CN106055966B - A kind of authentication method and system - Google Patents
A kind of authentication method and system Download PDFInfo
- Publication number
- CN106055966B CN106055966B CN201610322177.2A CN201610322177A CN106055966B CN 106055966 B CN106055966 B CN 106055966B CN 201610322177 A CN201610322177 A CN 201610322177A CN 106055966 B CN106055966 B CN 106055966B
- Authority
- CN
- China
- Prior art keywords
- information
- main control
- authenticating device
- control device
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of authentication method and systems, the authentication method includes: to initiate registration request to main control device, wherein, it include that information is inputted outside first in registration request, so that main control device is according to input information outside first, authenticating device is registered, and sends data characteristic information to authenticating device;Wherein, data characteristic information includes ID authentication key, ID and ID key;Data characteristic information sends certification request to main control device based on the received, so that main control device sends the first information;The first encryption is carried out using input information outside the ID key pair first information and second, generate the second information, and the second encryption is carried out to the second information using ID authentication key, encryption data is generated, so that main control device authenticates authenticating device according to the second information and encryption data;Receive the result for the authenticating device legitimacy that main control device is sent.The present invention improves intelligent terminal as authenticating device safety.
Description
Technical field
The present invention relates to security application fields, in particular to a kind of authentication method and system.
Background technique
Intelligent terminal refers to that with multimedia equipment, these equipment support the function of audio, video, data etc.
Energy.
Now relatively common intelligent terminal has smart phone, plate, pc etc.;What it is due to intelligent terminal is
System be it is open, when using the hardware of intelligent terminal as safety certification, it is necessary to have the safe handling of reinforcement,
The needs of high strength safe application could be realized on the basis of trust limited for intelligent terminal.
Generally, when using closed independent hardware as safety certificate equipment, for example, IC card, bracelet,
Safety each working service link be it is safe, do not have leaky.
The present invention is exactly the complete safety issue for solving intelligent terminal as authenticating device.
Summary of the invention
It is existing to solve the purpose of the present invention is in view of the shortcomings of the prior art, providing a kind of authentication method and system
Complete safety issue of the intelligent terminal of technology as authenticating device.
To achieve the above object, in a first aspect, the present invention provides a kind of authentication method, which includes:
Registration request is initiated to main control device, wherein includes that information is inputted outside first in registration request, so as to main control device
According to information is inputted outside first, authenticating device is registered, and sends data characteristic information to authenticating device;Wherein, data
Characteristic information includes ID authentication key, ID and ID key;
Data characteristic information sends certification request to main control device based on the received, so that main control device sends the first letter
Breath;
The first encryption is carried out using input information outside the ID key pair first information and second, generates the second information, and make
The second encryption is carried out to the second information with ID authentication key, generates encryption data, so that main control device according to the second information and adds
Ciphertext data authenticates authenticating device;
Receive the authenticating device authentication result that main control device is sent.
Preferably, the step of being carried out the second encryption to the second information using ID authentication key, generate encryption data is specifically wrapped
It includes: digital signature is obtained by ID and the second information;The second encryption is carried out to digital signature using ID authentication key, generates encryption number
According to.
Preferably, method further include:
Authenticating device sends the second status information to main control device.
Second aspect, the present invention provides a kind of authentication method, which includes:
Receive the registration request that authenticating device is sent, wherein registration request includes that information is inputted outside first, and storage is external defeated
Enter information;
Authenticating device is registered, and sends data characteristic information to authenticating device;Wherein, characteristic information include ID,
ID key and ID authentication key, so that authenticating device sends certification request according to data characteristic information;
Certification request is received, the first information is sent, so that authenticating device obtains the second information and encryption according to the first information
Data;
Receive the second information and encryption data that authenticating device is sent, and according to the second information and the second encryption data to recognizing
Card equipment is authenticated.
Preferably, the step of being authenticated according to the second information and encryption data to authenticating device include:
The first decryption processing is carried out according to ID authentication key to encryption data, and judges to encrypt according to the first decrypted result
The legitimacy of data;When judging result be it is legal, then judge the legitimacy of the second information;
Second of decryption processing is carried out using ID key to the second information, and is judged according to the result of the second ciphertext data
The legitimacy of second information;
Authenticating device is authenticated according to the legitimacy of the second information.
Preferably, method further include: the first state information that main control device is sent to authenticating device, so as to authenticating device root
The second status information is sent according to first state information;Wherein, main control device stores first state information.
The third aspect, the present invention provides a kind of Verification System, which includes: authenticating device and main control device.
The purpose of the present invention is the safeties when using intelligent terminal as authenticating device with high intensity.
Detailed description of the invention
Fig. 1 is application scenario diagram of the invention;
Fig. 2 is a kind of structure flow chart of authentication method provided in an embodiment of the present invention;
Fig. 3 is the structure flow chart of another authentication method provided in an embodiment of the present invention;
Fig. 4 is the structural schematic diagram of Verification System provided in an embodiment of the present invention.
Specific embodiment
The main control device by being stored with ID, ID key, ID authentication key and the authentication informations such as known of the invention is come complete
At the safety certification of intelligent terminal, safety issue of the intelligent terminal as authenticating device is improved.
Below by drawings and examples, technical scheme of the present invention will be described in further detail.
Fig. 1 is application scenario diagram provided in an embodiment of the present invention.As shown in Figure 1, main control device is electronic lock or lock;
Authenticating device is the third party application (Application, APP) on smart phone or plate.
If presetting known information on smart phone, by fingerprint, shape of face, password, figure password (two dimensional code) and
Sound, control first input the use that information is inputted outside information and second outside.During direct use, directly using above-mentioned
Mode (fingerprint, shape of face, password, image password and sound), allows to increase the convenience and safety used using known information
Property.
For the same intelligent terminal, support that the number of main control device can also be with infinite expanding.An i.e. same intelligence
Terminal can be supported not limiting number electronic lock or automotive lock, only in the information of support, increase electronic lock or vapour
The encoded information of lock itself, to be distinguished.
Fig. 2 is a kind of structure flow chart of authentication method provided in an embodiment of the present invention.As shown in Fig. 2, the authentication method
The step of include:
Step S200: registration request is initiated to main control device, wherein it include that information is inputted outside first in registration request, with
Just main control device registers authenticating device according to information is inputted outside first, and sends data characteristic information to authenticating device;
Wherein, data characteristic information includes ID authentication key, ID and ID key;
Specifically, authenticating device is registered to main control device, is to be proved to be main control device license to main control device
Identity, while input information outside first is sent to main control device, is examined convenient for the legitimacy to authenticating device holder
It surveys.
Specifically, it is connected in several ways between main control device and authenticating device: network, NFC communication, sound wave, picture
(two dimensional code), keyboard input, etc..
Step S210: data characteristic information sends certification request to main control device based on the received, so as to main control device hair
Send the first information;
Step S220: the first encryption is carried out using input information outside the ID key pair first information and second, generates the second letter
Breath, and the second encryption is carried out to the second information using ID authentication key, encryption data is generated, so that main control device is according to second
Information and encryption data authenticate authenticating device;
After having handled step S220, need ID, the second information, encryption data uploading to main control device.
Specifically, the step of being carried out the second encryption to the second information using ID authentication key, generate encryption data is specifically wrapped
It includes: digital signature is obtained by ID and the second information;The second encryption is carried out to digital signature using ID authentication key, generates encryption number
According to.
Step S230: the authenticating device authentication result that main control device is sent is received.
Optionally, after having authenticated, main control device needs first state information (configuration information and the state for storing oneself
Information) it is sent to authenticating device.Authenticating device is according to current configuration information/status information and the second status information stored
(configuration information/status information) compares, and carries out the processing such as further reminder alarm lamp.
Specifically, variation (main control device increase has occurred in the use state of main control device notice authenticating device main control device
Authenticating device, the authenticating device do not have to repeatedly).
The method flow of this side of main control device will be described in following Fig. 3.
The embodiment of the present invention is registered by authenticating device to main control device, and the process authenticated after registration, is strengthened
Safety monitoring to authenticating device.
Fig. 3 is the structure flow chart of another authentication method provided in an embodiment of the present invention.As shown in figure 3, the authenticating party
The step of method includes:
Step S300: the registration request that authenticating device is sent is received, wherein registration request includes that information is inputted outside first,
Store external input information;
Step S310: registering authenticating device, and sends data characteristic information to authenticating device;Wherein, feature is believed
Breath includes ID, ID key and ID authentication key, so that authenticating device sends certification request according to data characteristic information;
Step S320: receiving certification request, the first information is sent, so that authenticating device obtains the second letter according to the first information
Breath and encryption data;
Step S330: second information and the encryption data that the authenticating device is sent are received, and according to described
Second information and second encryption data authenticate the authenticating device.
The step of step S330, specifically includes: being carried out at the first decryption to the encryption data according to the ID authentication key
It manages, and judges the legitimacy of the encryption data according to the first decrypted result;When the judging result be it is legal, then judge institute
State the legitimacy of the second information;Second of decryption processing is carried out using the ID key to second information, and according to the
The result of two ciphertext datas judges the legitimacy of second information;The certification is set according to the legitimacy of second information
It is standby to be authenticated.
Optionally, after having authenticated, main control device receives the second status information (configuration information and the state letter of authenticating device
Breath), and the first state information of itself storage and the second status information are made comparisons, it carries out further to the use of main control device
Situation further processes.
The method flow of this side of main control device will be described in the following examples.
Safety of the embodiment of the present invention by main control device to authenticating device in the process registered and authenticated detects, and protects
The safety issue of authenticating device is demonstrate,proved.
In Fig. 1 in decrypting process to the validity judgement of authenticating device holder's identity: use ID authentication key pair
Encryption data carries out the first decryption oprerations;Obtain digital signature;The integrality of digital signature checked, when digital signature is not repaired
Change, can just carry out verifying the legitimacy for the holder for holding authenticating device;Use the first encryption data of ID key pair
Carry out the second decryption oprerations;By input information compares outside input information and second outside first;Outside first input information and
Input information is identical outside second, and the identity legitimacy of the holder of authenticating device is proved to be successful, and available main control device is awarded
Power carries out corresponding operation;Authenticating device is illegal and/or to hold the identity of the user of authenticating device illegal, terminates to certification
The verifying of equipment validity.
Fig. 4 is the structural schematic diagram of Verification System provided in an embodiment of the present invention.As shown in figure 4, the Verification System includes:
Authenticating device and main control device;Wherein;
Connection type includes: network, NFC communication, sound wave, picture (two dimensional code), key between main control device and authenticating device
Disk input;Authenticating device sends registration request to main control device, includes that information is inputted outside first in the registration request;Main control device
After inputting information outside storage first, the data characteristic information that main control device saves is sent, data characteristic information includes ID, ID close
Key and ID authentication key.
Authenticating device initiates certification request to main control device when certification, and main control device sends the first information to authenticating device;
Authenticating device generates the second information, authenticating device pair using the encryption of ID key to input information outside the received first information and second
ID, the second information carries out data integrity and digital signature is calculated, and is encrypted using ID authentication key;Authenticating device will
ID, the second information, the signing messages after encrypting pass to main control device.
Main control device judges the legitimacy of authenticating device according to digital signature, defeated outside according to input information outside first and second
Enter the legitimacy that information judges authenticating device holder's identity;Only certification is just completed at this time, if digital signature is modified, is recognized
Card failure;If input information is not identical outside input information and second outside first, authentification failure;And pass through in digital signature identification
Under the premise of, it can just carry out the verifying of authenticating device holder's legitimacy.
After having authenticated, main control device by the first state information being stored in main control device, (believe by configuration information/state
Breath) issue authenticating device;In certification next time, the second status information (configuration information/status information) of authenticating device storage
It is compared with first state information is obtained, the service condition of main control device is further processed.Later, main control device equipment
Update storage new first state information (configuration information/status information.
Simultaneously after the completion of certification, authenticating device can also send the second status information of storage (configuration information/state letter
Breath) main control device is given, main control device is further processed according to the second status information and first state information.
It should be noted that input information can be password outside input information and second outside first, only whether authenticates and set
The password of standby access control, but the password of main control device storage, are a part that main control device needs to authenticate.If password needs
It modifies, then must modify the password stored on main control device;Moreover, password is to hold the user of authenticating device to input,
So other people take authenticating device, due to not knowing password, are not also available authenticating device.
That is, if attacker obtains the right to use of authenticating device, but do not know password, it also can not be by recognizing
Card.If attacker is aware of password, do not hold the authenticating device comprising the information such as ID, ID key and ID authentication key,
Certification can not equally be passed through.Such dual factors combine, and improve the safety of use.Convenience and safety be it is contradictory,
But must take into account.
Optionally, Verification System is supported to deposit the locally stored information of authenticating device by the client of strong safety certification
Beyond the clouds, when user updates authenticating device, the locally stored information of authenticating device legal can download to new authenticating device for storage
On.The password grasped dependent on user, so that it may on new authenticating device, conveniently by having authenticated for main control device.
The problem of this addresses the problem migrations on authenticating device.
Optionally, authenticating device and at least one main control device;Wherein;One authenticating device is carried out to multiple main control devices
Registration and certification, for the same authenticating device, support that the number of main control device can be with infinite expanding, only in the information of support
The middle encoded information for increasing multiple main control devices, to be distinguished.
Optionally, a main control device can support a unlimited authenticating device to be stored in main control device only after certification
First state information changed, that is to say, that next time authenticate when need main control device obtain the second state
Issue authenticating device after information, authenticating device, which is further warned and reminded, etc. is handled.
Optionally, after authenticate next time, main control device obtains the second status information, in comparison first state information and the
After two-state information, the service condition of main control device is further processed.Later, main control device equipment updates storage newly
First state information.
Specifically, the variation major embodiment of the use state of main control device are as follows: authenticating device quantity changes, and has certification to set
It is standby repeatedly without, etc..When authenticating device is independent hardware, such as Intelligent bracelet, this point, which is still, extremely to be had
The function of benefit.
Characteristic information of the present invention focuses on the safe handling for illustrating its two level used, however it is not limited to
Having more data informations includes wherein.
The present invention solves intelligent terminal and is used as and recognize by registering and authenticating intelligent terminal to main control device
Demonstrate,prove the safety issue of equipment.
Above specific embodiment has carried out further in detail the purpose of the present invention, technical scheme and beneficial effects
Illustrate, it should be understood that the above is only a specific embodiment of the invention, the protection model that is not intended to limit the present invention
It encloses, all within the spirits and principles of the present invention, any modification, equivalent substitution, improvement and etc. done should be included in the present invention
Protection scope within.
Claims (7)
1. a kind of method of certification characterized by comprising
Registration request is initiated to main control device, wherein includes that information is inputted outside first in the registration request, so as to the master control
Equipment registers authenticating device according to information is inputted outside described first, and sends data characteristics letter to the authenticating device
Breath;Wherein, the data characteristic information includes ID authentication key, ID and ID key;
The data characteristic information sends certification request to the main control device based on the received, so as to main control device transmission
The first information;
The first encryption is carried out using input information outside the first information described in the ID key pair and second, generates the second information, with
And using ID authentication key to second information carry out second encryption, generate encryption data, so as to the main control device according to
Second information and the encryption data authenticate the authenticating device;
Receive the authenticating device authentication result that the main control device is sent.
2. the method according to claim 1, wherein described carry out second information using ID authentication key
The step of second encryption, generation encryption data, specifically includes: obtaining digital signature by the ID and second information;Use ID
Authentication key carries out the second encryption to the digital signature, generates the encryption data.
3. method according to claim 1, which is characterized in that the method also includes:
The authenticating device sends the second status information to the main control device.
4. a kind of authentication method characterized by comprising
Receive the registration request that authenticating device is sent, wherein the registration request includes that information is inputted outside first, stores described the
Information is inputted outside one;
The authenticating device is registered, and sends data characteristic information to the authenticating device;Wherein, the characteristic information
Including ID, ID key and ID authentication key, so that the authenticating device sends certification request according to the data characteristic information;
Receive the certification request, send the first information, so as to the authenticating device obtain according to the first information the second information and
Encryption data;
Receive second information and the encryption data that the authenticating device is sent, and according to second information and described
Encryption data authenticates the authenticating device.
5. according to the method described in claim 4, it is characterized in that, described according to second information and the encryption data pair
The step of authenticating device is authenticated include:
The first decryption processing is carried out according to the ID authentication key to the encryption data, and is judged according to the first decrypted result
The legitimacy of the encryption data;When the judging result be it is legal, then judge the legitimacy of second information;
Second of decryption processing, and the result according to the second ciphertext data are carried out using the ID key to second information
Judge the legitimacy of second information;
The authenticating device is authenticated according to the legitimacy of second information.
6. according to the method described in claim 4, it is characterized in that, the method also includes:
The first state information that main control device is sent to the authenticating device, so that the authenticating device is according to the first state
Information sends the second status information;Wherein, the main control device stores the first state information.
7. a kind of Verification System, which is characterized in that including working in the method as described in any one of claim 1-6 claim
Authenticating device and main control device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610322177.2A CN106055966B (en) | 2016-05-16 | 2016-05-16 | A kind of authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610322177.2A CN106055966B (en) | 2016-05-16 | 2016-05-16 | A kind of authentication method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106055966A CN106055966A (en) | 2016-10-26 |
| CN106055966B true CN106055966B (en) | 2019-04-26 |
Family
ID=57177571
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610322177.2A Expired - Fee Related CN106055966B (en) | 2016-05-16 | 2016-05-16 | A kind of authentication method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106055966B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106878298B (en) * | 2017-02-08 | 2019-11-29 | 飞天诚信科技股份有限公司 | A kind of integrated approach, system and the device of authenticating device and website |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101282222A (en) * | 2008-05-28 | 2008-10-08 | 胡祥义 | Digital signature method based on CSK |
| CN101557289A (en) * | 2009-05-13 | 2009-10-14 | 大连理工大学 | Storage safe key management method based on ID authentication |
| CN101742499A (en) * | 2009-12-31 | 2010-06-16 | 优视科技有限公司 | Account number protection system for mobile communication equipment terminal and application method thereof |
| CN102088353A (en) * | 2011-03-11 | 2011-06-08 | 道里云信息技术(北京)有限公司 | Two-factor authentication method and system based on mobile terminal |
| CN103530548A (en) * | 2013-10-22 | 2014-01-22 | 山东神思电子技术股份有限公司 | Embedded terminal dependable starting method based on mobile dependable computing module |
| CN104796265A (en) * | 2015-05-06 | 2015-07-22 | 厦门大学 | Internet-of-things identity authentication method based on Bluetooth communication access |
| CN104915689A (en) * | 2015-04-15 | 2015-09-16 | 四川量迅科技有限公司 | Intelligent card information processing method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102013200017A1 (en) * | 2013-01-02 | 2014-07-03 | Siemens Aktiengesellschaft | RFID tag and method for operating an RFID tag |
-
2016
- 2016-05-16 CN CN201610322177.2A patent/CN106055966B/en not_active Expired - Fee Related
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101282222A (en) * | 2008-05-28 | 2008-10-08 | 胡祥义 | Digital signature method based on CSK |
| CN101557289A (en) * | 2009-05-13 | 2009-10-14 | 大连理工大学 | Storage safe key management method based on ID authentication |
| CN101742499A (en) * | 2009-12-31 | 2010-06-16 | 优视科技有限公司 | Account number protection system for mobile communication equipment terminal and application method thereof |
| CN102088353A (en) * | 2011-03-11 | 2011-06-08 | 道里云信息技术(北京)有限公司 | Two-factor authentication method and system based on mobile terminal |
| CN103530548A (en) * | 2013-10-22 | 2014-01-22 | 山东神思电子技术股份有限公司 | Embedded terminal dependable starting method based on mobile dependable computing module |
| CN104915689A (en) * | 2015-04-15 | 2015-09-16 | 四川量迅科技有限公司 | Intelligent card information processing method |
| CN104796265A (en) * | 2015-05-06 | 2015-07-22 | 厦门大学 | Internet-of-things identity authentication method based on Bluetooth communication access |
Non-Patent Citations (1)
| Title |
|---|
| 《基于数字签名的动态口令认证***设计》;候红霞;《保密科学与技术》;20120210;41-45 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106055966A (en) | 2016-10-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109150548B (en) | Digital certificate signing and signature checking method and system and digital certificate system | |
| CN107978047B (en) | Use the methods, devices and systems of password unlocking | |
| WO2018127081A1 (en) | Method and system for obtaining encryption key | |
| US8615663B2 (en) | System and method for secure remote biometric authentication | |
| CN111787530B (en) | Block chain digital identity management method based on SIM card | |
| CN110177354A (en) | A kind of wireless control method and system of vehicle | |
| CN104579649B (en) | Personal identification method and system | |
| CN105847247A (en) | Authentication system and working method thereof | |
| US10050791B2 (en) | Method for verifying the identity of a user of a communicating terminal and associated system | |
| TW201741922A (en) | Biological feature based safety certification method and device | |
| WO2019109097A1 (en) | Identity verification document request handling utilizing a user certificate system and user identity document repository | |
| CN109895734B (en) | Authorized Bluetooth key activation method and system, storage medium and T-BOX | |
| CN108809659A (en) | Generation, verification method and system, the dynamic password system of dynamic password | |
| CN109150535A (en) | A kind of identity identifying method, equipment, computer readable storage medium and device | |
| US10044684B2 (en) | Server for authenticating smart chip and method thereof | |
| JP2003535559A (en) | Email biometric encryption method | |
| CN107733636B (en) | Authentication method and authentication system | |
| CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
| CN107864124B (en) | Terminal information security protection method, terminal and Bluetooth lock | |
| CN112055019B (en) | Method for establishing communication channel and user terminal | |
| CN109474419A (en) | A kind of living body portrait photo encryption and decryption method and encrypting and deciphering system | |
| CN112396735B (en) | Internet automobile digital key safety authentication method and device | |
| CN104660412A (en) | Password-less security authentication method and system for mobile equipment | |
| CN102868531A (en) | Networked transaction certification system and method | |
| CN106789024A (en) | A kind of remote de-locking method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190426 Termination date: 20200516 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |