[go: up one dir, main page]

CN102970674A - Method and system for achieving temporary dynamic authorization by utilizing near field communication (NFC) - Google Patents

Method and system for achieving temporary dynamic authorization by utilizing near field communication (NFC) Download PDF

Info

Publication number
CN102970674A
CN102970674A CN2012104305283A CN201210430528A CN102970674A CN 102970674 A CN102970674 A CN 102970674A CN 2012104305283 A CN2012104305283 A CN 2012104305283A CN 201210430528 A CN201210430528 A CN 201210430528A CN 102970674 A CN102970674 A CN 102970674A
Authority
CN
China
Prior art keywords
terminal
target device
interim
password
dynamic password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012104305283A
Other languages
Chinese (zh)
Other versions
CN102970674B (en
Inventor
孙聪聪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201210430528.3A priority Critical patent/CN102970674B/en
Publication of CN102970674A publication Critical patent/CN102970674A/en
Priority to PCT/CN2013/077975 priority patent/WO2013182093A1/en
Application granted granted Critical
Publication of CN102970674B publication Critical patent/CN102970674B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention relates to a method and system for achieving temporary dynamic authorization by utilizing near field communication (NFC). The method includes: a first terminal transmits temporary password obtaining requests to a target device; the target device distributes temporary dynamic passwords for the first terminal according to the temporary password obtaining requests and stores the temporary dynamic passwords locally; the first terminal transmits the temporary dynamic passwords to a second terminal; the second terminal arranged close to the target device transmits the temporary dynamic passwords to the target device; and the target device compares the temporary dynamic passwords transmitted by the second terminal with the temporary dynamic passwords stored locally, wherein if authentication passes, prohibition removing operations can be performed. By means of the method and system for achieving temporary dynamic authorization by utilizing NFC, the problem of security leakage caused by the fact that prohibition removing is performed by other people can be avoided, cost increase caused by the fact that the target device needs to be managed by specially-assigned persons can be avoided, remote control can be achieved easily, time is saved when device security is improved, and efficiency is improved.

Description

Utilize NFC to realize the method and system of provisional dynamic authorization
Technical field
The present invention relates to wireless communication technology field, relate in particular to the method and system that a kind of NFC of utilization realizes provisional dynamic authorization.
Background technology
At place, system or the equipment that some security guarantee is had relatively high expectations, when be required because of various situations provisional mandate other people when using, how the fail safe of guarantee information and the convenience of use have just become an important problem.
Such as in session the time, the user finds that the important material of a copy of it forgets at home, and can't in person go back to get, if entrust other people to help, then for long-range security consideration, may need a provisional dynamic authorization; Perhaps there is the guest to come from a distant place, has no time and oneself wilfully attend to anything else, the interim demand of authorizing the guest to separate the gate inhibition of same existence this moment.
Again such as the visual plant of some enterprises, system etc., for the angle of safety management, obviously can not allow everyone that the authority free operant is arranged, if arrange the personal management then can cost of idleness, if at this moment have provisional dynamic authorization to replace, then can kill two birds with one stone.
Prior art exists by NFC(Near Field Communication, the near-field communication technology) realizes that the gate inhibition operates, IC-card is managed and the technology of dynamic authentication, but can't realize the provisional dynamic authorization of portable terminal, exist other people to finish and lift a ban the problem of revealing safely that operation brings, so its fail safe is lower.
Summary of the invention
Main purpose of the present invention is to provide a kind of NFC of utilization to realize the method and system of provisional dynamic authorization.The invention provides system, method and device that a kind of NFC of utilization technology realizes provisional dynamic authorization, the fail safe that is intended to improve zone, system, equipment etc., and the user can Long-distance Control and the convenience of operation
In order to achieve the above object, the present invention proposes the method that a kind of NFC of utilization realizes provisional dynamic authorization, comprising:
First terminal sends interim password to target device and obtains request;
The request of obtaining distributes interim dynamic password and is kept at this locality for described first terminal described target device according to described interim password;
Described first terminal sends to the second terminal with described interim dynamic password;
Described the second terminal passes to described target device near described target device with described interim dynamic password;
Described target device compares the interim dynamic password that the second terminal sends with the local interim dynamic password of preserving, if authentication is passed through, then lift a ban operation.
Preferably, the request of obtaining of described password comprises cryptographic validity, and the request of obtaining distributes the step of interim dynamic password to comprise for described first terminal to described target device according to described interim password:
The request of obtaining generates an interim dynamic password to described target device at random according to described interim password;
Described interim dynamic password is fed back to described first terminal together with described cryptographic validity.
Preferably, describedly before being fed back to the step of described first terminal, interim dynamic password also comprises:
Described interim dynamic password is encrypted.
Preferably, described target device also comprises the second terminal interim dynamic password that sends and the step that the local interim dynamic password of preserving compares before:
Described target device judges whether described cryptographic validity is expired, if do not have expiredly, then carries out the step that interim dynamic password that the second terminal is sent and the local interim dynamic password of preserving compare; Otherwise
The interim dynamic password that preserve this locality is deleted, and ignored the interim dynamic password that described the second terminal sends.
Preferably, described first terminal sends interim password to target device and also comprises before obtaining the step of request:
Uncommitted and request is authorized when lifting a ban described target device when described the second terminal, the user profile that described target device will described the second terminal and lift a ban and ask reason to be sent to described first terminal.
Preferably, described target device also comprises after lifting a ban operation:
The situation of will lifting a ban feeds back to described first terminal.
The present invention also proposes the system that a kind of NFC of utilization realizes provisional dynamic authorization, comprising: first terminal, the second terminal and target device, wherein:
Described first terminal comprises the device systems administration module, is used for sending interim password to target device and obtains request; Receive the interim dynamic password that described target device distributes, and be transmitted to described the second terminal;
Described the second terminal comprises the NFC module, is used near described target device, and the interim dynamic password that described first terminal is transmitted passes to described target device;
Described target device comprises:
Remote control module obtains request for the interim password that receives described first terminal transmission;
The dynamic password distribution module is for the request of obtaining distributes interim dynamic password and is kept at this locality for described first terminal according to described interim password;
The NFC authentication module is used for when described the second terminal is close, and the interim dynamic password that described the second terminal is sent compares with the local interim dynamic password of preserving, if authentication is passed through, then lifts a ban operation.
Preferably, the request of obtaining of described password comprises cryptographic validity, and described dynamic password distribution module is also for the request of obtaining generates an interim dynamic password at random according to described interim password; Described interim dynamic password is fed back to described first terminal together with described cryptographic validity by described remote control module.
Preferably, described dynamic password distribution module also is used for described interim dynamic password is encrypted.
Preferably, described NFC authentication module also is used for judging whether described cryptographic validity is expired, if do not have expiredly, the interim dynamic password that then the second terminal is sent compares with the local interim dynamic password of preserving; Otherwise the interim dynamic password that preserve this locality is deleted, and ignored the interim dynamic password that described the second terminal sends.
Preferably, described NFC authentication module also is used for uncommitted when described the second terminal and request is authorized when lifting a ban described target device, by described remote control module with the user profile of described the second terminal and lift a ban and ask reason to be sent to described first terminal.
Preferably, described NFC authentication module also is used for lifting a ban situation and feeds back to described first terminal by described remote control module.
A kind of NFC of utilization that the present invention proposes realizes the method and system of provisional dynamic authorization, first terminal obtains acquisition request one interim dynamic password by send interim password to target device, and this interim dynamic password is transmitted to second terminal of need authorizing, during the close target device of the second terminal, interim dynamic password is passed to target device, target device compares the interim dynamic password that the second terminal sends with the local interim dynamic password of preserving, if authentication is passed through, then lift a ban operation, thereby avoided because other people finish the problem of revealing safely that operation brings of lifting a ban, the cost of also avoiding simultaneously personal management's target device to bring increases, very simply realized Long-distance Control, when improving device security, save the time, improved efficient.
Description of drawings
Fig. 1 is that the present invention utilizes NFC to realize the structural representation of one embodiment of system of provisional dynamic authorization;
Fig. 2 is that the present invention utilizes NFC to realize the schematic flow sheet of method one embodiment of provisional dynamic authorization;
Fig. 3 is that the present invention utilizes NFC to realize the schematic flow sheet of another embodiment of method of provisional dynamic authorization.
Embodiment
The solution of the embodiment of the invention mainly is: first terminal obtains acquisition request one interim dynamic password by send interim password to target device, and this interim dynamic password is transmitted to second terminal of need authorizing, during the close target device of the second terminal, interim dynamic password is passed to target device, target device compares the interim dynamic password that the second terminal sends with the local interim dynamic password of preserving, if authentication is passed through, then lift a ban operation, by simple Long-distance Control, to avoid finishing the problem of revealing safely that operation brings of lifting a ban because of other people, the cost of also avoiding simultaneously personal management's target device to bring increases, very simply realized Long-distance Control, when improving device security, save the time, improved efficient.
As shown in Figure 1, one embodiment of the invention proposes the system that a kind of NFC of utilization realizes provisional dynamic authorization, comprising: first terminal 101, the second terminal 102 and target device 103, wherein:
First terminal 101 and the second terminal 102 all can be portable terminal, first terminal 101 is authorization terminal, the second terminal 102 is for lifting a ban the terminal that is authorized to of target device 103, the second terminal 102 and target device 103 be by the NFC the transmission of data, and this target device 103 can be that the gate inhibition maybe needs to ensure the system or equipment that uses safety etc.
Wherein NFC is a kind of technology based on the portable terminals such as mobile phone realization wireless near field communication, and NFC information is the electromagnetic induction coupled modes transmission by wireless frequency part in the frequency spectrum.NFC is by fast simple wireless connections, realize convenient, quick, safe short-range communication between two electronic equipments (such as mobile phone, PDA, computer and payment terminal etc.), the user can use and support the mobile terminal device of NFC technology to carry out the operation of lifting a ban of safety convenient usually.
Particularly, in the present embodiment, described first terminal 101 comprises device systems administration module 1011, is used for sending interim password to target device 103 and obtains request; Receive the interim dynamic password that described target device 103 distributes, and be transmitted to described the second terminal 102;
Described the second terminal 102 comprises NFC module 1021, is used near described target device 103, and the interim dynamic password that described first terminal 101 is transmitted passes to described target device 103; Be built-in with message conversion memory module 1022 in this NFC module 1021, for the analog card of the message stores that NFC module 1021 is received in NFC module 1021.
Described target device 103 comprises: remote control module and NFC authentication module 1033, wherein:
Remote control module obtains request for the interim password that receives described first terminal 101 transmissions;
Dynamic password distribution module 1032 is used for distributing interim dynamic password and being kept at this locality for described first terminal 101 according to the request of obtaining of described interim password;
NFC authentication module 1033, be used for when described the second terminal 102 near the time, the interim dynamic password that described the second terminal 102 is sent compares with the interim dynamic password of local preservation, if authentication is passed through, then lifts a ban operation.
In the specific implementation, target device 103 management softwares are installed in first terminal 101, first terminal 101 can obtain provisional dynamic password by target device 103 management softwares, this cipher seal is contained in the message (such as note, multimedia message, little letter etc.) send to the second terminal 102, the second terminal 102 by the information conversion memory modules 1022 that is placed in one with the message stores received in the NFC analog card, then the second terminal 102 starts the NFC technology near target device 103(such as the gate inhibition that need to lift a ban), the NFC authentication module 1033 of target device 103 is compared in its database after receiving password, unanimously then successfully lifts a ban.
The avatar of the device systems administration module 1011 in the first terminal 101 is application software of integrated target device 103 system informations, can realize corresponding function by operating this application software, make things convenient for user (long-range) operation, obtain the provisional dynamic password that target device 103 is lifted a ban by this software, as a kind of execution mode, the term of validity of password can be set, such as 5 minutes, 10 minutes or 1 hour or other Self defined times, and provide respective selection for user selection at the interface of first terminal 101.
Such as in the device systems administration interface of first terminal 101, one of them option is set is " interim password ", select the interface that " term of validity " selected to occur behind this option, have 5 minutes, 10 minutes, 1 hour and self-defined, in view of being provisional password and being in security consideration, can be set to 1 hour by time upper limit.
The device systems administration module 1011 of first terminal 101 can obtain the remote control module that together sends to target device 103 in the request together with cryptographic validity at password when obtaining request to target device 103 transmission passwords.
Remote control module in the target device 103 echoes mutually with management software on the first terminal 101, realizes telemanagement by the mobile network, as processing the request of obtaining interim password of first terminal 101.
Remote control module in the target device 103 is after the password that the device systems administration module 1011 of receiving first terminal 101 sends obtains request, pass on dynamic password distribution module 1032 in the target device 103, the request of obtaining generates an interim dynamic password at random according to described interim password for 1032 of dynamic password distribution module in the target device 103, this password can be a string character string or a two-dimension code, but must be dynamic password, namely each password that generates is all different, preferred embodiment be, dynamic password distribution module 1032 can be encrypted this dynamic password that generates simultaneously, to improve the fail safe of dynamic authorization operation.
Afterwards, dynamic password distribution module 1032 will this interim dynamic password feeds back to the device systems administration module 1011 of described first terminal 101 by remote control module together with described cryptographic validity, at this moment can show the prompting of " password obtains successfully " in the device systems administration interface of first terminal 101, simultaneously the password of receiving be left in the inbox of short message; Simultaneously, the remote control module in the target device 103 can record interim password that first terminal 101 sends and obtain Time Validity in the request, issues in the lump NFC authentication module 1033 together with interim dynamic password and the term of validity of distributing.
After device systems administration module 1011 in the first terminal 101 receives the interim dynamic password of target device 103 feedbacks, this interim dynamic password is transmitted to the second terminal 102,102 at the second terminal utilizes this interim dynamic password to obtain to lift a ban mandate, removes to lift a ban target device 103.
When the second terminal 102 close target device 103,1021 of the NFC modules in the second terminal 102 start the NFC function, this encrypted message are passed to the NFC authentication module 1033 of target device 103.
The NFC authentication module 1033 of target device 103 is after getting access to the password of the second terminal 102 by the transmission of NFC technology, this password and the interim dynamic password of issuing first terminal 101 before of receiving from remote control module are compared, if both unanimously and before the deadline, then authentication is passed through, and system lifts a ban.
In above-mentioned implementation process, after the remote control module of target device 103 is received the interim dynamic password of dynamic password distribution module 1032 transmissions, carry out the processing of two aspects, at first, the cryptographic validity (such as 5 minutes) that obtains in the password request that first terminal 101 is sent sends to NFC authentication module 1033 together with the interim dynamic password of receiving; Another processing is that the interim dynamic password that will receive sends to first terminal 101, this dynamic password will be stored in the form of short message in the inbox of first terminal 101, and simultaneously first terminal 101 display interfaces become " password obtains successfully " by " password obtain in ".
In addition, the processing for cryptographic validity can have following dual mode:
The first processing mode: take cryptographic validity as 5 minutes as example, if within 5 minutes, then this password exists, the direct password of sending with the second terminal 102 compares and gets final product, if exceed 5 minutes, then this password can directly be deleted, and at this moment the password sent of the second terminal 102 can directly be ignored, and the system port display screen can be pointed out the information of " password is expired " or " invalid password " and so on.
Another kind of processing mode: when NFC authentication module 1033 is received the interim dynamic password that the second terminal 102 sends, except comparing with the password that prestores, also need judge whether within the effective time that prestores, if but password is consistent overtime, then the system port display screen can be pointed out " password is expired ".
Device systems administration module 1011 in the above-mentioned first terminal 101, when obtaining interim password, can set up and lift a ban the information feedback, namely after system successfully lifts a ban (or failure), NFC authentication module 1033 will be lifted a ban situation and pass to remote control module, remote control module sends to device systems administration module 1011 with this information again, at this moment can be in the device systems administration interface prompting " lifting a ban successfully " or " lifting a ban failure " of first terminal 101, with the prompting authorized person, be convenient to its next step operation.
Present embodiment utilizes the NFC technology to realize provisional dynamic authorization by such scheme, can realize lifting a ban temporarily, and is not only convenient, and avoided because other people finish the problem of revealing safely that operation brings of lifting a ban.
In a further embodiment, described authentication module 1033 also is used for uncommitted when described the second terminal 102 and request mandate when lifting a ban described target device 103,, judged whether to authorize according to actual conditions by this first terminal 101 with the user profile of described the second terminal 102 and lift a ban the request reason and be sent to described first terminal 101 by described remote control module.
Particularly, when and the second terminal 102 of lack of competence when going to lift a ban target device 103, find that this user is uncommitted after NFC authentication module 1033 comparisons of this target device 103, then can prompting user without mandate, whether need to authorize.If the second terminal 102 is selected to need to authorize, then next step continues reason that prompting user need to lift a ban (enterprise or individual can preset reason according to self-demand, other options also can be set to be inputted voluntarily by the second terminal 102), after selection was finished, the remote control module of target device 103 systems was understood direct user profile with the second terminal 102 and is lifted a ban and ask reason to send to first terminal 101.
Present embodiment passes through such scheme, avoided lifting a ban the problem of revealing safely that operation brings because other people finish, the cost of also avoiding simultaneously personal management's target device to bring increases, and has very simply realized Long-distance Control, when improving device security, save the time, improved efficient.
As shown in Figure 2, a kind of NFC of utilization that one embodiment of the invention proposes realizes the method for provisional dynamic authorization, implements based on the system in above-described embodiment, and the method comprises:
Step S201, first terminal sends interim password to target device and obtains request;
With reference to shown in Figure 1, the system that the present embodiment method relates to comprises: first terminal, the second terminal and target device, wherein: first terminal and the second terminal all can be portable terminal, first terminal is authorization terminal, the second terminal is to lift a ban the terminal that is authorized to of target device, the second terminal and target device be by the NFC the transmission of data, and this target device can be that the gate inhibition maybe needs to ensure the system or equipment that uses safety etc.
Wherein NFC is a kind of technology based on the portable terminals such as mobile phone realization wireless near field communication, and NFC information is the electromagnetic induction coupled modes transmission by wireless frequency part in the frequency spectrum.NFC is by fast simple wireless connections, realize convenient, quick, safe short-range communication between two electronic equipments (such as mobile phone, PDA, computer and payment terminal etc.), the user can use and support the mobile terminal device of NFC technology to carry out the operation of lifting a ban of safety convenient usually.
In the specific implementation, the target device management software is installed in first terminal, first terminal can obtain provisional dynamic password by the target device management software, this cipher seal is contained in the message (such as note, multimedia message, little letter etc.) send to the second terminal, the second terminal by the information conversion memory modules that is placed in one with the message stores received in the NFC analog card, then the second starting terminal NFC technology is near the target device (such as the gate inhibition) that need to lift a ban, the NFC authentication module of target device is compared in its database after receiving password, unanimously then successfully lifts a ban.
The avatar of the device systems administration module in the first terminal is the application software of integrated target device system information, can realize corresponding function by operating this application software, make things convenient for user (long-range) operation, obtain the provisional dynamic password that target device is lifted a ban by this software, as a kind of execution mode, the term of validity of password can be set, such as 5 minutes, 10 minutes or 1 hour or other Self defined times, and provide respective selection for user selection at the interface of first terminal.
Such as in the device systems administration interface of first terminal, one of them option is set is " interim password ", select the interface that " term of validity " selected to occur behind this option, have 5 minutes, 10 minutes, 1 hour and self-defined, in view of being provisional password and being in security consideration, can be set to 1 hour by time upper limit.
The device systems administration module of first terminal can obtain the remote control module that together sends to target device in the request together with cryptographic validity at password when obtaining request to target device transmission password.
The request of obtaining distributes interim dynamic password and is kept at this locality for described first terminal according to described interim password for step S202, described target device;
Step S203, described first terminal sends to the second terminal with described interim dynamic password;
Among above-mentioned steps S202 and the step S203, the remote control module in the target device echoes mutually with management software on the first terminal, realizes telemanagement by the mobile network, as processing the request of obtaining interim password of first terminal.
Remote control module in the target device is after the password that the device systems administration module of receiving first terminal sends obtains request, pass on dynamic password distribution module in the target device, then the request of obtaining generates an interim dynamic password to dynamic password distribution module in the target device at random according to described interim password, this password can be a string character string or a two-dimension code, but must be dynamic password, namely each password that generates is all different, preferred embodiment be, the dynamic password distribution module can be encrypted this dynamic password that generates simultaneously, to improve the fail safe of dynamic authorization operation.
Afterwards, the dynamic password distribution module will this interim dynamic password feeds back to the device systems administration module of described first terminal by remote control module together with described cryptographic validity, at this moment can show the prompting of " password obtains successfully " in the device systems administration interface of first terminal, simultaneously the password of receiving be left in the inbox of short message; Simultaneously, the remote control module in the target device can record interim password that first terminal sends and obtain Time Validity in the request, issues in the lump the NFC authentication module together with interim dynamic password and the term of validity of distributing.
Device systems administration module in the first terminal is transmitted to the second terminal with this interim dynamic password after receiving the interim dynamic password of target device feedback, and the second terminal then utilizes this interim dynamic password to obtain to lift a ban mandate, removes to lift a ban target device.
Step S204, described the second terminal passes to described target device near described target device with described interim dynamic password;
Step S205, described target device compares the interim dynamic password that the second terminal sends with the local interim dynamic password of preserving, if authentication is passed through, then lift a ban operation.
Among above-mentioned steps S204 and the step S205, when the close target device of the second terminal, the NFC module in the second terminal then starts the NFC function, this encrypted message is passed to the NFC authentication module of target device.
The NFC authentication module of target device is after getting access to the password of the second terminal by the transmission of NFC technology, this password and the interim dynamic password of issuing first terminal before of receiving from remote control module are compared, if both unanimously and before the deadline, then authentication is passed through, system lifts a ban.
In above-mentioned implementation process, after the remote control module of target device is received the interim dynamic password of dynamic password distribution module transmission, carry out the processing of two aspects, at first, the cryptographic validity (such as 5 minutes) that obtains in the password request that first terminal is sent sends to the NFC authentication module together with the interim dynamic password of receiving; Another processing is that the interim dynamic password that will receive sends to first terminal, and this dynamic password will be stored in the form of short message in the inbox of first terminal, and simultaneously the first terminal display interface becomes " password obtains successfully " by " password obtain in ".
In addition, the processing for cryptographic validity can have following dual mode:
The first processing mode: take cryptographic validity as 5 minutes as example, if within 5 minutes, then this password exists, the direct password of sending with the second terminal compares and gets final product, if exceed 5 minutes, then this password can directly be deleted, and at this moment the password sent of the second terminal can directly be ignored, and the system port display screen can be pointed out the information of " password is expired " or " invalid password " and so on.
Another kind of processing mode: when the NFC authentication module is received the interim dynamic password that the second terminal sends, except comparing with the password that prestores, need judge whether also that within the effective time that prestores if but password is consistent overtime, then the system port display screen can be pointed out " password is expired ".
Device systems administration module in the above-mentioned first terminal, when obtaining interim password, can set up and lift a ban the information feedback, namely after system successfully lifts a ban (or failure), the NFC authentication module will be lifted a ban situation and pass to remote control module, and remote control module sends to the device systems administration module with this information again, at this moment can be in the device systems administration interface prompting " lifting a ban successfully " or " lifting a ban failure " of first terminal, with the prompting authorized person, be convenient to its next step operation.
Present embodiment utilizes the NFC technology to realize provisional dynamic authorization by such scheme, can realize lifting a ban temporarily, and is not only convenient, and avoided because other people finish the problem of revealing safely that operation brings of lifting a ban.
As shown in Figure 3, a kind of NFC of utilization that another embodiment of the present invention proposes realizes the method for provisional dynamic authorization, on the basis of above-described embodiment, also comprises before above-mentioned steps S201:
Step S200, uncommitted and request is authorized when lifting a ban described target device when described the second terminal, the user profile that described target device will described the second terminal and lift a ban and ask reason to be sent to described first terminal.
Particularly, when and the second terminal of lack of competence when going to lift a ban target device, find that this user is uncommitted after the NFC authentication module comparison of this target device, then can prompting user without mandate, whether need to authorize.If the second terminal is selected to need to authorize, then next step continues reason that prompting user need to lift a ban (enterprise or individual can preset reason according to self-demand, other options also can be set to be inputted voluntarily by the second terminal), after selection was finished, the remote control module of target device system was understood direct user profile with the second terminal and is lifted a ban and ask reason to send to first terminal.
Present embodiment passes through such scheme, avoided because other people finish the problem of revealing safely that operation brings of lifting a ban, the cost of also avoiding simultaneously personal management's target device to bring increases, very simply realized Long-distance Control, when improving device security, save the time, improved the convenience of efficient and user operation.
The above only is the preferred embodiments of the present invention; be not so limit claim of the present invention; every equivalent structure or flow process conversion that utilizes specification of the present invention and accompanying drawing content to do; or directly or indirectly be used in other relevant technical field, all in like manner be included in the scope of patent protection of the present invention.

Claims (12)

1. a method of utilizing NFC to realize provisional dynamic authorization is characterized in that, comprising:
First terminal sends interim password to target device and obtains request;
The request of obtaining distributes interim dynamic password and is kept at this locality for described first terminal described target device according to described interim password;
Described first terminal sends to the second terminal with described interim dynamic password;
Described the second terminal passes to described target device near described target device with described interim dynamic password;
Described target device compares the interim dynamic password that the second terminal sends with the local interim dynamic password of preserving, if authentication is passed through, then lift a ban operation.
2. method according to claim 1 is characterized in that, the request of obtaining of described password comprises cryptographic validity, and the request of obtaining distributes the step of interim dynamic password to comprise for described first terminal to described target device according to described interim password:
The request of obtaining generates an interim dynamic password to described target device at random according to described interim password;
Described interim dynamic password is fed back to described first terminal together with described cryptographic validity.
3. method according to claim 2 is characterized in that, describedly also comprises before interim dynamic password is fed back to the step of described first terminal:
Described interim dynamic password is encrypted.
4. method according to claim 2 is characterized in that, described target device also comprises the second terminal interim dynamic password that sends and the step that the local interim dynamic password of preserving compares before:
Described target device judges whether described cryptographic validity is expired, if do not have expiredly, then carries out the step that interim dynamic password that the second terminal is sent and the local interim dynamic password of preserving compare; Otherwise
The interim dynamic password that preserve this locality is deleted, and ignored the interim dynamic password that described the second terminal sends.
5. each described method is characterized in that according to claim 1-4, and described first terminal sends interim password to target device and also comprises before obtaining the step of request:
Uncommitted and request is authorized when lifting a ban described target device when described the second terminal, the user profile that described target device will described the second terminal and lift a ban and ask reason to be sent to described first terminal.
6. method according to claim 1 is characterized in that, described target device also comprises after lifting a ban operation:
The situation of will lifting a ban feeds back to described first terminal.
7. a system that utilizes NFC to realize provisional dynamic authorization is characterized in that, comprising: first terminal, the second terminal and target device, wherein:
Described first terminal comprises the device systems administration module, is used for sending interim password to target device and obtains request; Receive the interim dynamic password that described target device distributes, and be transmitted to described the second terminal;
Described the second terminal comprises the NFC module, is used near described target device, and the interim dynamic password that described first terminal is transmitted passes to described target device;
Described target device comprises:
Remote control module obtains request for the interim password that receives described first terminal transmission;
The dynamic password distribution module is for the request of obtaining distributes interim dynamic password and is kept at this locality for described first terminal according to described interim password;
The NFC authentication module is used for when described the second terminal is close, and the interim dynamic password that described the second terminal is sent compares with the local interim dynamic password of preserving, if authentication is passed through, then lifts a ban operation.
8. system according to claim 7 is characterized in that, the request of obtaining of described password comprises cryptographic validity, and described dynamic password distribution module is also for the request of obtaining generates an interim dynamic password at random according to described interim password; Described interim dynamic password is fed back to described first terminal together with described cryptographic validity by described remote control module.
9. system according to claim 8 is characterized in that, described dynamic password distribution module also is used for described interim dynamic password is encrypted.
10. system according to claim 8, it is characterized in that, described NFC authentication module also is used for judging whether described cryptographic validity is expired, if do not have expiredly, the interim dynamic password that then the second terminal is sent compares with the local interim dynamic password of preserving; Otherwise the interim dynamic password that preserve this locality is deleted, and ignored the interim dynamic password that described the second terminal sends.
11. each described system is characterized in that according to claim 7-10,
Described NFC authentication module also is used for uncommitted when described the second terminal and request is authorized when lifting a ban described target device, by described remote control module with the user profile of described the second terminal and lift a ban and ask reason to be sent to described first terminal.
12. system according to claim 7 is characterized in that, described NFC authentication module also is used for lifting a ban situation and feeds back to described first terminal by described remote control module.
CN201210430528.3A 2012-11-01 2012-11-01 NFC is utilized to realize the method and system of provisional dynamic authorization Active CN102970674B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201210430528.3A CN102970674B (en) 2012-11-01 2012-11-01 NFC is utilized to realize the method and system of provisional dynamic authorization
PCT/CN2013/077975 WO2013182093A1 (en) 2012-11-01 2013-06-26 Authorizing method, target device, terminal and authorizing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210430528.3A CN102970674B (en) 2012-11-01 2012-11-01 NFC is utilized to realize the method and system of provisional dynamic authorization

Publications (2)

Publication Number Publication Date
CN102970674A true CN102970674A (en) 2013-03-13
CN102970674B CN102970674B (en) 2016-01-20

Family

ID=47800474

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210430528.3A Active CN102970674B (en) 2012-11-01 2012-11-01 NFC is utilized to realize the method and system of provisional dynamic authorization

Country Status (2)

Country Link
CN (1) CN102970674B (en)
WO (1) WO2013182093A1 (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103326858A (en) * 2013-05-27 2013-09-25 北京昆腾微电子有限公司 NFC dynamic password chip based on time mode and working method of NFC dynamic password chip
CN103401868A (en) * 2013-07-31 2013-11-20 广东欧珀移动通信有限公司 Method for temporarily authorizing mobile communication equipment of authorized party and authorized party, management method and device for temporary authorization thereof by management party
WO2013182093A1 (en) * 2012-11-01 2013-12-12 中兴通讯股份有限公司 Authorizing method, target device, terminal and authorizing system
CN103457951A (en) * 2013-09-02 2013-12-18 小米科技有限责任公司 Method and device for allowing multiple terminals to login to server
CN103729926A (en) * 2014-01-20 2014-04-16 陈万兴 Bluetooth access control system based on remote authorization of intelligent terminal and control method thereof
CN104517211A (en) * 2014-12-26 2015-04-15 英华达(上海)科技有限公司 Payment system and method based on NFC (near field communication) equipment
CN104809773A (en) * 2014-01-23 2015-07-29 中国移动通信集团公司 Entrance guard control method, entrance guard control apparatus, and entrance guard system
CN105100028A (en) * 2014-05-22 2015-11-25 中兴通讯股份有限公司 Account number management method and account number management device
CN105187419A (en) * 2015-08-26 2015-12-23 宇龙计算机通信科技(深圳)有限公司 Authentication method, device, terminal and system
CN105282148A (en) * 2015-09-17 2016-01-27 褚维戈 Data remote authentication system and method
CN105488870A (en) * 2014-09-18 2016-04-13 腾讯科技(深圳)有限公司 Entrance guard control method, apparatus, terminal and control server
CN105812140A (en) * 2014-12-31 2016-07-27 上海庆科信息技术有限公司 Authorization access method
CN105799542A (en) * 2015-03-11 2016-07-27 孙欣 Electric vehicle control system and method
CN106204035A (en) * 2015-04-30 2016-12-07 阿里巴巴集团控股有限公司 Off-line identity identifying method, intelligent terminal and system
CN106600775A (en) * 2016-12-08 2017-04-26 南京魔格信息科技有限公司 Non-networking dynamic password generation method used for intelligent access control system
CN106934885A (en) * 2017-02-20 2017-07-07 广东亚太天能科技股份有限公司 Smart lock and remote unlocking method
CN107004315A (en) * 2014-12-02 2017-08-01 开利公司 Utilize the metering-in control system of virtual card data
CN107306393A (en) * 2016-04-25 2017-10-31 中国联合网络通信集团有限公司 The cut-in method and device of wireless network
CN113718465A (en) * 2020-05-25 2021-11-30 青岛海尔洗衣机有限公司 Remote control method, device and equipment for washing machine and storage medium

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103259664A (en) * 2013-05-08 2013-08-21 北京昆腾微电子有限公司 Nfc dynamic password chip and working method thereof
CN104836780B (en) * 2014-02-12 2017-03-15 腾讯科技(深圳)有限公司 Data interactive method, checking terminal, server and system
CN105550553B (en) * 2015-06-30 2019-11-12 宇龙计算机通信科技(深圳)有限公司 A rights management method, terminal, device and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101422058A (en) * 2006-04-19 2009-04-29 法国电信公司 Method of securing access to a proximity communication module in a mobile terminal
EP2434461A1 (en) * 2010-09-23 2012-03-28 Research In Motion Limited Security system providing temporary personnel access based upon near-field communication and related methods

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8095113B2 (en) * 2007-10-17 2012-01-10 First Data Corporation Onetime passwords for smart chip cards
CN101369893B (en) * 2008-10-06 2010-08-18 中国移动通信集团设计院有限公司 Method for local area network access authentication of casual user
CN101840548A (en) * 2010-03-29 2010-09-22 宇龙计算机通信科技(深圳)有限公司 Consumption and communication terminal, management server and NFC electronic payment method
CN102970674B (en) * 2012-11-01 2016-01-20 中兴通讯股份有限公司 NFC is utilized to realize the method and system of provisional dynamic authorization

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101422058A (en) * 2006-04-19 2009-04-29 法国电信公司 Method of securing access to a proximity communication module in a mobile terminal
EP2434461A1 (en) * 2010-09-23 2012-03-28 Research In Motion Limited Security system providing temporary personnel access based upon near-field communication and related methods

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013182093A1 (en) * 2012-11-01 2013-12-12 中兴通讯股份有限公司 Authorizing method, target device, terminal and authorizing system
CN103326858A (en) * 2013-05-27 2013-09-25 北京昆腾微电子有限公司 NFC dynamic password chip based on time mode and working method of NFC dynamic password chip
CN103401868A (en) * 2013-07-31 2013-11-20 广东欧珀移动通信有限公司 Method for temporarily authorizing mobile communication equipment of authorized party and authorized party, management method and device for temporary authorization thereof by management party
CN103457951A (en) * 2013-09-02 2013-12-18 小米科技有限责任公司 Method and device for allowing multiple terminals to login to server
CN103457951B (en) * 2013-09-02 2018-04-27 小米科技有限责任公司 The method and device of multiple terminals login service device
CN103729926B (en) * 2014-01-20 2016-04-27 重庆特斯联智慧科技股份有限公司 Based on the control method of the control of bluetooth access control system of remote authorization of intelligent terminal
CN103729926A (en) * 2014-01-20 2014-04-16 陈万兴 Bluetooth access control system based on remote authorization of intelligent terminal and control method thereof
CN104809773A (en) * 2014-01-23 2015-07-29 中国移动通信集团公司 Entrance guard control method, entrance guard control apparatus, and entrance guard system
CN105100028A (en) * 2014-05-22 2015-11-25 中兴通讯股份有限公司 Account number management method and account number management device
CN105488870A (en) * 2014-09-18 2016-04-13 腾讯科技(深圳)有限公司 Entrance guard control method, apparatus, terminal and control server
CN107004315B (en) * 2014-12-02 2020-08-04 开利公司 Access control system using virtual card data
CN107004315A (en) * 2014-12-02 2017-08-01 开利公司 Utilize the metering-in control system of virtual card data
TWI650715B (en) * 2014-12-26 2019-02-11 英華達股份有限公司 Payment system based on near field communication and method thereof
CN104517211A (en) * 2014-12-26 2015-04-15 英华达(上海)科技有限公司 Payment system and method based on NFC (near field communication) equipment
CN104517211B (en) * 2014-12-26 2017-12-22 英华达(上海)科技有限公司 payment system and method based on NFC device
CN105812140A (en) * 2014-12-31 2016-07-27 上海庆科信息技术有限公司 Authorization access method
CN105812140B (en) * 2014-12-31 2019-11-15 上海庆科信息技术有限公司 A kind of authorization access method
CN105799542A (en) * 2015-03-11 2016-07-27 孙欣 Electric vehicle control system and method
CN106204035A (en) * 2015-04-30 2016-12-07 阿里巴巴集团控股有限公司 Off-line identity identifying method, intelligent terminal and system
CN105187419B (en) * 2015-08-26 2019-01-11 宇龙计算机通信科技(深圳)有限公司 A kind of authorization method, device, terminal and system
CN105187419A (en) * 2015-08-26 2015-12-23 宇龙计算机通信科技(深圳)有限公司 Authentication method, device, terminal and system
CN105282148A (en) * 2015-09-17 2016-01-27 褚维戈 Data remote authentication system and method
CN107306393A (en) * 2016-04-25 2017-10-31 中国联合网络通信集团有限公司 The cut-in method and device of wireless network
CN106600775A (en) * 2016-12-08 2017-04-26 南京魔格信息科技有限公司 Non-networking dynamic password generation method used for intelligent access control system
CN106934885A (en) * 2017-02-20 2017-07-07 广东亚太天能科技股份有限公司 Smart lock and remote unlocking method
CN113718465A (en) * 2020-05-25 2021-11-30 青岛海尔洗衣机有限公司 Remote control method, device and equipment for washing machine and storage medium

Also Published As

Publication number Publication date
CN102970674B (en) 2016-01-20
WO2013182093A1 (en) 2013-12-12

Similar Documents

Publication Publication Date Title
CN102970674A (en) Method and system for achieving temporary dynamic authorization by utilizing near field communication (NFC)
US10102699B2 (en) Electronic lock authentication method and system
US10262486B2 (en) Systems and methods for remote access rights and verification
US20140329497A1 (en) Smartdevices Enabled Secure Access to Multiple Entities (SESAME)
US11192773B1 (en) System and method for managing fuel dispensing account
CN103886661B (en) Access control management method and system
CN105959287A (en) Biological feature based safety certification method and device
CN105469489A (en) Electronic locking system based on random key
CN104020740A (en) Parking management system based on ground lock remotely controlled by mobile terminal
CN104050510A (en) Intelligent room reservation system based on mobile terminal
CN101741565A (en) Method and system for transmitting IC (integrated circuit)-card application data
CN106373235A (en) Authorization method and authorization system for virtual keys and server
CN104484918A (en) NFC-based Android intelligent door lock opening method
CN104270244A (en) NFC encryption method and system
CN104735168A (en) Unlocking method of network-based password generation and decryption
CN103745353A (en) Electronic payment terminal verification method and system
CN101908964B (en) Method for authenticating remote virtual cryptographic equipment
CN102930464A (en) Electronic invoice management method and system
CN113924751A (en) System and method for providing secure data access
KR101617707B1 (en) Electronic key system with function for transffering control right for electronic lock system
CN107248212A (en) A kind of intelligent lock system and its method for unlocking based on NFC
CN102413146B (en) Client authorized logon method based on dynamic codes
CN102427459A (en) Offline authorization method based on Usbkeys
AU2011288920A1 (en) System and method for converging RFID building security with PKI techniques
CN107993321A (en) A kind of method of the active unlock of intelligent bicycle lock and intelligent bicycle lock

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant