problem of low authentication efficiency of the existing infrared authentication mode, and provides an identity authentication system and method based on infrared communication.
The identity authentication system based on infrared communication comprises N user terminals, a receiving terminal and a safety authentication server terminal; n is an integer greater than or equal to 5;
a first database is arranged in the receiving end, and first authentication information of each user side is stored in the first database;
a second database is arranged in the security authentication server, and second authentication information of each user side is stored in the second database;
each user side is used for generating a character string with a time stamp according to the user identity information in a preset format, converting the generated character string with the time stamp into an infrared signal and sending the infrared signal to a receiving end;
the receiving end is used for converting each received infrared signal into a digital signal, preliminarily identifying each digital signal through first authentication information in the first database, and sending the qualified digital signal subjected to preliminary identification to the safety authentication server;
and the safety authentication server records the arrival time of each received digital signal qualified by preliminary identification, decrypts each received digital signal qualified by preliminary identification, authenticates the timestamp in each decrypted digital signal through a time authentication threshold value, and matches the digital signal successfully authenticated by the timestamp with corresponding second authentication information in a second database respectively after the timestamp in each decrypted digital signal is successfully authenticated, and sends the matching result to a corresponding user side as an authentication result.
Preferably, in the identity authentication system, the preset format includes control bits, identity IDs and signatures arranged from left to right in sequence, and the signatures are generated by the identity ID of each user side and a timestamp of a request transmission signal of the user side;
wherein, the control bit and the ID form a plaintext, and the signature forms a ciphertext.
Preferably, in the identity authentication system, the generation process of the signature is realized by using an ECDSA algorithm; the signature is encrypted by the 3des algorithm.
Preferably, in the identity authentication system, the implementation manner of performing preliminary identification on each digital signal by using the first authentication information in the first database in the receiving end includes:
the first authentication information comprises control bit authentication information and identity information of each user;
firstly, matching the control bit in the digital signal with the control bit authentication information in the first authentication information, matching the identity ID in the plain text of the digital signal with the identity information of each user in the first authentication information after the control bit in the digital signal is successfully matched, and proving that the preliminary identification of each digital signal by the first authentication information in the first database is qualified and the preliminary identification of the digital signal is failed after the identity ID in the plain text of the digital signal is successfully matched.
Preferably, in the identity authentication system, the security authentication server decrypts the received digital signals qualified by the preliminary identification, authenticates the timestamp in each decrypted digital signal by the time authentication threshold, and when the timestamp in each decrypted digital signal is successfully authenticated, matches the digital signal successfully authenticated by each timestamp with the corresponding second authentication information in the second database, and sends the matching result as the authentication result to the corresponding user side, and the implementation manner includes:
step 11, recording the arrival time of each received digital signal qualified by preliminary identification, and decrypting the ciphertext in each received digital signal qualified by preliminary identification to obtain the identity ID and the timestamp in the ciphertext of each decrypted digital signal;
step 12, making a difference between the timestamp in the ciphertext of each decrypted digital signal and the arrival time of the decrypted digital signal, and taking the absolute value of the difference as the propagation time of the infrared signal corresponding to the decrypted digital signal, and when the propagation time of the infrared signal is within the time authentication threshold range, determining that the timestamp in each decrypted digital signal is authenticated successfully;
and step 13, respectively matching the identity ID in the digital signal after the successful authentication of each timestamp with corresponding second authentication information in a second database, and sending the matching result as an authentication result to a corresponding user side.
The identity authentication method based on infrared communication is realized based on an authentication system, the authentication system comprises N user terminals, a receiving terminal and a safety authentication service terminal, and N is an integer greater than or equal to 5;
a first database is arranged in the receiving end, and first authentication information of each user side is stored in the first database;
a second database is arranged in the security authentication server, and second authentication information of each user side is stored in the second database;
the authentication method comprises the following steps:
generating a character string with a time stamp according to a preset format by the user side, converting the generated character string with the time stamp into an infrared signal, and sending the infrared signal to a receiving end;
the step for converting each infrared signal received by the receiving end into a digital signal, preliminarily identifying each digital signal through the first authentication information in the first database, and sending the qualified digital signal after preliminary identification to the security authentication server;
and the step of recording the arrival time of each preliminarily qualified digital signal received by the security authentication server, decrypting each received preliminarily qualified digital signal, authenticating the timestamp in each decrypted digital signal through a time authentication threshold value, matching the digital signal after the timestamp authentication is successful with corresponding second authentication information in a second database respectively after the timestamp authentication in each decrypted digital signal is successful, and sending the matching result to a corresponding user side as an authentication result.
Preferably, in the identity authentication method, the preset format includes control bits, an identity ID and a signature which are sequentially arranged from left to right, and the signature is generated by the identity ID of each user terminal and a timestamp of a request sending signal of the user terminal;
wherein, the control bit and the ID form a plaintext, and the signature forms a ciphertext.
Preferably, in the identity authentication method, the generation process of the signature is realized by using an ECDSA algorithm; the signature is encrypted by the 3des algorithm.
Preferably, in the identity authentication method, the implementation manner of the step of performing preliminary identification on each digital signal by using the first authentication information in the first database includes:
firstly, matching a control bit in a digital signal with control bit authentication information in first authentication information, matching an Identity (ID) in a plain text of the digital signal with each user identity information in the first authentication information after the control bit in the digital signal is successfully matched, and proving that the preliminary identification of each digital signal is qualified through the first authentication information in a first database and the preliminary identification of a user is failed or not after the ID in the plain text of the digital signal is successfully matched;
the first authentication information comprises control bit authentication information and user identity information.
Preferably, in the identity authentication method, the implementation manner of the step of recording the arrival time of each preliminarily qualified digital signal received by the security authentication server, decrypting each received preliminarily qualified digital signal, authenticating the timestamp in each decrypted digital signal by using the time authentication threshold, matching the digital signal after the timestamp authentication is successful with the corresponding second authentication information in the second database, and sending the matching result as the authentication result to the corresponding user side after the timestamp in each decrypted digital signal is successfully authenticated includes:
step 11, recording the arrival time of each received digital signal qualified by preliminary identification, and decrypting the ciphertext in each received digital signal qualified by preliminary identification to obtain the identity ID and the timestamp in the ciphertext of each decrypted digital signal;
step 12, making a difference between the timestamp in the ciphertext of each decrypted digital signal and the arrival time of the decrypted digital signal, and taking the absolute value of the difference as the propagation time of the infrared signal corresponding to the decrypted digital signal, and when the propagation time of the infrared signal is within the time authentication threshold range, determining that the timestamp in each decrypted digital signal is authenticated successfully;
and step 13, respectively matching the identity ID in the digital signal after the successful authentication of each timestamp with corresponding second authentication information in a second database, and sending the matching result as an authentication result to a corresponding user side.
The invention has the following beneficial effects:
the invention realizes a group identity verification system based on invisible light, the whole authentication system and the authentication method use the invisible light such as infrared light to transmit information in the realization process, the safety of a transmission channel is ensured, and a double authentication mode is adopted for identification.
The received digital signals are synchronously authenticated by the security authentication server, so that the defect that the next signal can be verified only after one signal is verified by the receiving end in the prior art is overcome.
The method and the system also realize highly reliable identity authentication service by the digital signature technology. The validity and the usability of the identity verification are ensured by means of signature. The data transmission mode of infrared light is adopted, so that the non-eavesdropping in the data transmission is ensured, and meanwhile, the attack of replay can be prevented due to the addition of the time attribute. In order to verify the performance of the method provided by the invention, taking the example that 4 people hold mobile phones to perform simultaneous verification operation at 5m, the verification operation is almost simultaneously realized in a very short time. After a plurality of experimental tests, the system authentication accuracy rate is 87.7%.
Drawings
FIG. 1 is a schematic diagram of the identity authentication of the present invention;
fig. 2 is a schematic diagram of a predetermined format of a character string.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive efforts based on the embodiments of the present invention, shall fall within the scope of protection of the present invention.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
Example 1:
referring to fig. 1, the present embodiment is described, and the identity authentication system based on infrared communication in the present embodiment includes N user terminals, a receiving terminal, and a security authentication server; n is an integer greater than or equal to 5;
a first database is arranged in the receiving end, and first authentication information of each user side is stored in the first database;
a second database is arranged in the security authentication server, and second authentication information of each user side is stored in the second database;
each user side is used for generating a character string with a time stamp according to the user identity information in a preset format, converting the generated character string with the time stamp into an infrared signal and sending the infrared signal to a receiving end;
the receiving end is used for converting each received infrared signal into a digital signal, preliminarily identifying each digital signal through first authentication information in the first database, and sending the qualified digital signal subjected to preliminary identification to the safety authentication server;
and the safety authentication server records the arrival time of each received digital signal qualified by preliminary identification, decrypts each received digital signal qualified by preliminary identification, authenticates the timestamp in each decrypted digital signal through a time authentication threshold value, and matches the digital signal successfully authenticated by the timestamp with corresponding second authentication information in a second database respectively after the timestamp in each decrypted digital signal is successfully authenticated, and sends the matching result to a corresponding user side as an authentication result.
In this embodiment, use this kind of invisible light transmission information of infrared light, transmission channel's security has been guaranteed, and adopt the mode of dual authentication to identify, at first tentatively identify through the receiving terminal, only can be sent to the safety certification service end through tentatively identifying qualified digital signal and carry out the secondary authentication, guarantee information transmission's security and the efficiency of later stage secondary authentication, and the security of information transfer has further been guaranteed again through the authentication to the time stamp at the in-process of secondary authentication, at last through the safety certification service end can be simultaneously to a plurality of digital signal of receiving authentication, the efficiency of authentication is improved.
Further, referring specifically to fig. 2, in the identity authentication system, the preset format includes control bits, an identity ID and a signature which are sequentially arranged from left to right, and the signature is generated by the identity ID of each user terminal and a timestamp of a request transmission signal of the user terminal;
wherein, the control bit and the ID form a plaintext, and the signature forms a ciphertext.
In the preferred embodiment, highly reliable authentication service is realized by the digital signature technology. The validity and usability of the identity verification are ensured by means of signature.
Furthermore, in the identity authentication system, the generation process of the signature is realized by using an ECDSA algorithm; the signature is encrypted by the 3des algorithm.
In the preferred embodiment, the signature is encrypted by the 3des algorithm, so that the security of information transmission is further improved.
Furthermore, in the receiving end of the identity authentication system, the implementation manner of performing preliminary identification on each digital signal through the first authentication information in the first database includes:
the first authentication information comprises control bit authentication information and identity information of each user;
firstly, matching the control bit in the digital signal with the control bit authentication information in the first authentication information, matching the identity ID in the plain text of the digital signal with the identity information of each user in the first authentication information after the control bit in the digital signal is successfully matched, and proving that the preliminary identification of each digital signal by the first authentication information in the first database is qualified and the preliminary identification of the digital signal is failed after the identity ID in the plain text of the digital signal is successfully matched.
In the preferred embodiment, the control bit and the identity ID in the plaintext are primarily authenticated through the receiving end, so that an accurate data basis is provided for subsequent authentication.
Furthermore, in the identity authentication system, the security authentication server decrypts the received digital signals qualified by the preliminary identification, authenticates the timestamp in each decrypted digital signal through the time authentication threshold, and after the timestamp in each decrypted digital signal is successfully authenticated, matches the digital signal after the successful authentication of each timestamp with the corresponding second authentication information in the second database, and sends the matching result as the authentication result to the corresponding user side, and the implementation manner includes:
step 11, recording the arrival time of each received digital signal qualified by preliminary identification, and decrypting the ciphertext in each received digital signal qualified by preliminary identification to obtain the identity ID and the timestamp in the ciphertext of each decrypted digital signal;
step 12, making a difference between the timestamp in the ciphertext of each decrypted digital signal and the arrival time of the decrypted digital signal, and taking the absolute value of the difference as the propagation time of the infrared signal corresponding to the decrypted digital signal, and when the propagation time of the infrared signal is within the time authentication threshold range, determining that the timestamp in each decrypted digital signal is authenticated successfully;
and step 13, respectively matching the identity ID in the digital signal after the successful authentication of each timestamp with corresponding second authentication information in a second database, and sending the matching result as an authentication result to a corresponding user side.
In this preferred embodiment, the second authentication information includes identity information of each user, and the security of the information is ensured by authenticating the timestamp and the identity ID in the ciphertext.
Example 2:
referring to fig. 1, the present embodiment is described, where the identity authentication method based on infrared communication is implemented based on an authentication system, where the authentication system includes N user terminals, a receiving terminal, and a security authentication server terminal, where N is an integer greater than or equal to 5; a first database is arranged in the receiving end, and first authentication information of each user side is stored in the first database;
a second database is arranged in the security authentication server side, and second authentication information of each user side is stored in the second database;
the authentication method comprises the following steps:
generating a character string with a time stamp according to a preset format by the user side, converting the generated character string with the time stamp into an infrared signal, and sending the infrared signal to a receiving end;
the step for converting each infrared signal received by the receiving end into a digital signal, preliminarily identifying each digital signal through the first authentication information in the first database, and sending the qualified digital signal after preliminary identification to the security authentication server;
and the step of recording the arrival time of each preliminarily qualified digital signal received by the security authentication server, decrypting each received preliminarily qualified digital signal, authenticating the timestamp in each decrypted digital signal through a time authentication threshold value, matching the digital signal after the timestamp authentication is successful with corresponding second authentication information in a second database respectively after the timestamp authentication in each decrypted digital signal is successful, and sending the matching result to a corresponding user side as an authentication result.
In this embodiment, use this kind of invisible light transmission information of infrared light, transmission channel's security has been guaranteed, and adopt the mode of dual authentication to identify, at first tentatively identify through the receiving terminal, only can be sent to the safety certification service end through tentatively identifying qualified digital signal and carry out the secondary authentication, guarantee information transmission's security and the efficiency of later stage secondary authentication, and the security of information transfer has further been guaranteed again through the authentication to the time stamp at the in-process of secondary authentication, at last through the safety certification service end can be simultaneously to a plurality of digital signal of receiving authentication, the efficiency of authentication is improved.
Further, referring specifically to fig. 2, in the identity authentication method, the preset format includes control bits, an identity ID and a signature which are sequentially arranged from left to right, and the signature is generated by the identity ID of each user side and a timestamp of a request transmission signal of the user side;
wherein, the control bit and the ID form a plaintext, and the signature forms a ciphertext.
In the preferred embodiment, highly reliable authentication service is realized by the digital signature technology. The validity and the usability of the identity verification are ensured by means of signature.
Furthermore, in the identity authentication method, the generation process of the signature is realized by using an ECDSA algorithm; the signature is encrypted by the 3des algorithm.
In the preferred embodiment, the signature is encrypted by the 3des algorithm, so that the security of information transmission is further improved.
Furthermore, in the identity authentication method, the implementation manner of the step of performing preliminary identification on each digital signal through the first authentication information in the first database includes:
firstly, matching a control bit in a digital signal with control bit authentication information in first authentication information, matching an Identity (ID) in a plain text of the digital signal with each user identity information in the first authentication information after the control bit in the digital signal is successfully matched, and proving that the preliminary identification of each digital signal is qualified through the first authentication information in a first database and the preliminary identification of a user is failed or not after the ID in the plain text of the digital signal is successfully matched;
the first authentication information comprises control bit authentication information and user identity information.
In the preferred embodiment, the control bit and the identity ID in the plaintext are primarily authenticated through the receiving end, so that an accurate data basis is provided for subsequent authentication.
Furthermore, in the identity authentication method, the implementation manner of the step of recording the arrival time of each preliminarily qualified digital signal received by the security authentication server, decrypting each received preliminarily qualified digital signal, authenticating the timestamp in each decrypted digital signal through the time authentication threshold, matching the digital signal after the timestamp authentication is successful with the corresponding second authentication information in the second database respectively after the timestamp authentication in each decrypted digital signal is successful, and sending the matching result as the authentication result to the corresponding user side includes:
step 11, recording the arrival time of each received digital signal qualified by preliminary identification, and decrypting the ciphertext in each received digital signal qualified by preliminary identification to obtain the identity ID and the timestamp in the ciphertext of each decrypted digital signal;
step 12, making a difference between the timestamp in the ciphertext of each decrypted digital signal and the arrival time of the decrypted digital signal, and taking the absolute value of the difference as the propagation time of the infrared signal corresponding to the decrypted digital signal, and when the propagation time of the infrared signal is within the time authentication threshold range, determining that the timestamp in each decrypted digital signal is authenticated successfully;
and step 13, respectively matching the identity ID in the digital signal after the successful authentication of each timestamp with corresponding second authentication information in a second database, and sending the matching result as an authentication result to a corresponding user side.
In this preferred embodiment, the second authentication information includes identity information of each user, and the security of the information is ensured by authenticating the timestamp and the identity ID in the ciphertext.
Although the invention herein has been described with reference to particular embodiments, it is to be understood that these embodiments are merely illustrative of the principles and applications of the present invention. It is therefore to be understood that numerous modifications may be made to the illustrative embodiments and that other arrangements may be devised without departing from the spirit and scope of the present invention as defined by the appended claims. It should be understood that features described in different dependent claims and herein may be combined in ways different from those described in the original claims. It is also to be understood that features described in connection with individual embodiments may be used in other described embodiments.

Claims (6)

1. The identity authentication system based on infrared communication is characterized by comprising N user terminals, a receiving terminal and a safety authentication server terminal; n is an integer greater than or equal to 5;
a first database is arranged in the receiving end, and first authentication information of each user side is stored in the first database;
a second database is arranged in the security authentication server, and second authentication information of each user side is stored in the second database;
each user side is used for generating a character string with a time stamp according to the user identity information in a preset format, converting the generated character string with the time stamp into an infrared signal and sending the infrared signal to a receiving end;
the receiving end is used for converting each received infrared signal into a digital signal, preliminarily identifying each digital signal through first authentication information in the first database, and sending the qualified digital signal subjected to preliminary identification to the safety authentication server;
the safety certification server side records the arrival time of each received preliminarily qualified digital signal, decrypts each received preliminarily qualified digital signal, certifies the timestamp in each decrypted digital signal through a time certification threshold value, and matches the digital signal after the timestamp certification is successful with corresponding second certification information in a second database respectively and sends the matching result to a corresponding user side as a certification result after the timestamp certification in each decrypted digital signal is successful;
in the receiving end, the implementation mode of performing preliminary identification on each digital signal through the first authentication information in the first database comprises:
the first authentication information comprises control bit authentication information and identity information of each user;
firstly, matching a control bit in a digital signal with control bit authentication information in first authentication information, matching an Identity (ID) in a plain text of the digital signal with each user identity information in the first authentication information after the control bit in the digital signal is successfully matched, and proving that the preliminary identification of each digital signal is qualified through the first authentication information in a first database and the preliminary identification of a user is failed or not after the ID in the plain text of the digital signal is successfully matched;
the security authentication server decrypts the received digital signals qualified by the primary identification, authenticates the time stamps in the decrypted digital signals through a time authentication threshold, and after the time stamps in the decrypted digital signals are successfully authenticated, matches the digital signals after the time stamps are successfully authenticated with corresponding second authentication information in a second database respectively, and sends the matching results to corresponding user sides as authentication results, wherein the implementation mode of the security authentication server comprises the following steps:
step 11, recording the arrival time of each received digital signal qualified by preliminary identification, and decrypting the ciphertext in each received digital signal qualified by preliminary identification to obtain the identity ID and the timestamp in the ciphertext of each decrypted digital signal;
step 12, making a difference between the timestamp in the ciphertext of each decrypted digital signal and the arrival time of the decrypted digital signal, and taking the absolute value of the difference as the propagation time of the infrared signal corresponding to the decrypted digital signal, and when the propagation time of the infrared signal is within the time authentication threshold range, determining that the timestamp in each decrypted digital signal is authenticated successfully;
and step 13, respectively matching the identity ID in the digital signal after the successful authentication of each timestamp with corresponding second authentication information in a second database, and sending the matching result as an authentication result to a corresponding user side.
2. The infrared communication-based identity authentication system as claimed in claim 1, wherein the preset format comprises control bits, an identity ID and a signature arranged from left to right in sequence, and the signature is generated by the identity ID of each user terminal and a timestamp of a signal requested to be sent by the user terminal;
wherein, the control bit and the ID form a plaintext, and the signature forms a ciphertext.
3. The infrared communication-based identity authentication system of claim 2, wherein the signature generation process is implemented by using ECDSA algorithm; the signature is encrypted by the 3des algorithm.
4. The identity authentication method based on infrared communication is realized based on an authentication system, the authentication system comprises N user terminals, a receiving terminal and a safety authentication service terminal, and N is an integer greater than or equal to 5;
a first database is arranged in the receiving end, and first authentication information of each user side is stored in the first database;
a second database is arranged in the security authentication server, and second authentication information of each user side is stored in the second database;
the authentication method is characterized by comprising the following steps:
generating a character string with a time stamp according to a preset format by the user side, converting the generated character string with the time stamp into an infrared signal, and sending the infrared signal to a receiving end;
the step for converting each infrared signal received by the receiving end into a digital signal, preliminarily identifying each digital signal through the first authentication information in the first database, and sending the qualified digital signal after preliminary identification to the security authentication server;
the step of recording the arrival time of each preliminarily qualified digital signal received by the security authentication server, decrypting each received preliminarily qualified digital signal, authenticating the timestamp in each decrypted digital signal through a time authentication threshold value, matching the digital signal after the timestamp authentication is successful with corresponding second authentication information in a second database respectively after the timestamp authentication in each decrypted digital signal is successful, and sending the matching result to a corresponding user end as an authentication result;
the step of performing preliminary identification on each digital signal by the first authentication information in the first database is implemented in a manner that:
firstly, matching a control bit in a digital signal with control bit authentication information in first authentication information, matching an Identity (ID) in a plain text of the digital signal with each user identity information in the first authentication information after the control bit in the digital signal is successfully matched, and proving that the preliminary identification of each digital signal is qualified through the first authentication information in a first database and the preliminary identification of a user is failed or not after the ID in the plain text of the digital signal is successfully matched;
the first authentication information comprises control bit authentication information and identity information of each user;
the realization mode of the step for recording the arrival time of each preliminarily qualified digital signal received by the safety authentication server, decrypting each received preliminarily qualified digital signal, authenticating the timestamp in each decrypted digital signal through the time authentication threshold value, matching the digital signal after the timestamp authentication is successful with the corresponding second authentication information in the second database respectively after the timestamp authentication in each decrypted digital signal is successful, and sending the matching result to the corresponding user side as the authentication result comprises the following steps:
step 11, recording the arrival time of each received digital signal qualified by preliminary identification, and decrypting the ciphertext in each received digital signal qualified by preliminary identification to obtain the identity ID and the timestamp in the ciphertext of each decrypted digital signal;
step 12, making a difference between the timestamp in the ciphertext of each decrypted digital signal and the arrival time of the decrypted digital signal, and taking the absolute value of the difference as the propagation time of the infrared signal corresponding to the decrypted digital signal, and when the propagation time of the infrared signal is within the time authentication threshold range, determining that the timestamp in each decrypted digital signal is authenticated successfully;
and step 13, respectively matching the identity ID in the digital signal after the successful authentication of each timestamp with corresponding second authentication information in a second database, and sending the matching result as an authentication result to a corresponding user side.
5. The identity authentication method based on infrared communication of claim 4, wherein the preset format comprises control bits, identity IDs and signatures which are arranged from left to right in sequence, and the signatures are generated by the identity ID of each user terminal and a timestamp of a signal requested to be sent by the user terminal;
wherein, the control bit and the ID form a plaintext, and the signature forms a ciphertext.
6. The infrared communication-based identity authentication method as claimed in claim 5, wherein the signature generation process is implemented by using ECDSA algorithm; the signature is encrypted by the 3des algorithm.
CN202110661877.5A 2021-06-15 2021-06-15 Identity authentication system and method based on infrared communication Active CN113365275B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110661877.5A CN113365275B (en) 2021-06-15 2021-06-15 Identity authentication system and method based on infrared communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110661877.5A CN113365275B (en) 2021-06-15 2021-06-15 Identity authentication system and method based on infrared communication

Publications (2)

Publication Number Publication Date
CN113365275A CN113365275A (en) 2021-09-07
CN113365275B true CN113365275B (en) 2022-05-13

Family

ID=77534206

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110661877.5A Active CN113365275B (en) 2021-06-15 2021-06-15 Identity authentication system and method based on infrared communication

Country Status (1)

Country Link
CN (1) CN113365275B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101641707A (en) * 2007-03-30 2010-02-03 计算机硬币株式会社 Authentication system, server used in authentication system, mobile communication terminal, and program
CN104065653A (en) * 2014-06-09 2014-09-24 韩晟 Interactive authentication method, device, system and related equipment
CN104767617A (en) * 2015-03-06 2015-07-08 北京石盾科技有限公司 Message processing method, system and related device
CN107038436A (en) * 2017-05-24 2017-08-11 哈尔滨工业大学 A kind of high spectrum image object detection method based on tensor Spectral match filter
CN110533806A (en) * 2019-08-13 2019-12-03 中电智能技术南京有限公司 A kind of method and system based on NB-Iot and CTID technology setting intelligent door lock
CN111211908A (en) * 2019-12-25 2020-05-29 深圳供电局有限公司 Access control method, system, computer device and storage medium
CN112187786A (en) * 2020-09-25 2021-01-05 深圳乐信软件技术有限公司 Service processing method, device, server and storage medium of network service

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10057269B1 (en) * 2017-04-21 2018-08-21 InfoSci, LLC Systems and methods for device verification and authentication

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101641707A (en) * 2007-03-30 2010-02-03 计算机硬币株式会社 Authentication system, server used in authentication system, mobile communication terminal, and program
CN104065653A (en) * 2014-06-09 2014-09-24 韩晟 Interactive authentication method, device, system and related equipment
CN104767617A (en) * 2015-03-06 2015-07-08 北京石盾科技有限公司 Message processing method, system and related device
CN107038436A (en) * 2017-05-24 2017-08-11 哈尔滨工业大学 A kind of high spectrum image object detection method based on tensor Spectral match filter
CN110533806A (en) * 2019-08-13 2019-12-03 中电智能技术南京有限公司 A kind of method and system based on NB-Iot and CTID technology setting intelligent door lock
CN111211908A (en) * 2019-12-25 2020-05-29 深圳供电局有限公司 Access control method, system, computer device and storage medium
CN112187786A (en) * 2020-09-25 2021-01-05 深圳乐信软件技术有限公司 Service processing method, device, server and storage medium of network service

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
网络可信身份认证技术的发展与演进研究;宋宪荣,张猛;《网络空间安全》;20180825;全文 *

Also Published As

Publication number Publication date
CN113365275A (en) 2021-09-07

Similar Documents

Publication Publication Date Title
US8842833B2 (en) System and method for secure transaction of data between wireless communication device and server
US7991158B2 (en) Secure messaging
CN109559122A (en) Block chain data transmission method and block chain data transmission system
KR20180029695A (en) System and method for transmitting data using block-chain
CN109257346B (en) Concealed transmission system based on block chain
US8274401B2 (en) Secure data transfer in a communication system including portable meters
US10742426B2 (en) Public key infrastructure and method of distribution
CN108737323B (en) Digital signature method, device and system
KR101410764B1 (en) Apparatus and method for remotely deleting important information
US20110126000A1 (en) Method for accessing data safely suitable for electronic tag
CN111884811B (en) Block chain-based data evidence storing method and data evidence storing platform
CN111435913A (en) Identity authentication method and device for terminal of Internet of things and storage medium
CN106878324B (en) Short message authentication method, short message authentication server and terminal
US10389702B2 (en) Entity authentication method and device with Elliptic Curve Diffie Hellman (ECDH) key exchange capability
CN101340289A (en) Replay attack preventing method and method thereof
CN113726524A (en) Secure communication method and communication system
EP3364594A1 (en) Using a single certificate request to generate credentials with multiple ecqv certificates
CN112417502B (en) Distributed instant messaging system and method based on block chain and decentralized deployment
CN113365275B (en) Identity authentication system and method based on infrared communication
CN106203579A (en) A kind of safe RFID label tag random number automatic update method
KR20160146090A (en) Communication method and apparatus in smart-home system
CN102045670A (en) Method, server and smart card for transmitting short message
CN102761417A (en) Method for processing data transmission of terminals and terminal
US10305898B1 (en) System and method to improve message security
US20130072155A1 (en) Method and apparatus for authenticating a digital certificate status and authorization credentials

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant