CN103248487A - Near field communication authentication method, certificate authorization center and near field communication equipment - Google Patents

Near field communication authentication method, certificate authorization center and near field communication equipment Download PDF

Info

Publication number
CN103248487A
CN103248487A CN2013101556778A CN201310155677A CN103248487A CN 103248487 A CN103248487 A CN 103248487A CN 2013101556778 A CN2013101556778 A CN 2013101556778A CN 201310155677 A CN201310155677 A CN 201310155677A CN 103248487 A CN103248487 A CN 103248487A
Authority
CN
China
Prior art keywords
field communication
communication equipment
key
current
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2013101556778A
Other languages
Chinese (zh)
Other versions
CN103248487B (en
Inventor
李铭轩
王志军
顾旻霞
林敏�
王蓉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201310155677.8A priority Critical patent/CN103248487B/en
Publication of CN103248487A publication Critical patent/CN103248487A/en
Application granted granted Critical
Publication of CN103248487B publication Critical patent/CN103248487B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention provides a near field communication authentication method, a certificate authorization center and near field communication equipment. The method includes the following steps: the certificate authorization center obtains current scattering factors of the near field communication equipment, wherein the current scattering factors include an equipment mark of the near field communication equipment and the current updating mark; a locally prestored master key and the current scattering factors are used for obtaining a plurality of current secret keys of the near field communication equipment; and the current secret keys are sent to the near field communication equipment, so that the near field communication equipment can perform the interaction authentication. According to the invention, the certificate authorization center obtains the current secret keys of the near field communication equipment through the stored master key, and sends the current secret keys to the near field communication equipment, so that the solution of interaction authentication between the near field communication equipment and other near field communication equipment as per the current secret keys can solve the security problem caused by the fact that the master key stored in the near field communication equipment is easily decoded in the prior art, and the security of near field communication is effectively improved.

