[go: up one dir, main page]

CN103188223B - Authentication method, apparatus and system - Google Patents

Authentication method, apparatus and system Download PDF

Info

Publication number
CN103188223B
CN103188223B CN201110449747.1A CN201110449747A CN103188223B CN 103188223 B CN103188223 B CN 103188223B CN 201110449747 A CN201110449747 A CN 201110449747A CN 103188223 B CN103188223 B CN 103188223B
Authority
CN
China
Prior art keywords
communication equipment
log
data storage
message
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201110449747.1A
Other languages
Chinese (zh)
Other versions
CN103188223A (en
Inventor
朱忠迁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nationz Technologies Inc
Original Assignee
Nationz Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nationz Technologies Inc filed Critical Nationz Technologies Inc
Priority to CN201110449747.1A priority Critical patent/CN103188223B/en
Publication of CN103188223A publication Critical patent/CN103188223A/en
Application granted granted Critical
Publication of CN103188223B publication Critical patent/CN103188223B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

本发明涉及一种认证方法、装置及系统。其中,认证方法包括:向第一通信设备发送要求认证信息;接收所述第一通信设备返回的特征信息;从数据存储中心获取所述第一通信设备的注册信息;判断所述第一通信设备返回的特征信息是否与所述注册信息中的特征信息一致,若一致则认证通过。本发明的认证方法、装置及系统,不需要人工操作,能够实现自动认证,方便快捷,在提高安全性的同时又能够保证用户间即时、快速、高效地交换数据的要求。

The invention relates to an authentication method, device and system. Wherein, the authentication method includes: sending authentication request information to the first communication device; receiving characteristic information returned by the first communication device; obtaining registration information of the first communication device from a data storage center; judging whether the first communication device Whether the returned feature information is consistent with the feature information in the registration information, and if they are consistent, the authentication is passed. The authentication method, device and system of the present invention do not need manual operation, can realize automatic authentication, is convenient and quick, and can ensure the requirement of instant, fast and efficient exchange of data between users while improving security.

Description

认证方法、装置及系统Authentication method, device and system

技术领域technical field

本发明涉及通信领域,尤其涉及一种认证方法、装置及系统。The present invention relates to the communication field, in particular to an authentication method, device and system.

背景技术Background technique

目前的计算机或者移动终端(例如手机)上已经大量使用了高速无线传输技术进行数据交换,比较普遍使用的是Wi-Fi(IEEE802.11a/b/g/n标准)、蓝牙、Zigbee(IEEE802.15.4标准)、UWB(Ultra Wideband,超宽带无线传输)等技术。这些高速无线通信使得计算机与移动终端之间或者移动终端之间可以进行信息交换和功能共享等,用户可以在这些移动终端中实现流媒体文件传输、通信录交换、共享访问因特网操作。这些高速无线传输技术针对的都是长时间、多个用户、较远距离范围(10米以上)的数据交换应用。在使用这些高速无线传输技术时,用户都需要进行较为复杂的配置,例如初次使用需要繁琐的设置,再次使用需要花费一段时间等待寻找主机并连接等。At present, computers or mobile terminals (such as mobile phones) have widely used high-speed wireless transmission technology for data exchange, and Wi-Fi (IEEE802.11a/b/g/n standard), Bluetooth, Zigbee (IEEE802. 15.4 standard), UWB (Ultra Wideband, ultra-wideband wireless transmission) and other technologies. These high-speed wireless communications enable information exchange and function sharing between computers and mobile terminals or between mobile terminals. Users can implement streaming media file transmission, address book exchange, and shared access to the Internet in these mobile terminals. These high-speed wireless transmission technologies are all aimed at long-term, multiple users, and long-distance (more than 10 meters) data exchange applications. When using these high-speed wireless transmission technologies, users need to perform more complicated configurations, such as cumbersome settings for the first use, and it takes a while to find and connect to the host when using it again.

当前,随着移动电子设备的多样化以及广泛使用,在多台电子设备之间即时共享数据的应用需求越来越强烈,如移动终端之间、移动终端与计算机之间。为增强数据通信的安全性,通常共享数据的多台设备之间的距离很近(如1米以内),但要求数据交换非常快捷、及时、高效,如从设备进入主设备设定范围自动连接并传输数据,移出设定范围则自动切断连接等。Currently, with the diversification and widespread use of mobile electronic devices, the application demand for instant sharing of data among multiple electronic devices is becoming more and more intense, such as between mobile terminals and between mobile terminals and computers. In order to enhance the security of data communication, the distance between multiple devices sharing data is usually very close (such as within 1 meter), but the data exchange is required to be very fast, timely and efficient, such as automatic connection when the slave device enters the set range of the master device And transmit data, if it moves out of the set range, it will automatically cut off the connection, etc.

现有的通信技术当移动终端之间或者移动终端与一台或多台计算机建立连接时,移动终端每次连接新的移动终端或计算机都需要手动配对,均不能满足这种近距离范围内用户间即时、快速、高效地交换数据的要求。Existing communication technologies require manual pairing every time a mobile terminal connects to a new mobile terminal or computer when a connection is established between mobile terminals or between a mobile terminal and one or more computers, which cannot satisfy users within such a short-distance range. Real-time, fast and efficient exchange of data requirements.

发明内容Contents of the invention

本发明所要解决的技术问题是提供一种认证方法、装置及系统,能够实现自动认证,方便快捷。The technical problem to be solved by the present invention is to provide an authentication method, device and system, which can realize automatic authentication and is convenient and fast.

为解决上述技术问题,本发明提出了一种认证方法,包括:In order to solve the above technical problems, the present invention proposes an authentication method, including:

向第一通信设备发送要求认证信息;sending request authentication information to the first communication device;

接收所述第一通信设备返回的特征信息;receiving feature information returned by the first communication device;

从数据存储中心获取所述第一通信设备的注册信息;obtaining registration information of the first communication device from a data storage center;

判断所述第一通信设备返回的特征信息是否与所述注册信息中的特征信息一致,若一致则认证通过。Judging whether the feature information returned by the first communication device is consistent with the feature information in the registration information, and if they are consistent, the authentication is passed.

进一步地,上述认证方法还可具有以下特点, 在所述向第一通信设备发送要求认证信息之前还包括:Further, the above-mentioned authentication method may also have the following features, and before sending the authentication-required information to the first communication device, it further includes:

检测所述第一通信设备与本设备之间的距离是否在预设的通信距离范围内,并根据距离检测结果决定是否对所述第一通信设备进行认证。Detecting whether the distance between the first communication device and the device is within a preset communication distance range, and deciding whether to authenticate the first communication device according to the distance detection result.

进一步地,上述认证方法还可具有以下特点, 所述特征信息为身份标识号码、序列号、随机数、认证密钥中的任意一种。Further, the above authentication method may also have the following characteristics, the feature information is any one of an identity number, a serial number, a random number, and an authentication key.

进一步地,上述认证方法还可具有以下特点, 所述第一通信设备为移动终端。Further, the above authentication method may also have the following features, the first communication device is a mobile terminal.

为解决上述技术问题,本发明还提出了一种认证装置,包括:In order to solve the above technical problems, the present invention also proposes an authentication device, including:

认证发起模块,用于向第一通信设备发送要求认证信息;An authentication initiating module, configured to send authentication request information to the first communication device;

接收模块,用于接收所述第一通信设备返回的特征信息;a receiving module, configured to receive the characteristic information returned by the first communication device;

获取模块,用于从数据存储中心获取所述第一通信设备的注册信息;An acquisition module, configured to acquire registration information of the first communication device from a data storage center;

判断模块,用于判断所述第一通信设备返回的特征信息是否与所述注册信息中的特征信息一致,若一致则认证通过。A judging module, configured to judge whether the feature information returned by the first communication device is consistent with the feature information in the registration information, and if they are consistent, the authentication is passed.

进一步地,上述认证装置还可具有以下特点,还包括:Further, the above authentication device may also have the following characteristics, including:

距离检测模块,用于检测所述第一通信设备与该认证装置之间的距离是否在预设的通信距离范围内,并根据距离检测结果决定是否对所述第一通信设备进行认证。A distance detection module, configured to detect whether the distance between the first communication device and the authentication device is within a preset communication distance range, and decide whether to authenticate the first communication device according to the distance detection result.

进一步地,上述认证装置还可具有以下特点, 所述特征信息为身份标识号码、序列号、随机数、认证密钥中的任意一种。Further, the above-mentioned authentication device may also have the following characteristics, the feature information is any one of an identification number, a serial number, a random number, and an authentication key.

进一步地,上述认证装置还可具有以下特点, 所述第一通信设备为移动终端。Further, the above authentication apparatus may also have the following features, the first communication device is a mobile terminal.

为解决上述技术问题,本发明还提出了一种认证系统,包括:In order to solve the above technical problems, the present invention also proposes an authentication system, including:

认证装置,用于对第一通信设备进行认证;an authentication device, configured to authenticate the first communication device;

数据存储中心,通过网络与所述认证装置相连,用于存储所述第一通信设备的注册信息,所述注册信息中包括特征信息。The data storage center is connected to the authentication device through a network, and is used for storing registration information of the first communication device, and the registration information includes characteristic information.

进一步地,上述认证系统还可具有以下特点,所述认证装置包括:Further, the above-mentioned authentication system may also have the following characteristics, and the authentication device includes:

认证发起模块,用于向第一通信设备发送要求认证信息;An authentication initiating module, configured to send authentication request information to the first communication device;

接收模块,用于接收所述第一通信设备返回的特征信息;a receiving module, configured to receive the characteristic information returned by the first communication device;

获取模块,用于从数据存储中心获取所述第一通信设备的注册信息;An acquisition module, configured to acquire registration information of the first communication device from a data storage center;

判断模块,用于判断所述第一通信设备返回的特征信息是否与所述注册信息中的特征信息一致,若一致则认证通过。A judging module, configured to judge whether the feature information returned by the first communication device is consistent with the feature information in the registration information, and if they are consistent, the authentication is passed.

为解决上述技术问题,本发明还提出了一种通信设备,该通信设备中包括认证装置,所述认证装置包括:In order to solve the above technical problems, the present invention also proposes a communication device, which includes an authentication device, and the authentication device includes:

认证发起模块,用于向第一通信设备发送要求认证信息;An authentication initiating module, configured to send authentication request information to the first communication device;

接收模块,用于接收所述第一通信设备返回的特征信息;a receiving module, configured to receive the characteristic information returned by the first communication device;

获取模块,用于从数据存储中心获取所述第一通信设备的注册信息;An acquisition module, configured to acquire registration information of the first communication device from a data storage center;

判断模块,用于判断所述第一通信设备返回的特征信息是否与所述注册信息中的特征信息一致,若一致则认证通过。A judging module, configured to judge whether the feature information returned by the first communication device is consistent with the feature information in the registration information, and if they are consistent, the authentication is passed.

进一步地,上述通信设备还可具有以下特点, 所述通信设备为计算机或移动终端。Further, the above communication device may also have the following features, the communication device is a computer or a mobile terminal.

本发明的认证方法、装置及系统,不需要人工操作,能够实现自动认证,方便快捷,在提高安全性的同时又能够保证用户间即时、快速、高效地交换数据的要求。The authentication method, device and system of the present invention do not need manual operation, can realize automatic authentication, are convenient and fast, and can meet the requirement of instant, fast and efficient exchange of data between users while improving safety.

附图说明Description of drawings

图1为本发明实施例中认证方法的流程图;Fig. 1 is the flowchart of authentication method in the embodiment of the present invention;

图2为本发明实施例中认证装置的结构框图;Fig. 2 is a structural block diagram of an authentication device in an embodiment of the present invention;

图3为本发明实施例中认证系统的结构框图;Fig. 3 is the structural block diagram of authentication system in the embodiment of the present invention;

图4为本发明实施例中通信设备的结构框图;FIG. 4 is a structural block diagram of a communication device in an embodiment of the present invention;

图5为本发明实施例中认证方法的应用示意图;5 is a schematic diagram of the application of the authentication method in the embodiment of the present invention;

图6为近距离通信模块的一种结构框图。Fig. 6 is a structural block diagram of a short-distance communication module.

具体实施方式detailed description

以下结合附图对本发明的原理和特征进行描述,所举实例只用于解释本发明,并非用于限定本发明的范围。The principles and features of the present invention are described below in conjunction with the accompanying drawings, and the examples given are only used to explain the present invention, and are not intended to limit the scope of the present invention.

图1为本发明实施例中认证方法的流程图。如图1所示,本实施例中,认证方法包括如下步骤:FIG. 1 is a flowchart of an authentication method in an embodiment of the present invention. As shown in Figure 1, in this embodiment, the authentication method includes the following steps:

本实施例认证方法的前提是,第一通信设备在首次进行注册成功后,数据存储中心中保存了该首次注册时第一通信设备的注册信息,该注册信息中包括第一通信设备的特征信息。也就是说,在执行下面的步骤101之前,本发明的认证方法还可以包括:第二通信设备将第一通信设备首次注册成功时的注册信息保存到数据存储中心,该注册信息中包含第一通信设备的特征信息。其中,第二通信设备是指该首次注册时对第一通信设备进行注册和认证的通信设备。The premise of the authentication method in this embodiment is that after the first communication device successfully registers for the first time, the data storage center saves the registration information of the first communication device at the time of the first registration, and the registration information includes the characteristic information of the first communication device . That is to say, before performing the following step 101, the authentication method of the present invention may further include: the second communication device saves the registration information when the first communication device successfully registers to the data storage center, the registration information includes the first Characteristic information of the communication device. Wherein, the second communication device refers to the communication device that registers and authenticates the first communication device during the first registration.

步骤101,向第一通信设备发送要求认证信息;Step 101, sending authentication request information to the first communication device;

这里,第一通信设备可以为移动终端。Here, the first communication device may be a mobile terminal.

当应用于近距离通信时,在步骤101之前,该认证方法还包括如下步骤:检测第一通信设备与本设备之间的距离是否在预设的通信距离范围内,并根据距离检测结果决定是否对第一通信设备进行认证。如果距离检测结果是第一通信设备与本设备之间的距离在预设的通信距离范围内,则对第一通信设备进行后续的认证流程。如果距离检测结果是第一通信设备与本设备之间的距离在预设的通信距离范围外,则不对第一通信设备进行后续的认证流程。其中,本设备是指执行本发明认证方法的设备。本设备可以是与第一通信设备进行近距离通信的设备。When applied to short-distance communication, before step 101, the authentication method also includes the following steps: detecting whether the distance between the first communication device and the device is within a preset communication distance range, and deciding whether to The first communication device is authenticated. If the distance detection result is that the distance between the first communication device and the device is within the preset communication distance range, a subsequent authentication process is performed on the first communication device. If the result of the distance detection is that the distance between the first communication device and the device is outside the preset communication distance range, the subsequent authentication process is not performed on the first communication device. Wherein, the present device refers to the device that executes the authentication method of the present invention. The present device may be a device performing short-range communication with the first communication device.

步骤102,接收第一通信设备返回的特征信息;Step 102, receiving feature information returned by the first communication device;

第一通信设备在收到要求认证信息后,返回自身的特征信息。其中,特征信息可以是ID号(即身份标识号码)、序列号、随机数、认证密钥等。After receiving the authentication request information, the first communication device returns its characteristic information. Wherein, the characteristic information may be an ID number (that is, an identification number), a serial number, a random number, an authentication key, and the like.

步骤103,从数据存储中心获取第一通信设备的注册信息;Step 103, obtaining the registration information of the first communication device from the data storage center;

数据存储中心保存的第一通信设备的注册信息是已经通过认证的信息,因此是可信的。数据存储中心所保存的第一通信设备的注册信息中包括第一通信设备的特征信息。The registration information of the first communication device stored in the data storage center is information that has passed authentication, and therefore is credible. The registration information of the first communication device stored in the data storage center includes characteristic information of the first communication device.

数据存储中心是为了认证的方便快捷而专门设立的一个用于保存各个通信设备的注册信息的系统。The data storage center is a system specially set up to save the registration information of each communication device for the convenience and quickness of authentication.

步骤104,判断第一通信设备返回的特征信息是否与注册信息中的特征信息一致,若一致则执行步骤105,否则执行步骤106;Step 104, judging whether the characteristic information returned by the first communication device is consistent with the characteristic information in the registration information, if consistent, execute step 105, otherwise execute step 106;

步骤105,认证通过;Step 105, the authentication is passed;

步骤106,认证失败。Step 106, the authentication fails.

本发明的认证方法使得移动终端之间或者移动终端与计算机手动注册、认证成功后,该注册信息被保存在一个数据存储中心中,任何联网的移动终端或者计算机都可以访问该数据存储中心,如果下次该移动终端与其它没有认证过的移动终端或者计算机认证时,移动终端或者计算机会自动去访问数据存储中心检索注册信息,不需要人工操作即可完成自动认证。The authentication method of the present invention enables manual registration between mobile terminals or a mobile terminal and a computer, and after successful authentication, the registration information is stored in a data storage center, and any networked mobile terminal or computer can access the data storage center. Next time when the mobile terminal is authenticated with other unauthenticated mobile terminals or computers, the mobile terminal or computer will automatically access the data storage center to retrieve the registration information, and the automatic authentication can be completed without manual operation.

本发明的认证方法可以应用于近距离通信系统和方法中,如图5所示。图5为本发明实施例中认证方法的应用示意图。图5中,近距离通信系统中包括第一移动终端501、第一计算机502、第二计算机503和第二移动终端504 。第一移动终端501、第一计算机502、第二计算机503和第二移动终端504两两之间在距离满足设定要求时,即可进行高速无线通信。当第一移动终端501首次在通信系统中使用时,要进行注册。假设第一移动终端501首次在通信系统中使用时与第一计算机502进行通信,则在第一移动终端501和第一计算机502建立近距离通信连接之后、进行数据交换之前,第一计算机502要求第一移动终端501进行注册和认证,过程是:The authentication method of the present invention can be applied to short-distance communication systems and methods, as shown in FIG. 5 . Fig. 5 is a schematic diagram of the application of the authentication method in the embodiment of the present invention. In FIG. 5 , the short-distance communication system includes a first mobile terminal 501 , a first computer 502 , a second computer 503 and a second mobile terminal 504 . When the distance between the first mobile terminal 501 , the first computer 502 , the second computer 503 and the second mobile terminal 504 meets the setting requirements, high-speed wireless communication can be performed. When the first mobile terminal 501 is used in the communication system for the first time, it needs to be registered. Assuming that the first mobile terminal 501 communicates with the first computer 502 when it is used in the communication system for the first time, after the first mobile terminal 501 and the first computer 502 establish a short-distance communication connection and before data exchange, the first computer 502 requires The first mobile terminal 501 performs registration and authentication, and the process is:

1、第一计算机502发送要求注册信息到第一移动终端501;1. The first computer 502 sends registration request information to the first mobile terminal 501;

2、第一移动终端501根据注册信息的内容要求把自己的特征信息输入并确认;2. The first mobile terminal 501 inputs and confirms its own characteristic information according to the content requirements of the registration information;

3、第一移动终端501向第一计算机502发送注册完成的信息;3. The first mobile terminal 501 sends the registration completion information to the first computer 502;

4、第一计算机502判断第一移动终端501的注册信息是否正确,如果正确则把第一移动终端501的注册信息上传到数据存储中心进行保存,否则不会把第一移动终端501的注册信息上传到数据存储中心进行保存。4. The first computer 502 judges whether the registration information of the first mobile terminal 501 is correct, and if it is correct, uploads the registration information of the first mobile terminal 501 to the data storage center for preservation, otherwise it will not upload the registration information of the first mobile terminal 501 Upload to the data storage center for saving.

在该首次注册之后,数据存储中心中就保存了第一移动终端501的注册信息,该注册信息中包括第一移动终端501的特征信息。After the first registration, the registration information of the first mobile terminal 501 is saved in the data storage center, and the registration information includes characteristic information of the first mobile terminal 501 .

在下一次在图5所示的通信系统中使用时,第一移动终端501与没有对第一移动终端501进行认证的第二计算机503或第二移动终端504在建立近距离通信连接之后、进行数据交换之前,第二计算机503或第二移动终端504对第一移动终端501的认证过程是(以第二计算机503为例):When used in the communication system shown in FIG. 5 next time, the first mobile terminal 501 and the second computer 503 or the second mobile terminal 504 that have not authenticated the first mobile terminal 501 after establishing a short-distance communication connection, carry out data Before the exchange, the authentication process of the first mobile terminal 501 by the second computer 503 or the second mobile terminal 504 is (taking the second computer 503 as an example):

第二计算机503向第一移动终端501发送要求认证信息;The second computer 503 sends authentication request information to the first mobile terminal 501;

第二计算机503接收第一移动终端501返回的特征信息;The second computer 503 receives the feature information returned by the first mobile terminal 501;

第二计算机503从数据存储中心获取第一移动终端501的注册信息;The second computer 503 acquires the registration information of the first mobile terminal 501 from the data storage center;

第二计算机503判断第一移动终端501返回的特征信息是否与注册信息中的特征信息一致,若一致则认证通过,否则认证失败。The second computer 503 judges whether the feature information returned by the first mobile terminal 501 is consistent with the feature information in the registration information, and if they are consistent, the authentication passes; otherwise, the authentication fails.

可见,本发明的认证方法使得近距离通信系统中各通信设备间的认证不需要人工操作即可完成自动完成,既满足了近距离通信系统内即时、快速、高效地交换数据的要求,又提高了近距离通信的安全性。It can be seen that the authentication method of the present invention enables the authentication between communication devices in the short-distance communication system to be completed automatically without manual operation, which not only meets the requirements of instant, fast and efficient data exchange in the short-distance communication system, but also improves security of short distance communication.

本发明的认证方法,不需要人工操作,能够实现自动认证,方便快捷,在提高安全性的同时又能够保证用户间即时、快速、高效地交换数据的要求。The authentication method of the present invention does not need manual operation, can realize automatic authentication, is convenient and fast, and can meet the requirement of instant, fast and efficient exchange of data between users while improving safety.

图2为本发明实施例中认证装置的结构框图。如图2所示,本实施例中,认证装置10包括认证发起模块110、接收模块120、获取模块130和判断模块140。其中,认证发起模块110用于向第一通信设备发送要求认证信息。接收模块120用于接收第一通信设备返回的特征信息。获取模块130用于从数据存储中心获取第一通信设备的注册信息。判断模块140用于判断第一通信设备返回的特征信息是否与注册信息中的特征信息一致,若一致则认证通过。图2所示的认证装置10能够实施图1所示的认证方法的流程。Fig. 2 is a structural block diagram of an authentication device in an embodiment of the present invention. As shown in FIG. 2 , in this embodiment, the authentication device 10 includes an authentication initiating module 110 , a receiving module 120 , an acquiring module 130 and a judging module 140 . Wherein, the authentication initiating module 110 is configured to send authentication request information to the first communication device. The receiving module 120 is configured to receive feature information returned by the first communication device. The acquiring module 130 is configured to acquire the registration information of the first communication device from the data storage center. The judging module 140 is used to judge whether the feature information returned by the first communication device is consistent with the feature information in the registration information, and if they are consistent, the authentication is passed. The authentication device 10 shown in FIG. 2 can implement the flow of the authentication method shown in FIG. 1 .

其中,第一通信设备可以为移动终端。Wherein, the first communication device may be a mobile terminal.

其中,特征信息可以是ID号(即身份标识号码)、序列号、随机数、认证密钥等。Wherein, the characteristic information may be an ID number (that is, an identification number), a serial number, a random number, an authentication key, and the like.

其中,数据存储中心保存的第一通信设备的注册信息是已经通过认证的信息,因此是可信的。数据存储中心所保存的第一通信设备的注册信息中包括第一通信设备的特征信息。Wherein, the registration information of the first communication device stored in the data storage center is information that has passed authentication, and therefore is credible. The registration information of the first communication device stored in the data storage center includes characteristic information of the first communication device.

在本发明的其他实施例中,认证装置中还可以包括距离检测模块。距离检测模块用于检测第一通信设备与该认证装置之间的距离是否在预设的通信距离范围内,并根据距离检测结果决定是否对第一通信设备进行认证。如果距离检测模块的距离检测结果是第一通信设备与该认证装置之间的距离在预设的通信距离范围内,则激活认证发起模块110,对第一通信设备进行后续的认证流程。如果距离检测模块的距离检测结果是第一通信设备与该认证装置之间的距离在预设的通信距离范围外,则不激活认证发起模块110,不对第一通信设备进行后续的认证流程。距离检测模块使得本发明的认证装置可以应用于近距离通信系统中。In other embodiments of the present invention, the authentication device may further include a distance detection module. The distance detection module is used to detect whether the distance between the first communication device and the authentication device is within a preset communication distance range, and decide whether to authenticate the first communication device according to the distance detection result. If the distance detection result of the distance detection module is that the distance between the first communication device and the authentication device is within the preset communication distance range, the authentication initiating module 110 is activated to perform subsequent authentication procedures on the first communication device. If the distance detection result of the distance detection module is that the distance between the first communication device and the authentication device is outside the preset communication distance range, the authentication initiating module 110 will not be activated, and the subsequent authentication process will not be performed on the first communication device. The distance detection module enables the authentication device of the present invention to be applied in a short distance communication system.

本发明的认证装置可以置于近距离通信设备中。这样,近距离通信设备就可以采用本发明的认证装置、通过本发明的认证方法流程进行认证了。The authentication device of the present invention can be placed in short-distance communication equipment. In this way, the short-distance communication device can use the authentication device of the present invention to perform authentication through the flow of the authentication method of the present invention.

本发明的认证装置,不需要人工操作,能够实现自动认证,方便快捷,在提高安全性的同时又能够保证用户间即时、快速、高效地交换数据的要求。The authentication device of the present invention does not require manual operation, can realize automatic authentication, is convenient and fast, and can meet the requirement of instant, fast and efficient exchange of data between users while improving safety.

图3为本发明实施例中认证系统的结构框图。如图3所示,本实施例中,认证系统包括认证装置10和数据存储中心20。其中,认证装置10用于对第一通信设备进行认证。数据存储中心20通过网络与认证装置10相连,用于存储第一通信设备的注册信息,该注册信息中包括特征信息。Fig. 3 is a structural block diagram of the authentication system in the embodiment of the present invention. As shown in FIG. 3 , in this embodiment, the authentication system includes an authentication device 10 and a data storage center 20 . Wherein, the authentication device 10 is used for authenticating the first communication device. The data storage center 20 is connected to the authentication device 10 through a network, and is used for storing registration information of the first communication device, and the registration information includes characteristic information.

其中,认证装置10的结构如图2所示。认证装置10的组成在前面已有描述,此处不再重复。Wherein, the structure of the authentication device 10 is shown in FIG. 2 . The composition of the authentication device 10 has been described above and will not be repeated here.

其中,第一通信设备可以为移动终端。Wherein, the first communication device may be a mobile terminal.

其中,特征信息可以是ID号(即身份标识号码)、序列号、随机数、认证密钥等。本发明的认证系统,不需要人工操作,能够实现自动认证,方便快捷,在提高安全性的同时,又能够保证用户间即时、快速、高效地交换数据的要求。Wherein, the characteristic information may be an ID number (that is, an identification number), a serial number, a random number, an authentication key, and the like. The authentication system of the present invention does not need manual operation, can realize automatic authentication, is convenient and quick, and can meet the requirement of instant, fast and efficient exchange of data between users while improving safety.

图4为本发明实施例中通信设备的结构框图。如图4所示,本实施例中,通信设备30中包括认证装置10。认证装置10包括认证发起模块110、接收模块120、获取模块130和判断模块140。其中,认证发起模块110用于向第一通信设备发送要求认证信息。接收模块120用于接收第一通信设备返回的特征信息。获取模块130用于从数据存储中心获取第一通信设备的注册信息。判断模块140用于判断第一通信设备返回的特征信息是否与注册信息中的特征信息一致,若一致则认证通过。通信设备30可以是近距离通信设备,例如移动终端或计算机等。通信设备30可以用于近距离通信系统中。Fig. 4 is a structural block diagram of a communication device in an embodiment of the present invention. As shown in FIG. 4 , in this embodiment, the communication device 30 includes an authentication device 10 . The authentication device 10 includes an authentication initiating module 110 , a receiving module 120 , an acquiring module 130 and a judging module 140 . Wherein, the authentication initiating module 110 is configured to send authentication request information to the first communication device. The receiving module 120 is configured to receive feature information returned by the first communication device. The acquiring module 130 is configured to acquire the registration information of the first communication device from the data storage center. The judging module 140 is used to judge whether the feature information returned by the first communication device is consistent with the feature information in the registration information, and if they are consistent, the authentication is passed. The communication device 30 may be a short-distance communication device, such as a mobile terminal or a computer. The communication device 30 may be used in a short-range communication system.

其中,第一通信设备可以为移动终端。Wherein, the first communication device may be a mobile terminal.

其中,特征信息可以是ID号(即身份标识号码)、序列号、随机数、认证密钥等。Wherein, the characteristic information may be an ID number (that is, an identification number), a serial number, a random number, an authentication key, and the like.

需要说明的是, 本发明的通信设备都是能够进行近距离通信的通信设备,这些通信设备中都包括有图6所示的近距离通信模块300。图6为近距离通信模块的一种结构框图。如图6所示,近距离通信模块300包括控制单元301、基准单元302、无线通信单元303和测定单元304。其中,控制单元301控制基准单元302和无线通信单元303的发送和接收,同时对发送和接收的数据进行数据加密等处理。基准单元302和测试定单元304用于限定通信距离。基准单元302用于发送含有近距离通信模块信息和通信距离信息的距离基准信号。测试定单元304用于接收含有近距离通信模块信息和通信距离信息的距离基准信号。无线通信单元303用于建立无线通信连接并进行数据交换。It should be noted that the communication devices of the present invention are all communication devices capable of short-distance communication, and these communication devices all include the short-distance communication module 300 shown in FIG. 6 . Fig. 6 is a structural block diagram of a short-distance communication module. As shown in FIG. 6 , the short-range communication module 300 includes a control unit 301 , a reference unit 302 , a wireless communication unit 303 and a measurement unit 304 . Wherein, the control unit 301 controls the sending and receiving of the reference unit 302 and the wireless communication unit 303, and at the same time performs processing such as data encryption on the sent and received data. The reference unit 302 and the test unit 304 are used to limit the communication distance. The reference unit 302 is used for sending a distance reference signal including short-range communication module information and communication distance information. The testing unit 304 is configured to receive a distance reference signal containing short-range communication module information and communication distance information. The wireless communication unit 303 is used to establish a wireless communication connection and perform data exchange.

下面举例说明本发明的通信设备的近距离通信过程。以图5所示的近距离通信系统为例。图5所示的第一移动终端501、第一计算机502、第二计算机503和第二移动终端504中都具有图6所示的近距离通信模块300。根据需要当第一移动终端501向第一计算机502发起通讯时,第一移动终端501中的基准单元将向第一计算机502中的测定单元发送距离基准信号。第一计算机502中的测定单元接收到距离基准信号后,判断第一移动终端501和第一计算机502之间的距离是否满足预设距离范围,如果满足则将距离基准信号中含有的第一移动终端501信息传送给第一计算机502的控制单元。第一计算机502的的控制单元接收到第一移动终端501信息后,第一移动终端501和第一计算机502这两个通信设备中的无线通信单元根据预设协议快速建立起无线通信连接并进行注册、认证和数据交换。其中的认证过程可以采用本发明的认证方法。当然,本发明的认证方法所适用的近距离通信系统不限于图5所示的通信系统,近距离通信系统中各个通信设备的近距离通信模块也不限于图6所示的近距离通信模块300。本发明的通信设备中具有认证装置,不需要人工操作,能够实现自动认证,方便快捷,在提高安全性的同时,又能够保证用户间即时、快速、高效地交换数据的要求。The short-distance communication process of the communication device of the present invention is illustrated below with an example. Take the short-range communication system shown in FIG. 5 as an example. The first mobile terminal 501 , the first computer 502 , the second computer 503 and the second mobile terminal 504 shown in FIG. 5 all have the short-distance communication module 300 shown in FIG. 6 . When the first mobile terminal 501 initiates communication with the first computer 502 as required, the reference unit in the first mobile terminal 501 will send a distance reference signal to the measuring unit in the first computer 502 . After the measurement unit in the first computer 502 receives the distance reference signal, it judges whether the distance between the first mobile terminal 501 and the first computer 502 satisfies the preset distance range, and if it meets the first mobile terminal contained in the distance reference signal. The terminal 501 transmits information to the control unit of the first computer 502 . After the control unit of the first computer 502 receives the information from the first mobile terminal 501, the wireless communication units in the two communication devices, the first mobile terminal 501 and the first computer 502, quickly establish a wireless communication connection according to a preset protocol and perform Registration, Authentication and Data Exchange. The authentication process can adopt the authentication method of the present invention. Certainly, the near-field communication system to which the authentication method of the present invention is applicable is not limited to the communication system shown in FIG. . The communication device of the present invention has an authentication device, does not need manual operation, can realize automatic authentication, is convenient and quick, and can ensure instant, fast and efficient exchange of data between users while improving safety.

以上所述仅为本发明的较佳实施例,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the protection of the present invention. within range.

Claims (9)

  1. A kind of 1. authentication method, it is characterised in that, including:
    Sent to the first communication equipment and require authentication information;
    Receive the characteristic information that first communication equipment returns;
    The log-on message of first communication equipment is obtained from data storage center;
    Judge whether the characteristic information that first communication equipment returns is consistent with the characteristic information in the log-on message, if one Then certification is caused to pass through;
    Sent to the first communication equipment and require also to include before authentication information:
    Log-on message when second communication equipment succeeds in registration the first communication equipment first is saved in data storage center, described The characteristic information of the first communication equipment is included in log-on message, wherein, communicated when the second communication equipment is registers first to first Equipment is registered and the communication equipment of certification;
    The log-on message by being then stored in data storage center, mobile terminal or computer may have access to institute by certification Data storage center is stated, if when the next mobile terminal and mobile terminal or the computer certification of unverified mistake, it is mobile whole End or computer can access data storage center retrieval log-on message automatically;
    It is described to the first communication equipment send require authentication information before also include:
    The distance between first communication equipment and this equipment are detected whether in the range of default communication distance, and according to away from Decide whether to be authenticated first communication equipment from testing result.
  2. 2. authentication method according to claim 1, it is characterised in that, the characteristic information is identity number, sequence Number, any one in random number, certification key.
  3. 3. authentication method according to claim 1, it is characterised in that, first communication equipment is mobile terminal.
  4. A kind of 4. authentication device, it is characterised in that, including:
    Certification initiation module, authentication information is required for being sent to the first communication equipment;
    Receiving module, the characteristic information returned for receiving first communication equipment;
    Acquisition module, for obtaining the log-on message of first communication equipment from data storage center;
    Judge module, for judge characteristic information that first communication equipment returns whether with the feature in the log-on message Information is consistent, if consistent certification pass through;
    Second communication equipment, log-on message during for the first communication equipment to be succeeded in registration first are saved in data storage The heart, the characteristic information of the first communication equipment is included in the log-on message, wherein, to the when the second communication equipment is registers first One communication equipment is registered and the communication equipment of certification;
    The log-on message by being then stored in data storage center, mobile terminal or computer may have access to institute by certification Data storage center is stated, if when the next mobile terminal and mobile terminal or the computer certification of unverified mistake, it is mobile whole End or computer can access data storage center retrieval log-on message automatically;
    Also include apart from detection module, for whether detecting the distance between first communication equipment and the authentication device pre- If communication distance in the range of, and decide whether to be authenticated first communication equipment according to apart from testing result.
  5. 5. authentication device according to claim 4, it is characterised in that, the characteristic information is identity number, sequence Number, any one in random number, certification key.
  6. 6. authentication device according to claim 4, it is characterised in that, first communication equipment is mobile terminal.
  7. A kind of 7. Verification System, it is characterised in that including:
    Authentication device, for being authenticated to the first communication equipment;
    Data storage center, it is connected by network with the authentication device, the registration for storing first communication equipment is believed Breath, the log-on message include characteristic information;
    The authentication device includes:
    Certification initiation module, authentication information is required for being sent to the first communication equipment;
    Receiving module, the characteristic information returned for receiving first communication equipment;
    Acquisition module, for obtaining the log-on message of first communication equipment from data storage center;
    Judge module, for judge characteristic information that first communication equipment returns whether with the feature in the log-on message Information is consistent, if consistent certification pass through;
    Second communication equipment, log-on message during for the first communication equipment to be succeeded in registration first are saved in data storage The heart, the characteristic information of the first communication equipment is included in the log-on message, wherein, to the when the second communication equipment is registers first One communication equipment is registered and the communication equipment of certification;
    The log-on message by being then stored in data storage center, mobile terminal or computer may have access to institute by certification Data storage center is stated, if when the next mobile terminal and mobile terminal or the computer certification of unverified mistake, it is mobile whole End or computer can access data storage center retrieval log-on message automatically.
  8. 8. a kind of communication equipment, it is characterised in that the communication equipment includes authentication device, and the authentication device includes:
    Certification initiation module, authentication information is required for being sent to the first communication equipment;
    Receiving module, the characteristic information returned for receiving first communication equipment;
    Acquisition module, for obtaining the log-on message of first communication equipment from data storage center;
    Judge module, for judge characteristic information that first communication equipment returns whether with the feature in the log-on message Information is consistent, if consistent certification pass through;
    Second communication equipment, log-on message during for the first communication equipment to be succeeded in registration first are saved in data storage The heart, the characteristic information of the first communication equipment is included in the log-on message, wherein, to the when the second communication equipment is registers first One communication equipment is registered and the communication equipment of certification;
    The log-on message by being then stored in data storage center, mobile terminal or computer may have access to institute by certification Data storage center is stated, if when the next mobile terminal and mobile terminal or the computer certification of unverified mistake, it is mobile whole End or computer can access data storage center retrieval log-on message automatically.
  9. 9. communication equipment according to claim 8, it is characterised in that, the communication equipment is computer or mobile terminal.
CN201110449747.1A 2011-12-29 2011-12-29 Authentication method, apparatus and system Expired - Fee Related CN103188223B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110449747.1A CN103188223B (en) 2011-12-29 2011-12-29 Authentication method, apparatus and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110449747.1A CN103188223B (en) 2011-12-29 2011-12-29 Authentication method, apparatus and system

Publications (2)

Publication Number Publication Date
CN103188223A CN103188223A (en) 2013-07-03
CN103188223B true CN103188223B (en) 2017-12-12

Family

ID=48679192

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110449747.1A Expired - Fee Related CN103188223B (en) 2011-12-29 2011-12-29 Authentication method, apparatus and system

Country Status (1)

Country Link
CN (1) CN103188223B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106714168B (en) * 2017-01-09 2020-12-08 上海蔚来汽车有限公司 Automatic authentication method and system based on distance activation

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030017826A1 (en) * 2001-07-17 2003-01-23 Dan Fishman Short-range wireless architecture
US9020430B2 (en) * 2004-10-12 2015-04-28 Nokia Corporation Methods, apparatus, systems and computer program products for energy management of short-range communication modules in mobile terminal devices
US8571473B2 (en) * 2006-06-02 2013-10-29 Qualcomm Incorporated Wireless subscriber station for short range ad-hoc data communication
JP5295033B2 (en) * 2009-08-04 2013-09-18 ルネサスエレクトロニクス株式会社 Mobile communication terminal device
CN101674107A (en) * 2009-08-13 2010-03-17 上海酷吧信息技术有限公司 Method for transmitting encrypted electronic coupons by using Bluetooth
US8224246B2 (en) * 2010-05-10 2012-07-17 Nokia Corporation Device to device connection setup using near-field communication
CN101997578A (en) * 2010-11-16 2011-03-30 上海以太软件有限公司 Method for realizing Bluetooth wireless network game on embedded device

Also Published As

Publication number Publication date
CN103188223A (en) 2013-07-03

Similar Documents

Publication Publication Date Title
CN104902500B (en) Method and system for automatic connection between wireless network device and wireless access device
US9628585B2 (en) Systems and methods for cross-layer secure connection set up
CN102348209B (en) Method and device for wireless network access and authentication
CN102315864B (en) For the method and apparatus of mobile device Point-to-Point Data Transmission
WO2016107502A1 (en) Wifi connection method for mobile terminal and wifi connection system
CN105282865A (en) Device pairing
JP2015517280A5 (en)
CN103517272B (en) Wireless network user authentication system and wireless network connection method thereof
JP2013537749A (en) WiFi communication implementation method, user equipment, and wireless router
CN108933757A (en) A kind of safe and reliable networking cut-in method of hardware device
JP2016076744A5 (en)
WO2015018327A1 (en) Method and apparatus for interconnection between terminal device and gateway device
CN105072704B (en) The method and system of information are obtained between a kind of strange intelligent terminal
CN104363666A (en) Method and device for setting up wireless connection between electronic devices and external device
JP2015095827A5 (en)
WO2013067853A1 (en) Method, device and system for establishing conversation relation
WO2017097129A1 (en) Method and apparatus for establishing short-distance wireless channel
US20150189504A1 (en) Method and apparatus for secure high-bandwidth ad-hoc networking
CN107659980A (en) A kind of WIFI hot spot connection method and mobile terminal based on mobile terminal
CN104092599B (en) A kind of method and mobile terminal of mobile terminal detection mail outbox Service-Port
CN103188223B (en) Authentication method, apparatus and system
CN106454833A (en) Method and system for realizing wireless 802.1X authentication
CN108076460B (en) A method and terminal for authentication
CN103945565B (en) The method and apparatus for obtaining offline map
WO2018024242A1 (en) Method and system for secure communication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20171212

CF01 Termination of patent right due to non-payment of annual fee