CN101202621A - Method and system for security verification of data among non-contact equipments - Google Patents
Method and system for security verification of data among non-contact equipments Download PDFInfo
- Publication number
- CN101202621A CN101202621A CNA2006101651058A CN200610165105A CN101202621A CN 101202621 A CN101202621 A CN 101202621A CN A2006101651058 A CNA2006101651058 A CN A2006101651058A CN 200610165105 A CN200610165105 A CN 200610165105A CN 101202621 A CN101202621 A CN 101202621A
- Authority
- CN
- China
- Prior art keywords
- data
- mobile device
- voucher
- user
- authentication server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000013524 data verification Methods 0.000 title claims description 5
- 230000005540 biological transmission Effects 0.000 claims abstract description 37
- 238000004891 communication Methods 0.000 claims description 37
- 238000012795 verification Methods 0.000 claims description 28
- 230000000875 corresponding effect Effects 0.000 claims description 9
- 230000001419 dependent effect Effects 0.000 claims description 6
- 238000010200 validation analysis Methods 0.000 claims description 6
- 230000002596 correlated effect Effects 0.000 claims description 3
- 238000007726 management method Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000013508 migration Methods 0.000 description 2
- 230000005012 migration Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000005764 inhibitory process Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method and a system for carrying through security authentication on data among non-contact devices. The invention includes the steps of transmitting a data voucher form a first movable device to a second movable device by a short distance communicating mode; launching an authentication request of the data voucher to a third party from the second movable device through a safe data transmission channel; the third party carries through authentication on the data voucher by utilizing the key information shared by the first movable device based on the authentication request; transmitting a data access description to the second movable device through the safe data transmission channel under the situation that the authentication result of the data voucher carried out by the third party is positive; and the second movable device acquires safe data corresponding to the data voucher through the data access description. By utilizing the invention, the security for carrying through data transmission among the non-contact devices can be improved.
Description
Technical field
The present invention relates to the safety verification in the exchanges data, be specifically related to a kind of method and system that carries out data are carried out safety verification between noncontact equipment, it can realize the data migration between the noncontact equipment safely.
Background technology
At present, high-end mobile device generally all has multiple low coverage radio-frequency communication modes such as WiFi, Bluetooth and Irda.These low coverage connected modes can be carried out the information exchange and the function sharing of equipment room, can be by functions such as the file transfer between these interfaces realization mobile devices, address book backups such as the user.For the consideration of power consumption, under default environment, these interfaces all are in closed condition, and the user must be provided with before use, just can use.And setting up procedure generally needs the user to have certain use experience, and this has limited the use of this partial function of mobile device.
Development along with RFID (radio-frequency (RF) tag) and NFC (near-field communication) and so on non-contact radio-frequency technology, increasing mobile device begins to increase the function of contactless chip, finishing shopping, e-ticketing, doit electronic payment, and function such as exchanges data and gate inhibition between mobile device.In Japan,, there has been mobile phone terminal to have the noncontact radio-frequency enabled above 10% along with the promotion of NTT Docomo.The noncontact mobile device will make that exchanges data becomes possibility between the mobile device that need not any setting of user.In this case, the user only needs two mobile devices are close, carries out both-end authentication and negotiation automatically by mobile device, just can finish the complex task of exchanges data between mobile device then.
The international standard of contactless communication technology is very many, such as NFC/ISO 14443, SonyFelica and RFID, by these low coverage radio-frequency techniques can both be implemented in the very near distance (<20cm), very short time (<exchanges data in 100ms).Because the power consumption of these equipment is extremely low, so data transmission rate is general also lower, the valid data transmission rate is not higher than 150kbps usually.In addition, it is very short that the user carries out time of device association.In the so short time, only can transmit the data of a hundreds of byte between the mobile device.Therefore, contactless application generally all is limited to the not high checking class business of data volume.
In order to realize the exchanges data between contactless device, in describing, used the application scenarios of NFC standard following two kinds of methods:
1) NFC equipment distance is near a period of time, by the directly mutual data that transmit of equipment room.But data transmission rate in this case is lower, can only reach 106kbps at present.Though standard is desirably in the recent period speed is risen to 424kbps, the data transmission rate that this speed still provides well below bluetooth and WiFi.
2) the NFC radio-frequency apparatus is consulted network connection parameter when device association, and the data of actual transmissions, are transmitted such as WiFi, bluetooth by other wireless radio frequency mode then.Present solution only solves with patent and is connected the problem of setting up, and not after connecting foundation, carries out the further checking and the End to End Encryption of equipment.Therefore, may cause malicious user to connect the problem that main equipment obtains confidential information.Simultaneously, the Channel Transmission content lacks effective cryptographic means, and therefore such working method is comparatively suitable for the not high data content of transmission confidentiality, but just has certain problem for the data that transmission has certain security requirement.
In addition, at present Philips with the EasyConfiguration technology of Microsoft cooperative development based on NFC, wish by contactless connection, between the realization notebook computer and between the mobile phone, notebook computer efficiently configuration emigration be connected with data.But, in their scheme white paper, standard and the patent, do not comprise safe technique for enhancing content at present.
Summary of the invention
In view of the above problems, finished the present invention.The objective of the invention is to propose a kind of method and system that data is carried out safety verification between noncontact equipment, it can carry out the data migration safely between noncontact equipment.
In one aspect of the invention, proposed a kind ofly at the noncontact equipment room data to be carried out the method for safety verification, comprise step: the mode with short-range communication sends to second mobile device with the data voucher from first mobile device; Data transmission channel by safety is initiated checking request to described data voucher from described second mobile device to the third party; Described third party verifies described data voucher based on described checking request utilization and the described first mobile device cipher key shared information; Under described third party to the checking result of described data voucher is sure situation, sends data access by described safe data transmission channel to described second mobile device and describe; And described second mobile device is described based on described data access and is obtained and the corresponding secure data of described data voucher.
According to embodiments of the invention, before described data voucher was verified, this method also comprises step: described third party verified the user's of described second mobile device legitimacy.
According to embodiments of the invention, before sending described data voucher, this method also comprises step: utilize symmetric key with predetermined algorithm described data voucher to be encrypted/signed.
According to embodiments of the invention, before sending described data voucher, this method also comprises step: utilize unsymmetrical key with predetermined algorithm described data voucher to be encrypted/signed.
According to embodiments of the invention, described predetermined algorithm is DES, 3DES, RC4, IDEA or AES.
According to embodiments of the invention, described predetermined algorithm is RSA or ECC.
According to embodiments of the invention, described predetermined algorithm is MD4, MD5 or SHA-1.
According to embodiments of the invention, described data voucher comprises: voucher rise time, associated data sign, the voucher term of validity, random credentials sign, user ID, mobile device sign, noncontact device identification, data importance grade and authentication server address.
According to embodiments of the invention, described data access is described and is comprised: data server address, data access mode, data encryption key, data verification key, data size, data voucher sign.
According to embodiments of the invention, described short-range communication support following agreement one of at least: ISO 15062, and ISO 18000, ISO18092, ISO 14443, ZigBee.
According to embodiments of the invention, described safe data transmission channel in wide area network based on HTTPS, IPSEC or VPN and realize.
According to embodiments of the invention, described wide area network is GSM, GPRS, EDGE, CDMA, WIMAX, 3G or WIFI.
According to embodiments of the invention, described data voucher is electronic cash, electronic bill or personal certificate.
In another aspect of this invention, proposed a kind ofly at the noncontact equipment room data to be carried out the system of safety verification, having comprised: first mobile device sends the data voucher in the mode of short-range communication; Second mobile device receives described data voucher, and the data transmission channel by safety sends the checking request at described data voucher; Authentication server, based on described checking request utilization and the described first mobile device cipher key shared information described data voucher is verified, under the checking result to described data voucher is sure situation, sends data access by described safe data transmission channel to described second mobile device and describe; Wherein, described second mobile device is described based on described data access and is obtained and the corresponding secure data of described data voucher.
According to embodiments of the invention, described second mobile device obtains and the corresponding secure data of described data voucher from a data server.
According to embodiments of the invention, described second mobile device obtains and the corresponding secure data of described data voucher from described authentication server.
According to embodiments of the invention, described authentication server is verified the user's of described second mobile device legitimacy.
According to embodiments of the invention, described data server comprises: the safety verification device, according to validity from described second mobile device of the validation of information of described authentication server; Database is used to preserve each user's secure data; And data administrator, link to each other with described database, be used for access user's secure data.
According to embodiments of the invention, described first mobile device comprises: storage device is used to store described data voucher; And the Near Field Communication device, send described data voucher based on the radio-frequency communication agreement.
According to embodiments of the invention, described second mobile device comprises: the Near Field Communication device receives described data voucher based on the radio-frequency communication agreement from described first mobile device; The terminal security communicator is set up the data transmission channel of a safety between described second mobile device and described authentication server, with the transmission data; Encryption/decryption device, the use key is encrypted the data voucher of terminal security communicator transmission and is signed; Control device with the information of data voucher and described second mobile device together, is sent to described authentication server by described terminal security communicator, and obtains data access from described authentication server and describe; And DAA, according to described data access the acquisition secure data is described.
According to embodiments of the invention, described authentication server comprises: the server security communicator receives described data voucher from described second mobile device; Customer data base is used for preserving and user-dependent information; User information apparatus links to each other with described customer data base, is used for reading and saving and user-dependent information, and the exchanges data of leading subscriber record and correlated digital credential information; And data credential verification device, be connected with user information apparatus, by that preserve and user-dependent information, verify the validity of described data voucher, and after checking is passed through, generate data access and describe.
Utilize said structure of the present invention, owing to only between first mobile device and second mobile device, transmit the data voucher, and obtain secure data from data server by wide area network, improved and carried out safety of data transmission between the noncontact equipment.
Description of drawings
By the detailed description of invention being carried out below in conjunction with accompanying drawing, will make above-mentioned feature and advantage of the present invention more obvious, wherein:
Fig. 1 is the structural representation that is used for illustrating the data security verification system of the embodiment of the invention;
Fig. 2 is the structural representation of mobile device as shown in Figure 1;
Fig. 3 is the structural representation of authentication server as shown in Figure 1;
Fig. 4 is the structural representation of data server as shown in Figure 1;
Fig. 5 is the flow chart that is used for illustrating according to the data voucher transmission course of the embodiment of the invention; And
Fig. 6 is the flow chart that is used for illustrating according to the data credential verification process of the embodiment of the invention.
Embodiment
Below, describe preferred implementation of the present invention with reference to the accompanying drawings in detail.In the accompanying drawings, though be shown in the different accompanying drawings, identical Reference numeral is used to represent identical or similar assembly.For clarity and conciseness, be included in here known function and the detailed description of structure will be omitted, otherwise they will make theme of the present invention unclear.
Fig. 1 is the structural representation that is used for illustrating the data security verification system of the embodiment of the invention.
Noncontact equipment room data security verification system comprises first mobile device 10, second mobile device 20, wide area wireless communication network 30, authentication server 40 and data server 50 as shown in Figure 1.
After first mobile device 10 generates the data voucher, send second mobile device 20 to by wireless radio frequency mode.Second mobile device 20 is set up safety by wide-area wireless communication network 30 with authentication server 40 and is connected.Then, the validity of verification msg voucher on authentication server 40.After checking was passed through, the visit of authentication server 40 returned data was described and is given second mobile device 20.
Second mobile device 20 utilizes data access to describe and data server 50 carries out obtaining effective secure data alternately.
Fig. 2 is the structural representation of mobile device as shown in Figure 1.Because the structure of first mobile device 10 and second mobile device 20 is roughly the same, thus following be the formation that example illustrates each mobile device with second mobile device 10.
First mobile device 20 comprises: memory cell 13 is used to store data voucher and other data; Near Field Communication unit 11 is undertaken closely mutual and the checking of equipment both-end by the radio-frequency communication agreement, transmission data voucher between mobile device, wherein the radio-frequency communication agreement can be ISO15062, and ISO 18000, ISO18092, ISO 14443, low coverage home control network communication protocols such as ZigBee; Cipher key management unit 14 is used to manage public private key pair and the symmetric key that data are encrypted or signed; Terminal security communication unit 17 by wide area wireless communication network 30 connectivity verification servers 40, between mobile device 20 and authentication server 40, is set up the data transmission channel of a safety then; Encryption/decryption element 15 is used key that cipher key management unit 14 the managed critical data to 17 transmission of terminal security communication unit, and the data voucher is encrypted and signed; Control unit 12 with data voucher and this facility information together, is sent to authentication server 40 by terminal security communication unit 17, by the validity of authentication server 40 verification msg vouchers, and obtains data access and describes; And data access unit 16, describe from data server 50 to obtain secure datas according to data access, and the secure data that obtains verified and decipher, and be kept in the memory cell 13 of mobile device 20 this locality.
Cipher key management unit 14 is supported two kinds of working methods.First working method is to generate public private key pair and symmetric key (described private key is used for data are signed, and symmetric key is used for data are encrypted) at random, and PKI and symmetric key are passed to authentication server 40.Second working method is to preserve PKI and the symmetric key that authentication server 40 is preset, and uses this PKI that data are signed.Cipher key management unit 14 can be a software, also can be that proprietary hardware device is realized.
The connection of setting up between second mobile device 20 and authentication server 40 can be adopted connected modes such as HTTPS, IPSEC, VPN.
Fig. 3 is the structural representation of authentication server as shown in Figure 1.As shown in Figure 3, authentication server 40 comprises: server security communication unit 41, be connected with second mobile device 20 by wide area wireless communication network 30, and between second mobile device 20 and authentication server 40, set up the data transmission channel of a safety; Customer data base 44 comprises user's signature key, encryption key, data encryption and endorsement method, user's mobile device sign (IMEI), user's information such as mobile user identification (IMSI number), low coverage radio-frequency apparatus sign, user data reference address, user capture record and user's evaluation; Subscriber information management unit 43 links to each other with customer data base 44, is used for the user profile of reading and saving, and the exchanges data of leading subscriber record and correlated digital credential information; And data credential verification unit 42, be connected with subscriber information management unit 43, by the user profile of preserving, the validity of verification msg voucher.In addition, data credential verification unit 42 and after checking is passed through generates data access and describes, and informs that to data server 50 second mobile device 20 connects log-on data and the relevant information of second mobile device 20.
As mentioned above, the connection of setting up between the authentication server 40 and second mobile device 20 can be adopted connected modes such as HTTPS, IPSEC, VPN.
Fig. 4 is the structural representation of data server as shown in Figure 1.As mentioned above, data server 50 is stored the secure data that users will download, and verifies the validity of second mobile device 20, and after checking was passed through, foundation was connected with second mobile device 20, and finishes transfer of data.
As shown in Figure 4, data server 50 comprises: secure communication unit 51 is connected with second mobile device 20 by wide area wireless communication network 30, between second mobile device 20 and data server 50, set up one such as HTTPS, IPSEC, the data transmission channel of safety such as VPN; Safety verification unit 53 is according to the validity from validation of information second mobile device 20 of authentication server 40; Database 55 is used to preserve each user's secure data; Data Management Unit 54 links to each other with database 55, is used for access user's secure data; And encryption/decryption element 52, be used for data and encrypt and sign.
Though described data server 50 and authentication server 40 in the mode of separating above, data server 50 and authentication server 40 can be same physical equipments, also can be different physical equipments.
Wide area wireless communication network 30 comprises GSM, GPRS, EDGE, CDMA, WIMAX, 3G or WIFI etc.
Above-mentioned encryption and signature algorithm can adopt the symmetric key mode, and adoptable cipher mode comprises DES, 3DES, RC4, IDEA, AES etc., also can adopt the asymmetric-key encryption mode such as RSA, ECC etc.Endorsement method to certificate can use MD4, MD5 and SHA-1 etc.After transaction voucher encrypted digital certificate expired, user or payment management can be initiated the renewal process of certificate.
Fig. 5 is the flow chart that is used for illustrating according to the data voucher transmission course of the embodiment of the invention.As shown in Figure 5, first mobile device 10 generates the data voucher or obtain the data voucher (S11) of storage in advance from its memory cell 13.Usually, the data voucher comprises information such as voucher rise time, associated data sign, the voucher term of validity, random credentials sign, user ID, mobile device sign, noncontact device identification, data importance grade and authentication server address, these information can use the digital digest algorithm to generate summary info, then summary are encrypted to generate digital signature and obtain.
Under the encrypted situation of the data voucher that first mobile device 10 sends, require second mobile device 20 to utilize default encryption key that content is decrypted.
Generally speaking certificate properties need not to encrypt, for the extra high data of safety grades, in the time of can adopting encryption key that content is encrypted in preparation sensitive data is transmitted, by 15 pairs of data vouchers of encryption/decryption element encrypt and sign (S12).
Then, first mobile device 10 is judged whether this data voucher has expired or will be cancelled (S13) by the user.If this data voucher expires, perhaps to be cancelled by the user, then delete this data voucher (S14).Otherwise it is related that first mobile device 10 and second mobile device 20 short-range communication unit are separately undertaken by the radio-frequency communication agreement, and judge whether to have set up radio frequency link (S15) between second mobile device 10 and second mobile device 20.
After the radio-frequency apparatus checking is passed through, set up radio frequency link, first mobile device 10 sends data vouchers (S16) to second mobile device 20 then.
If the key that signature uses the user to generate, first mobile device 10 also need to send signature and encryption key, random credentials sign, voucher rise time, associated data sign, the voucher term of validity to authentication server 40, be stored in the customer data base 44.
After second mobile device 20 is received the data voucher, can select the data voucher is carried out online validation.Fig. 6 is the flow chart that is used for illustrating according to the data credential verification process of the embodiment of the invention.
As shown in Figure 6, the terminal security communication unit 21 of second mobile device 20 is set up secure data transmission by wan communication network 30 and authentication server 40 and is connected (S21), and will send to authentication server 40 after data voucher and the encryption of this machine information.
After the server communication unit 41 of authentication server 40 was received ciphered data voucher and mobile device information, data voucher and the mobile device information received by 42 pairs of data credential verification unit were decrypted, and obtain data voucher and end message.Next, data credential verification unit 42 utilizes stored user information in this end message and the customer data base 44 (for example, the key message of sharing with first mobile device 10) that user's legitimacy is verified (S22).If the checking result is that this user is illegal, then show authentication failed.Otherwise whether data credential verification unit 42 verification msg vouchers legal (S23).If the checking result shows that the data voucher is illegal, then show authentication failed.Otherwise, the user capture record (S24) in the customer data base of renewal authentication server 40.
Then, authentication server 40 generates corresponding data access and describes (S25).Usually, data access is described and is comprised: information such as data server address, data access mode, data encryption key, data verification key, data size, data voucher sign.And use the private key of authentication server 40 that this information is carried out digital signature.Simultaneously, data access is described and is transmitted to data server 50, is used to verify data access request thereafter.
Next, authentication server 40 is described data access and is passed second mobile device 20 (S26) back.After second mobile device 20 obtains the data access description, initiate data access request by network 30 to data server 50 according to data server address, data access mode and data verification key.
Technical scheme disclosed by the invention need can be used to the secure data exchange field of network on-line authentication, electronic cash account transfer such as safety between the user, use the mutual voucher of noncontact link exchange electronic cash, after mutual voucher online validation, gain the single-candidate electronic cash from bank by accepting the user; The electronic bill exchange of safety is used noncontact link exchange electronic bill information, by accepting the validity of user at mutual voucher online validation electronic bill; Noncontact link exchange personal certificate is used in the sensitive information exchange of the individual human world, accepts the validity of user rs authentication selectivity checking personal certificate, and utilizes personal certificate to download the sensitive data of encrypting from assigned address.
Top description only is used to realize embodiments of the present invention; it should be appreciated by those skilled in the art; the any modification or partial replacement that is not departing from the scope of the present invention; all should belong to claim of the present invention and come restricted portion; therefore, protection scope of the present invention should be as the criterion with the protection range of claims.
Claims (21)
1. one kind is carried out the method for safety verification at the noncontact equipment room to data, comprises step:
Mode with short-range communication sends to second mobile device with the data voucher from first mobile device;
Data transmission channel by safety is initiated checking request to described data voucher from described second mobile device to the third party;
Described third party verifies described data voucher based on described checking request utilization and the described first mobile device cipher key shared information;
Under described third party to the checking result of described data voucher is sure situation, sends data access by described safe data transmission channel to described second mobile device and describe; And
Described second mobile device is described based on described data access and is obtained and the corresponding secure data of described data voucher.
2. the method for claim 1 is characterized in that, before described data voucher was verified, also comprise step: described third party verified the user's of described second mobile device legitimacy.
3. the method for claim 1 is characterized in that, before sending described data voucher, also comprises step: utilize symmetric key with predetermined algorithm described data voucher to be encrypted/signed.
4. the method for claim 1 is characterized in that, before sending described data voucher, also comprises step: utilize unsymmetrical key with predetermined algorithm described data voucher to be encrypted/signed.
5. method as claimed in claim 3 is characterized in that, described predetermined algorithm is DES, 3DES, RC4, IDEA or AES.
6. method as claimed in claim 4 is characterized in that, described predetermined algorithm is RSA or ECC.
7. as claim 3 or 4 described methods, it is characterized in that described predetermined algorithm is MD4, MD5 or SHA-1.
8. the method for claim 1, it is characterized in that described data voucher comprises: voucher rise time, associated data sign, the voucher term of validity, random credentials sign, user ID, mobile device sign, noncontact device identification, data importance grade and authentication server address.
9. the method for claim 1 is characterized in that, described data access is described and comprised: data server address, data access mode, data encryption key, data verification key, data size, data voucher sign.
10. the method for claim 1 is characterized in that, described short-range communication support following agreement one of at least: ISO 15062, and ISO 18000, and ISO 18092, and ISO 14443, ZigBee.
11. the method for claim 1 is characterized in that, described safe data transmission channel in wide area network based on HTTPS, IPSEC or VPN and realize.
12. method as claimed in claim 11 is characterized in that, described wide area network is GSM, GPRS, EDGE, CDMA, WIMAX, 3G or WIFI.
13. the method for claim 1 is characterized in that, described data voucher is electronic cash, electronic bill or personal certificate.
14. one kind is carried out the system of safety verification at the noncontact equipment room to data, comprising:
First mobile device sends the data voucher in the mode of short-range communication;
Second mobile device receives described data voucher, and the data transmission channel by safety sends the checking request at described data voucher;
Authentication server, based on described checking request utilization and the described first mobile device cipher key shared information described data voucher is verified, under the checking result to described data voucher is sure situation, sends data access by described safe data transmission channel to described second mobile device and describe;
Wherein, described second mobile device is described based on described data access and is obtained and the corresponding secure data of described data voucher.
15. system as claimed in claim 14 is characterized in that, described second mobile device obtains and the corresponding secure data of described data voucher from a data server.
16. system as claimed in claim 14 is characterized in that, described second mobile device obtains and the corresponding secure data of described data voucher from described authentication server.
17. system as claimed in claim 14 is characterized in that, described authentication server is verified the user's of described second mobile device legitimacy.
18. system as claimed in claim 15 is characterized in that, described data server comprises: the safety verification device, according to validity from described second mobile device of the validation of information of described authentication server;
Database is used to preserve each user's secure data; And
Data administrator links to each other with described database, is used for access user's secure data.
19. system as claimed in claim 14 is characterized in that, described first mobile device comprises:
Storage device is used to store described data voucher; And
The Near Field Communication device sends described data voucher based on the radio-frequency communication agreement.
20. system as claimed in claim 14 is characterized in that, described second mobile device comprises:
The Near Field Communication device receives described data voucher based on the radio-frequency communication agreement from described first mobile device;
The terminal security communicator is set up the data transmission channel of a safety between described second mobile device and described authentication server, with the transmission data;
Encryption/decryption device, the use key is encrypted the data voucher of terminal security communicator transmission and is signed;
Control device with the information of data voucher and described second mobile device together, is sent to described authentication server by described terminal security communicator, and obtains data access from described authentication server and describe; And
DAA is described the acquisition secure data according to described data access.
21. system as claimed in claim 14 is characterized in that, described authentication server comprises:
The server security communicator receives described data voucher from described second mobile device;
Customer data base is used for preserving and user-dependent information;
User information apparatus links to each other with described customer data base, is used for reading and saving and user-dependent information, and the exchanges data of leading subscriber record and correlated digital credential information; And
Data credential verification device is connected with user information apparatus, by that preserve and user-dependent information, verifies the validity of described data voucher, and after checking is passed through, generates data access and describe.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006101651058A CN101202621A (en) | 2006-12-13 | 2006-12-13 | Method and system for security verification of data among non-contact equipments |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006101651058A CN101202621A (en) | 2006-12-13 | 2006-12-13 | Method and system for security verification of data among non-contact equipments |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101202621A true CN101202621A (en) | 2008-06-18 |
Family
ID=39517605
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2006101651058A Pending CN101202621A (en) | 2006-12-13 | 2006-12-13 | Method and system for security verification of data among non-contact equipments |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101202621A (en) |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853457A (en) * | 2010-01-29 | 2010-10-06 | 东莞宇龙通信科技有限公司 | NFC electronic bill generation and reimbursement method, device and system |
| CN102204111A (en) * | 2008-08-12 | 2011-09-28 | 维沃科技公司 | Systems, methods, and computer readable media for providing for secure offline data transfer between wireless smart devices |
| CN102355356A (en) * | 2011-10-13 | 2012-02-15 | 国电南京自动化股份有限公司 | Asymmetric encryption method suitable for ZIGBEE wireless meter reading |
| CN102792724A (en) * | 2010-03-09 | 2012-11-21 | 质子世界国际公司 | Protection of a communication channel between a security module and an nfc circuit |
| CN102792723A (en) * | 2010-03-09 | 2012-11-21 | 质子世界国际公司 | Protection of a security module in a telecommunication device coupled to an NFC circuit |
| WO2013065057A1 (en) * | 2011-11-01 | 2013-05-10 | Hewlett-Packard Development Company L.P. | Secure introduction |
| WO2013097351A1 (en) * | 2011-12-27 | 2013-07-04 | 中兴通讯股份有限公司 | Method, device, and system for key interaction |
| CN103442065A (en) * | 2013-08-29 | 2013-12-11 | 宇龙计算机通信科技(深圳)有限公司 | Data sharing method, mobile terminals and cloud server |
| WO2014161155A1 (en) * | 2013-04-02 | 2014-10-09 | Nokia Corporation | Methods and apparatus for securing device-to-device communications |
| CN104253688A (en) * | 2013-06-28 | 2014-12-31 | 北京思普崚技术有限公司 | VPN (virtual private network) connection method based on IPSec (internet protocol security) |
| CN104270244A (en) * | 2014-09-12 | 2015-01-07 | 广东安居宝数码科技股份有限公司 | NFC encryption method and system |
| CN104318286A (en) * | 2014-10-31 | 2015-01-28 | 东莞宇龙通信科技有限公司 | NFC label data management method and system and terminal |
| CN104348687A (en) * | 2013-08-08 | 2015-02-11 | 联想(北京)有限公司 | Stand-in authorization method and electronic equipment |
| US9179301B2 (en) | 2010-08-31 | 2015-11-03 | Proton World International N.V. | Protection of a communication channel of a telecommunication device coupled to an NFC circuit against misrouting |
| US9185561B2 (en) | 2010-03-09 | 2015-11-10 | Proton World International N.V. | Protection against rerouting in an NFC circuit communication channel |
| US9209866B2 (en) | 2010-08-31 | 2015-12-08 | Proton World International N.V. | Securing of a telecommunication device equipped with a near-field communication module |
| US9219745B2 (en) | 2011-04-05 | 2015-12-22 | Proton World International N.V. | Assessing the resistance of a security module against attacks by communication pipe diversion |
| US9225687B2 (en) | 2011-04-13 | 2015-12-29 | Proton World International N.V. | Access control mechanism for a secure element coupled to an NFC circuit |
| CN105243540A (en) * | 2015-11-13 | 2016-01-13 | 广西米付网络技术有限公司 | Bus paying method and payment system based on mobile intelligent terminal |
| CN105493538A (en) * | 2013-09-24 | 2016-04-13 | 英特尔公司 | Systems and methods for NFC access control in a secure element centric nfc architecture |
| CN105723376A (en) * | 2013-11-04 | 2016-06-29 | 谷歌公司 | Systems and Methods for Verifying a User Based on Reputational Information |
| CN105792181A (en) * | 2016-02-24 | 2016-07-20 | 努比亚技术有限公司 | A data migration method for an analog card, a mobile terminal and a TSM platform |
| CN106535094A (en) * | 2016-10-27 | 2017-03-22 | 乐视控股(北京)有限公司 | Method and device for sharing VPN and terminal device |
| CN108833445A (en) * | 2018-07-31 | 2018-11-16 | 中国银联股份有限公司 | An authentication method and device suitable for an Internet of Things system |
| CN109076076A (en) * | 2016-04-19 | 2018-12-21 | 微软技术许可有限责任公司 | Two-factor authentication |
| CN110120866A (en) * | 2018-02-06 | 2019-08-13 | 恩德莱斯和豪瑟尔分析仪表两合公司 | The user management method of field device |
| US10511626B2 (en) | 2010-12-20 | 2019-12-17 | Stmicroelectronics (Rousset) Sas | Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit |
| US10667133B2 (en) | 2010-03-09 | 2020-05-26 | Proton World International N.V. | Detection of a rerouting of a communication channel of a telecommunication device connected to an NFC circuit |
| CN115334495A (en) * | 2021-05-11 | 2022-11-11 | 意法半导体(格勒诺布尔2)公司 | method of communication of information |
| CN117056948A (en) * | 2023-07-28 | 2023-11-14 | 威艾特科技(深圳)有限公司 | Receipt credential encryption method and device |
-
2006
- 2006-12-13 CN CNA2006101651058A patent/CN101202621A/en active Pending
Cited By (49)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102204111B (en) * | 2008-08-12 | 2014-05-28 | 万事达卡国际股份有限公司 | Systems, methods, and computer readable media for providing for secure offline data transfer between wireless smart devices |
| CN102204111A (en) * | 2008-08-12 | 2011-09-28 | 维沃科技公司 | Systems, methods, and computer readable media for providing for secure offline data transfer between wireless smart devices |
| CN101853457A (en) * | 2010-01-29 | 2010-10-06 | 东莞宇龙通信科技有限公司 | NFC electronic bill generation and reimbursement method, device and system |
| CN101853457B (en) * | 2010-01-29 | 2016-05-04 | 东莞宇龙通信科技有限公司 | NFC electronic bill generation and reimbursement method, device and system |
| US10716007B2 (en) | 2010-03-09 | 2020-07-14 | Proton World International N.V. | Protection of a security module in a telecommunication device coupled to an NFC circuit |
| CN102792724A (en) * | 2010-03-09 | 2012-11-21 | 质子世界国际公司 | Protection of a communication channel between a security module and an nfc circuit |
| US11963004B2 (en) | 2010-03-09 | 2024-04-16 | Proton World International N.V. | Detection of a rerouting of a communication channel of a telecommunication device connected to an NFC circuit |
| US11743721B2 (en) | 2010-03-09 | 2023-08-29 | Proton World International N.V. | Protection of a communication channel between a security module and an NFC circuit |
| CN102792723A (en) * | 2010-03-09 | 2012-11-21 | 质子世界国际公司 | Protection of a security module in a telecommunication device coupled to an NFC circuit |
| US10999737B2 (en) | 2010-03-09 | 2021-05-04 | Proton World International N.V. | Detection of a rerouting of a communication channel of a telecommunication device connected to an NFC circuit |
| US10880739B2 (en) | 2010-03-09 | 2020-12-29 | Proton World International N.V. | Protection of a communication channel between a security module and an NFC circuit |
| US10667133B2 (en) | 2010-03-09 | 2020-05-26 | Proton World International N.V. | Detection of a rerouting of a communication channel of a telecommunication device connected to an NFC circuit |
| US10278077B2 (en) | 2010-03-09 | 2019-04-30 | Proton World International N.V. | Protection of a security module in a telecommunication device coupled to an NFC circuit |
| CN102792724B (en) * | 2010-03-09 | 2016-10-12 | 质子世界国际公司 | The protection of the communication channel between security module and NFC circuit |
| US9185561B2 (en) | 2010-03-09 | 2015-11-10 | Proton World International N.V. | Protection against rerouting in an NFC circuit communication channel |
| US9179301B2 (en) | 2010-08-31 | 2015-11-03 | Proton World International N.V. | Protection of a communication channel of a telecommunication device coupled to an NFC circuit against misrouting |
| US9209866B2 (en) | 2010-08-31 | 2015-12-08 | Proton World International N.V. | Securing of a telecommunication device equipped with a near-field communication module |
| US10931712B2 (en) | 2010-12-20 | 2021-02-23 | Stmicroelectronics (Rousset) Sas | Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit |
| US11962616B2 (en) | 2010-12-20 | 2024-04-16 | Proton World International N.V. | Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit |
| US10511626B2 (en) | 2010-12-20 | 2019-12-17 | Stmicroelectronics (Rousset) Sas | Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit |
| US9219745B2 (en) | 2011-04-05 | 2015-12-22 | Proton World International N.V. | Assessing the resistance of a security module against attacks by communication pipe diversion |
| US9225687B2 (en) | 2011-04-13 | 2015-12-29 | Proton World International N.V. | Access control mechanism for a secure element coupled to an NFC circuit |
| CN102355356A (en) * | 2011-10-13 | 2012-02-15 | 国电南京自动化股份有限公司 | Asymmetric encryption method suitable for ZIGBEE wireless meter reading |
| WO2013065057A1 (en) * | 2011-11-01 | 2013-05-10 | Hewlett-Packard Development Company L.P. | Secure introduction |
| WO2013097351A1 (en) * | 2011-12-27 | 2013-07-04 | 中兴通讯股份有限公司 | Method, device, and system for key interaction |
| WO2014161155A1 (en) * | 2013-04-02 | 2014-10-09 | Nokia Corporation | Methods and apparatus for securing device-to-device communications |
| CN104253688A (en) * | 2013-06-28 | 2014-12-31 | 北京思普崚技术有限公司 | VPN (virtual private network) connection method based on IPSec (internet protocol security) |
| CN104348687A (en) * | 2013-08-08 | 2015-02-11 | 联想(北京)有限公司 | Stand-in authorization method and electronic equipment |
| CN103442065A (en) * | 2013-08-29 | 2013-12-11 | 宇龙计算机通信科技(深圳)有限公司 | Data sharing method, mobile terminals and cloud server |
| CN105493538A (en) * | 2013-09-24 | 2016-04-13 | 英特尔公司 | Systems and methods for NFC access control in a secure element centric nfc architecture |
| CN105493538B (en) * | 2013-09-24 | 2019-05-03 | 英特尔公司 | The system and method for NFC access control for safety element center type NFC framework |
| CN105723376A (en) * | 2013-11-04 | 2016-06-29 | 谷歌公司 | Systems and Methods for Verifying a User Based on Reputational Information |
| CN104270244A (en) * | 2014-09-12 | 2015-01-07 | 广东安居宝数码科技股份有限公司 | NFC encryption method and system |
| CN104270244B (en) * | 2014-09-12 | 2017-11-14 | 广东安居宝数码科技股份有限公司 | NFC communication encryption method and system |
| CN104318286A (en) * | 2014-10-31 | 2015-01-28 | 东莞宇龙通信科技有限公司 | NFC label data management method and system and terminal |
| CN104318286B (en) * | 2014-10-31 | 2017-11-17 | 东莞宇龙通信科技有限公司 | Management method, management system and the terminal of NFC label data |
| CN105243540A (en) * | 2015-11-13 | 2016-01-13 | 广西米付网络技术有限公司 | Bus paying method and payment system based on mobile intelligent terminal |
| CN105792181B (en) * | 2016-02-24 | 2019-06-25 | 努比亚技术有限公司 | A kind of data migration method of analog card, mobile terminal and TSM platform |
| CN105792181A (en) * | 2016-02-24 | 2016-07-20 | 努比亚技术有限公司 | A data migration method for an analog card, a mobile terminal and a TSM platform |
| CN109076076B (en) * | 2016-04-19 | 2021-03-12 | 微软技术许可有限责任公司 | Two-factor authentication |
| CN109076076A (en) * | 2016-04-19 | 2018-12-21 | 微软技术许可有限责任公司 | Two-factor authentication |
| CN106535094A (en) * | 2016-10-27 | 2017-03-22 | 乐视控股(北京)有限公司 | Method and device for sharing VPN and terminal device |
| CN110120866A (en) * | 2018-02-06 | 2019-08-13 | 恩德莱斯和豪瑟尔分析仪表两合公司 | The user management method of field device |
| CN110120866B (en) * | 2018-02-06 | 2024-05-28 | 恩德莱斯和豪瑟尔分析仪表两合公司 | User management method of field device |
| CN108833445B (en) * | 2018-07-31 | 2021-04-16 | 中国银联股份有限公司 | A kind of authentication method and device suitable for Internet of things system |
| CN108833445A (en) * | 2018-07-31 | 2018-11-16 | 中国银联股份有限公司 | An authentication method and device suitable for an Internet of Things system |
| CN115334495A (en) * | 2021-05-11 | 2022-11-11 | 意法半导体(格勒诺布尔2)公司 | method of communication of information |
| CN117056948A (en) * | 2023-07-28 | 2023-11-14 | 威艾特科技(深圳)有限公司 | Receipt credential encryption method and device |
| CN117056948B (en) * | 2023-07-28 | 2024-09-27 | 威艾特科技(深圳)有限公司 | Receipt credential encryption method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101202621A (en) | Method and system for security verification of data among non-contact equipments | |
| KR100951142B1 (en) | Methods, systems, and mobile devices that enable credit card personalization using wireless networks | |
| CN101419657B (en) | Method for secure personalisation of an nfc chipset | |
| EP2343852B1 (en) | Key distribution method and system | |
| CN101261675B (en) | Secure method for loading service access data in an NFC chipset | |
| EP3401866A1 (en) | System and method for secure transaction process via mobile device | |
| CN103415008A (en) | Encryption communication method and encryption communication system | |
| CN101154281A (en) | Method and mobile device for migrating finance data in smart card | |
| CN103404076A (en) | Method of authenticating a first and a second entity at a third entity | |
| KR20150004955A (en) | Method for Providing Authentication Code by using End-To-End Authentication between USIM and Server | |
| KR102193696B1 (en) | Method for Providing Safety Login based on One Time Code by using User’s Card | |
| KR102149313B1 (en) | Method for Processing Electronic Signature based on Universal Subscriber Identity Module | |
| KR20160093194A (en) | Method for Processing Two Channel Payment by using Contactless Media | |
| KR20160093197A (en) | Method for Processing Mobile Payment by using Contactless Media | |
| KR102076313B1 (en) | Method for Processing Electronic Signature based on Universal Subscriber Identity Module of Mobile Device | |
| KR102358598B1 (en) | Method for Processing Two Channel Authentication by using Contactless Media | |
| KR102078319B1 (en) | Method for Processing Electronic Signature based on Universal Subscriber Identity Module at a Telegraph Operator | |
| KR102149315B1 (en) | Method for Processing Electronic Signature based on Universal Subscriber Identity Module at a Financial Institution | |
| KR20180089951A (en) | Method and system for processing transaction of electronic cash | |
| KR20160139073A (en) | Method for Authenticating Interlocked Transaction by using One Time Code | |
| KR20150023144A (en) | Method for Processing Electronic Signature by using Universal Subscriber Identity Module | |
| KR20150014595A (en) | Method for Authenticating Near Field Communication Card by using Time Verification | |
| Chen | Secure e-Payment Portal Solutions Using Mobile Technologies and Citizen Identity Scheme | |
| KR20140078773A (en) | Method and System for Providing End-To-End Security Payment by using Near Field Communication | |
| KR20150064307A (en) | Method for providing safety login by using user's card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20080618 |