Description

Near-field communication authentication method, certificate granting center and near-field communication equipment
Technical field
The present invention relates to the communications field, relate in particular to a kind of near-field communication authentication method, certificate granting center and near-field communication equipment.
Background technology
Along with the equipment that possesses near field communication (NFC) function is popularized gradually, realize also all the more frequent of data transfer between devices by near-field communication.How guaranteeing the fail safe of near-field communication, is to need the problem that solves in the present near-field communication technical development process.
For this reason, existing solution is, task equipment by the business hall pre-deposits each equipment with master key, after this, when needing to communicate between each equipment when mutual, then can and set in advance the random number that the randomizer in this equipment generates according to the described master key that pre-deposits in this equipment, produce the session key of each communication by specific key decentralized algorithm, thereby realize the communication data between the equipment is encrypted, guarantee the fail safe of near-field communication.
But, in above-mentioned existing scheme, master key for generation of the session key that communication data is encrypted is stored in advance in equipment this locality, its possibility that is cracked is very big, even described master key is cracked, and then generates according to described master key, and the fail safe that is used for the session key of encryption of communicated data will can't guarantee equally, therefore, still there is very big potential safety hazard in this scheme.
Summary of the invention
The invention provides a kind of near-field communication authentication method, certificate granting center and near-field communication equipment, be used for to solve existing near-field communication technology, the master key easy crack in the near-field communication equipment and the safety problem that causes.
On the one hand, the invention provides a kind of near-field communication authentication method, comprising:
The certificate granting center obtains the current dispersion factor of near-field communication equipment, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Utilize local master key and the described current dispersion factor of storage in advance, obtain a plurality of current key of described near-field communication equipment;
Send described a plurality of current key to described near-field communication equipment, so that described near-field communication equipment carries out interactive authentication according to described a plurality of current key and other near-field communication equipments.
On the other hand, the invention provides a kind of certificate granting center, comprising:
Acquisition module, for the current dispersion factor that obtains near-field communication equipment, described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Processing module also is used for utilizing local master key and the described current dispersion factor of storage in advance, obtains a plurality of current key of described near-field communication equipment;
Sending module is used for sending described a plurality of current key to described near-field communication equipment, so that described near-field communication equipment carries out interactive authentication according to described a plurality of current key and other near-field communication equipments.
Another aspect the invention provides another kind of near-field communication authentication method, comprising:
A plurality of current key that near-field communication equipment acceptance certificate authorization center sends, described a plurality of current key master key that to be described certificate granting center store in advance according to this locality and the current dispersion factor of described near-field communication equipment obtain, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Send second authentication request to another near-field communication equipment, described second authentication request comprises the device identification of one of described a plurality of current key and described near-field communication equipment, so that another near-field communication equipment authenticates described near-field communication equipment.
Another aspect the invention provides a kind of near-field communication equipment, comprising:
Receiver module, be used for a plurality of current key that the acceptance certificate authorization center sends, described a plurality of current key master key that to be described certificate granting center store in advance according to this locality and the current dispersion factor of described near-field communication equipment obtain, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Sending module, be used for sending second authentication request to another near-field communication equipment, described second authentication request comprises the device identification of one of described a plurality of current key and described near-field communication equipment, so that another near-field communication equipment authenticates described near-field communication equipment.
Near-field communication authentication method provided by the invention, certificate granting center and near-field communication equipment, by being stored in the certificate granting center for the master key that obtains the near-field communication equipment current key, obtain the current key of described near-field communication equipment according to described master key, and send described current key to described near-field communication equipment, so that described near-field communication equipment carries out the technical scheme of interactive authentication according to described a plurality of current key and other near-field communication equipments, solved the safety problem that is stored in the master key easy crack in the near-field communication equipment in the prior art and causes, the fail safe that effectively improves near-field communication.
Description of drawings
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 1 provides for the embodiment of the invention one;
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 2 provides for the embodiment of the invention two;
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 3 provides for the embodiment of the invention three;
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 4 provides for the embodiment of the invention four;
The structural representation at a kind of certificate granting center that Fig. 5 provides for the embodiment of the invention six;
The structural representation of a kind of near-field communication equipment that Fig. 6 provides for the embodiment of the invention seven.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention is clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described.
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 1 provides for the embodiment of the invention one, as shown in Figure 1, described method comprises:
101, the certificate granting center obtains the current dispersion factor of near-field communication equipment, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment.
Wherein, different current more new logo differences constantly, concrete, described current more new logo can for the current time corresponding identification, for example, if the current time be 02 month 21 12 o'clock sharp in 2013, then described current renewal is designated 201302211200, again for example, if the current time is 2013 02 month 11: 40 on the 21st, then described current renewal is designated 201302211140; Further, current dispersion factor can be the simple combination of device identification and current more new logo, for example, if device identification is abc123, current renewal is designated 201302211140, then the current dispersion factor of described certificate granting center acquisition can be abc123201302211140, and what provide for example is a kind of concrete execution mode, other execution mode is not limited.
Concrete, 101 can comprise: the current dispersion factor that periodically obtains described near-field communication equipment; Perhaps,
According to the key request of described near-field communication equipment, obtain the current dispersion factor of described near-field communication equipment.
The scene of this execution mode is, the certificate granting center periodically obtains the current dispersion factor of described near-field communication equipment, perhaps, the certificate granting center is according to the key request of described near-field communication equipment, obtain the current dispersion factor of described near-field communication equipment, perhaps further, the certificate granting center is on the basis of the current dispersion factor that periodically obtains described near-field communication equipment, can also obtain the current dispersion factor of described near-field communication equipment according to the key request of described near-field communication equipment.
Need to prove that in first kind of above-mentioned scene, the current more new logo in the current dispersion factor of described near-field communication equipment and another near-field communication equipment is identical, concrete, 101 execution cycle can determine that for example, getting the described cycle is 30 minutes according to need of work.Need to prove that equally the current dispersion factor of described acquisition in the various embodiments of the present invention is all represented, obtains current dispersion factor according to device identification and current more new logo, optional, described current more new logo is corresponding with the current time.
102, utilize local master key and the described current dispersion factor of storage in advance, obtain a plurality of current key of described near-field communication equipment.
Concrete, 102 can comprise: according to described master key and described current dispersion factor, disperse algorithm by China's finance integrated circuit card standard (the being called for short PBOC2.0 in the industry) key of standard and carry out the two-stage scatter operation, obtain a plurality of current key of described near-field communication equipment.
103, send described a plurality of current key to described near-field communication equipment, so that described near-field communication equipment carries out interactive authentication according to described a plurality of current key and other near-field communication equipments.
Concrete, describedly send described a plurality of current key to described near-field communication equipment and can comprise: send described a plurality of current key by aerial download technology (Over the Air Technology is called for short OTA) to described near-field communication equipment.
Wherein, described certificate granting center can be called the current dispersion factor corresponding with described current more new logo according to the current dispersion factor that current more new logo obtains; Accordingly, the current key according to this current dispersion factor obtains can be called the current key corresponding with described current more new logo.
The near-field communication authentication method that present embodiment provides, by being stored in the certificate granting center for the master key that obtains the near-field communication equipment current key, obtain the current key of near-field communication equipment according to described master key, and send described current key to described near-field communication equipment, so that described near-field communication equipment carries out the technical scheme of interactive authentication according to described a plurality of current key and other near-field communication equipments, solved the safety problem that is stored in the master key easy crack in the near-field communication equipment in the prior art and causes, the fail safe that effectively improves near-field communication.
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 2 provides for the embodiment of the invention two as shown in Figure 2, according to embodiment one described near-field communication authentication method, after 103, can also comprise:
201, receive first authentication request that described near-field communication equipment sends, described first authentication request is that another near-field communication equipment sends to described near-field communication equipment, and described first authentication request comprises the device identification of described first key to be certified and described another near-field communication equipment.
202, whether be one of a plurality of current key of described another near-field communication equipment by detecting described first key to be certified, described another near-field communication equipment is authenticated, obtain first authentication result.
Wherein, a plurality of current key of described another near-field communication equipment can be pre-stored in described certificate granting center, perhaps, can by described certificate granting center when receiving described first authentication request, obtain according to the master key of this locality storage and the current dispersion factor of described another near-field communication equipment.
In a kind of execution mode in back, 101 enforcement scene can for, the certificate granting center periodically obtains the current dispersion factor of described near-field communication equipment, perhaps, the certificate granting center is according to the key request of described near-field communication equipment, obtain the current dispersion factor of described near-field communication equipment, perhaps further, the certificate granting center is on the basis of the current dispersion factor that periodically obtains described near-field communication equipment, can also obtain the current dispersion factor of described near-field communication equipment according to the key request of described near-field communication equipment.Concrete, enforcement scene when 101 is back two kinds when implementing scenes, in a kind of execution mode in described back, the current more new logo of the current dispersion factor correspondence of described near-field communication equipment all can be preserved in described certificate granting center when obtaining the current dispersion factor of near-field communication equipment.
203, return described first authentication result to described near-field communication equipment.
Optionally, after 103, can also comprise:
The counting that initialization is the read-around ratio of authentification failure to described first authentication result;
Accordingly, after 202, can also comprise:
If the read-around ratio that described first authentication result is authentification failure greater than default threshold value, then obtains the current dispersion factor of described another near-field communication equipment;
Utilize the master key of local storage and the current dispersion factor of described another near-field communication equipment, obtain a plurality of current key of described another near-field communication equipment;
Send a plurality of current key of described another near-field communication equipment to described another near-field communication equipment, and described first authentication result of the initialization counting that is the read-around ratio of authentification failure.
Described threshold value can determine according to actual needs that for example, getting described threshold value is 5.
The application scenarios of present embodiment is, if the certificate granting center to the read-around ratio of certain near-field communication equipment authentification failure greater than certain value, there is the possibility of being attempted to crack in the current key of namely representing this near-field communication equipment, then described certificate granting center obtains the current dispersion factor of this near-field communication equipment, and obtains current key according to this current dispersion factor and send to this near-field communication equipment.
The near-field communication authentication method that present embodiment provides passes through, the certificate granting center is according to the authentication request of the near-field communication equipment that receives, whether be one of a plurality of current key of this near-field communication equipment by the key to be certified that detects in the described authentication request, realization authenticates near-field communication equipment, and in the read-around ratio of authentification failure during greater than default threshold value, regain the technical scheme of the current key of this near-field communication equipment, the possibility that effective key that reduces this near-field communication equipment is cracked, thereby the fail safe that further improves near-field communication.
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 3 provides for the embodiment of the invention three as shown in Figure 3, according to embodiment one described near-field communication authentication method, after 103, can also comprise:
301, receive the key call request that described near-field communication equipment sends, described key call request is that described near-field communication equipment sends after first authentication request that receives another near-field communication equipment transmission, and described first authentication request comprises the device identification of first key to be certified and described another near-field communication equipment;
302, send described master key to described near-field communication equipment, so that described near-field communication equipment authenticates described another near-field communication equipment according to described master key and described first authentication request.
Optionally, after 302, can also comprise:
Receive the key updating request of the device identification of carrying described another near-field communication equipment that described near-field communication equipment sends, to be described near-field communication equipment sending after greater than default threshold value the read-around ratio of described another near-field communication equipment authentification failure in described key updating request;
According to described key updating request, obtain the current dispersion factor of described another near-field communication equipment;
Utilize the master key of local storage and the current dispersion factor of described another near-field communication equipment, obtain a plurality of current key of described another near-field communication equipment;
Send a plurality of current key of described another near-field communication equipment to described another near-field communication equipment.
The near-field communication authentication method that present embodiment provides passes through, the certificate granting center is when receiving the key call request that the authentication request of near-field communication equipment according to another near-field communication equipment of receiving send, send the master key of local storage to described near-field communication equipment, thereby described near-field communication equipment is authenticated to another near-field communication equipment, and receiving described near-field communication equipment sends when detecting the read-around ratio of another near-field communication equipment authentification failure greater than default threshold value, when comprising the key updating request of device identification of described another near-field communication equipment, obtain the current key of described near-field communication equipment and send to the technical scheme of described another near-field communication equipment, the possibility that effective key that reduces this near-field communication equipment is cracked, thereby the fail safe that further improves near-field communication.
Optionally, according to the described near-field communication authentication method of above-mentioned arbitrary embodiment, before 103, can also comprise:
Send the key instruction to described near-field communication equipment;
Accordingly, 103 specifically can comprise:
If receive the key response that described near-field communication equipment returns according to described key instruction in the Preset Time after described transmission key instruction, then send described a plurality of current key to described near-field communication equipment.
Present embodiment is passed through, when the key response returned in the Preset Time that receives after near-field communication equipment is receiving the key instruction that the certificate granting center sends, then send the execution mode of current key to this near-field communication equipment, current reiving/transmitting state to near-field communication equipment detects in advance, thereby effectively guarantees the success rate that key sends.
The schematic flow sheet of a kind of near-field communication authentication method that Fig. 4 provides for the embodiment of the invention four, as shown in Figure 4, described method comprises:
401, a plurality of current key of near-field communication equipment acceptance certificate authorization center transmission, described a plurality of current key master key that to be described certificate granting center store in advance according to this locality and the current dispersion factor of described near-field communication equipment obtain, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment.
In actual applications, described near-field communication equipment can be stored in described current key in the security module of equipment of itself, need to prove, the equipment of distinct device type, its security module may be different, specifically for instance, the security module of described near-field communication equipment can be for being arranged on the smart card in the described near-field communication equipment.
402, send second authentication request to another near-field communication equipment, described second authentication request comprises the device identification of one of described a plurality of current key and described near-field communication equipment, so that another near-field communication equipment authenticates described near-field communication equipment.
Optionally, after 402, can also comprise:
Receive first authentication request of the device identification that comprises first key to be certified and described another near-field communication equipment of described another near-field communication equipment transmission, described first authentication request is that described another near-field communication equipment sends after to described near-field communication equipment authentication success;
According to described first authentication request described another near-field communication equipment is authenticated;
If the authentication success to described another near-field communication equipment then connects with described another near-field communication equipment.
Usually, two near-field communication equipments need authenticate earlier before connecting mutually, if all successes of authentication mutually then connect.
In an embodiment of the present embodiment, describedly according to described first authentication request described another near-field communication equipment is authenticated, specifically can comprise:
Send described first authentication request to described certificate granting center, and receiving first authentication result that described certificate granting center is returned, described first authentication result is to return after described certificate granting center authenticates described another near-field communication equipment according to described first authentication request.
Concrete, the detailed process that the certificate granting center authenticates near-field communication equipment, similar to the related content among the embodiment one, present embodiment does not repeat them here.
In the another kind of execution mode of present embodiment, describedly according to described first authentication request described another near-field communication equipment is authenticated, specifically can comprise:
Send the key call request to described certificate granting center, and according to described master key and described first authentication request that described certificate granting center is returned described another near-field communication equipment is authenticated.
Optionally, under present embodiment, described second authentication request can also comprise the current more new logo of described near-field communication equipment, and described first authentication request can also comprise the current more new logo of described another near-field communication equipment; Described described master key and described first authentication request of returning according to described certificate granting center authenticates described another near-field communication equipment, specifically can comprise:
The described master key that returns according to described certificate granting center, current more new logo and described first authentication request of described another near-field communication equipment, obtain a plurality of current key of described another near-field communication equipment, and whether be one of a plurality of current key of described another near-field communication equipment by detecting described first key to be certified, described another near-field communication equipment is authenticated.
In the present embodiment after 401, the current time that described near-field communication equipment can also be when receiving the current key that described certificate granting center sends, determine the current more new logo of the described current key correspondence of self.Further, when described another near-field communication equipment is authenticated, with self the current more new logo of current key correspondence as the current more new logo of the current key correspondence of described another near-field communication equipment.Wherein, described near-field communication equipment receives the time of the current key of described certificate granting center transmission, generate with described certificate granting center that current more new logo time corresponding may exist the regular hour poor in the used current dispersion factor of the current key of described near-field communication equipment, that is, there is certain error in the current more new logo current more new logo corresponding with the current key reality of described near-field communication equipment of self current key correspondence of determining of described near-field communication equipment.Further, described certificate granting center generates in the used current dispersion factor of the current key of described near-field communication equipment that current more new logo time corresponding may exist the regular hour poor in the current more new logo time corresponding and the used current dispersion factor of the current key that generates described another near-field communication equipment, there is certain error in the actual corresponding current more new logo current more new logo corresponding with the current key reality of described another near-field communication equipment of current key that is described near-field communication equipment, therefore, in order further to improve the accuracy of authentication, can preestablish a time window, i.e. the error range of current more new logo.Corresponding, described described master key and described first authentication request of returning according to described certificate granting center authenticates described another near-field communication equipment, specifically can comprise:
Current more new logo and preset time window according to the described near-field communication equipment that prestores, obtain a plurality of more new logos that authenticate, described authenticate the value of new logo more be not less than the poor of described current more new logo and described preset time window and be not more than described current more new logo and described preset time window and;
According to the device identification of described another near-field communication equipment, described a plurality of more new logo and described master keys of authenticating, obtain a plurality of current key that authenticate of described another near-field communication equipment respectively, and whether be a plurality of one of current key that authenticate of described another near-field communication equipment by detecting described first key to be certified, described another near-field communication equipment is authenticated.
Wherein, described time window can be determined according to need of work, for example, if described time window is 2 minutes, then if the current renewal of described near-field communication equipment is designated 201302211200, then obtain a plurality ofly to authenticate more that new logo comprises 201302211158,201302211159,201302211200,201302211201 and 201302211202.
Optionally, after the described described master key that returns according to described certificate granting center and described first authentication request authenticate described another near-field communication, can also comprise:
If be that the read-around ratio of authentification failure is greater than default threshold value to the authentication result of described another near-field communication, then send the key updating request of the device identification of carrying described another near-field communication equipment to described certificate granting center, so that the current key of described another near-field communication equipment is upgraded at described certificate granting center according to described key updating request.
Wherein, described second authentication request can also comprise the current more new logo of described near-field communication equipment, and described first authentication request can also comprise the current more new logo of described another near-field communication equipment.
The application scenarios of above-mentioned steps can for, if near-field communication equipment to the read-around ratio of another near-field communication equipment authentification failure greater than default threshold value, there is the possibility of being attempted to crack in the current key of namely representing this another near-field communication equipment, and then described near-field communication equipment upgrades the current key of this another near-field communication equipment to the certificate granting center requests.
Optionally, in one embodiment, before 401, can also comprise:
Receive the key instruction that described certificate granting center sends, and respond to described certificate granting center " return " key".
Optionally, in another embodiment, before 401, can also comprise:
Send key request to the certificate granting center, so that described certificate granting center obtains the current dispersion factor of described near-field communication equipment according to described key request.
Under above-mentioned two kinds of execution modes, described second authentication request in the present embodiment can also comprise the current more new logo of described near-field communication equipment, and described first authentication request can also comprise the current more new logo of described another near-field communication equipment.
The near-field communication authentication method that present embodiment provides, by before near-field communication equipment and another near-field communication equipment connect, send the authentication request that comprises arbitrary current key that receives from the certificate granting center in advance to another near-field communication equipment, and after receiving the authentication request that described another near-field communication equipment returns, described another near-field communication equipment is carried out the authentication technology scheme, be implemented in near-field communication equipment and carry out interactive authentication earlier before connecting, thus the fail safe that effectively improves near-field communication.
The embodiment of the invention five provides another near-field communication authentication method, according to embodiment four described near-field communication authentication methods, before 402, can also comprise:
Receive first authentication request of the device identification that comprises first key to be certified and described another near-field communication equipment of another near-field communication equipment transmission;
According to described first authentication request described another near-field communication equipment is authenticated;
Then corresponding, 402 specifically comprise:
If the authentication success to described another near-field communication equipment then sends described second authentication request to described another near-field communication equipment.
Concrete, above-mentioned steps can be carried out before 401, perhaps carried out before 402 after 401, and present embodiment does not limit it.Wherein, described similar to the related content among the embodiment four to the concrete grammar that described another near-field communication equipment authenticates according to described first authentication request, so do not repeat them here.
Optionally, in the present embodiment, after the described described master key that returns according to described certificate granting center and described first authentication request authenticate described another near-field communication equipment, can also comprise:
If first authentication result is that the read-around ratio of authentification failure is greater than described threshold value, then send the key updating request of the device identification of carrying described another near-field communication equipment to described certificate granting center, so that the current key of described another near-field communication equipment is upgraded at described certificate granting center according to described key updating request.
The idiographic flow of each execution mode is similar to the related content among aforementioned each embodiment in the present embodiment, and present embodiment does not repeat them here.
The near-field communication authentication method that present embodiment provides, by the authentication request of near-field communication equipment according to another near-field communication equipment transmission, behind described another near-field communication equipment authentication success, the current key that receives from the certificate granting center according to this locality, send the authentication request that comprises arbitrary described current key to described another near-field communication equipment, to realize that described another near-field communication equipment carries out the technical scheme of interactive authentication, the fail safe that effectively improves near-field communication to described near-field communication equipment.
The structural representation at a kind of certificate granting center that Fig. 5 provides for the embodiment of the invention six, as shown in Figure 5, described certificate granting center comprises:
Acquisition module 51, for the current dispersion factor that obtains near-field communication equipment, described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Processing module 52 also is used for utilizing local master key and the described current dispersion factor of storage in advance, obtains a plurality of current key of described near-field communication equipment;
Sending module 53 is used for sending described a plurality of current key to described near-field communication equipment, so that described near-field communication equipment carries out interactive authentication according to described a plurality of current key and other near-field communication equipments.
Optionally, in an embodiment of the present embodiment, described certificate granting center can also comprise:
First receiver module, be used for receiving first authentication request that described near-field communication equipment sends, described first authentication request is that another near-field communication equipment sends to described near-field communication equipment, and described first authentication request comprises the device identification of described first key to be certified and described another near-field communication equipment;
Authentication module, whether be a plurality of current key of described another near-field communication equipment one of, described another near-field communication equipment is authenticated if being used for by detecting described first key to be certified, obtain first authentication result;
Sending module 53 also is used for returning described first authentication result to described near-field communication equipment.
Under present embodiment, processing module 52, the also counting that is the read-around ratio of authentification failure to described first authentication result for initialization;
Acquisition module 51 also is used for if the read-around ratio that described first authentication result is authentification failure greater than default threshold value, then obtains the current dispersion factor of described another near-field communication equipment;
Processing module 52 also is used for utilizing the master key of local storage and the current dispersion factor of described another near-field communication equipment, obtains a plurality of current key of described another near-field communication equipment;
Sending module 53 also is used for sending to described another near-field communication equipment a plurality of current key of described another near-field communication equipment, and described first authentication result of the initialization counting that is the read-around ratio of authentification failure.
Optionally, in the another kind of execution mode of present embodiment, described certificate granting center can also comprise: second receiver module, be used for receiving the key call request that described near-field communication equipment sends, described key call request is that described near-field communication equipment sends after first authentication request that receives another near-field communication equipment transmission, and described first authentication request comprises the device identification of first key to be certified and described another near-field communication equipment;
Sending module 53 also is used for sending described master key to described near-field communication equipment, so that described near-field communication equipment authenticates described another near-field communication equipment according to described master key and described first authentication request.
Under present embodiment, described second receiver module, also be used for to receive the key updating request of the device identification of carrying described another near-field communication equipment that described near-field communication equipment sends, to be described near-field communication equipment sending after greater than default threshold value the read-around ratio of described another near-field communication equipment authentification failure in described key updating request;
Acquisition module 51 also is used for according to described key updating request, obtains the current dispersion factor of described another near-field communication equipment;
Processing module 52 also is used for utilizing the master key of local storage and the current dispersion factor of described another near-field communication equipment, obtains a plurality of current key of described another near-field communication equipment;
Sending module 53 also is used for to a plurality of current key of described another near-field communication equipment of described another near-field communication equipment transmission.
Optionally, in above-mentioned arbitrary execution mode, sending module 53 also is used for sending the key instruction to described near-field communication equipment; Described certificate granting center also comprises: the 3rd receiver module is used for receiving the key response that described near-field communication equipment returns according to described key instruction; Sending module 53 also is used for then sending described a plurality of current key to described near-field communication equipment if receive the key response that described near-field communication equipment returns according to described key instruction in the Preset Time after described transmission key instruction.
Optionally, acquisition module 51, the concrete current dispersion factor that is used for periodically obtaining described near-field communication equipment; Perhaps, according to the key request of described near-field communication equipment, obtain the current dispersion factor of described near-field communication equipment.
The certificate granting center that present embodiment provides, by being stored in described certificate granting center for the master key that obtains the near-field communication equipment current key, and described certificate granting center obtains the current key of near-field communication equipment according to described master key, and send described current key to described near-field communication equipment, so that described near-field communication equipment carries out the technical scheme of interactive authentication according to described a plurality of current key and other near-field communication equipments, solved the safety problem that is stored in the master key easy crack in the near-field communication equipment in the prior art and causes, the fail safe that effectively improves near-field communication.
The structural representation of a kind of near-field communication equipment that Fig. 6 provides for the embodiment of the invention seven, as shown in Figure 6, described near-field communication equipment comprises:
Receiver module 61, be used for a plurality of current key that the acceptance certificate authorization center sends, described a plurality of current key master key that to be described certificate granting center store in advance according to this locality and the current dispersion factor of described near-field communication equipment obtain, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Sending module 62, be used for sending second authentication request to another near-field communication equipment, described second authentication request comprises the device identification of one of described a plurality of current key and described near-field communication equipment, so that another near-field communication equipment authenticates described near-field communication equipment.
Optionally, receiver module 61, also be used for first authentication request of the device identification that comprises first key to be certified and described another near-field communication equipment of described another near-field communication equipment transmission of reception, described first authentication request is that described another near-field communication equipment sends after to described near-field communication equipment authentication success;
Accordingly, described near-field communication equipment also comprises:
Authentication module is used for according to described first authentication request described another near-field communication equipment being authenticated;
Processing module is used for then connecting with described another near-field communication equipment as if the authentication success to described another near-field communication equipment.
Under above-mentioned arbitrary execution mode, receiver module 61 also is used for receiving the key instruction that described certificate granting center sends; Sending module 62 also is used for responding to described certificate granting center " return " key" according to described key instruction.
Under above-mentioned arbitrary execution mode, sending module 62 also is used for sending key request to the certificate granting center, so that described certificate granting center obtains the current dispersion factor of described near-field communication equipment according to described key request.
The near-field communication equipment that present embodiment provides, by before described near-field communication equipment and another near-field communication equipment connect, send the authentication request that comprises arbitrary current key that receives from the certificate granting center in advance to another near-field communication equipment, and after receiving the authentication request that described another near-field communication equipment returns, described another near-field communication equipment is carried out the authentication technology scheme, be implemented in near-field communication equipment and carry out interactive authentication earlier before connecting, thus the fail safe that effectively improves near-field communication.
The embodiment of the invention eight provides another kind of near-field communication equipment, according to embodiment seven described near-field communication equipments,
Receiver module 61 also be used for to receive first authentication request of the device identification that comprises first key to be certified and described another near-field communication equipment that another near-field communication equipment sends;
Described near-field communication equipment also comprises: authentication module is used for according to described first authentication request described another near-field communication equipment being authenticated;
Sending module 62, concrete being used for then sends described second authentication request to described another near-field communication equipment as if the authentication success to described another near-field communication equipment.
According to embodiment seven or embodiment eight described near-field communication equipments, described authentication module specifically can comprise:
First transmitting element is used for sending described first authentication request to the certificate granting center, so that described certificate granting center authenticates described another near-field communication equipment according to described first authentication request;
First receiving element is used for receiving first authentication result of returning after described certificate granting center authenticates described another near-field communication equipment according to described first authentication request;
Perhaps, described authentication module specifically can comprise:
Second transmitting element is used for to described certificate granting center transmission key call request;
Second receiving element is used for receiving the described master key that described certificate granting center is returned;
Authentication ' unit, the described master key and described first authentication request that are used for returning according to described certificate granting center authenticate described another near-field communication equipment.
In a kind of execution mode in back, described second transmitting element, also be used for if first authentication result is that the read-around ratio of authentification failure is greater than described threshold value, then send the key updating request of the device identification of carrying described another near-field communication equipment to described certificate granting center, so that the current key of described another near-field communication equipment is upgraded at described certificate granting center according to described key updating request.
The near-field communication equipment that present embodiment provides, by the authentication request of described near-field communication equipment according to another near-field communication equipment transmission, behind described another near-field communication equipment authentication success, the current key that receives from the certificate granting center according to this locality, send the authentication request that comprises arbitrary described current key to described another near-field communication equipment, to realize that described another near-field communication equipment carries out the technical scheme of interactive authentication, the fail safe that effectively improves near-field communication to described near-field communication equipment.
Need to prove that the certificate granting center that above-described embodiment provides and near-field communication equipment all can be realized the step of the near-field communication authentication method that the arbitrary embodiment of the present invention provides, the specific implementation method does not repeat them here.
One of ordinary skill in the art will appreciate that: all or part of step that realizes above-mentioned each method embodiment can be finished by the relevant hardware of program command.Aforesaid program can be stored in the computer read/write memory medium.This program is carried out the step that comprises above-mentioned each method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above each embodiment is not intended to limit only in order to technical scheme of the present invention to be described; Although the present invention has been described in detail with reference to aforementioned each embodiment, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment puts down in writing, and perhaps some or all of technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the scope of various embodiments of the present invention technical scheme.

Claims (14)

1. a near-field communication authentication method is characterized in that, comprising:
The certificate granting center obtains the current dispersion factor of near-field communication equipment, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Utilize local master key and the described current dispersion factor of storage in advance, obtain a plurality of current key of described near-field communication equipment;
Send described a plurality of current key to described near-field communication equipment, so that described near-field communication equipment carries out interactive authentication according to described a plurality of current key and other near-field communication equipments.
2. method according to claim 1 is characterized in that, and is described after described near-field communication equipment sends described a plurality of current key, also comprises:
Receive first authentication request that described near-field communication equipment sends, described first authentication request is that another near-field communication equipment sends to described near-field communication equipment, and described first authentication request comprises the device identification of described first key to be certified and described another near-field communication equipment;
Whether be one of a plurality of current key of described another near-field communication equipment by detecting described first key to be certified, described another near-field communication equipment is authenticated, obtain first authentication result;
Return described first authentication result to described near-field communication equipment.
3. method according to claim 1 and 2 is characterized in that, and is described after described near-field communication equipment sends described a plurality of current key, also comprises:
Receive the key call request that described near-field communication equipment sends, described key call request is that described near-field communication equipment sends after first authentication request that receives another near-field communication equipment transmission, and described first authentication request comprises the device identification of first key to be certified and described another near-field communication equipment;
Send described master key to described near-field communication equipment, so that described near-field communication equipment authenticates described another near-field communication equipment according to described master key and described first authentication request.
4. a near-field communication authentication method is characterized in that, comprising:
A plurality of current key that near-field communication equipment acceptance certificate authorization center sends, described a plurality of current key master key that to be described certificate granting center store in advance according to this locality and the current dispersion factor of described near-field communication equipment obtain, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Send second authentication request to another near-field communication equipment, described second authentication request comprises the device identification of one of described a plurality of current key and described near-field communication equipment, so that another near-field communication equipment authenticates described near-field communication equipment.
5. method according to claim 4 is characterized in that, and is described after another near-field communication equipment sends second authentication request, also comprises:
Receive first authentication request of the device identification that comprises first key to be certified and described another near-field communication equipment of described another near-field communication equipment transmission, described first authentication request is that described another near-field communication equipment sends after to described near-field communication equipment authentication success;
According to described first authentication request described another near-field communication equipment is authenticated;
If the authentication success to described another near-field communication equipment then connects with described another near-field communication equipment.
6. method according to claim 4 is characterized in that, described send second authentication request to another near-field communication equipment before, also comprise:
Receive first authentication request of the device identification that comprises first key to be certified and described another near-field communication equipment of another near-field communication equipment transmission;
According to described first authentication request described another near-field communication equipment is authenticated;
Describedly send second authentication request to another near-field communication equipment, specifically comprise:
If the authentication success to described another near-field communication equipment then sends described second authentication request to described another near-field communication equipment.
7. according to claim 5 or 6 described methods, it is characterized in that, describedly according to described first authentication request described another near-field communication equipment authenticated, specifically comprise:
Send described first authentication request to described certificate granting center, and receiving first authentication result that described certificate granting center is returned, described first authentication result is to return after described certificate granting center authenticates described another near-field communication equipment according to described first authentication request; Perhaps,
Send the key call request to described certificate granting center, and according to described master key and described first authentication request that described certificate granting center is returned described another near-field communication equipment is authenticated.
8. a certificate granting center is characterized in that, comprising:
Acquisition module, for the current dispersion factor that obtains near-field communication equipment, described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Processing module also is used for utilizing local master key and the described current dispersion factor of storage in advance, obtains a plurality of current key of described near-field communication equipment;
Sending module is used for sending described a plurality of current key to described near-field communication equipment, so that described near-field communication equipment carries out interactive authentication according to described a plurality of current key and other near-field communication equipments.
9. certificate granting according to claim 8 center is characterized in that described certificate granting center also comprises:
First receiver module, be used for receiving first authentication request that described near-field communication equipment sends, described first authentication request is that another near-field communication equipment sends to described near-field communication equipment, and described first authentication request comprises the device identification of described first key to be certified and described another near-field communication equipment;
Authentication module, whether be a plurality of current key of described another near-field communication equipment one of, described another near-field communication equipment is authenticated if being used for by detecting described first key to be certified, obtain first authentication result;
Described sending module also is used for returning described first authentication result to described near-field communication equipment.
10. according to Claim 8 or 9 described certificate granting centers, it is characterized in that described certificate granting center also comprises:
Second receiver module, be used for receiving the key call request that described near-field communication equipment sends, described key call request is that described near-field communication equipment sends after first authentication request that receives another near-field communication equipment transmission, and described first authentication request comprises the device identification of first key to be certified and described another near-field communication equipment;
Described sending module also is used for sending described master key to described near-field communication equipment, so that described near-field communication equipment authenticates described another near-field communication equipment according to described master key and described first authentication request.
11. a near-field communication equipment is characterized in that, comprising:
Receiver module, be used for a plurality of current key that the acceptance certificate authorization center sends, described a plurality of current key master key that to be described certificate granting center store in advance according to this locality and the current dispersion factor of described near-field communication equipment obtain, and described current dispersion factor comprises device identification and the current more new logo of described near-field communication equipment;
Sending module, be used for sending second authentication request to another near-field communication equipment, described second authentication request comprises the device identification of one of described a plurality of current key and described near-field communication equipment, so that another near-field communication equipment authenticates described near-field communication equipment.
12. near-field communication equipment according to claim 11, it is characterized in that, described receiver module, also be used for first authentication request of the device identification that comprises first key to be certified and described another near-field communication equipment of described another near-field communication equipment transmission of reception, described first authentication request is that described another near-field communication equipment sends after to described near-field communication equipment authentication success;
Described near-field communication equipment also comprises:
Authentication module is used for according to described first authentication request described another near-field communication equipment being authenticated;
Processing module is used for then connecting with described another near-field communication equipment as if the authentication success to described another near-field communication equipment.
13. near-field communication equipment according to claim 11 is characterized in that,
Described receiver module also be used for to receive first authentication request of the device identification that comprises first key to be certified and described another near-field communication equipment that another near-field communication equipment sends;
Described near-field communication equipment also comprises:
Authentication module is used for according to described first authentication request described another near-field communication equipment being authenticated;
Described sending module, concrete being used for then sends described second authentication request to described another near-field communication equipment as if the authentication success to described another near-field communication equipment.
14. according to claim 12 or 13 described near-field communication equipments, it is characterized in that described authentication module specifically comprises:
First transmitting element is used for sending described first authentication request to described certificate granting center;
First receiving element is used for receiving first authentication result that described certificate granting center is returned, and described first authentication result is to return after described certificate granting center authenticates described another near-field communication equipment according to described first authentication request;
Perhaps, described authentication module specifically comprises:
Second transmitting element is used for to described certificate granting center transmission key call request;
Second receiving element is used for receiving the described master key that described certificate granting center is returned;
Authentication ' unit, the described master key and described first authentication request that are used for returning according to described certificate granting center authenticate described another near-field communication equipment.
CN201310155677.8A 2013-04-28 2013-04-28 Near-field communication authentication method, certificate authority and near-field communication equipment Active CN103248487B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310155677.8A CN103248487B (en) 2013-04-28 2013-04-28 Near-field communication authentication method, certificate authority and near-field communication equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310155677.8A CN103248487B (en) 2013-04-28 2013-04-28 Near-field communication authentication method, certificate authority and near-field communication equipment

Publications (2)

Publication Number Publication Date
CN103248487A true CN103248487A (en) 2013-08-14
CN103248487B CN103248487B (en) 2015-11-25

Family

ID=48927723

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310155677.8A Active CN103248487B (en) 2013-04-28 2013-04-28 Near-field communication authentication method, certificate authority and near-field communication equipment

Country Status (1)

Country Link
CN (1) CN103248487B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106156592A (en) * 2015-04-28 2016-11-23 北京智谷睿拓技术服务有限公司 Exchange method and communication equipment
CN107026833A (en) * 2015-10-21 2017-08-08 福特全球技术公司 Method for authorizing the software upgrading in motor vehicles
CN110113153A (en) * 2019-04-23 2019-08-09 深圳数字电视国家工程实验室股份有限公司 NFC secret key updating method, terminal and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101739756A (en) * 2008-11-10 2010-06-16 中兴通讯股份有限公司 Method for generating secrete key of smart card
CN101911581A (en) * 2007-11-30 2010-12-08 三星电子株式会社 Method and system for secure communication in near field communication network
EP2490395A1 (en) * 2011-02-14 2012-08-22 Nxp B.V. Method and system for access control for near field communication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101911581A (en) * 2007-11-30 2010-12-08 三星电子株式会社 Method and system for secure communication in near field communication network
CN101739756A (en) * 2008-11-10 2010-06-16 中兴通讯股份有限公司 Method for generating secrete key of smart card
EP2490395A1 (en) * 2011-02-14 2012-08-22 Nxp B.V. Method and system for access control for near field communication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
苗雷: "基于智能卡的移动支付终端设计与实现", 《中国优秀硕士学位论文全文数据库(电子期刊)》, 15 November 2008 (2008-11-15), pages 136 - 407 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106156592A (en) * 2015-04-28 2016-11-23 北京智谷睿拓技术服务有限公司 Exchange method and communication equipment
CN106156592B (en) * 2015-04-28 2019-03-01 北京智谷睿拓技术服务有限公司 Exchange method and communication equipment
CN107026833A (en) * 2015-10-21 2017-08-08 福特全球技术公司 Method for authorizing the software upgrading in motor vehicles
CN110113153A (en) * 2019-04-23 2019-08-09 深圳数字电视国家工程实验室股份有限公司 NFC secret key updating method, terminal and system

Also Published As

Publication number Publication date
CN103248487B (en) 2015-11-25

Similar Documents

Publication Publication Date Title
CN110473318B (en) Unlocking method, equipment for realizing unlocking and computer readable medium
CN108462710B (en) Authentication and authorization method, device, authentication server and machine-readable storage medium
US20190165947A1 (en) Signatures for near field communications
CN101815291A (en) Method and system for logging on client automatically
CN104243461A (en) Mobile terminal network security authentication method, whole SD card and mobile terminal
CN103108327A (en) Method, device and system of verification of safety association between terminal equipment and user card
CN103457922A (en) Electronic authentication client-side system, processing method, electronic authentication system and method
CN101771680B (en) Method for writing data to smart card, system and remote writing-card terminal
CN103107888B (en) The identity identifying method that the dynamic multi-attribute of facing moving terminal is multi-level
CN104660401A (en) Authentication method, authentication system and terminal
CN104935435A (en) Login methods, terminal and application server
CN104363589A (en) Identity authentication method, device and terminal
CN103369529A (en) Identity authentication method, access point (AP) and access controller (AC)
CN111508111A (en) Method, equipment and storage medium for binding intelligent lock
CN108768941B (en) Method and device for remotely unlocking safety equipment
CN105516136A (en) Authority management method, device and system
CN109214166A (en) Smart machine authentication control method and system
CN103592927A (en) Method for binding product server and service function through license
CN103596175A (en) Mobile intelligent terminal certification system and method based on near field communication technology
CN103248487A (en) Near field communication authentication method, certificate authorization center and near field communication equipment
US20180234412A1 (en) Online authentication method based on smart card, smart card and authentication server
CN104270342B (en) The access method and system of virtual desktop
TWI615783B (en) Point-of-sale terminal mode switching method and device
KR20240026922A (en) Cryptographic authentication to control access to storage devices
CN103049693A (en) Method, device and system for using application program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant