CN103248487A - Near field communication authentication method, certificate authorization center and near field communication equipment - Google Patents
Near field communication authentication method, certificate authorization center and near field communication equipment Download PDFInfo
- Publication number
- CN103248487A CN103248487A CN2013101556778A CN201310155677A CN103248487A CN 103248487 A CN103248487 A CN 103248487A CN 2013101556778 A CN2013101556778 A CN 2013101556778A CN 201310155677 A CN201310155677 A CN 201310155677A CN 103248487 A CN103248487 A CN 103248487A
- Authority
- CN
- China
- Prior art keywords
- field communication
- communication equipment
- key
- current
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention provides a near field communication authentication method, a certificate authorization center and near field communication equipment. The method includes the following steps: the certificate authorization center obtains current scattering factors of the near field communication equipment, wherein the current scattering factors include an equipment mark of the near field communication equipment and the current updating mark; a locally prestored master key and the current scattering factors are used for obtaining a plurality of current secret keys of the near field communication equipment; and the current secret keys are sent to the near field communication equipment, so that the near field communication equipment can perform the interaction authentication. According to the invention, the certificate authorization center obtains the current secret keys of the near field communication equipment through the stored master key, and sends the current secret keys to the near field communication equipment, so that the solution of interaction authentication between the near field communication equipment and other near field communication equipment as per the current secret keys can solve the security problem caused by the fact that the master key stored in the near field communication equipment is easily decoded in the prior art, and the security of near field communication is effectively improved.
Description
Technical field
The present invention relates to the communications field, relate in particular to a kind of near-field communication authentication method, certificate granting center and near-field communication equipment.
Background technology
Along with the equipment that possesses near field communication (NFC) function is popularized gradually, realize also all the more frequent of data transfer between devices by near-field communication.How guaranteeing the fail safe of near-field communication, is to need the problem that solves in the present near-field communication technical development process.
For this reason, existing solution is, task equipment by the business hall pre-deposits each equipment with master key, after this, when needing to communicate between each equipment when mutual, then can and set in advance the random number that the randomizer in this equipment generates according to the described master key that pre-deposits in this equipment, produce the session key of each communication by specific key decentralized algorithm, thereby realize the communication data between the equipment is encrypted, guarantee the fail safe of near-field communication.
But, in above-mentioned existing scheme, master key for generation of the session key that communication data is encrypted is stored in advance in equipment this locality, its possibility that is cracked is very big, even described master key is cracked, and then generates according to described master key, and the fail safe that is used for the session key of encryption of communicated data will can't guarantee equally, therefore, still there is very big potential safety hazard in this scheme.
Summary of the invention
The invention provides a kind of near-field communication authentication method, certificate granting center and near-field communication equipment, be used for to solve existing near-field communication technology, the master key easy crack in the near-field communication equipment and the safety problem that causes.
On the one hand, the invention provides a kind of near-field communication authentication method, comprising:
The certificate granting center obtains the current dispersion factor of near-field communication equipment, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Utilize local master key and the described current dispersion factor of storage in advance, obtain a plurality of current key of described near-field communication equipment;
Send described a plurality of current key to described near-field communication equipment, so that described near-field communication equipment carries out interactive authentication according to described a plurality of current key and other near-field communication equipments.
On the other hand, the invention provides a kind of certificate granting center, comprising:
Acquisition module, for the current dispersion factor that obtains near-field communication equipment, described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Processing module also is used for utilizing local master key and the described current dispersion factor of storage in advance, obtains a plurality of current key of described near-field communication equipment;
Sending module is used for sending described a plurality of current key to described near-field communication equipment, so that described near-field communication equipment carries out interactive authentication according to described a plurality of current key and other near-field communication equipments.
Another aspect the invention provides another kind of near-field communication authentication method, comprising:
A plurality of current key that near-field communication equipment acceptance certificate authorization center sends, described a plurality of current key master key that to be described certificate granting center store in advance according to this locality and the current dispersion factor of described near-field communication equipment obtain, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Send second authentication request to another near-field communication equipment, described second authentication request comprises the device identification of one of described a plurality of current key and described near-field communication equipment, so that another near-field communication equipment authenticates described near-field communication equipment.
Another aspect the invention provides a kind of near-field communication equipment, comprising:
Receiver module, be used for a plurality of current key that the acceptance certificate authorization center sends, described a plurality of current key master key that to be described certificate granting center store in advance according to this locality and the current dispersion factor of described near-field communication equipment obtain, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Sending module, be used for sending second authentication request to another near-field communication equipment, described second authentication request comprises the device identification of one of described a plurality of current key and described near-field communication equipment, so that another near-field communication equipment authenticates described near-field communication equipment.
Near-field communication authentication method provided by the invention, certificate granting center and near-field communication equipment, by being stored in the certificate granting center for the master key that obtains the near-field communication equipment current key, obtain the current key of described near-field communication equipment according to described master key, and send described current key to described near-field communication equipment, so that described near-field communication equipment carries out the technical scheme of interactive authentication according to described a plurality of current key and other near-field communication equipments, solved the safety problem that is stored in the master key easy crack in the near-field communication equipment in the prior art and causes, the fail safe that effectively improves near-field communication.
Description of drawings
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 1 provides for the embodiment of the invention one;
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 2 provides for the embodiment of the invention two;
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 3 provides for the embodiment of the invention three;
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 4 provides for the embodiment of the invention four;
The structural representation at a kind of certificate granting center that Fig. 5 provides for the embodiment of the invention six;
The structural representation of a kind of near-field communication equipment that Fig. 6 provides for the embodiment of the invention seven.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention is clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described.
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 1 provides for the embodiment of the invention one, as shown in Figure 1, described method comprises:
101, the certificate granting center obtains the current dispersion factor of near-field communication equipment, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment.
Wherein, different current more new logo differences constantly, concrete, described current more new logo can for the current time corresponding identification, for example, if the current time be 02 month 21 12 o'clock sharp in 2013, then described current renewal is designated 201302211200, again for example, if the current time is 2013 02 month 11: 40 on the 21st, then described current renewal is designated 201302211140; Further, current dispersion factor can be the simple combination of device identification and current more new logo, for example, if device identification is abc123, current renewal is designated 201302211140, then the current dispersion factor of described certificate granting center acquisition can be abc123201302211140, and what provide for example is a kind of concrete execution mode, other execution mode is not limited.
Concrete, 101 can comprise: the current dispersion factor that periodically obtains described near-field communication equipment; Perhaps,
According to the key request of described near-field communication equipment, obtain the current dispersion factor of described near-field communication equipment.
The scene of this execution mode is, the certificate granting center periodically obtains the current dispersion factor of described near-field communication equipment, perhaps, the certificate granting center is according to the key request of described near-field communication equipment, obtain the current dispersion factor of described near-field communication equipment, perhaps further, the certificate granting center is on the basis of the current dispersion factor that periodically obtains described near-field communication equipment, can also obtain the current dispersion factor of described near-field communication equipment according to the key request of described near-field communication equipment.
Need to prove that in first kind of above-mentioned scene, the current more new logo in the current dispersion factor of described near-field communication equipment and another near-field communication equipment is identical, concrete, 101 execution cycle can determine that for example, getting the described cycle is 30 minutes according to need of work.Need to prove that equally the current dispersion factor of described acquisition in the various embodiments of the present invention is all represented, obtains current dispersion factor according to device identification and current more new logo, optional, described current more new logo is corresponding with the current time.
102, utilize local master key and the described current dispersion factor of storage in advance, obtain a plurality of current key of described near-field communication equipment.
Concrete, 102 can comprise: according to described master key and described current dispersion factor, disperse algorithm by China's finance integrated circuit card standard (the being called for short PBOC2.0 in the industry) key of standard and carry out the two-stage scatter operation, obtain a plurality of current key of described near-field communication equipment.
103, send described a plurality of current key to described near-field communication equipment, so that described near-field communication equipment carries out interactive authentication according to described a plurality of current key and other near-field communication equipments.
Concrete, describedly send described a plurality of current key to described near-field communication equipment and can comprise: send described a plurality of current key by aerial download technology (Over the Air Technology is called for short OTA) to described near-field communication equipment.
Wherein, described certificate granting center can be called the current dispersion factor corresponding with described current more new logo according to the current dispersion factor that current more new logo obtains; Accordingly, the current key according to this current dispersion factor obtains can be called the current key corresponding with described current more new logo.
The near-field communication authentication method that present embodiment provides, by being stored in the certificate granting center for the master key that obtains the near-field communication equipment current key, obtain the current key of near-field communication equipment according to described master key, and send described current key to described near-field communication equipment, so that described near-field communication equipment carries out the technical scheme of interactive authentication according to described a plurality of current key and other near-field communication equipments, solved the safety problem that is stored in the master key easy crack in the near-field communication equipment in the prior art and causes, the fail safe that effectively improves near-field communication.
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 2 provides for the embodiment of the invention two as shown in Figure 2, according to embodiment one described near-field communication authentication method, after 103, can also comprise:
201, receive first authentication request that described near-field communication equipment sends, described first authentication request is that another near-field communication equipment sends to described near-field communication equipment, and described first authentication request comprises the device identification of described first key to be certified and described another near-field communication equipment.
202, whether be one of a plurality of current key of described another near-field communication equipment by detecting described first key to be certified, described another near-field communication equipment is authenticated, obtain first authentication result.
Wherein, a plurality of current key of described another near-field communication equipment can be pre-stored in described certificate granting center, perhaps, can by described certificate granting center when receiving described first authentication request, obtain according to the master key of this locality storage and the current dispersion factor of described another near-field communication equipment.
In a kind of execution mode in back, 101 enforcement scene can for, the certificate granting center periodically obtains the current dispersion factor of described near-field communication equipment, perhaps, the certificate granting center is according to the key request of described near-field communication equipment, obtain the current dispersion factor of described near-field communication equipment, perhaps further, the certificate granting center is on the basis of the current dispersion factor that periodically obtains described near-field communication equipment, can also obtain the current dispersion factor of described near-field communication equipment according to the key request of described near-field communication equipment.Concrete, enforcement scene when 101 is back two kinds when implementing scenes, in a kind of execution mode in described back, the current more new logo of the current dispersion factor correspondence of described near-field communication equipment all can be preserved in described certificate granting center when obtaining the current dispersion factor of near-field communication equipment.
203, return described first authentication result to described near-field communication equipment.
Optionally, after 103, can also comprise:
The counting that initialization is the read-around ratio of authentification failure to described first authentication result;
Accordingly, after 202, can also comprise:
If the read-around ratio that described first authentication result is authentification failure greater than default threshold value, then obtains the current dispersion factor of described another near-field communication equipment;
Utilize the master key of local storage and the current dispersion factor of described another near-field communication equipment, obtain a plurality of current key of described another near-field communication equipment;
Send a plurality of current key of described another near-field communication equipment to described another near-field communication equipment, and described first authentication result of the initialization counting that is the read-around ratio of authentification failure.
Described threshold value can determine according to actual needs that for example, getting described threshold value is 5.
The application scenarios of present embodiment is, if the certificate granting center to the read-around ratio of certain near-field communication equipment authentification failure greater than certain value, there is the possibility of being attempted to crack in the current key of namely representing this near-field communication equipment, then described certificate granting center obtains the current dispersion factor of this near-field communication equipment, and obtains current key according to this current dispersion factor and send to this near-field communication equipment.
The near-field communication authentication method that present embodiment provides passes through, the certificate granting center is according to the authentication request of the near-field communication equipment that receives, whether be one of a plurality of current key of this near-field communication equipment by the key to be certified that detects in the described authentication request, realization authenticates near-field communication equipment, and in the read-around ratio of authentification failure during greater than default threshold value, regain the technical scheme of the current key of this near-field communication equipment, the possibility that effective key that reduces this near-field communication equipment is cracked, thereby the fail safe that further improves near-field communication.
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 3 provides for the embodiment of the invention three as shown in Figure 3, according to embodiment one described near-field communication authentication method, after 103, can also comprise:
301, receive the key call request that described near-field communication equipment sends, described key call request is that described near-field communication equipment sends after first authentication request that receives another near-field communication equipment transmission, and described first authentication request comprises the device identification of first key to be certified and described another near-field communication equipment;
302, send described master key to described near-field communication equipment, so that described near-field communication equipment authenticates described another near-field communication equipment according to described master key and described first authentication request.
Optionally, after 302, can also comprise:
Receive the key updating request of the device identification of carrying described another near-field communication equipment that described near-field communication equipment sends, to be described near-field communication equipment sending after greater than default threshold value the read-around ratio of described another near-field communication equipment authentification failure in described key updating request;
According to described key updating request, obtain the current dispersion factor of described another near-field communication equipment;
Utilize the master key of local storage and the current dispersion factor of described another near-field communication equipment, obtain a plurality of current key of described another near-field communication equipment;
Send a plurality of current key of described another near-field communication equipment to described another near-field communication equipment.
The near-field communication authentication method that present embodiment provides passes through, the certificate granting center is when receiving the key call request that the authentication request of near-field communication equipment according to another near-field communication equipment of receiving send, send the master key of local storage to described near-field communication equipment, thereby described near-field communication equipment is authenticated to another near-field communication equipment, and receiving described near-field communication equipment sends when detecting the read-around ratio of another near-field communication equipment authentification failure greater than default threshold value, when comprising the key updating request of device identification of described another near-field communication equipment, obtain the current key of described near-field communication equipment and send to the technical scheme of described another near-field communication equipment, the possibility that effective key that reduces this near-field communication equipment is cracked, thereby the fail safe that further improves near-field communication.
Optionally, according to the described near-field communication authentication method of above-mentioned arbitrary embodiment, before 103, can also comprise:
Send the key instruction to described near-field communication equipment;
Accordingly, 103 specifically can comprise:
If receive the key response that described near-field communication equipment returns according to described key instruction in the Preset Time after described transmission key instruction, then send described a plurality of current key to described near-field communication equipment.
Present embodiment is passed through, when the key response returned in the Preset Time that receives after near-field communication equipment is receiving the key instruction that the certificate granting center sends, then send the execution mode of current key to this near-field communication equipment, current reiving/transmitting state to near-field communication equipment detects in advance, thereby effectively guarantees the success rate that key sends.
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 4 provides for the embodiment of the invention four, as shown in Figure 4, described method comprises:
401, a plurality of current key of near-field communication equipment acceptance certificate authorization center transmission, described a plurality of current key master key that to be described certificate granting center store in advance according to this locality and the current dispersion factor of described near-field communication equipment obtain, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment.
In actual applications, described near-field communication equipment can be stored in described current key in the security module of equipment of itself, need to prove, the equipment of distinct device type, its security module may be different, specifically for instance, the security module of described near-field communication equipment can be for being arranged on the smart card in the described near-field communication equipment.
402, send second authentication request to another near-field communication equipment, described second authentication request comprises the device identification of one of described a plurality of current key and described near-field communication equipment, so that another near-field communication equipment authenticates described near-field communication equipment.
Optionally, after 402, can also comprise:
Receive first authentication request of the device identification that comprises first key to be certified and described another near-field communication equipment of described another near-field communication equipment transmission, described first authentication request is that described another near-field communication equipment sends after to described near-field communication equipment authentication success;
According to described first authentication request described another near-field communication equipment is authenticated;
If the authentication success to described another near-field communication equipment then connects with described another near-field communication equipment.
Usually, two near-field communication equipments need authenticate earlier before connecting mutually, if all successes of authentication mutually then connect.
In an embodiment of the present embodiment, describedly according to described first authentication request described another near-field communication equipment is authenticated, specifically can comprise:
Send described first authentication request to described certificate granting center, and receiving first authentication result that described certificate granting center is returned, described first authentication result is to return after described certificate granting center authenticates described another near-field communication equipment according to described first authentication request.
Concrete, the detailed process that the certificate granting center authenticates near-field communication equipment, similar to the related content among the embodiment one, present embodiment does not repeat them here.
In the another kind of execution mode of present embodiment, describedly according to described first authentication request described another near-field communication equipment is authenticated, specifically can comprise:
Send the key call request to described certificate granting center, and according to described master key and described first authentication request that described certificate granting center is returned described another near-field communication equipment is authenticated.
Optionally, under present embodiment, described second authentication request can also comprise the current more new logo of described near-field communication equipment, and described first authentication request can also comprise the current more new logo of described another near-field communication equipment; Described described master key and described first authentication request of returning according to described certificate granting center authenticates described another near-field communication equipment, specifically can comprise:
The described master key that returns according to described certificate granting center, current more new logo and described first authentication request of described another near-field communication equipment, obtain a plurality of current key of described another near-field communication equipment, and whether be one of a plurality of current key of described another near-field communication equipment by detecting described first key to be certified, described another near-field communication equipment is authenticated.
In the present embodiment after 401, the current time that described near-field communication equipment can also be when receiving the current key that described certificate granting center sends, determine the current more new logo of the described current key correspondence of self.Further, when described another near-field communication equipment is authenticated, with self the current more new logo of current key correspondence as the current more new logo of the current key correspondence of described another near-field communication equipment.Wherein, described near-field communication equipment receives the time of the current key of described certificate granting center transmission, generate with described certificate granting center that current more new logo time corresponding may exist the regular hour poor in the used current dispersion factor of the current key of described near-field communication equipment, that is, there is certain error in the current more new logo current more new logo corresponding with the current key reality of described near-field communication equipment of self current key correspondence of determining of described near-field communication equipment.Further, described certificate granting center generates in the used current dispersion factor of the current key of described near-field communication equipment that current more new logo time corresponding may exist the regular hour poor in the current more new logo time corresponding and the used current dispersion factor of the current key that generates described another near-field communication equipment, there is certain error in the actual corresponding current more new logo current more new logo corresponding with the current key reality of described another near-field communication equipment of current key that is described near-field communication equipment, therefore, in order further to improve the accuracy of authentication, can preestablish a time window, i.e. the error range of current more new logo.Corresponding, described described master key and described first authentication request of returning according to described certificate granting center authenticates described another near-field communication equipment, specifically can comprise:
Current more new logo and preset time window according to the described near-field communication equipment that prestores, obtain a plurality of more new logos that authenticate, described authenticate the value of new logo more be not less than the poor of described current more new logo and described preset time window and be not more than described current more new logo and described preset time window and;
According to the device identification of described another near-field communication equipment, described a plurality of more new logo and described master keys of authenticating, obtain a plurality of current key that authenticate of described another near-field communication equipment respectively, and whether be a plurality of one of current key that authenticate of described another near-field communication equipment by detecting described first key to be certified, described another near-field communication equipment is authenticated.
Wherein, described time window can be determined according to need of work, for example, if described time window is 2 minutes, then if the current renewal of described near-field communication equipment is designated 201302211200, then obtain a plurality ofly to authenticate more that new logo comprises 201302211158,201302211159,201302211200,201302211201 and 201302211202.
Optionally, after the described described master key that returns according to described certificate granting center and described first authentication request authenticate described another near-field communication, can also comprise:
If be that the read-around ratio of authentification failure is greater than default threshold value to the authentication result of described another near-field communication, then send the key updating request of the device identification of carrying described another near-field communication equipment to described certificate granting center, so that the current key of described another near-field communication equipment is upgraded at described certificate granting center according to described key updating request.
Wherein, described second authentication request can also comprise the current more new logo of described near-field communication equipment, and described first authentication request can also comprise the current more new logo of described another near-field communication equipment.
The application scenarios of above-mentioned steps can for, if near-field communication equipment to the read-around ratio of another near-field communication equipment authentification failure greater than default threshold value, there is the possibility of being attempted to crack in the current key of namely representing this another near-field communication equipment, and then described near-field communication equipment upgrades the current key of this another near-field communication equipment to the certificate granting center requests.
Optionally, in one embodiment, before 401, can also comprise:
Receive the key instruction that described certificate granting center sends, and respond to described certificate granting center " return " key".
Optionally, in another embodiment, before 401, can also comprise:
Send key request to the certificate granting center, so that described certificate granting center obtains the current dispersion factor of described near-field communication equipment according to described key request.
Under above-mentioned two kinds of execution modes, described second authentication request in the present embodiment can also comprise the current more new logo of described near-field communication equipment, and described first authentication request can also comprise the current more new logo of described another near-field communication equipment.
The near-field communication authentication method that present embodiment provides, by before near-field communication equipment and another near-field communication equipment connect, send the authentication request that comprises arbitrary current key that receives from the certificate granting center in advance to another near-field communication equipment, and after receiving the authentication request that described another near-field communication equipment returns, described another near-field communication equipment is carried out the authentication technology scheme, be implemented in near-field communication equipment and carry out interactive authentication earlier before connecting, thus the fail safe that effectively improves near-field communication.
The embodiment of the invention five provides another near-field communication authentication method, according to embodiment four described near-field communication authentication methods, before 402, can also comprise:
Receive first authentication request of the device identification that comprises first key to be certified and described another near-field communication equipment of another near-field communication equipment transmission;
According to described first authentication request described another near-field communication equipment is authenticated;
Then corresponding, 402 specifically comprise:
If the authentication success to described another near-field communication equipment then sends described second authentication request to described another near-field communication equipment.
Concrete, above-mentioned steps can be carried out before 401, perhaps carried out before 402 after 401, and present embodiment does not limit it.Wherein, described similar to the related content among the embodiment four to the concrete grammar that described another near-field communication equipment authenticates according to described first authentication request, so do not repeat them here.
Optionally, in the present embodiment, after the described described master key that returns according to described certificate granting center and described first authentication request authenticate described another near-field communication equipment, can also comprise:
If first authentication result is that the read-around ratio of authentification failure is greater than described threshold value, then send the key updating request of the device identification of carrying described another near-field communication equipment to described certificate granting center, so that the current key of described another near-field communication equipment is upgraded at described certificate granting center according to described key updating request.
The idiographic flow of each execution mode is similar to the related content among aforementioned each embodiment in the present embodiment, and present embodiment does not repeat them here.
The near-field communication authentication method that present embodiment provides, by the authentication request of near-field communication equipment according to another near-field communication equipment transmission, behind described another near-field communication equipment authentication success, the current key that receives from the certificate granting center according to this locality, send the authentication request that comprises arbitrary described current key to described another near-field communication equipment, to realize that described another near-field communication equipment carries out the technical scheme of interactive authentication, the fail safe that effectively improves near-field communication to described near-field communication equipment.
The structural representation at a kind of certificate granting center that Fig. 5 provides for the embodiment of the invention six, as shown in Figure 5, described certificate granting center comprises:
Sending module 53 is used for sending described a plurality of current key to described near-field communication equipment, so that described near-field communication equipment carries out interactive authentication according to described a plurality of current key and other near-field communication equipments.
Optionally, in an embodiment of the present embodiment, described certificate granting center can also comprise:
First receiver module, be used for receiving first authentication request that described near-field communication equipment sends, described first authentication request is that another near-field communication equipment sends to described near-field communication equipment, and described first authentication request comprises the device identification of described first key to be certified and described another near-field communication equipment;
Authentication module, whether be a plurality of current key of described another near-field communication equipment one of, described another near-field communication equipment is authenticated if being used for by detecting described first key to be certified, obtain first authentication result;
Sending module 53 also is used for returning described first authentication result to described near-field communication equipment.
Under present embodiment, processing module 52, the also counting that is the read-around ratio of authentification failure to described first authentication result for initialization;
Sending module 53 also is used for sending to described another near-field communication equipment a plurality of current key of described another near-field communication equipment, and described first authentication result of the initialization counting that is the read-around ratio of authentification failure.
Optionally, in the another kind of execution mode of present embodiment, described certificate granting center can also comprise: second receiver module, be used for receiving the key call request that described near-field communication equipment sends, described key call request is that described near-field communication equipment sends after first authentication request that receives another near-field communication equipment transmission, and described first authentication request comprises the device identification of first key to be certified and described another near-field communication equipment;
Sending module 53 also is used for sending described master key to described near-field communication equipment, so that described near-field communication equipment authenticates described another near-field communication equipment according to described master key and described first authentication request.
Under present embodiment, described second receiver module, also be used for to receive the key updating request of the device identification of carrying described another near-field communication equipment that described near-field communication equipment sends, to be described near-field communication equipment sending after greater than default threshold value the read-around ratio of described another near-field communication equipment authentification failure in described key updating request;
Sending module 53 also is used for to a plurality of current key of described another near-field communication equipment of described another near-field communication equipment transmission.
Optionally, in above-mentioned arbitrary execution mode, sending module 53 also is used for sending the key instruction to described near-field communication equipment; Described certificate granting center also comprises: the 3rd receiver module is used for receiving the key response that described near-field communication equipment returns according to described key instruction; Sending module 53 also is used for then sending described a plurality of current key to described near-field communication equipment if receive the key response that described near-field communication equipment returns according to described key instruction in the Preset Time after described transmission key instruction.
Optionally, acquisition module 51, the concrete current dispersion factor that is used for periodically obtaining described near-field communication equipment; Perhaps, according to the key request of described near-field communication equipment, obtain the current dispersion factor of described near-field communication equipment.
The certificate granting center that present embodiment provides, by being stored in described certificate granting center for the master key that obtains the near-field communication equipment current key, and described certificate granting center obtains the current key of near-field communication equipment according to described master key, and send described current key to described near-field communication equipment, so that described near-field communication equipment carries out the technical scheme of interactive authentication according to described a plurality of current key and other near-field communication equipments, solved the safety problem that is stored in the master key easy crack in the near-field communication equipment in the prior art and causes, the fail safe that effectively improves near-field communication.
The structural representation of a kind of near-field communication equipment that Fig. 6 provides for the embodiment of the invention seven, as shown in Figure 6, described near-field communication equipment comprises:
Sending module 62, be used for sending second authentication request to another near-field communication equipment, described second authentication request comprises the device identification of one of described a plurality of current key and described near-field communication equipment, so that another near-field communication equipment authenticates described near-field communication equipment.
Optionally, receiver module 61, also be used for first authentication request of the device identification that comprises first key to be certified and described another near-field communication equipment of described another near-field communication equipment transmission of reception, described first authentication request is that described another near-field communication equipment sends after to described near-field communication equipment authentication success;
Accordingly, described near-field communication equipment also comprises:
Authentication module is used for according to described first authentication request described another near-field communication equipment being authenticated;
Processing module is used for then connecting with described another near-field communication equipment as if the authentication success to described another near-field communication equipment.
Under above-mentioned arbitrary execution mode, receiver module 61 also is used for receiving the key instruction that described certificate granting center sends; Sending module 62 also is used for responding to described certificate granting center " return " key" according to described key instruction.
Under above-mentioned arbitrary execution mode, sending module 62 also is used for sending key request to the certificate granting center, so that described certificate granting center obtains the current dispersion factor of described near-field communication equipment according to described key request.
The near-field communication equipment that present embodiment provides, by before described near-field communication equipment and another near-field communication equipment connect, send the authentication request that comprises arbitrary current key that receives from the certificate granting center in advance to another near-field communication equipment, and after receiving the authentication request that described another near-field communication equipment returns, described another near-field communication equipment is carried out the authentication technology scheme, be implemented in near-field communication equipment and carry out interactive authentication earlier before connecting, thus the fail safe that effectively improves near-field communication.
The embodiment of the invention eight provides another kind of near-field communication equipment, according to embodiment seven described near-field communication equipments,
Described near-field communication equipment also comprises: authentication module is used for according to described first authentication request described another near-field communication equipment being authenticated;
Sending module 62, concrete being used for then sends described second authentication request to described another near-field communication equipment as if the authentication success to described another near-field communication equipment.
According to embodiment seven or embodiment eight described near-field communication equipments, described authentication module specifically can comprise:
First transmitting element is used for sending described first authentication request to the certificate granting center, so that described certificate granting center authenticates described another near-field communication equipment according to described first authentication request;
First receiving element is used for receiving first authentication result of returning after described certificate granting center authenticates described another near-field communication equipment according to described first authentication request;
Perhaps, described authentication module specifically can comprise:
Second transmitting element is used for to described certificate granting center transmission key call request;
Second receiving element is used for receiving the described master key that described certificate granting center is returned;
Authentication ' unit, the described master key and described first authentication request that are used for returning according to described certificate granting center authenticate described another near-field communication equipment.
In a kind of execution mode in back, described second transmitting element, also be used for if first authentication result is that the read-around ratio of authentification failure is greater than described threshold value, then send the key updating request of the device identification of carrying described another near-field communication equipment to described certificate granting center, so that the current key of described another near-field communication equipment is upgraded at described certificate granting center according to described key updating request.
The near-field communication equipment that present embodiment provides, by the authentication request of described near-field communication equipment according to another near-field communication equipment transmission, behind described another near-field communication equipment authentication success, the current key that receives from the certificate granting center according to this locality, send the authentication request that comprises arbitrary described current key to described another near-field communication equipment, to realize that described another near-field communication equipment carries out the technical scheme of interactive authentication, the fail safe that effectively improves near-field communication to described near-field communication equipment.
Need to prove that the certificate granting center that above-described embodiment provides and near-field communication equipment all can be realized the step of the near-field communication authentication method that the arbitrary embodiment of the present invention provides, the specific implementation method does not repeat them here.
One of ordinary skill in the art will appreciate that: all or part of step that realizes above-mentioned each method embodiment can be finished by the relevant hardware of program command.Aforesaid program can be stored in the computer read/write memory medium.This program is carried out the step that comprises above-mentioned each method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above each embodiment is not intended to limit only in order to technical scheme of the present invention to be described; Although the present invention has been described in detail with reference to aforementioned each embodiment, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment puts down in writing, and perhaps some or all of technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the scope of various embodiments of the present invention technical scheme.
Claims (14)
1. a near-field communication authentication method is characterized in that, comprising:
The certificate granting center obtains the current dispersion factor of near-field communication equipment, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Utilize local master key and the described current dispersion factor of storage in advance, obtain a plurality of current key of described near-field communication equipment;
Send described a plurality of current key to described near-field communication equipment, so that described near-field communication equipment carries out interactive authentication according to described a plurality of current key and other near-field communication equipments.
2. method according to claim 1 is characterized in that, and is described after described near-field communication equipment sends described a plurality of current key, also comprises:
Receive first authentication request that described near-field communication equipment sends, described first authentication request is that another near-field communication equipment sends to described near-field communication equipment, and described first authentication request comprises the device identification of described first key to be certified and described another near-field communication equipment;
Whether be one of a plurality of current key of described another near-field communication equipment by detecting described first key to be certified, described another near-field communication equipment is authenticated, obtain first authentication result;
Return described first authentication result to described near-field communication equipment.
3. method according to claim 1 and 2 is characterized in that, and is described after described near-field communication equipment sends described a plurality of current key, also comprises:
Receive the key call request that described near-field communication equipment sends, described key call request is that described near-field communication equipment sends after first authentication request that receives another near-field communication equipment transmission, and described first authentication request comprises the device identification of first key to be certified and described another near-field communication equipment;
Send described master key to described near-field communication equipment, so that described near-field communication equipment authenticates described another near-field communication equipment according to described master key and described first authentication request.
4. a near-field communication authentication method is characterized in that, comprising:
A plurality of current key that near-field communication equipment acceptance certificate authorization center sends, described a plurality of current key master key that to be described certificate granting center store in advance according to this locality and the current dispersion factor of described near-field communication equipment obtain, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Send second authentication request to another near-field communication equipment, described second authentication request comprises the device identification of one of described a plurality of current key and described near-field communication equipment, so that another near-field communication equipment authenticates described near-field communication equipment.
5. method according to claim 4 is characterized in that, and is described after another near-field communication equipment sends second authentication request, also comprises:
Receive first authentication request of the device identification that comprises first key to be certified and described another near-field communication equipment of described another near-field communication equipment transmission, described first authentication request is that described another near-field communication equipment sends after to described near-field communication equipment authentication success;
According to described first authentication request described another near-field communication equipment is authenticated;
If the authentication success to described another near-field communication equipment then connects with described another near-field communication equipment.
6. method according to claim 4 is characterized in that, described send second authentication request to another near-field communication equipment before, also comprise:
Receive first authentication request of the device identification that comprises first key to be certified and described another near-field communication equipment of another near-field communication equipment transmission;
According to described first authentication request described another near-field communication equipment is authenticated;
Describedly send second authentication request to another near-field communication equipment, specifically comprise:
If the authentication success to described another near-field communication equipment then sends described second authentication request to described another near-field communication equipment.
7. according to claim 5 or 6 described methods, it is characterized in that, describedly according to described first authentication request described another near-field communication equipment authenticated, specifically comprise:
Send described first authentication request to described certificate granting center, and receiving first authentication result that described certificate granting center is returned, described first authentication result is to return after described certificate granting center authenticates described another near-field communication equipment according to described first authentication request; Perhaps,
Send the key call request to described certificate granting center, and according to described master key and described first authentication request that described certificate granting center is returned described another near-field communication equipment is authenticated.
8. a certificate granting center is characterized in that, comprising:
Acquisition module, for the current dispersion factor that obtains near-field communication equipment, described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Processing module also is used for utilizing local master key and the described current dispersion factor of storage in advance, obtains a plurality of current key of described near-field communication equipment;
Sending module is used for sending described a plurality of current key to described near-field communication equipment, so that described near-field communication equipment carries out interactive authentication according to described a plurality of current key and other near-field communication equipments.
9. certificate granting according to claim 8 center is characterized in that described certificate granting center also comprises:
First receiver module, be used for receiving first authentication request that described near-field communication equipment sends, described first authentication request is that another near-field communication equipment sends to described near-field communication equipment, and described first authentication request comprises the device identification of described first key to be certified and described another near-field communication equipment;
Authentication module, whether be a plurality of current key of described another near-field communication equipment one of, described another near-field communication equipment is authenticated if being used for by detecting described first key to be certified, obtain first authentication result;
Described sending module also is used for returning described first authentication result to described near-field communication equipment.
10. according to Claim 8 or 9 described certificate granting centers, it is characterized in that described certificate granting center also comprises:
Second receiver module, be used for receiving the key call request that described near-field communication equipment sends, described key call request is that described near-field communication equipment sends after first authentication request that receives another near-field communication equipment transmission, and described first authentication request comprises the device identification of first key to be certified and described another near-field communication equipment;
Described sending module also is used for sending described master key to described near-field communication equipment, so that described near-field communication equipment authenticates described another near-field communication equipment according to described master key and described first authentication request.
11. a near-field communication equipment is characterized in that, comprising:
Receiver module, be used for a plurality of current key that the acceptance certificate authorization center sends, described a plurality of current key master key that to be described certificate granting center store in advance according to this locality and the current dispersion factor of described near-field communication equipment obtain, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Sending module, be used for sending second authentication request to another near-field communication equipment, described second authentication request comprises the device identification of one of described a plurality of current key and described near-field communication equipment, so that another near-field communication equipment authenticates described near-field communication equipment.
12. near-field communication equipment according to claim 11, it is characterized in that, described receiver module, also be used for first authentication request of the device identification that comprises first key to be certified and described another near-field communication equipment of described another near-field communication equipment transmission of reception, described first authentication request is that described another near-field communication equipment sends after to described near-field communication equipment authentication success;
Described near-field communication equipment also comprises:
Authentication module is used for according to described first authentication request described another near-field communication equipment being authenticated;
Processing module is used for then connecting with described another near-field communication equipment as if the authentication success to described another near-field communication equipment.
13. near-field communication equipment according to claim 11 is characterized in that,
Described receiver module also be used for to receive first authentication request of the device identification that comprises first key to be certified and described another near-field communication equipment that another near-field communication equipment sends;
Described near-field communication equipment also comprises:
Authentication module is used for according to described first authentication request described another near-field communication equipment being authenticated;
Described sending module, concrete being used for then sends described second authentication request to described another near-field communication equipment as if the authentication success to described another near-field communication equipment.
14. according to claim 12 or 13 described near-field communication equipments, it is characterized in that described authentication module specifically comprises:
First transmitting element is used for sending described first authentication request to described certificate granting center;
First receiving element is used for receiving first authentication result that described certificate granting center is returned, and described first authentication result is to return after described certificate granting center authenticates described another near-field communication equipment according to described first authentication request;
Perhaps, described authentication module specifically comprises:
Second transmitting element is used for to described certificate granting center transmission key call request;
Second receiving element is used for receiving the described master key that described certificate granting center is returned;
Authentication ' unit, the described master key and described first authentication request that are used for returning according to described certificate granting center authenticate described another near-field communication equipment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310155677.8A CN103248487B (en) | 2013-04-28 | 2013-04-28 | Near-field communication authentication method, certificate authority and near-field communication equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310155677.8A CN103248487B (en) | 2013-04-28 | 2013-04-28 | Near-field communication authentication method, certificate authority and near-field communication equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103248487A true CN103248487A (en) | 2013-08-14 |
CN103248487B CN103248487B (en) | 2015-11-25 |
Family
ID=48927723
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310155677.8A Active CN103248487B (en) | 2013-04-28 | 2013-04-28 | Near-field communication authentication method, certificate authority and near-field communication equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103248487B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106156592A (en) * | 2015-04-28 | 2016-11-23 | 北京智谷睿拓技术服务有限公司 | Exchange method and communication equipment |
CN107026833A (en) * | 2015-10-21 | 2017-08-08 | 福特全球技术公司 | Method for authorizing the software upgrading in motor vehicles |
CN110113153A (en) * | 2019-04-23 | 2019-08-09 | 深圳数字电视国家工程实验室股份有限公司 | NFC secret key updating method, terminal and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101739756A (en) * | 2008-11-10 | 2010-06-16 | 中兴通讯股份有限公司 | Method for generating secrete key of smart card |
CN101911581A (en) * | 2007-11-30 | 2010-12-08 | 三星电子株式会社 | Method and system for secure communication in near field communication network |
EP2490395A1 (en) * | 2011-02-14 | 2012-08-22 | Nxp B.V. | Method and system for access control for near field communication |
-
2013
- 2013-04-28 CN CN201310155677.8A patent/CN103248487B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101911581A (en) * | 2007-11-30 | 2010-12-08 | 三星电子株式会社 | Method and system for secure communication in near field communication network |
CN101739756A (en) * | 2008-11-10 | 2010-06-16 | 中兴通讯股份有限公司 | Method for generating secrete key of smart card |
EP2490395A1 (en) * | 2011-02-14 | 2012-08-22 | Nxp B.V. | Method and system for access control for near field communication |
Non-Patent Citations (1)
Title |
---|
苗雷: "基于智能卡的移动支付终端设计与实现", 《中国优秀硕士学位论文全文数据库(电子期刊)》, 15 November 2008 (2008-11-15), pages 136 - 407 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106156592A (en) * | 2015-04-28 | 2016-11-23 | 北京智谷睿拓技术服务有限公司 | Exchange method and communication equipment |
CN106156592B (en) * | 2015-04-28 | 2019-03-01 | 北京智谷睿拓技术服务有限公司 | Exchange method and communication equipment |
CN107026833A (en) * | 2015-10-21 | 2017-08-08 | 福特全球技术公司 | Method for authorizing the software upgrading in motor vehicles |
CN110113153A (en) * | 2019-04-23 | 2019-08-09 | 深圳数字电视国家工程实验室股份有限公司 | NFC secret key updating method, terminal and system |
Also Published As
Publication number | Publication date |
---|---|
CN103248487B (en) | 2015-11-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110473318B (en) | Unlocking method, equipment for realizing unlocking and computer readable medium | |
CN108462710B (en) | Authentication and authorization method, device, authentication server and machine-readable storage medium | |
US20190165947A1 (en) | Signatures for near field communications | |
CN101815291A (en) | Method and system for logging on client automatically | |
CN104243461A (en) | Mobile terminal network security authentication method, whole SD card and mobile terminal | |
CN103108327A (en) | Method, device and system of verification of safety association between terminal equipment and user card | |
CN103457922A (en) | Electronic authentication client-side system, processing method, electronic authentication system and method | |
CN101771680B (en) | Method for writing data to smart card, system and remote writing-card terminal | |
CN103107888B (en) | The identity identifying method that the dynamic multi-attribute of facing moving terminal is multi-level | |
CN104660401A (en) | Authentication method, authentication system and terminal | |
CN104935435A (en) | Login methods, terminal and application server | |
CN104363589A (en) | Identity authentication method, device and terminal | |
CN103369529A (en) | Identity authentication method, access point (AP) and access controller (AC) | |
CN111508111A (en) | Method, equipment and storage medium for binding intelligent lock | |
CN108768941B (en) | Method and device for remotely unlocking safety equipment | |
CN105516136A (en) | Authority management method, device and system | |
CN109214166A (en) | Smart machine authentication control method and system | |
CN103592927A (en) | Method for binding product server and service function through license | |
CN103596175A (en) | Mobile intelligent terminal certification system and method based on near field communication technology | |
CN103248487A (en) | Near field communication authentication method, certificate authorization center and near field communication equipment | |
US20180234412A1 (en) | Online authentication method based on smart card, smart card and authentication server | |
CN104270342B (en) | The access method and system of virtual desktop | |
TWI615783B (en) | Point-of-sale terminal mode switching method and device | |
KR20240026922A (en) | Cryptographic authentication to control access to storage devices | |
CN103049693A (en) | Method, device and system for using application program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |