CN103731266B - Method and system for authenticating electronic certificate - Google Patents
Method and system for authenticating electronic certificate Download PDFInfo
- Publication number
- CN103731266B CN103731266B CN201210385748.9A CN201210385748A CN103731266B CN 103731266 B CN103731266 B CN 103731266B CN 201210385748 A CN201210385748 A CN 201210385748A CN 103731266 B CN103731266 B CN 103731266B
- Authority
- CN
- China
- Prior art keywords
- certification
- terminal
- authentication
- authentication data
- user terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention relates to a method for authenticating an electronic certificate in a communication network. The method further includes the steps that an authentication terminal generates first authentication data related to the electronic certificate of a user terminal; digital-to-analog conversion is carried out on the first authentication data to generate first audio signals; the first audio signals are transmitted to the user terminal through an audio communication channel; the user terminal converts the first audio signals into the first authentication data through digital-to-analog conversion, and second authentication data are generated on the basis of the first authentication data, an identifier of the user terminal and the electronic certificate; the second authentication data are transmitted to an authentication server; the authentication server carries out authentication on the electronic certificate according to the first authentication data in the second authentication data and the identifier of the user terminal to generate an original authentication reply message, the original authentication reply message is encrypted according to an encryption algorithm and the encrypted authentication reply message is sent to the user terminal.
Description
Technical field
Usually, the present invention relates to the communications field, and relate more specifically to enter using audio signal in a communication network
The method and system of row terminal device electronic certificate authentication.
Background technology
Present communication era brings wired and wireless network tremendous expansion.Inter-machine communication is due to its growth potential
Have been changed to the field that technological innovation is all paid close attention to.Due to inter-machine communication for connect many different purposes equipment it is latent
Power, inter-machine communication also makes many users and developer feel excited, and different purposes are, for example, electronic certificate, intelligent authentication, net
Network certification, smart home, intelligent electric meter, fleet management, tele-medicine, access network operation management and many other use.
Inter-machine communication typically relates to the connection of equipment or equipment group and remote server or computer system, the company
Connecing can realize the remote reporting of remote authentication or information.In some cases, inter-machine communication is related to one or more terminals
The use of equipment or other nodes or equipment, network or calculating can be passed to collect via some form of gateway device
The information of equipment.At present, near field voice communication the technical field of inter-machine communication has been applied to into.Sound wave is originally a kind of mould
Intend signal, it is difficult to be communicated with smart mobile phone or other electronic equipments.But through certain coding and debugging, using specific
Loudspeaker can be converted into sound wave analog signal data signal.These analog signals are sent out by way of sound wave,
The microphone of digital device receives sound wave and the information that analog signal is carried can be converted into data signal again.It is achieved thereby that
Communication between different digital equipment.Sound wave has the feature of Decay Rate, just cannot receive more than certain distance miscellaneous equipment, only
Have in relatively short distance effectively, this ensure that to a great extent the security of short-range communication.
Due to the wide overlay area that cellular communication system is provided at present, inter-machine communication application can utilize cellular communication system
System is communicated with remote authentication system.Typical endpoint device in inter-machine communication system is with relatively low through-put power
The equipment of the relatively small battery operation of ability.Therefore, by be connectable to cellular communication system move about end
Hold into line interface, endpoint device can be using low power run and by mobile terminal as mobile internet access gateway, such as
Accessed by cellular network etc., remote computation or storage device can be provided information to.Although in these cases, it is evident that be
The connection between gateway and access point is provided by cellular network resource, but as the connection between the mobile terminal and end points of gateway
It is typical some short squares from communication.Therefore, for the past, some inter-machine communications are typically, and need mobile terminal and end points to set
Short square is carried out from communication, two equipment access mobile Internet, therefore end points by cellular based communication respectively between standby two equipment
Equipment is typically not the equipment of smaller batteries operation, but more powerful machine.
Therefore, exist using near field audio communication technologies to realize single gateway accessing in prior art, realize original work(
The demand of energy.
The content of the invention
According to an aspect of the present invention, there is provided a kind of side for being authenticated to electronic certificate in a communication network
Method, wherein the communication network includes user terminal, certificate server and certification terminal, methods described is further included:Certification
Terminal generates first authentication data related to the electronic certificate of user terminal;Carry out digital-to-analogue to first authentication data to turn
Change, to generate the first audio signal;First audio signal is sent to into user terminal via voice communication channel;The use
First audio signal is converted to the first authentication data by family terminal through analog-to-digital conversion, and based on the first certification number
The second authentication data is generated according to, the identifier of user terminal and electronic certificate;Second authentication data is sent to into certification clothes
Business device;And first authentication data and user terminal identification of the certificate server in second authentication data is accorded with come to electricity
Sub- voucher is authenticated, and generates and indicate that the original authentication of certification success or authentification failure is replied message, according to AES
Original authentication is replied message to be encrypted and reply message the certification after encryption and is sent to user terminal.
According to a further aspect in the invention, there is provided a kind of to be for what is be authenticated to electronic certificate in a communication network
System, the system includes:Certification terminal, generates first authentication data related to the electronic certificate of user terminal, to described
First authentication data carries out digital-to-analogue conversion, to generate the first audio signal, believes first audio frequency via voice communication channel
Number it is sent to user terminal;User terminal, the first authentication data, base are converted to through analog-to-digital conversion by first audio signal
The second authentication data is generated in first authentication data, the identifier of user terminal and electronic certificate, by second certification
Data is activation is to certificate server;And certificate server, the first authentication data and use in second authentication data
Family terminal identifier is generated and indicates that the original authentication of certification success or authentification failure is replied being authenticated to electronic certificate
Message, replies message to be encrypted and reply message the certification after encryption to original authentication according to AES and is sent to user
Terminal.
Preferably, wherein first authentication data includes:The identifier of the certification terminal and related to certification dynamic
State information.Preferably, wherein the multidate information related to certification includes at least one of herein below:The license of certification terminal
The class information of information, the status information of certification terminal and certification terminal.Preferably, wherein to first authentication data
Before carrying out digital-to-analogue conversion, also include being encrypted first authentication data using 3DES algorithms;And in the user
Terminal is converted to first audio signal after the first authentication data through analog-to-digital conversion, according to 3DES algorithms to described
One authentication data is decrypted.Preferably, encrypted certification is replied message digital-to-analogue conversion for the second sound by the user terminal
Frequency signal, by second audio signal certification terminal, second sound that the certification end-on is received are sent to
Frequency signal carries out analog-to-digital conversion, is replied message with being converted to encrypted certification, the encrypted certification is replied message into
Row decryption is replied message with generating original authentication, and is replied message the original authentication using output equipment and be supplied to use
Family.Preferably, wherein the output equipment is display, loudspeaker, indicator or printer, and using output equipment by institute
State original authentication and reply message and be supplied to user to be specially:Using display show content that the original authentication replies message,
Content that the original authentication replies message is exported by sound using loudspeaker, is referred to by indicator lamp mode using indicator
Show the original authentication reply message corresponding authentication state or using original authentication is replied message described in printer output in
Hold.Preferably, further include, the certification terminal keeps and the certificate server identical time, and certification terminal according to
AES is encrypted to generate time encryption factor to the time, and the time encryption factor is increased to into described first
In authentication data.Preferably, wherein the certification terminal and the certificate server by the radio communication periodic synchronization time with
Retention time is consistent;And/or the certification terminal and the certificate server determine whether the time protects by time encryption factor
Hold consistent.
Description of the drawings
The present invention is generally described, referring now to accompanying drawing, it draws not necessarily in regulation ratio, wherein:
Fig. 1 shows the schematic diagram of the communication system of example embodiment of the invention;
Fig. 2 shows the schematic diagram of the certification terminal of example embodiment of the invention;
Fig. 3 shows the schematic diagram of the certification terminal according to another example embodiment of the invention;
Fig. 4 shows the schematic diagram of the certification terminal according to another example embodiment of the invention;
Fig. 5 shows the flow chart of the authentication method according to example embodiment of the present invention;
Fig. 6 shows the flow chart of the method for the generation electronic certificate according to example embodiment of the present invention;And
Fig. 7 shows the flow chart of the authentication method according to another example embodiment of the invention.
Specific embodiment
Hereinafter, embodiment of the present invention is described more fully with reference to the accompanying drawings, in the accompanying drawings, some enforcements of the present invention is shown
Mode, and and not all embodiments.Certainly, various embodiments of the present invention can be realized by many multi-forms, and not
It is interpreted as being limited to embodiments set forth herein;And these embodiments are to provide so that the disclosure will meet
Legitimate claim applicatory.Wherein similar label represents similar element.Wherein, term " data ", " content ", " information " and
Similar terms are used interchangeably, to represent the data that can be sent according to embodiment of the present invention, receive and/or store.Therefore,
The use of arbitrarily so term should not be taken as limiting the spirit and scope of embodiment of the present invention.
Additionally, as it is used herein, term " circuit " is referred to(a)Only hardware circuit scheme(For example with analog circuit and/
Or the scheme of digital circuit);(b)It is included in the software and/or firmware stored on one or more computer-readable memories to refer to
The circuit of order and the combination of computer program, it operates such that and is carrying out one or more described here together
Function;And(c)Need the software or firmware for operation(Even if software or firmware non-physical are present)Circuit, such as micro- place
A part for reason device or microprocessor.This definition of " circuit " is applied to here, including any claim, to this term
All use.Used as other examples, here, term " circuit " is also included containing one or more processors and/or its part
And with software and/or the scheme of firmware.Used as another example, term " circuit " used herein also includes, for example for
The based band integrated circuit or application processor integrated circuit of mobile phone, or server, cellular network device, other networks set
Similar integrated circuit in standby, and/or other computing devices.
As defined herein, physical storage medium is referred to(For example, volatibility or non-volatile memory devices)" calculate
Machine readable storage medium storing program for executing ", may be different from " the computer-readable transmission medium " that refer to electromagnetic signal.
As indicated on, Machine To Machine is usually required that(M2M, Machine-to-Machine)Serve as in communication system
The mobile terminal of gateway device uses two different radio, especially when with including relative low-power(For example, low transmission work(
Rate)Sensor or the M2M communication systems of sensor network when being used together.Some embodiments of the present invention can provide one
The mechanism of kind, can be that sensor or sensor network distribute specific wireless network resource by access point by the mechanism, make
Two radio must not needed.In some cases, in the wireless network using cellular network resource, cellular network access point
Can be in one or more endpoint machines(For example, sensor)The allocation of communications carried out between access point and gateway device is concrete
Cellular network resource.For example, access point can be from access point to machine and gateway device(Or repeater)With machine it
Between downlink direction allocation of communications cellular downlink channel resource.Then, can be route slave by gateway device
Device is supplied to the communication of access point, and gateway device can relay these communications via cellular network uplink resource.
Fig. 1 shows the schematic diagram of the communication system of example embodiment of the invention.As shown in figure 1, described logical
Letter system includes:Certificate server, certification terminal and user terminal.Preferably, the certificate server is according to from user terminal
The authentication data of reception is authenticated to user terminal.Preferably, the certification can be the electronic certificate to user terminal
It is authenticated(For example, access of the user to website, the authentication to user), the certification can be to user terminal
The certification of the application of upper operation(For example, whether user terminal has the access rights applied to certain).Preferably, the certification
Terminal realizes the certification to user terminal by sending the data related to certification to user terminal.For example, the certification end
End can be E-seal or point-of-sale terminal(POS).Preferably, the user terminal can run and store each
Plant any type device of application, such as personal digital assistant(PDA), smart mobile phone, tablet PC, radio telephone, movement
Computing device, camera, video recorder, audio/video player, location equipment(For example, global positioning system(GPS)If
It is standby), game station, wireless device or various other similar equipment or its combination.
Preferred embodiment of the invention, is divided by function and/or hardware configuration, and the certification terminal can be wrapped
Include:Clock unit, wireless communication unit, time ciphering unit, audio output unit, audio input unit, output equipment, encryption
Decryption unit, memory cell, converting unit and modem module.When the clock unit is used to produce the inside of certification terminal
Clock, timing is carried out by the internal clocking to the current time of certification terminal.Preferably, the wireless communication unit includes
For launching and receiving the transmitter and receiver of signal, or transceiver.The wireless communication unit was used for certification end
The current time at end is sent to certificate server, and receives the current time of certificate server from certificate server, so as to reality
The existing time synchronized between certification terminal and certificate server.Preferably, the time ciphering unit is used for according to AES
The current time of certification terminal is encrypted to generate time encryption factor, and the time encryption factor is increased to into institute
In stating the first authentication data.So as to receive the first authentication data in certificate server(It is included in the second authentication data)
When, time encryption factor can be decrypted with the current time of access authentication terminal, it is ageing so as to authentication verification.It is excellent
Selection of land, first authentication data can include:The identifier of the certification terminal multidate information related to certification, and/or time
Encryption factor.Wherein the identifier of certification terminal can be certification terminal device id or device hardware mark, the certification end
The identifier at end is globally unique.Preferably, the multidate information related to certification includes at least in herein below
It is individual:The class information of the License Info, the status information of certification terminal and certification terminal of certification terminal.Preferably, certification end
The License Info at end can include provider(Represented by certification terminal)Electronic certificate License Info(For example, permit
Scope, allowable level etc.).Preferably, the status information of the certification terminal can include that provider provides related service or awards
The state of power(For example, failed, do not failed yet), and identity, the ID of authenticating party of authenticating party etc., such as in ecommerce
In for provider ID.Preferably, the class information of the certification terminal includes providing the rank or authority levels of related service
Deng.Preferably, using memory cell come the identifier of authentication storage terminal and the multidate information related to certification.The storage is single
Unit can be volatibility or nonvolatile memory, for example, random access memory or read-only storage.
Preferably, encrypting and decrypting unit utilizes 3DES algorithms, i.e., triple DEAs(TDEA, Triple Data
Encryption Algorithm)Block encryption, to be encrypted to above-mentioned first authentication data.Triple DES, also known as 3DES,
It is a kind of pattern of des encryption algorithm, it carries out Tertiary infilling using the key of 3 56 to 3DES data.Data encryption mark
It is accurate(DES)It is a kind of long-standing encryption standard in the U.S., it uses the symmetric key cryptography, and ANSI organizational norms to be
ANSIX.3.92.DES is using 56 keys and the method for cryptographic block, and in the method for cryptographic block, text is divided into 64 greatly
Then little text block is encrypted again.Compared with initial DES, 3DES is safer.Preferably, after converting unit is to encryption
First authentication data carries out digital-to-analogue conversion, so as to generate the first audio signal.Preferably, the converting unit is believed the second audio frequency
Number analog-to-digital conversion is carried out, so as to generate the data signal of correlation(Such as encrypted certification return information).Preferably, the sound
Frequency output unit is used to the first audio signal is exported to user terminal, and the audio input unit is used for from user terminal
Receive the second audio signal.Preferably, the audio input unit can be microphone, and the audio output unit can be
Loudspeaker.
Preferred embodiment of the invention, also including output equipment, the original authentication is replied message and is supplied to
User.Preferably, the output equipment is display, loudspeaker, indicator or printer, and will be described using output equipment
Original authentication is replied message and is supplied to user to be specially:Content, profit that the original authentication is replied message are shown using display
Content that the original authentication replies message is exported by sound with loudspeaker, is indicated by indicator lamp mode using indicator
The content that the original authentication is replied message corresponding authentication state or replied message using original authentication described in printer output.
Preferably, the display can show the information of certification success or failure, for example, show user terminal identification symbol, electronics with
Card and authentication result(Success or failure).Preferably, the loudspeaker can point out the letter of certification success or failure using sound
Breath, for example, using sound user terminal identification symbol, electronic certificate and authentication result is played(Success or failure).Preferably, it is described
Indicator may indicate that the information of certification success or failure, and such as indicator represents authentification failure with redness, with green mark certification
Success, and represented without response with yellow.Preferably, the printer can say that the information for indicating certification success or failure is beaten
Print output, for example, printing user's terminal identifier, electronic certificate and authentication result(Success or failure).Preferably, also including tune
Demodulating unit processed, for being modulated to signal and demodulating.
Preferred embodiment of the invention, is divided by function and/or hardware configuration, and the user terminal can be wrapped
Include:Wireless communication unit, audio output unit, audio input unit, encrypting and decrypting unit, memory cell, converting unit and tune
Demodulating unit processed.Preferably, the wireless communication unit includes the transmitter and receiver or receipts for launching and receiving signal
The machine of sending out.Preferably, the wireless communication unit is used to for the second authentication data to be sent to authentication service by radio communication channel
Device, and the certification by radio communication channel from after certificate server reception encryption is replied message or original authentication is replied and disappeared
Breath.Preferably, second authentication data includes the first authentication data, the identifier of user terminal and electronic certificate(For example block
Number).Wherein, the certification message indicates certification success or authentification failure.Preferably, encrypting and decrypting unit is used for through encryption
The first audio signal be decrypted.Preferably, memory cell is used to store the identifier and electronic certificate of user terminal.It is preferred that
Ground, the electronic certificate is, for example, the electronic certificate that server, bank server or the third-party server of website is issued.
Preferably, the converting unit is used to for the first audio signal to be converted to the first authentication data, and for will indicate certification into
The encrypted certification of work(or authentification failure is replied message or original authentication is replied message and is converted to the second audio signal.It is preferred that
Ground, the audio input unit is used to receive the first audio signal from certification terminal, and the audio output unit will be described
Second audio signal is sent to the certification terminal.Preferably, the audio input unit can be microphone, and the audio frequency
Output unit can be loudspeaker.Preferably, also including modem module, for being modulated to signal and demodulating.
Preferred embodiment of the invention, certificate server includes authentication unit, wireless communication unit and clock list
Unit.Preferably, the clock unit is used to produce the internal clocking of certificate server, and certification is taken by the internal clocking
The current time of business device carries out timing.Preferably, periodically to enter row clock with certification terminal synchronous for certificate server, specially:Recognize
Its internal clocking is sent to certificate server by card terminal definitions by wireless communication unit, and certificate server is according to the inside
Whether clock and transmission delay are synchronous with the internal clocking of certificate server come the internal clocking for determining certification terminal.It is preferred that
Ground, the internal clocking of the certificate server can be gps clock, circuit use and oscillator clock.Preferably, it is described wireless
Communication unit is used to entering row clock with certification terminal synchronous, and carries out data interaction with user terminal.
Preferably, electronic certificate of the second authentication data that the authentication unit is sent according to user terminal to user terminal
It is authenticated.For example, authentication unit includes according to the second authentication data the first authentication data, the identifier of user terminal come
The electronic certificate of user terminal is authenticated.Preferably, first authentication data also includes:The mark of the certification terminal
The symbol multidate information related to certification and/or time encryption factor.That is, authentication unit is according to the identifier of certification terminal and recognizes
The related multidate information of card, time encryption factor, the identifier of user terminal are authenticated to electronic certificate.Preferably, certification
The identifier of terminal is used for the identity of ID authentication terminal, and for identifying the authorized party of electronic certificate.Preferably, with certification
Related multidate information includes the information of authenticating party, the information of such as trade company, the type of electronic certificate, species etc..Preferably, when
Between encryption factor ID authentication terminal time, prevent replicate electronic certificate or expired electronic certificate.Preferably, user's end
The identifier at end is, for example, the device id of user terminal, and such as mobile phone has its unique device coding, profit as user terminal
Use media access control(MAC, Media Access Control)Address and International Mobile Equipment Identity code(IMEI,
International Mobile Equipment Identity)The uniqueness of definable equipment.Preferably, installing every time should
The installation identifier ID of used time definable application.In addition, the log-on message of user can be bundled in mobile phone terminal, so as to give birth to for user
Into unique user identifiers UID, and by note check code user bound cell-phone number, it is ensured that user identity is truly unique.It is preferred that
Ground, by the corresponding electronic certificate of user account cloud server is stored in, and mobile phone is buffered in locally, by the data communication of mobile phone
The corresponding electronic certificate of user identity is downloaded and updates local to mobile phone.
Fig. 2 shows the circuit diagram of the certification terminal of example embodiment of the invention.Preferably, Fig. 2 shows
The certification terminal for going out is E-seal.The E-seal includes:MCU single-chip microcomputers, the built-in power amplifiers of Audio Codec, ISO7816
Controller IC, PSAM cards, loudspeaker, microphone(MIC), reserve battery, RTC controllers, 32.768K crystal, main battery, battery
Conversion and charging circuit.Preferably, MCU chip microcontrollers are controlled the entirety of E-seal.The built-in power amplifier realities of AudioCodec
Existing audio analog signals are converted to data signal and data signal is converted to audio analog signals, and realize to volume, noise reduction,
Echo suppresses, the amplification of the audio analog signals of input and output.Preferably, ISO7816 controls IC is used for MCU single-chip microcomputers and PSAM
Communication interface is set up between card.Preferably, PSAM(Purchase Secure Access Module)Card is a kind of encryption IC cores
Piece, for terminal devices such as trade company POS, site terminal, direct connection terminals, is responsible for the safety control of device.Preferably, it is supported
The many applications of one card, it is separate between each application(Many applications, firewall functionality).Support multiple file types, including binary system
File, fixed-length record file, variable-length record file, circular file, wallet file.Various safeguard protections are supported in communication process
Mechanism(The confidentiality and integrity protection of information).Support various secure access modes and authority(Authentication function and password are protected
Shield).Support Single DES, the Triple DES algorithms of People's Bank of China's accreditation.Multistage key dispersal mechanism is supported, is produced
《China's finance integrated circuit(IC)Calliper model》Defined in MAC1 and verification MAC2.Financial security rank can be realized with this module
Proof of identity.
Preferably, loudspeaker is used for exports audio signal.Microphone is used to receive audio signal.Preferably, main battery is used
Family provides electric power for E-seal, and electric power is supplied to MCU single-chip microcomputers by it by Power convert.Preferably, charging circuit is used for
It is charged for main battery, so as to ensure the supply of electric power of main battery.Preferably, reserve battery is additionally provided with, for controlling for RTC
Device processed provides electric power.Preferably, the RTC controllers provide the control to real-time clock for E-seal, so as to keep electronics
The internal time of seal.Preferably, the 32.768K crystal is used to produce underlying clock, and the RTC controllers root
Real-time clock is controlled according to underlying clock.
Fig. 3 shows the circuit diagram of the certification terminal according to another example embodiment of the invention.Recognizing shown in Fig. 3
Card terminal is certification terminating machine(For example for the POS of certification).The certification terminal of Fig. 3 has identical with the certification terminal of Fig. 2
Part, for purposes of simplicity and clarity, only introduce parts different from the certification terminal of Fig. 2.Preferably, the adapter
Realize external power source(Such as alternating current)The interface conversion being input between power conversion unit.
Fig. 4 shows the schematic diagram of the certification terminal according to another example embodiment of the invention.Certification end shown in Fig. 4
End is certification terminating machine(For example for the POS of certification).The certification terminal of Fig. 4 has identical portion with the certification terminal of Fig. 2
Part, for purposes of simplicity and clarity, only introduces the parts different from the certification terminal of Fig. 2.Preferably, NFC and antenna are used for
Realize near-field communication.Preferably, reserve charging circuit is used to realize the charging to certification terminal with MT35 battery compartments, but equipment is
Fixed position uses, so only need to external power supply powering, acquiescence does not configure charging circuit and battery.Preferably, LCD display
Authentication state can be shown, for example, during certification is carried out, certification success or authentification failure.Preferably, the character library is used for numeral
Signal is converted to user's readable character, for example, can be Unicode or GB2312.Preferably, thermal printing head can by with
The related authentication information in family is printed on heat-sensitive paper, and is exported to user.
Fig. 5 shows the flow chart of the authentication method according to example embodiment of the present invention.Preferably, methods described is suitable for
In being authenticated to electronic certificate in a communication network, wherein the communication network includes user terminal, certificate server and recognizes
Card terminal.Methods described starts at step 500.Preferably,
Preferably, at step 501, certification terminal generates the first certification number related to the electronic certificate of user terminal
According to digital-to-analogue conversion being carried out to first authentication data, to generate the first audio signal, via voice communication channel by described
One audio signal is sent to user terminal.Preferably, also included before step 501:User terminal is by electronic certificate through number
Mould is converted to audio signal, and the audio signal is sent to certification terminal, the certification end by voice communication channel
End receives audio signal, and is converted into electronic certificate by analog-to-digital conversion.Preferably, first authentication data packet
Include:The identifier and the multidate information related to certification of the certification terminal.Preferably, the multidate information related to certification includes
At least one of herein below:The rank of the License Info, the status information of certification terminal and certification terminal of certification terminal
Information.
Preferably, the multidate information related to certification includes at least one of herein below:Certification terminal permitted
Can information, the status information of certification terminal and certification terminal class information.Preferably, the License Info of certification terminal can be with
Including provider(Represented by certification terminal)Electronic certificate License Info(For example, tolerance band, allowable level etc.).
Preferably, the status information of the certification terminal can include that provider provides the state of related service or mandate(For example,
Fail, do not fail yet), and identity, the ID of authenticating party of authenticating party etc., such as it is the ID of provider in ecommerce.It is excellent
Selection of land, the class information of the certification terminal includes providing rank or authority levels of related service etc..
Preferably, before digital-to-analogue conversion is carried out to first authentication data, also include using 3DES algorithms to described
First authentication data is encrypted.Alternatively or additionally, the later step in step 501, i.e., to first authentication data
Carry out digital-to-analogue conversion, to generate the first audio signal in involved the first authentication data be the first certification number through encrypting
According to.Preferably, when the first authentication data is generated, when certification terminal is encrypted to generate according to AES to the time
Between encryption factor, the time encryption factor is increased in first authentication data.Preferably, the certification terminal and institute
State certificate server and determine whether the time is consistent by time encryption factor.Preferably, is received in certificate server
One authentication data(It is included in the second authentication data)When, time encryption factor can be decrypted with access authentication terminal
Current time, it is ageing so as to authentication verification.
Preferably, at step 502, first audio signal is converted to by the user terminal through analog-to-digital conversion
One authentication data, and the second certification number is generated based on first authentication data, the identifier of user terminal and electronic certificate
According to.It follows that the second authentication data includes:(It is encrypted or not encrypted)The mark of the first authentication data, user terminal
Know symbol and electronic certificate.Preferably, at step 503, second authentication data is sent to into certificate server.Preferably,
Second authentication data is sent to certificate server by wireless channel to carry out.
Preferably, at step 504, first authentication data and use of the certificate server in second authentication data
Family terminal identifier is generated and indicates that the original authentication of certification success or authentification failure is replied being authenticated to electronic certificate
Message, replies message to be encrypted and reply message the certification after encryption to original authentication according to AES and is sent to user
Terminal.Preferably, encrypted certification is replied message digital-to-analogue conversion for the second audio signal by the user terminal, by described the
Two audio signals are sent to the certification terminal, and second audio signal that the certification end-on is received carries out modulus and turns
Change, replied message with being converted to encrypted certification, the encrypted certification is replied message be decrypted it is original to generate
Certification is replied message, and is replied message the original authentication using output equipment and be supplied to user.Preferably, the output
Equipment is display, loudspeaker, indicator or printer, and the original authentication is replied message into offer using output equipment
It is specially to user:Using display show content that the original authentication replies message, using loudspeaker by sound come defeated
Go out content that the original authentication replies message, indicate that the original authentication is replied message by indicator lamp mode using indicator
Corresponding authentication state or the content replied message using original authentication described in printer output.Then, method is at step 505
Terminate.
Preferred embodiment of the invention, the certification terminal keeps and the certificate server identical time.It is preferred that
Ground, the certification terminal and the certificate server are consistent with the retention time by the radio communication periodic synchronization time.Certification takes
It is synchronous that business device periodically enters row clock with certification terminal, specially:Its internal clocking is passed through radio communication list by certification terminal definitions
Unit is sent to certificate server, and certificate server determines the inside of certification terminal according to the internal clocking and transmission delay
Whether clock is synchronous with the internal clocking of certificate server.Preferably, when the internal clocking of the certificate server can be GPS
Clock, circuit are used and oscillator clock.
In accordance with another preferred embodiment of the present invention, the certification terminal and user terminal for carrying out voice communication generally has
Following fundamental characteristics:1)Sample rate 44.1k(Most general sample rate, most certification terminals and user terminal support this
Sample rate);2)Carrier frequency 17.6k(The mankind are difficult the sound for hearing this frequency);3)Using half-duplex mode both-way communication.
Preferably, certification terminal sends audio signal(Send audio communication)Flow process:1)By the equipment of certification terminal
Identifier, there is provided business's identifier, timestamp is encoded;2)Coded data is carried out into 3DES encryption;3)Calculate encrypted data
Hash values, save backup;4)Plus data packet head and flag data before encryption data, followed by upper verification data group into number
According to bag;5)2ASK is carried out to packet(Binary amplitude keying)Modulation, obtains audio volume control sampled data;6)Sounding.
Preferably, user terminal receives audio signal(Receive audio communication)Flow process:1)To audio volume control hits
According to filtering;2)2ASK is demodulated;3)Judge packet header and mark;4)The correctness of verification data;5)The hash values of packet are calculated, is protected
Deposit standby;6)Decode the data come and constitute authentication data packet plus user terminal identification symbol and electronic certificate;7)Encryption certification
Packet simultaneously uploads to certificate server.
Preferably, user terminal sends audio signal(Send audio communication)Flow process:1)User terminal receives certification
The response data packet of server;2)Decryption;3)Plus data packet head and the hash for preserving before data, followed by upper verification data
Composition data bag;4)2ASK modulation is carried out to packet, audio volume control sampled data is obtained;5)Sounding.
Preferably, certification terminal receives audio signal(Receive audio communication)Flow process:1)To audio volume control hits
According to filtering;2)2ASK is demodulated;3)Judge whether packet header is correct, and whether hash is consistent with the hash for preserving;4)Verification data is just
True property;5)3DES is decrypted;6)Judge the packet whether effective response packet of this certification;7)Decoding data bag obtains certification
Authentication result of the server to this certification;8)Authentication result is shown over the display(Or tied using printer output certification
Really).
Fig. 6 shows the flow chart of the method for the generation electronic certificate according to example embodiment of the present invention.Step 601,
Certification end user terminal provides electronic certificate, is provided using sound wave checking and confirms instruction and key;Step 602, user terminal
Application by acoustic receiver instruct, by the identifier of user terminal, certification terminal identifier by mobile Internet transmit
To server;Step 603, electronic certificate identity verifying system decrypts the device keyses of provider, confirms provider's identity, while
Confirm user identity;And step 604, electronic certificate content verifying system is by the electronic certificate of the provider and user terminal
Identifier is bound, and electronic certificate is generated.
Fig. 7 shows the flow chart of the authentication method according to another example embodiment of the invention.Step 701, user's end
The application at end is updated electronic certificate by server and sends certification terminal.Step 702, certification terminal verifies equipment with sound wave
Near user terminal, the certification terminal identifier and certification terminal key of certification terminal are transmitted.Step 703, user terminal should
Receive the certification terminal identifier and key of certification terminal with electronic certificate, and be sent to server.Step 704, electronic certificate
Identity verifying system decruption key, confirms certification terminal identity, user terminal identity.Step 705, electronic certificate content veritifies system
System detects whether the user terminal has correspondence rights and interests in the certification terminal, and whether electronic certificate content is consistent, and be consistent then electronics
Credential verification success.Step 706, server return data to user terminal application, the application shows electronic certificate content more
Change.Successful information is returned to sound wave checking equipment by step 707, the application, and sound wave checking equipment confirms to be proved to be successful signal,
And print out related data.
Under the teaching presented in specification previously and relevant drawings, those of ordinary skill in field according to the present invention
Will be appreciated that many modifications and the other embodiment of the present invention set forth herein.It is, therefore, to be understood that embodiment of the present invention is not
It is limited to particular implementation disclosed herein, and its modification and other embodiment are also included in the model of claims
In enclosing.Although additionally, description above and relevant drawings describe the environment of some example combinations in element and/or function
Under illustrative embodiments, it should be understood that the various combination of element and/or function can be provided by alternate embodiment, and
Without departing from scope of the following claims.At this point, for example, as can be illustrated in the following claims, also can set
Various combination in addition to wanting more than clearly described element and/or function.Although specific terms be employed herein, but it
Only can be used by general and descriptive concept, the purpose being not intended to limit.
Claims (10)
1. a kind of method for being authenticated to electronic certificate in a communication network, wherein the communication network includes user's end
End, certificate server and certification terminal, methods described is further included:
Certification terminal generates first authentication data related to the electronic certificate of user terminal;
Digital-to-analogue conversion is carried out to first authentication data, to generate the first audio signal;
First audio signal is sent to into user terminal via voice communication channel;
First audio signal is converted to the first authentication data by the user terminal through analog-to-digital conversion, and based on described
First authorizes data, the identifier of user terminal and electronic certificate generates the second authentication data;
Second authentication data is sent to into certificate server;And
First authentication data of the certificate server in second authentication data and user terminal identification symbol come to electronics with
Card is authenticated, and generates and indicate that the original authentication of certification success or authentification failure is replied message, according to AES to original
Beginning certification is replied message to be encrypted and reply message the certification after encryption and is sent to user terminal;
It is the second audio signal that encrypted certification is replied message digital-to-analogue conversion by the user terminal, by second audio frequency letter
Number the certification terminal is sent to, second audio signal that the certification end-on is received carries out analog-to-digital conversion, to turn
It is changed to encrypted certification to reply message, the encrypted certification is replied message and is decrypted to generate original authentication reply
Message, and the original authentication is replied message using output equipment be supplied to user;
The certification terminal is E-seal, and the E-seal includes:MCU single-chip microcomputers, the built-in power amplifiers of Audio Codec,
ISO7816 controller ICs, PSAM cards, loudspeaker, microphone, reserve battery, RTC controllers, 32.768K crystal, main battery, electricity
Change and charging circuit in pond;
MCU chip microcontrollers are controlled the entirety of E-seal, and the built-in power amplifiers of Audio Codec realize that audio analog signals are changed
Audio analog signals are converted to for data signal and data signal, and are realized to volume, noise reduction, echo suppression, input and output
Audio analog signals amplification, ISO7816 control IC be used for set up communication interface between MCU single-chip microcomputers and PSAM cards, wherein
PSAM cards are encryption IC chips, are responsible for the safety control of device;Loudspeaker is used for exports audio signal, and microphone is used to receive sound
Frequency signal;Main battery user provide electric power for E-seal, and electric power is supplied to MCU single-chip microcomputers, battery by it by Power convert
Change and charging circuit be used to be charged into main battery, so as to ensure the supply of electric power of main battery, reserve battery, for for
RTC controllers provide electric power, and the RTC controllers provide the control to real-time clock for E-seal, so as to keep electronic seal
The internal time of chapter, when the 32.768K crystal is used to produce underlying clock, and the RTC controllers according to basis
Clock is controlling real-time clock;
Further include that the certification terminal keeps and the certificate server identical time, and certification terminal is according to AES
The time is encrypted to generate time encryption factor, the time encryption factor is increased to into first authentication data
In;
Wherein described certification terminal is consistent with the retention time by the radio communication periodic synchronization time with the certificate server;
And/or the certification terminal and the certificate server determine whether the time is consistent by time encryption factor.
2. method according to claim 1, wherein first authentication data includes:The identifier of the certification terminal and
The multidate information related to certification.
3. method according to claim 2, wherein the multidate information related to certification includes at least in herein below
It is individual:The class information of the License Info, the status information of certification terminal and certification terminal of certification terminal.
4. method according to claim 1, wherein before digital-to-analogue conversion is carried out to first authentication data, also including
First authentication data is encrypted using 3DES algorithms;And in the user terminal through analog-to-digital conversion by described
One audio signal is converted to after the first authentication data, and first authentication data is decrypted according to 3DES algorithms.
5. method according to claim 1, wherein the output equipment is display, loudspeaker, indicator or printer,
And being replied message the original authentication using output equipment is supplied to user to be specially:Show described original using display
Content that certification is replied message, content that the original authentication replies message is exported by sound using loudspeaker, using referring to
Show that device indicates that the original authentication replies message corresponding authentication state or using described in printer output by indicator lamp mode
The content that original authentication is replied message.
6. a kind of system for being authenticated to electronic certificate in a communication network, the system includes:
Certification terminal, generates first authentication data related to the electronic certificate of user terminal, to first authentication data
Digital-to-analogue conversion is carried out, to generate the first audio signal, first audio signal user is sent to into via voice communication channel
Terminal;
User terminal, the first authentication data is converted to through analog-to-digital conversion by first audio signal, is recognized based on described first
Card data, the identifier of user terminal and electronic certificate generate the second authentication data, second authentication data is sent to and is recognized
Card server;And
Certificate server, the first authentication data in second authentication data and user terminal identification symbol come to electronics with
Card is authenticated, and generates and indicate that the original authentication of certification success or authentification failure is replied message, according to AES to original
Beginning certification is replied message to be encrypted and reply message the certification after encryption and is sent to user terminal;
It is the second audio signal that encrypted certification is replied message digital-to-analogue conversion by the user terminal, by second audio frequency letter
Number the certification terminal is sent to, second audio signal that the certification end-on is received carries out analog-to-digital conversion, to turn
It is changed to encrypted certification to reply message, the encrypted certification is replied message and is decrypted to generate original authentication reply
Message, and the original authentication is replied message using output equipment be supplied to user;
The certification terminal is E-seal, and the E-seal includes:MCU single-chip microcomputers, the built-in power amplifiers of Audio Codec,
ISO7816 controller ICs, PSAM cards, loudspeaker, microphone, reserve battery, RTC controllers, 32.768K crystal, main battery, electricity
Change and charging circuit in pond;
MCU chip microcontrollers are controlled the entirety of E-seal, and the built-in power amplifiers of Audio Codec realize that audio analog signals are changed
Audio analog signals are converted to for data signal and data signal, and are realized to volume, noise reduction, echo suppression, input and output
Audio analog signals amplification, ISO7816 control IC be used for set up communication interface between MCU single-chip microcomputers and PSAM cards, wherein
PSAM cards are encryption IC chips, are responsible for the safety control of device;Loudspeaker is used for exports audio signal, and microphone is used to receive sound
Frequency signal;Main battery user provide electric power for E-seal, and electric power is supplied to MCU single-chip microcomputers, battery by it by Power convert
Change and charging circuit be used to be charged into main battery, so as to ensure the supply of electric power of main battery, reserve battery, for for
RTC controllers provide electric power, and the RTC controllers provide the control to real-time clock for E-seal, so as to keep electronic seal
The internal time of chapter, when the 32.768K crystal is used to produce underlying clock, and the RTC controllers according to basis
Clock is controlling real-time clock;
The certification terminal keeps and the certificate server identical time, and certification terminal according to AES to the time
It is encrypted to generate time encryption factor, the time encryption factor is increased in first authentication data;Wherein institute
State certification terminal consistent with the retention time by the radio communication periodic synchronization time with the certificate server;And/or described recognize
Card terminal and the certificate server determine whether the time is consistent by time encryption factor.
7. system according to claim 6, wherein first authentication data includes:The identifier of the certification terminal and
The multidate information related to certification.
8. system according to claim 7, wherein the multidate information related to certification includes at least in herein below
It is individual:The class information of the License Info, the status information of certification terminal and certification terminal of certification terminal.
9. system according to claim 6, wherein also including certification terminal using 3DES algorithms to the first certification number
According to being encrypted;And user terminal is decrypted according to 3DES algorithms to first authentication data.
10. system according to claim 6, wherein the output equipment is display, loudspeaker, indicator or printing
Machine, and the original authentication is replied message using output equipment be supplied to user to be specially:Show described using display
Content that original authentication is replied message, content, the profit that the original authentication is replied message is exported by sound using loudspeaker
Indicate that the original authentication replies message corresponding authentication state or utilizes printer output by indicator lamp mode with indicator
The content that the original authentication is replied message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210385748.9A CN103731266B (en) | 2012-10-12 | 2012-10-12 | Method and system for authenticating electronic certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210385748.9A CN103731266B (en) | 2012-10-12 | 2012-10-12 | Method and system for authenticating electronic certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103731266A CN103731266A (en) | 2014-04-16 |
| CN103731266B true CN103731266B (en) | 2017-05-10 |
Family
ID=50455201
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210385748.9A Active CN103731266B (en) | 2012-10-12 | 2012-10-12 | Method and system for authenticating electronic certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103731266B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105516070B (en) * | 2014-09-30 | 2019-01-11 | 华为技术有限公司 | A kind of method and device that Service Ticket substitutes |
| CN104802542B (en) * | 2015-03-17 | 2018-01-05 | 杨利泓 | Digital sealing equipment |
| CN106355425A (en) * | 2015-07-15 | 2017-01-25 | 阿里巴巴集团控股有限公司 | Method for generating verification codes of electronic certificates and verification canceling method and device for electronic certificates |
| CN105243542B (en) * | 2015-11-13 | 2021-07-02 | 咪付(广西)网络技术有限公司 | Dynamic electronic certificate authentication method |
| CN106161036B (en) * | 2016-08-18 | 2019-04-23 | 福建联迪商用设备有限公司 | A kind of mobile station (MS) state transition method and system of credit |
| CN107819766B (en) * | 2017-11-14 | 2020-11-06 | 中国银行股份有限公司 | Security authentication method, system and computer readable storage medium |
| CN110667252A (en) * | 2019-11-05 | 2020-01-10 | 珠海优特物联科技有限公司 | Stamp device and stamp device control method |
| CN111614659B (en) * | 2020-05-19 | 2022-09-23 | 杭州英视信息科技有限公司 | Distributed detection method for unknown network flow |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1878329A (en) * | 2006-01-26 | 2006-12-13 | 华为技术有限公司 | System and method for carrying out authentication via cipher |
| CN101110667A (en) * | 2006-07-19 | 2008-01-23 | 华为技术有限公司 | User authentication method and user authentication system |
| CN102223234A (en) * | 2011-06-17 | 2011-10-19 | 飞天诚信科技股份有限公司 | Electronic signature system and method based on audio communication |
| CN102254264A (en) * | 2011-08-17 | 2011-11-23 | 广州广电运通金融电子股份有限公司 | Security control method and security control system of mobile payment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8473756B2 (en) * | 2008-01-07 | 2013-06-25 | Security First Corp. | Systems and methods for securing data using multi-factor or keyed dispersal |
-
2012
- 2012-10-12 CN CN201210385748.9A patent/CN103731266B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1878329A (en) * | 2006-01-26 | 2006-12-13 | 华为技术有限公司 | System and method for carrying out authentication via cipher |
| CN101110667A (en) * | 2006-07-19 | 2008-01-23 | 华为技术有限公司 | User authentication method and user authentication system |
| CN102223234A (en) * | 2011-06-17 | 2011-10-19 | 飞天诚信科技股份有限公司 | Electronic signature system and method based on audio communication |
| CN102254264A (en) * | 2011-08-17 | 2011-11-23 | 广州广电运通金融电子股份有限公司 | Security control method and security control system of mobile payment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103731266A (en) | 2014-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103731266B (en) | Method and system for authenticating electronic certificate | |
| CN108270571B (en) | Internet of Things identity authorization system and its method based on block chain | |
| US9762567B2 (en) | Wireless communication of a user identifier and encrypted time-sensitive data | |
| CN103039035B (en) | Close-distance safety data communication method based on sound wave or audio frequency | |
| CN101978675B (en) | System and method for securely issuing subscription credentials to communication devices | |
| CN103501191B (en) | A kind of mobile payment device based on NFC technology and method thereof | |
| US20190165947A1 (en) | Signatures for near field communications | |
| CN101765105B (en) | Method for realizing communication encryption as well as system and mobile terminal therefor | |
| US8781131B2 (en) | Key distribution method and system | |
| CN101720071B (en) | Short message two-stage encryption transmission and secure storage method based on safety SIM card | |
| US20150372813A1 (en) | System and method for generating a random number | |
| WO2019129037A1 (en) | Equipment authentication method, over-the-air card writing method, and equipment authentication device | |
| KR20160112895A (en) | Method and apparatus for performing secure bluetooth communication | |
| CN103095457A (en) | Login and verification method for application program | |
| CN102026180A (en) | M2M transmission control method, device and system | |
| CN102742250A (en) | Secret key transmitting method based on transport layer safety, intelligent meter reading terminal and server | |
| CN101771680B (en) | Method for writing data to smart card, system and remote writing-card terminal | |
| CN203104783U (en) | Terminal device for authentication of electronic certificate | |
| CN105208551A (en) | Method and apparatus for transmitting and obtaining beacon data | |
| CN103731828B (en) | A kind of terminal unit and method for electronic certificate authentication | |
| CN101931561A (en) | Remote control network equipment management system and management end and network equipment operation method | |
| CN103731827B (en) | A kind of hand-held audio communication device and method for electronic certificate authentication | |
| CN203289647U (en) | Handheld audio communication equipment for electronic certificate authentication | |
| CN103916839A (en) | Method and apparatus for releasing service information | |
| KR20120094536A (en) | System for issuing settlement/authentication token using smart phone, smart phone and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |