CN103414565B

CN103414565B - Output intent and safety equipment, response method and system, execution method and system

Info

Publication number: CN103414565B
Application number: CN201310343697.8A
Authority: CN
Inventors: 李东声
Original assignee: Tendyron Technology Co Ltd
Current assignee: Tendyron Technology Co Ltd
Priority date: 2013-08-08
Filing date: 2013-08-08
Publication date: 2016-12-28
Anticipated expiration: 2033-08-08
Also published as: CN103414565A

Abstract

The present invention provides a kind of information output method and safety equipment, the response method of process information and system, unlatching operation execution method and system, and wherein, information output method includes: obtain operation requests；After getting operation requests, obtain identification information and/or location information；Identification information and/or location information are verified, and after being verified, obtains the first authentication code and first information output policy；According to first information output policy, first information packet is carried out the first process, it is thus achieved that first processes information, and first information packet carries out the second process to the first information and obtains, and the first information at least includes: the first authentication code；Output the first process information and first information packet.Controlled device is verified by safety equipment, it is ensured that the verity of request, thus improves verity and the safety of security device information output.

Description

Output intent and safety equipment, response method and system, execution method and system

Technical field

The present invention relates to a kind of information security field, particularly relate to a kind of information output method and safety equipment, process letter The response method of breath and system, unlatching operation execution method and system.

Background technology

At present, along with the development of network, realize acquisition of information by these means of network, can well meet people's Demand to information resources, and greatly facilitate the acquisition to information resources.

But, along with popularizing by network acquisition information these means of resource, increasing information can be any People is obtaining the most in any form, and this is the most inapplicable to some sensitive information, and the acquisition of the most this sensitive information is usually This sensitive information is encrypted by the publisher of information resources, only gives its manner of decryption of people having permission acquisition, thus makes it obtain Obtain this sensitive information.

But use this kind of mode safety the highest, the most brilliant along with hacker's means, crack one and add secret letter Breath becomes simple, and information resources higher for sensitivity are infeasible.

Therefore, need the mode of a kind of safety higher sensitive information resource acquisition now, obtain with guarantee information Safety.

It addition, the unlatching of more existing equipment is random, anyone can open this equipment in any place, this The potential safety hazard that sample easily causes the information in equipment or equipment itself is stolen, such as: for automobile, once by Steal, often cannot recover, so can cause the loss of car owner.

Summary of the invention

Present invention seek to address that existing acquisition or open one of unsafe problem of operation.

A kind of information output method of offer is provided；

Another object of the present invention is to provide a kind of response method processing information；

It is still another object of the present invention to provide a kind of unlatching and operate execution method；

A further object of the present invention is to provide a kind of safety equipment；

A further object of the present invention is to provide a kind of response system processing information；

A further object of the present invention is that providing a kind of opens operation execution system.

For reaching above-mentioned purpose, technical scheme is specifically achieved in that

One aspect of the present invention provides a kind of information output method, including: safety equipment obtain operation requests；Described safety Equipment, after getting described operation requests, obtains location information and/or the identification information of controlled device；Described safety equipment pair Described identification information and/or described location information are verified, and after being verified, obtain the first authentication code and the first letter Breath output policy；Described safety equipment, according to described first information output policy, carry out the first process to first information packet, Obtaining the first process information, described first information packet carries out the second process to the first information and obtains, described first letter Breath at least includes: described first authentication code；Described safety equipment output described first processes information and described first information number According to bag.

Additionally, the step that described identification information and/or location information are verified by described safety equipment includes: described peace Full equipment obtains the identification information prestored；Described safety equipment verify described identification information whether with the described identification information prestored Unanimously, if described identification information is consistent with the described identification information prestored, then verify that described identification information passes through；And/or institute State safety equipment and obtain the orientation range information prestored；Described safety equipment verify whether described location information is included in described pre- In the orientation range information deposited, if described location information is in the described orientation range information prestored, then verify described location Information is passed through.

Additionally, described safety equipment are after getting described operation requests, obtain location information and/or the mark of controlled device The step of knowledge information includes: comprise fourth process information and the 4th information packet in described operation requests；Described everywhere Reason information carries out the 7th process to described 4th information packet and obtains, and described 4th information packet is to the 4th information Carrying out what the 8th process obtained, described 4th information at least includes: described identification information and/or described location information；Described peace Described fourth process information, after getting described operation requests, is tested by full equipment according to described 4th information packet Card, and after being verified, obtain described identification information and/or described location information according to described 4th information packet.

Additionally, the described 7th is processed as encryption or signature process.

Additionally, described 4th information also includes: the 4th authentication code.

Additionally, described 4th authentication code is: random number, time parameter or dynamic password value.

Additionally, described first information output policy be encryption after output strategy；Described first is processed as encryption；Or First information output policy described in person be signature after output strategy；Described first is processed as signature processes.

Additionally, the described first information also includes operation requests and/or described identification information and/or described location information.

Additionally, described first authentication code is: random number, time parameter or dynamic password value.

Another aspect of the present invention additionally provides a kind of response method processing information, including: safety equipment use above-mentioned Method output described first processes information and described first information packet；Background system server receives at described first After reason information and described first information packet, obtain the described first information and the first authentication policy；Described background system Server processes information according to described first authentication policy checking described first；Described background system server is in checking described the After one process information is passed through, export the first response message and respond described first process information.

Additionally, when described first information output policy be encryption after output tactful time, described first authentication policy be with The deciphering that matches of strategy of output after described encryption the strategy verified, or described first authentication policy is and described encryption Encryption that the strategy of rear output matches the strategy verified；The strategy of output after described first information output policy is signature Time, described first authentication policy be with described signature after the sign test strategy that matches of strategy of output.

Include additionally, described background system server exports the first described first process information of response message response: described Background system server obtains the second authentication code and the second information output policy；According to described second information output policy, right Second information packet carries out the 3rd process, it is thus achieved that described second processes information, and described second information packet is to the second letter Breath carries out what fourth process obtained, and described second information at least includes: described second authentication code；Export described second process information And described second information packet.

Additionally, described second information output policy be encryption after output strategy；Described 3rd is processed as encryption；Or Second information output policy described in person be signature after output strategy；Described 3rd is processed as signature processes.

Additionally, described second authentication code is: described background system server obtain from the described first information described One authentication code；Or the second authentication code that described background system server generates.

Additionally, described second authentication code is: random number, time parameter or dynamic password value.

Additionally, described second information also includes: open command.

Further aspect of the present invention provides a kind of unlatching and operates execution method, including: background system server uses above-mentioned Method output described second process information and described second information packet；Described safety equipment receive described second and process After information and described second information packet, obtain described second information, and obtain the second authentication policy；Described safety equipment Information is processed according to described second authentication policy checking described second；Described safety equipment process information in checking described second and lead to Later, generate open command, and described open command is sent to controlled device；Described controlled device receives described unlatching and refers to After order, perform to open the flow process of operation according to described open command.

Another aspect of the invention provides a kind of unlatching and operates execution method, including: background system server uses above-mentioned Method output described second process information and described second information packet；Described safety equipment receive described second and process After information and described second information packet, obtain described second information, and obtain the second authentication policy；Described safety equipment Information is processed according to described second authentication policy checking described second；Described safety equipment process information in checking described second and lead to Later, described open command is sent to controlled device；Described controlled device receives described open command, refers to according to described unlatching Order performs to open the flow process of operation.

Additionally, when described second information output policy be encryption after output tactful time, described second authentication policy be with The deciphering that matches of strategy of output after described encryption the strategy verified, or described second authentication policy is and described encryption Encryption that the strategy of rear output matches the strategy verified；The strategy of output after described second information output policy is signature Time, described second authentication policy be with described signature after the sign test strategy of strategy matching of output.

Another aspect of the invention provides a kind of unlatching and operates execution method, including: background system server uses above-mentioned Method output described second process information and described second information packet；Described safety equipment receive described second and process After information and described second information packet, obtain described second information, and obtain the second authentication policy；Described safety equipment Information is processed according to described second authentication policy checking described second；Described safety equipment process information in checking described second and lead to Later, generate open command, and obtain the 3rd authentication code and the 3rd information output policy；Described safety equipment are according to described Three information output policys, carry out the 5th process to the 3rd information packet, it is thus achieved that the 3rd processes information, described 3rd information data Bag carries out the 6th process to the 3rd information and obtains, and described 3rd information at least includes: described 3rd authentication code and described Open command；Described safety equipment output the described 3rd processes information and described 3rd information packet；Described controlled device After receiving described 3rd process information and described 3rd information packet, obtain described 3rd information, and obtain the 3rd checking Strategy；Described controlled device processes information according to described 3rd authentication policy checking the described 3rd；Described controlled device is in checking After described 3rd process information is passed through, perform to open the flow process of operation according to described open command.

Another aspect of the invention provides a kind of unlatching and operates execution method, including: background system server uses above-mentioned Method output described second process information and described second information packet；Described safety equipment receive described second and process After information and described second information packet, obtain described second information, and obtain the second authentication policy；Described safety equipment Information is processed according to described second authentication policy checking described second；Described safety equipment process information in checking described second and lead to Later, the 3rd authentication code and the 3rd information output policy are obtained；Described safety equipment according to described 3rd information output policy, 3rd information packet is carried out the 5th process, it is thus achieved that the 3rd processes information, and described 3rd information packet is to the 3rd information Carrying out what the 6th process obtained, described 3rd information at least includes: described 3rd authentication code and described open command；Described peace Full equipment output the described 3rd processes information and described 3rd information packet；Described controlled device receives the described 3rd and processes After information and described 3rd information packet, obtain described 3rd information, and obtain the 3rd authentication policy；Described controlled device Information is processed according to described 3rd authentication policy checking the described 3rd；Described controlled device processes information in checking the described 3rd and leads to Later, perform to open the flow process of operation according to described open command.

Additionally, described 3rd information output policy be encryption after output strategy；Described 5th is processed as encryption；Or 3rd information output policy described in person be signature after output strategy；Described 5th is processed as signature processes.

Additionally, when described 3rd information output policy be encryption after output tactful time, described 3rd authentication policy be with The deciphering that matches of strategy of output after described encryption the strategy verified, or described 3rd authentication policy is and described encryption Encryption that the strategy of rear output matches the strategy verified；The strategy of output after described 3rd information output policy is signature Time, described 3rd authentication policy be with described signature after the sign test strategy of strategy matching of output.

Additionally, described 3rd authentication code is: described first authentication code；Described safety equipment obtain from described second information Described second authentication code；Or the 3rd authentication code that described safety equipment generate.

Additionally, described 3rd authentication code is: random number, time parameter or dynamic password value.

One aspect of the present invention additionally provides a kind of safety equipment, including: the first acquisition module, the first authentication module, first Processing module and the first transceiver module；Described first acquisition module is used for obtaining operation requests, please getting described operation After asking, obtain location information and/or the identification information of controlled device；Described first authentication module is for described identification information And/or location information verifies, and after being verified, described first acquisition module is indicated to obtain the first authentication code and One information output policy；Described first processing module is for according to described first information output policy, to first information packet Carry out the first process, it is thus achieved that first processes information, and described first information packet is the first information to be carried out the second process obtain , the described first information at least includes: described first authentication code；Described first transceiver module is used for exporting described first and processes letter Breath and described first information packet.

Additionally, described first acquisition module also obtains the identification information prestored；Described first authentication module is also verified described Identification information is the most consistent with the described identification information prestored, if described identification information and the described identification information one prestored Cause, then verify that described identification information passes through；And/or described first acquisition module also obtains orientation range information；Described first tests Card module also verifies described location information described in whether being included in the orientation range information that prestores, if described location information exists In the described orientation range information prestored, then verify that described location information is passed through.

Additionally, described operation requests comprises fourth process information and the 4th information packet；Described fourth process is believed Breath carries out the 7th process to described 4th information packet and obtains, and described 4th information packet is to carry out the 4th information 8th process obtains, and described 4th information at least includes: described identification information and/or described location information；Described safety sets For also including: the 3rd authentication module；Described 3rd authentication module also gets described operation requests at described first acquisition module After, according to described 4th information packet, described fourth process information is verified, and after being verified, indicate described One acquisition module obtains described identification information and/or described location information according to described 4th information packet.

Another aspect of the present invention additionally provides a kind of response system processing information, including: above-mentioned safety equipment and Background system server；Described background system server includes the second acquisition module, the second authentication module and the second transmitting-receiving mould Block；Described second transceiver module is for receiving the described first process information of described safety equipment output and the described first information Packet；Described second acquisition module for receiving described the first of described safety equipment output at described second transceiver module After process information and described first information packet, obtain the described first information and the first authentication policy；Described second tests Card module for according to described first authentication policy checking described first process information, and verify described first process information lead to Later, indicate described second transceiver module to export the first response message and respond described first process information.

Additionally, described background system server also includes the second processing module；Described second acquisition module is additionally operable to obtain Second authentication code and the second information output policy；Described second processing module is used for according to described second information output policy, Second information packet is carried out the 3rd process, it is thus achieved that described second processes information, and described second information packet is to second Information carries out what fourth process obtained, and described second information at least includes: described second authentication code；Described second transceiver module is also For exporting described second process information and described second information packet.

Additionally, described second authentication code is: described second acquisition module obtain from the described first information described first Authentication code；Or described background system server also includes that the second generation module, described second generation module generate described second Authentication code, described second acquisition module obtains described second authentication code that described second generation module generates.

Additionally, described second information also includes: open command.

Further aspect of the present invention additionally provides a kind of unlatching and operates execution system, including: controlled device and above-mentioned place The response system of reason information；Wherein, described safety equipment also include: the 4th authentication module, the first generation module and the 3rd receive Send out module；Described first acquisition module receives described second at described first transceiver module and processes information and described second information After packet, also obtain described second information, and obtain the second authentication policy；Described 4th authentication module is tested according to described second Described in card policy validation, second processes information, and after verifying that described second process information is passed through, indicates described first to generate mould Block generates open command, and indicates described 3rd transceiver module to send described open command to controlled device；Described controlled set The described open command of standby reception, performs to open the flow process of operation according to described open command.

Another aspect of the invention additionally provides a kind of unlatching and operates execution system, including: controlled device and above-mentioned place The response system of reason information；Wherein, described safety equipment also include: the 4th authentication module and the 3rd transceiver module；Described One acquisition module is after described first transceiver module receives described second process information and described second information packet, also Obtain described second information, and obtain the second authentication policy；Described 4th authentication module is according to described second authentication policy checking Described second processes information, and after verifying that described second process information is passed through, indicates described 3rd transceiver module to open described Open instruction to send to controlled device；Described controlled device receives described open command, performs to open behaviour according to described open command The flow process made.

Another aspect of the invention additionally provides a kind of unlatching and operates execution system, including: controlled device and above-mentioned place The response system of reason information；Wherein, described safety equipment also include: the 4th authentication module, the first generation module and the 3rd receive Send out module；Described first acquisition module receives described second at described first transceiver module and processes information and described second information After packet, also obtain described second information, and obtain the second authentication policy；Described 4th authentication module is tested according to described second Described in card policy validation, second processes information, and after verifying that described second process information is passed through, indicates described first to generate mould Block generates open command；Described first acquisition module also obtains the open command that described first generation module generates, and obtains 3rd authentication code and the 3rd information output policy；Described first processing module is according to described 3rd information output policy, to Three information packet carry out the 5th process, it is thus achieved that the 3rd processes information, and described 3rd information packet is to carry out the 3rd information 6th process obtains, and described 3rd information at least includes: described 3rd authentication code and described open command；Described 3rd receives Send out module output the described 3rd and process information and described 3rd information packet；Described controlled device includes: the 4th transmitting-receiving mould Block, the 3rd acquisition module, the 5th authentication module and execution module；Described 4th transceiver module receives the described 3rd and processes information And described 3rd information packet；Described 3rd acquisition module obtains described 3rd information, and obtains the 3rd authentication policy；Institute State the 5th authentication module and verify described 3rd process information according to described 3rd authentication policy, and process letter in checking the described 3rd Breath is by rear, and instruction performs module and performs to open the flow process of operation according to described open command.

Another aspect of the invention additionally provides a kind of unlatching and operates execution system, including: controlled device and above-mentioned place The response system of reason information；Wherein, described safety equipment also include: the 4th authentication module and the 3rd transceiver module；Described One acquisition module is after described first transceiver module receives described second process information and described second information packet, also Obtain described second information, and obtain the second authentication policy；Described 4th authentication module is according to described second authentication policy checking Described second processes information, and after verifying that described second process information is passed through, indicates described first acquisition module to obtain the 3rd Authentication code and the 3rd information output policy；Described first processing module is always according to described 3rd information output policy, to the 3rd Information packet carries out the 5th process, it is thus achieved that the 3rd processes information, and described 3rd information packet is that the 3rd information carries out the Six process obtain, and described 3rd information at least includes: described 3rd authentication code and described open command；3rd transceiver module Also export described 3rd process information and described 3rd information packet；Described controlled device includes: the 4th transceiver module, Three acquisition modules, the 5th authentication module and execution module；Described 4th transceiver module receive described 3rd process information and Described 3rd information packet；Described 3rd acquisition module obtains described 3rd information, and obtains the 3rd authentication policy；Described Five authentication modules process information according to described 3rd authentication policy checking the described 3rd, and it is logical to process information in checking the described 3rd Later, instruction performs module and performs to open the flow process of operation according to described open command.

As seen from the above technical solution provided by the invention, the information output method and the safety that have employed the present invention set Standby, controlled device is verified by safety equipment, it is ensured that the verity of request, thus improves security device information output Verity and safety；Use response method and the system of the process information of the present invention, only verify in background system server After safety equipment pass through, just allow subsequent operation, it is ensured that safety；Use the unlatching operation execution method of the present invention and be System, only safety equipment checking controlled device pass through, and background system server checking safety equipment pass through, and just can open quilt Control equipment or from controlled device obtain sensitive information, it is ensured that controlled device open or sensitive information obtain safety Property；Or only safety equipment checking controlled device passes through, background system server checking safety equipment pass through and controlled device After checking safety equipment pass through, just can open controlled device or from controlled device, obtain sensitive information, it is ensured that be controlled The safety that opening of device or sensitive information obtain.

Accompanying drawing explanation

In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, required use in embodiment being described below Accompanying drawing be briefly described, it should be apparent that, below describe in accompanying drawing be only some embodiments of the present invention, for this From the point of view of the those of ordinary skill in field, on the premise of not paying creative work, it is also possible to obtain other according to these accompanying drawings Accompanying drawing.

The flow chart of the information output method that Fig. 1 provides for the present invention；

The structural representation of the safety equipment that Fig. 2 provides for the present invention；

The flow chart of the response method of the process information that Fig. 3 provides for the present invention；

The structural representation of the response system of the process information that Fig. 4 provides for the present invention；

The flow chart opening operation execution method of a kind of embodiment that Fig. 5 provides for the present invention；

The structural representation opening operation execution system of a kind of embodiment that Fig. 6 provides for the present invention；

The structural representation opening operation execution system of the another kind of embodiment that Fig. 7 provides for the present invention.

The flow chart opening operation execution method of the another kind of embodiment that Fig. 8 provides for the present invention；

The structural representation opening operation execution system of the another embodiment that Fig. 9 provides for the present invention；

The flow chart opening operation execution method of the another embodiment that Figure 10 provides for the present invention；

The structural representation opening operation execution system of another embodiment that Figure 11 provides for the present invention.

Detailed description of the invention

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Ground describes, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments.Based on this Inventive embodiment, the every other enforcement that those of ordinary skill in the art are obtained under not making creative work premise Example, broadly falls into protection scope of the present invention.

In describing the invention, it is to be understood that term " " center ", " longitudinally ", " laterally ", " on ", D score, Orientation or the position relationship of the instruction such as "front", "rear", "left", "right", " vertically ", " level ", " top ", " end ", " interior ", " outward " are Based on orientation shown in the drawings or position relationship, it is for only for ease of the description present invention and simplifies description rather than instruction or dark The device or the element that show indication must have specific orientation, with specific azimuth configuration and operation, therefore it is not intended that right The restriction of the present invention.Additionally, term " first ", " second " are only used for describing purpose, and it is not intended that instruction or hint relatively Importance or quantity or position.

In describing the invention, it should be noted that unless otherwise clearly defined and limited, term " is installed ", " phase Even ", " connection " should be interpreted broadly, for example, it may be fixing connection, it is also possible to be to removably connect, or be integrally connected；Can To be mechanical connection, it is also possible to be electrical connection；Can be to be joined directly together, it is also possible to be indirectly connected to by intermediary, Ke Yishi The connection of two element internals.For the ordinary skill in the art, can understand that above-mentioned term is at this with concrete condition Concrete meaning in invention.

Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.

Fig. 1 illustrates the flow chart of the information output method of the present invention, and the information output method of the present invention can be safety The method of equipment output information, sees Fig. 1, the information output method of the present invention, including:

S101, obtains operation requests；

Concrete, safety equipment can obtain operation requests, and this operation requests can be to obtain the request of sensitive information, also Can be the request of automobile unlatching, certainly, as long as involving a need to the request that safety obtains or performs safe opening operation, Think the operation requests of the present invention.

Certainly, the safety equipment of the present invention can be bound with controlled device, and such as, safety equipment can be with quick Sense information storing device is bound, or binds with automobile, carries out binding with controlled device and can ensure that controlled device With the unique association of safety equipment, improve the safety of information transmission therebetween.

S102, after getting operation requests, obtains identification information and/or location information；

Concrete, safety equipment, after getting operation requests, can obtain the mark letter of the controlled device bound with it Breath, this identification information can be to obtain from the controlled device bound with it, such as, carries this identification information in operation requests, Thus got by safety equipment.This identification information can be that the sequence number information etc. of controlled device possesses unique identification function Information.Obtain identification information follow-up background system server can be facilitated to know is which equipment needs background system server Checking.

It addition, safety equipment can also obtain location information, this location information can be to carry in operation requests, by controlled The locating module arranged in equipment generates；Can also be that the locating module that arranges from safety equipment of safety equipment obtains 's.Above-mentioned locating module can be any one locating module following: GPS, AGPS or Big Dipper location etc..If set in safety Locating module is set in Bei, the speed obtaining location information of safety equipment can being improved, determining if arranged in controlled device Position module, it is possible to reduce the quantity of module in safety equipment, reduces flow process, improves the processing speed of safety equipment.

Certainly, the safety equipment of the present invention can only obtain identification information, it is also possible to only obtains location information, it is also possible to obtain Take identification information and two kinds of information of location information.Either obtain single information or two kinds of information obtain, together as long as can To ensure that controlled device can be verified by Subsequent secure equipment.

It addition, in the present invention, this step can also include legitimacy and the verity of safety equipment checking controlled device Operation.Such as:

Can comprise fourth process information and the 4th information packet in operation requests, wherein, fourth process information is 4th information packet is carried out what the 7th process obtained, and the 4th information packet is the 4th information to be carried out the 8th process obtain , the 4th information at least includes: identification information and/or location information；

Certainly, the 7th process can be encryption or signature process.When the 7th is processed as encryption, can adopt It is encrypted with symmetric encipherment algorithm, it would however also be possible to employ rivest, shamir, adelman is encrypted.Such as: can be to calculate the 4th letter The MAC value of breath packet, it is also possible to be the HASH value calculating the 4th information packet, it is of course also possible to be to intercept the MAC calculated Partial value in value or HASH value.When the 7th is processed as signature process, controlled device can use the private key of controlled device 4th information packet is carried out signature process.

8th process can be any one in following process:

(1) the simple interpolation that the 4th information carries out source address and destination address processes, and retains identification information and/or location The plaintext of information；The most only transmit in plain text, facilitate follow-up certification, simple flow.

(2) at least the identification information in the 4th information and/or location information are encrypted；By this AES to mark After knowledge information and/or location information are encrypted, use the decipherment algorithm corresponding with this AES can decrypt mark letter Breath and/or location information.Now, identification information and/or location information are encrypted, are possible to prevent identification information and/or determine Position information is cracked in transmitting procedure, improves transmission security.

Now, after getting operation requests, safety equipment can be according to the 4th information packet to fourth process information Verify, and after being verified, obtain identification information and/or location information according to the 4th information packet.Safety equipment When verifying fourth process information, if the 7th is processed as encryption, now fourth process can be believed by safety equipment Breath is decrypted to verify this fourth process information, it is possible to be encrypted to verify that fourth process is believed to the 4th information packet Breath；Processing if the 7th is processed as signature, now safety equipment can carry out sign test with checking the everywhere to fourth process information Reason information, such as, can use the PKI of controlled device and the 4th information packet that fourth process information is carried out sign test.As Fruit checking fourth process information is passed through, then show to verify that the 4th information packet is passed through, thus demonstrate controlled device and pass through, only After having checking controlled device to pass through, just perform subsequent operation, improve safety.

It addition, safety equipment can according to the 8th process difference, by following different modes obtain identification information and/or Location information:

(1) when the 8th is processed as the simple interpolation process that the 4th information carries out source address and destination address, mark is retained During the plaintext of knowledge information and/or location information, safety equipment obtain the 4th information packet that receives i.e. can get the Four information, thus obtain identification information and/or location information；Now simplify acquisition flow process, improve acquisition speed.

(2) when the 8th is processed as at least being encrypted the identification information in the 4th information and/or location information, safety Information after encryption can be decrypted by equipment, gets this identification information and/or location information, now ensure that mark letter Breath and/or the verity of location information.

Certainly, the most different in order to ensure the 4th information packet, the 4th information can also include: the 4th authentication code. 4th authentication code can be: random number, time parameter or dynamic password value, such as:

The random number that the randomizer that 4th authentication code can be provided in controlled device generates；Can also be to set Put the time parameter that the clock in controlled device produces；Can also is that the dynamic password generation module being arranged in controlled device The dynamic password value generated；Can also is that the static password pre-set, user is inputted by the keyboard of controlled device, from And make controlled device obtain and be somebody's turn to do to the 4th authentication code, certainly, in order to ensure that the parameter obtained is different every time, can complete once After acquisition, prompting user resets this static password；Can also is that the E-token dynamic password card bound with this controlled device generates dynamic Password, user is inputted by the keyboard of controlled device, thus gets the 4th authentication code.Certainly, the 4th of the present invention Authentication code is not limited to foregoing, it is also possible to be the arbitrary combination of above-mentioned all kinds of parameter, certainly, as long as obtain every time To parameter differ, all can be obtained by controlled device as the 4th authentication code.The most different 4th recognize by obtaining this Card code, it is to avoid the information owing to sending is identical and produces the situation that request is the most identical every time and occurs, and improves safety.

Certainly, in the present invention, in order to ensure the subsequent authentication using signature to process, can store controlled in controlled device The private key of equipment, the PKI of safety equipment, store the PKI of the PKI of controlled device, background system server in safety equipment And the private key of safety equipment, background system server stores the PKI of safety equipment and the private of background system server Key.

Step S103, verifies identification information and/or location information, and after being verified, obtains the first certification Code and first information output policy；

Safety equipment are after getting identification information and/or location information, in addition it is also necessary to identification information and/or location information Verify, in order to controlled device is verified by safety equipment, only after safety equipment checking controlled device passes through, just meeting Information is exported, it is ensured that the verity of operation requests to background system server.

In the present invention, safety equipment can verify identification information in the following way: obtains the identification information prestored；Checking Identification information is the most consistent with the identification information prestored, if identification information is consistent with the identification information prestored, then verifies mark Information is passed through.After safety equipment checking identification information passes through, just can determine that the verity of controlled device, thus perform follow-up behaviour Make, the most not perform the operation of follow-up unlatching or acquisition.

Safety equipment can verify location information in the following way: obtains the orientation range information prestored；Checking location Whether information is included in the orientation range information prestored, if location information is in the orientation range information prestored, then verifies Location information is passed through.After safety equipment checking location information is passed through, just can determine that controlled device is in the orientation range of permission, Such that it is able to execution subsequent operation, the most not perform the operation of follow-up unlatching or acquisition.

Additionally, safety equipment also obtain the first authentication code, this first authentication code can be provided in safety equipment with The random number that machine number generator generates；The time parameter that the clock can also being provided in safety equipment produces；Can also is that The dynamic password value that the dynamic password generation module being arranged in safety equipment generates；Can also is that the static state pre-set is close Code, user is inputted by the keyboard of safety equipment, thus obtains and be somebody's turn to do to the first authentication code, certainly, in order to ensure to obtain every time The parameter taken is different, user can be pointed out to reset this static password after completing once to obtain；Can also is that and these safety equipment The dynamic password that the E-token dynamic password card of binding generates, user is inputted by the keyboard of safety equipment, thus get this One authentication code.Certainly, first authentication code of the present invention is not limited to foregoing, it is also possible to be any of above-mentioned all kinds of parameter Combination, certainly, as long as the parameter got differs every time, all can be acquired as the first authentication code.By obtaining This first the most different authentication code, it is to avoid the information owing to sending is identical and produces the situation that request is the most identical every time and occurs, Improve safety.

Certainly, safety equipment also obtain first information output policy, this first information output policy can be encryption after defeated The strategy gone out, it is also possible to be signature after output strategy.After using encryption, the strategy of output ensure that the safety that information is transmitted And verifiability；Use in addition to the safety and verifiability that after signing, the strategy of output transmits except ensure that information, The non repudiation that the information that also assures that sends.

S104, according to first information output policy, carries out the first process to first information packet, it is thus achieved that first processes letter Breath, first information packet carries out the second process to the first information and obtains, and the first information at least includes: the first authentication code；

Concrete, when output tactful after first information output policy is encryption, first information packet is carried out the One process can be: is encrypted first information packet.This encryption can use symmetric encipherment algorithm to be encrypted, Rivest, shamir, adelman can also be used to be encrypted.Such as: can be the MAC value calculating first information packet, it is also possible to It is the HASH value calculating first information packet, it is of course also possible to be to intercept the part in the MAC value or HASH value calculated Value.

When first information output policy be signature after output tactful time, first information packet is carried out the first process can Think: use the private key of safety equipment that first information packet is carried out signature process.

First information packet carries out the second process to the first information and obtains, and this second process can be following process In any one:

(1) the simple interpolation that the first information carries out source address and destination address processes, and retains the plaintext of the first authentication code； The most only transmit in plain text, facilitate follow-up certification, simple flow.

(2) at least the first authentication code in the first information is encrypted；By this AES, the first authentication code is entered After row encryption, use the decipherment algorithm corresponding with this AES can decrypt the first authentication code.Now, to the first authentication code It is encrypted, is possible to prevent the first authentication code to be cracked in transmitting procedure, improve transmission security.

Additionally, the first information can also include operation requests, it is ensured that follow-up operation requests can also be verified, To ensure the verity of operation requests.The first information can also include identification information, to ensure that follow-up background system server can To know the being request initiated of which equipment.The first information can also include location information, in order to follow-up background system server The location information residing for controlled device can be known.Certainly, during the first information can include above-mentioned information any one or appoint One combination.

S105, output the first process information and first information packet.

Concrete, information can be processed by first and first information packet exports to background system server, in order to First process information is verified by background system server.

By the information output method of the present invention, controlled device is verified by safety equipment, it is ensured that request true Reality, thus improve verity and the safety of security device information output.

Fig. 2 illustrates the structural representation of the safety equipment of the present invention, sees Fig. 2, and the safety equipment 20 of the present invention use Step S101 as shown in Figure 1 exports information to the method for step S105, only the structure of these safety equipment 20 is carried out letter at this Unitary declaration, it is only a kind of signal that the structure of the safety equipment 20 of the present invention divides, it is also possible to use other dividing mode, at this Do not enumerate, only one of which dividing mode is illustrated.

The safety equipment 20 of the present invention include: first acquisition module the 201, first authentication module the 202, first processing module 203 and first transceiver module 204；Wherein:

First acquisition module 201 is used for obtaining operation requests, after getting operation requests, obtain identification information and/or Location information；

First authentication module 202 is for verifying identification information and/or location information, and after being verified, refers to Show that the first acquisition module 201 obtains the first authentication code and first information output policy；

First processing module 203, for according to first information output policy, carries out the first process to first information packet, Obtaining the first process information, first information packet carries out the second process to the first information and obtains, and the first information at least wraps Include: the first authentication code；Certainly, the first authentication code can be: random number, time parameter or dynamic password value.Certainly, the first letter Breath output policy be encryption after output strategy；First is processed as encryption；Or after first information output policy is for signature The strategy of output；First is processed as signature processes.

First transceiver module 204 is for output the first process information and first information packet.

It addition, identification information and/or location information can be verified by the first authentication module 202 in the following way:

First acquisition module 201 also obtains the identification information prestored；Whether first authentication module 202 also verifies identification information Consistent with the identification information prestored, if identification information is consistent with the identification information prestored, then checking identification information passes through；With/ Or

First acquisition module 201 also obtains orientation range information；First authentication module 202 also verifies whether location information wraps Being contained in the orientation range information prestored, if location information is in the orientation range information prestored, then checking location information is led to Cross.

If it addition, operation requests comprising fourth process information and the 4th information packet；Fourth process information is 4th information packet is carried out what the 7th process obtained, and the 4th information packet is the 4th information to be carried out the 8th process obtain , the 4th information at least includes: identification information and/or location information；So, safety equipment also include: the 3rd authentication module 205, the 3rd authentication module 205 is also after the first acquisition module 201 gets operation requests, according to the 4th information packet to Four process information are verified, and after being verified, indicate the first acquisition module 201 to obtain mark according to the 4th information packet Knowledge information and/or location information.Now, the 7th it is processed as encryption or signature process.

Certainly, in order to ensure the nonuniqueness of the information sent every time, the 4th information can also include: the 4th authentication code. 4th authentication code is: random number, time parameter or dynamic password value.

Additionally, the first information also includes operation requests and/or identification information and/or location information.

By the safety equipment of the present invention, owing to controlled device is verified, it is ensured that the verity of request, thus Improve verity and the safety of security device information output.

Fig. 3 illustrates the response method of the process information of the present invention, sees Fig. 3, the responder of the process information of the present invention Method, including:

Step S101 to step S105, the method phase of step S101 used with above-mentioned safety equipment to step S105 With, output the first process information and first information packet；Do not repeat them here.

Step S106, after background system server receives the first process information and first information packet, obtains the One information and the first authentication policy；

Concrete, background system server receives the first process information and the first information data of safety equipment output Bao Hou, according to the second different modes processed, can by use mate with the second process in the way of obtain the first information:

(1) process when the second simple interpolation being processed as the first information is carried out source address and destination address, retain first During the plaintext of authentication code, now, background system server obtains and receives first information packet and i.e. can get the first letter Breath, thus obtain the first authentication code；Now simplify acquisition flow process, improve acquisition speed.

(2) when second is processed as at least being encrypted the first authentication code in the first information, background system server The first authentication code after encryption can be decrypted, gets this first authentication code, decrypt the first authentication code, it is possible to obtain This first authentication code so as follow-up to first process information checking.

It addition, the first authentication policy should match with first information output policy: when first information output policy is encryption During rear output tactful, if first information output policy uses symmetric encipherment algorithm to be encrypted, then the first authentication policy is The deciphering matched with the strategy of output after encryption the strategy verified；If first information output policy uses asymmetric arithmetic Be encrypted, then the first authentication policy be with encryption after the encryption that matches of strategy of output the strategy verified.When the first letter When breath output policy is output after signature tactful, the first authentication policy be with signature after the sign test plan that matches of strategy of output Slightly, such as, use the PKI of safety equipment and first information packet that the first process information is carried out sign test, after sign test is passed through, Show that background system server checking safety equipment pass through, after being only verified, just perform subsequent operation, improve safety. Thus can ensure that background system server verifies the first process information according to the first authentication policy.

Step S107, background system server is according to first authentication policy checking the first process information；

Concrete, when the first process information is verified by background system server according to the first authentication policy, can adopt With the first authentication code obtained from the first information, the first process information is verified；Can also carry out with safety equipment in advance Consult, prestore the authentication code identical with the first authentication code that safety equipment send, obtain this authentication code pair prestored First process information is verified；Can also hold consultation with safety equipment in advance, use identical authentication code generating mode raw Becoming authentication code, the first process information is verified by the authentication code obtaining this generation.No matter use which kind of verification mode, if energy Enough realize the purpose that the first process information is verified, all may be embodied in protection scope of the present invention.

Step S108, background system server, after checking the first process information is passed through, exports the first response message response First processes information.

Concrete, if background system server checking the first process information is not passed through, then output error message, do not allow Perform follow-up unlatching to operate.

Background system is after in checking, the first process information passes through, and background system server can export the in the following way One response message response the first process information:

Background system server obtains the second authentication code and the second information output policy, according to the second information output plan Slightly, the second information packet is carried out the 3rd process, it is thus achieved that second processes information, and the second information packet is to enter the second information Row fourth process obtains, and the second information at least includes: the second authentication code, output the second process information and the second information data Bag.Now, information and the second information packet are processed using second as the first response message with response the first process information.Separately Outward, the second information can also include open command, for follow-up unlatching controlled device.

Wherein, if the second information output policy be encryption after output strategy, then the 3rd is processed as encryption, when So, can be in the way of using symmetric cryptography or asymmetric encryption；If the second information output policy is for exporting after signature Strategy, then the 3rd be processed as signature process, certainly, the private key of background system server now can be used to sign. Certainly, the 3rd process of the present invention can process to adopt with first and process in a like fashion, simplifies processing mode；Can also Process in different ways, increase and crack difficulty, improve safety.

Obtain it addition, the second information packet carries out fourth process to the second information, this fourth process can be as Any one in lower process:

(1) interpolation that the second information carries out source address and destination address processes, and retains the plaintext of the second authentication code, or Retain the plaintext of the second authentication code and open command；The most only transmit in plain text, facilitate the certification of Subsequent secure equipment, simplify stream Journey.

(2) at least the second authentication code in the second information is encrypted；By this AES, the second authentication code is entered After row encryption, use the decipherment algorithm corresponding with this AES can decrypt the second authentication code.Such as: by the second authentication code It is encrypted, or the second authentication code and open command are encrypted.Now, the second authentication code is encrypted, permissible Prevent the second authentication code to be cracked in transmitting procedure, improve transmission security.

Certainly, the second authentication code can be that the first authentication code of obtaining from the first information of background system server is as Two authentication codes, now simplify the handling process of background system server, improve treatment effeciency；Or after the second authentication code can be The second authentication code that platform system server generates, now increases the difficulty that the second authentication code is cracked, and improves safety.

Certainly, this second authentication code can also be: any one in random number, time parameter or dynamic password value, can The random number generated with the randomizer being provided in background system server；Background system clothes can also be provided in The time parameter that clock in business device produces；Can also is that the dynamic password generation module being arranged in background system server is raw The any-modes such as the dynamic password value become.Certainly, second authentication code of the present invention is not limited to foregoing, it is also possible on being State all kinds of combinations, certainly, as long as the parameter got differs every time, all can be acquired as the second authentication code.Logical Cross and obtain this second the most different authentication code, it is to avoid the information owing to sending is identical and produces the situation that every secondary response is homogeneously same Occur, improve safety.

As can be seen here, use the response method of the process information of the present invention, only verify safety in background system server After equipment passes through, just allow subsequent operation, it is ensured that safety.

Fig. 4 illustrates the response system of the process information of the present invention of the present invention, sees Fig. 4, the process information of the present invention Response system use step S101 as shown in Figure 3 to export the first response message, at this only to this to the method for step S108 The structure of the response system of process information is briefly described, and the structure of the response system of the process information of the present invention divides and is only A kind of signal, it is also possible to use other dividing mode, numerous to list herein, only one of which dividing mode is said Bright.

The response system of the process information of the present invention, including: use above-mentioned safety equipment 20 and background system service Device 30；Background system server 30 includes the second acquisition module the 301, second authentication module 302 and the second transceiver module 303； Wherein:

Second transceiver module 303 is for receiving the first process information and the first information data of safety equipment 20 output Bag；

Second acquisition module 301 for receiving the first process letter of safety equipment 20 output at the second transceiver module 303 After breath and first information packet, obtain the first information and the first authentication policy；

Second authentication module 302 for according to first authentication policy checking the first process information, and verify the first process After information is passed through, indicate the second transceiver module 303 to export the first response message and respond the first process information.

Wherein, when first information output policy be encryption after output tactful time, the first authentication policy be with encrypt after defeated Deciphering that the strategy gone out matches the strategy verified, or the first authentication policy be with encryption after the strategy of output match The strategy encrypted and verify；When first information output policy be signature after output tactful time, the first authentication policy is and signature The sign test strategy that the strategy of rear output matches.

It addition, background system server 30 can also include the second processing module 304；

Second acquisition module 301 is additionally operable to obtain the second authentication code and the second information output policy；

Second processing module 304, for according to the second information output policy, carries out the 3rd process to the second information packet, Obtaining the second process information, the second information packet carries out fourth process to the second information and obtains, and the second information is at least wrapped Include: the second authentication code；

Second transceiver module 303 is additionally operable to export the second process information and the second information packet.

Wherein, when the second information output policy be encryption after output tactful time, the 3rd is processed as encryption；When second Information output policy be signature after output tactful time, the 3rd be processed as signature process.

Additionally, the second authentication code can be the first authentication code that the second acquisition module 301 obtains from the first information；Or Person, background system server 30 also includes that the second generation module 305, the second generation module 305 generate the second authentication code, and second obtains Delivery block 301 obtains the second authentication code that the second generation module 305 generates.Second authentication code can be: random number, time parameter Or the arbitrary parameters such as dynamic password value, as long as ensure that getting parameter all differences may act as the second authentication code every time.

It addition, the second information can also include: open command.So as follow-up unlatching controlled device.

As can be seen here, use the response system of the process information of the present invention, only verify safety in background system server After equipment passes through, just allow subsequent operation, it is ensured that safety.

Fig. 5 illustrates the unlatching operation execution method of an embodiment of the present invention, sees Fig. 5, in the present embodiment, opens behaviour Make execution method, including:

Step S106 to step S108, the side of step S106 used with above-mentioned background system server to step S108 Method is identical, concrete, can export the second process information and the second information packet；Do not repeat them here.

Step S109, after safety equipment receive the second process information and the second information packet, obtains the second information, and Obtain the second authentication policy；

Concrete, safety equipment receive the second process information and second information data of background system server output Bao Hou, according to the different modes of fourth process, can by use mate with fourth process in the way of obtain the second information:

(1) it is that the interpolation that the second information carries out source address and destination address processes when fourth process, when retaining in plain text, this Time, safety equipment acquisition receives the second information packet and i.e. can get the second information, thus obtains the second authentication code；This Time simplify acquisition flow process, improve acquisition speed.

(2) when fourth process is at least to be encrypted the second authentication code in the second information, safety equipment can be right Information after encryption is decrypted, and decrypts the second authentication code thus gets this second authentication code, in order to Subsequent secure equipment To the second checking processing information.

It addition, the second authentication policy of safety equipment should match with the second information output policy: when the second information exports Strategy is for after encryption during output tactful, if the second information output policy uses symmetric encipherment algorithm to be encrypted, then and second Authentication policy be with encryption after the deciphering that matches of strategy of output the strategy verified；If the second information output policy uses Asymmetric arithmetic is encrypted, then the second authentication policy be with encryption after the encryption that matches of strategy of output the plan verified Slightly.When the second information output policy be signature after output tactful time, the second authentication policy be with signature after export tactful phase The sign test strategy of coupling, now, the PKI of safety equipment employing background system server and the second information packet are to second Process information carries out sign test, after sign test is passed through, shows that background system server is verified by safety equipment, only verifies backstage After system server passes through, just perform subsequent operation, improve safety.Thus can ensure that safety equipment can be tested according to second Card policy validation second processes information.

Step S110, safety equipment are according to second authentication policy checking the second process information；

Concrete, when the second process information is verified by safety equipment according to the second authentication policy, can use from the Second process information is verified by the second authentication code obtained in two information；Can also carry out with background system server in advance Consulting, background system server presets this second authentication code, user's this second authentication code of input through keyboard by safety equipment, from And by getting this second authentication code, the second process information is verified；Can also carry out with background system server in advance Consulting, use the dynamic password that the E-token dynamic password card with the binding of these safety equipment generates as the second authentication code, user is by peace This second authentication code of input through keyboard of full equipment, thus by this second authentication code got, the second process information is tested Card.No matter using which kind of verification mode, as long as being capable of the purpose that the second process information is verified, all may be embodied in In protection scope of the present invention.

Step S111, open command is sent to controlled device by safety equipment；

Concrete, if the second information obtained from the second information packet that background system server sends is not wrapped Containing open command, then during this step, safety equipment, after checking the second process information is passed through, generate open command, and will open Open instruction to send to controlled device；If the second information obtained from the second information packet that background system server sends In comprise open command, then during this step, open command after in checking, the second process information passes through, is sent extremely by safety equipment Controlled device；

Step S112, controlled device receives open command, performs to open the flow process of operation according to open command.

Concrete, if controlled device is sensitive information storage device, then, after receiving open command, this storage Equipment can allow sensitive information by acquired in connected safety equipment.If controlled device is automobile, then, receive After open command, this automobile can be started.

As can be seen here, using the unlatching operation execution method of the present invention, only safety equipment checking controlled device passes through, and Background system server checking safety equipment pass through, and just can open controlled device or obtain sensitivity letter from controlled device Breath, it is ensured that the safety that controlled device is opened or sensitive information obtains.

Fig. 6 illustrates the unlatching operation execution system of an embodiment of the present invention, sees Fig. 6, in the present embodiment, opens behaviour Making execution system uses step S101 as shown in Figure 5 to perform to open operation, at this only to this unlatching to the method for step S112 The structure of operation execution system is briefly described, and it is only that one is shown that the structure opening operation execution system of the present invention divides Meaning, it is also possible to use other dividing mode, numerous to list herein, only one of which dividing mode is illustrated.

In the present embodiment, the second information does not comprise open command.

The unlatching operation execution system of the present invention, including: controlled device 10 and the response system of above-mentioned process information System；Wherein, safety equipment 20 also include: the 4th authentication module the 206, first generation module 207a and the 3rd transceiver module 208a；

First acquisition module 201 after the first transceiver module 204 receives the second process information and the second information packet, Also obtain the second information, and obtain the second authentication policy；

4th authentication module 206 is according to second authentication policy checking the second process information, and processes information in checking second By rear, indicate the first generation module 207a to generate open command, and indicate the 3rd transceiver module 208a open command to be sent To controlled device 10；

Controlled device 10 receives open command, performs to open the flow process of operation according to open command.

As can be seen here, using the unlatching operation execution system of the present invention, only safety equipment checking controlled device passes through, and Background system server checking safety equipment pass through, and just can open controlled device or obtain sensitivity letter from controlled device Breath, it is ensured that the safety that controlled device is opened or sensitive information obtains.

Fig. 7 illustrates the unlatching operation execution system of another kind embodiment of the present invention, sees Fig. 7, in the present embodiment, opens Operation execution system uses step S101 as shown in Figure 5 to the method execution unlatching operation of step S112, only opens this at this The structure opening operation execution system is briefly described, and it is only that one is shown that the structure opening operation execution system of the present invention divides Meaning, it is also possible to use other dividing mode, numerous to list herein, only one of which dividing mode is illustrated.

In the present embodiment, the second information comprises open command.

The unlatching operation execution system of the present invention, including: controlled device 10 and the response system of above-mentioned process information System；Wherein, safety equipment 20 also include: the 4th authentication module 206 and the 3rd transceiver module 207b；

First acquisition module 201 receives the second process information and the second information packet at the first transceiver module 204 After, also obtain the second information, and obtain the second authentication policy；

4th authentication module 206 is according to second authentication policy checking the second process information, and processes information in checking second By rear, open command is sent to controlled device 10 by instruction the 3rd transceiver module 207b；

Certainly, the either unlatching operation execution system opened shown in operation execution system or Fig. 7 shown in Fig. 6, when Second information output policy be encryption after output tactful time, the second authentication policy be with encryption after output strategy match The strategy deciphered and verify, or the second authentication policy be with encryption after the encryption that matches of strategy of output the plan verified Slightly；When the second information output policy be signature after output tactful time, the second authentication policy be with signature after output strategy The sign test strategy joined.

Fig. 8 illustrates the unlatching operation execution method of another kind embodiment of the present invention, sees Fig. 8, in the present embodiment, opens Operation execution method, including:

In the present embodiment, the second information packet does not comprise open command.

It addition, the second authentication policy of safety equipment should match with the second information output policy: when the second information exports Strategy is for after encryption during output tactful, if the second information output policy uses symmetric encipherment algorithm to be encrypted, then and second Authentication policy be with encryption after the deciphering that matches of strategy of output the strategy verified；If the second information output policy uses Asymmetric arithmetic is encrypted, then the second authentication policy be with encryption after the encryption that matches of strategy of output the plan verified Slightly.When the second information output policy be signature after output tactful time, the second authentication policy be with signature after export tactful phase The sign test strategy of coupling, now, safety equipment use the PKI of background system server and the second information packet at second Reason information carries out sign test, after being verified, shows that background system server is verified by safety equipment, only checking backstage system After system server passes through, just perform subsequent operation, improve safety.Thus can ensure that safety equipment are according to the second authentication policy Checking the second process information.

Step S111, safety equipment, after checking the second process information is passed through, generate open command, and obtain the 3rd certification Code and the 3rd information output policy；

Concrete, in the present embodiment, the second information packet that background system server sends does not comprises unlatching and refers to Order, safety equipment are after checking the second process information is passed through, in addition it is also necessary to generate open command, in order to instruction controlled device is according to being somebody's turn to do Open command performs to open the flow process of operation.

Additionally, safety equipment also obtain the 3rd authentication code, the 3rd authentication code can be the first authentication code, it is also possible to be peace The second authentication code that full equipment obtains from the second information, it is also possible to be the 3rd authentication code of safety equipment generation.

If the 3rd authentication code is the 3rd authentication code that safety equipment generate, then, the 3rd authentication code can be to set Put the random number that the randomizer in safety equipment generates；The clock can also being provided in safety equipment produces Time parameter；Can also is that the dynamic password value that the dynamic password generation module being arranged in safety equipment generates；Can also is that The static password pre-set, user is inputted by the keyboard of safety equipment, thus obtains and be somebody's turn to do the 3rd authentication code, when So, in order to ensure that the parameter obtained is different every time, user can be pointed out to reset this static password after completing once to obtain；Also Can be the dynamic password of the E-token dynamic password card generation bound with these safety equipment, user carries out defeated by the keyboard of safety equipment Enter, thus get the 3rd authentication code.Certainly, the 3rd authentication code of the present invention is not limited to foregoing, it is also possible to be The arbitrary combination of above-mentioned all kinds of parameter, certainly, as long as the parameter got differs every time, all can be as the 3rd certification Code is acquired.By obtaining this 3rd the most different authentication code, it is to avoid the information owing to sending is identical and produces request every time The most identical situation occurs, and improves safety.

Certainly, safety equipment also obtain the 3rd information output policy, the 3rd information output policy can be encryption after defeated The strategy gone out, including symmetric cryptography or asymmetric encryption, it is also possible to be signature after output strategy, now, safety equipment are adopted Sign with the private key of safety equipment.After using encryption, the strategy of output ensure that safety that information transmits and can verify that Property；Use in addition to the safety transmit except ensure that information of strategy and the verifiability of output after signature, it is ensured that believe The non repudiation that breath sends.

Step S112, safety equipment, according to the 3rd information output policy, carry out the 5th process to the 3rd information packet, obtain Obtaining the 3rd process information, the 3rd information packet carries out the 6th process to the 3rd information and obtains, and the 3rd information at least includes: 3rd authentication code and open command；

Concrete, when output tactful after the 3rd information output policy is encryption, the 3rd information packet is carried out the Five process can be: is encrypted the 3rd information packet.This encryption can use symmetric encipherment algorithm to be encrypted, Rivest, shamir, adelman can also be used to be encrypted.Such as: can be the MAC value calculating the 3rd information packet, it is also possible to It is the HASH value calculating the 3rd information packet, it is of course also possible to be to intercept the part in the MAC value or HASH value calculated Value.

When the 3rd information output policy be signature after output tactful time, the 3rd information packet is carried out the 5th process can Think: use the private key of safety equipment that the 3rd information packet is carried out signature process.

3rd information packet carries out the 6th process to the 3rd information and obtains, and the 6th process can be following process In any one:

(1) interpolation that the 3rd information carries out source address and destination address processes, and retains the plaintext of the 3rd authentication code；Now Only transmit in plain text, facilitate follow-up certification, simple flow.

(2) at least the 3rd authentication code in the 3rd information is encrypted；By this AES, the 3rd authentication code is entered After row encryption, use the decipherment algorithm corresponding with this AES can decrypt the 3rd authentication code.Now, to the 3rd authentication code It is encrypted, is possible to prevent the second authentication code to be cracked in transmitting procedure, improve transmission security.

Step S113, safety equipment output the 3rd process information and the 3rd information packet；

Concrete, information can be processed by the 3rd and the 3rd information packet exports to controlled device, in order to controlled set For the 3rd process information is verified.

Step S114, after controlled device receives the 3rd process information and the 3rd information packet, obtains the 3rd information, and Obtain the 3rd authentication policy；

Concrete, after controlled device receives the 3rd process information and the 3rd information packet of safety equipment output, According to the 6th different modes processed, can by use mate with the 6th process in the way of obtain the 3rd information:

(1) process when the 3rd interpolation being processed as the 3rd information is carried out source address and destination address, retain the 3rd certification During the plaintext of code, now, controlled device obtains and receives the 3rd information packet and i.e. can get the 3rd information, thus obtains 3rd authentication code；Now simplify acquisition flow process, improve acquisition speed.

(2) when second is processed as at least being encrypted the 3rd authentication code in the 3rd information, controlled device can be right The 3rd authentication code after encryption is decrypted, and gets the 3rd authentication code.Decrypt the 3rd authentication code, it is possible to obtain the 3rd Authentication code so as follow-up to the 3rd process information checking.

Additionally, when the 3rd information output policy be encryption after output tactful time, the 3rd authentication policy be with encrypt after defeated Deciphering that the strategy gone out matches the strategy verified, or the 3rd authentication policy be with encryption after the strategy of output match The strategy encrypted and verify；When the 3rd information output policy be signature after output tactful time, the 3rd authentication policy is and signature The sign test strategy of the strategy matching of rear output, now, controlled device can use the PKI of safety equipment to carry out sign test.

Step S115, controlled device is according to the 3rd authentication policy checking the 3rd process information；

Concrete, the 3rd authentication policy should match with the 3rd information output policy: when the 3rd information output policy is for adding Close after output tactful time, if the 3rd information output policy use symmetric encipherment algorithm be encrypted, then the 3rd authentication policy For with encryption after the deciphering that matches of strategy of output the strategy verified；If the 3rd information output policy uses asymmetric calculation Method is encrypted, then the 3rd authentication policy be with encryption after the encryption that matches of strategy of output the strategy verified.When the 3rd When information output policy is output after signature tactful, the 3rd authentication policy be with signature after the sign test that matches of strategy of output Strategy, such as, uses the PKI of safety equipment and the 3rd information packet that the 3rd process information carries out sign test, and sign test is passed through After, show that safety equipment are verified by controlled device, after only checking safety equipment pass through, just perform subsequent operation, improve Safety.Thus can ensure that controlled device is according to the 3rd authentication policy checking the 3rd process information.

Step S116, controlled device, after checking the 3rd process information is passed through, performs to open operation according to open command Flow process.

As can be seen here, using the unlatching operation execution method of the present invention, only safety equipment checking controlled device passes through, after Platform system server checking safety equipment by and after controlled device verifies that safety equipment pass through, just can open controlled device or Person obtains sensitive information from controlled device, it is ensured that the safety that controlled device is opened or sensitive information obtains.

Fig. 9 illustrates the unlatching operation execution system of another embodiment of the present invention, sees Fig. 9, in the present embodiment, opens Operation execution system uses step S101 as shown in Figure 8 to the method execution unlatching operation of step S116, only opens this at this The structure opening operation execution system is briefly described, and it is only that one is shown that the structure opening operation execution system of the present invention divides Meaning, it is also possible to use other dividing mode, numerous to list herein, only one of which dividing mode is illustrated.

Open operation execution system to include: controlled device 10 and the response system of above-mentioned process information；Wherein, peace Full equipment 20 also includes: the 4th authentication module the 206, first generation module 207c and the 3rd transceiver module 208c；

4th authentication module 206 is according to second authentication policy checking the second process information, and processes information in checking second By rear, the first generation module 207c is indicated to generate open command；

First acquisition module 201 also obtains the open command that the first generation module 207c generates, and obtains the 3rd certification Code and the 3rd information output policy；

First processing module 203, according to the 3rd information output policy, carries out the 5th process to the 3rd information packet, it is thus achieved that 3rd processes information, and the 3rd information packet carries out the 6th process to the 3rd information and obtains, and the 3rd information at least includes: the Three authentication codes and open command；

3rd transceiver module 208c output the 3rd process information and the 3rd information packet；

Controlled device 10 includes: the 4th transceiver module the 101, the 3rd acquisition module the 102, the 5th authentication module 103 and holding Row module 104；

4th transceiver module 101 receives the 3rd process information and the 3rd information packet；

3rd acquisition module 102 obtains the 3rd information, and obtains the 3rd authentication policy；

5th authentication module 103 is according to the 3rd authentication policy checking the 3rd process information, and processes information in checking the 3rd By rear, instruction performs module 104 and performs to open the flow process of operation according to open command.

3rd information output policy be encryption after output strategy；5th is processed as encryption；Or

3rd information output policy be signature after output strategy；5th is processed as signature processes.

Additionally, when the 3rd information output policy be encryption after output tactful time, the 3rd authentication policy be with encrypt after defeated Deciphering that the strategy gone out matches the strategy verified, or the 3rd authentication policy be with encryption after the strategy of output match The strategy encrypted and verify；When the 3rd information output policy be signature after output tactful time, the 3rd authentication policy is and signature The sign test strategy of the strategy matching of rear output.

Additionally, the 3rd authentication code can be: the first authentication code；Or what safety equipment obtained from the second information second recognizes Card code；Or the 3rd authentication code that safety equipment generate.

3rd authentication code can be: any one in random number, time parameter or dynamic password value or combination in any.

As can be seen here, using the unlatching operation execution system of the present invention, only safety equipment checking controlled device passes through, after Platform system server checking safety equipment by and after controlled device verifies that safety equipment pass through, just can open controlled device or Person obtains sensitive information from controlled device, it is ensured that the safety that controlled device is opened or sensitive information obtains.

Figure 10 illustrates the unlatching operation execution method of another embodiment of the present invention, sees Figure 10, in the present embodiment, opens Open operation execution method, including:

In the present embodiment, the second information packet comprises open command.

It addition, the second authentication policy of safety equipment should match with the second information output policy: when the second information exports Strategy is for after encryption during output tactful, if the second information output policy uses symmetric encipherment algorithm to be encrypted, then and second Authentication policy be with encryption after the deciphering that matches of strategy of output the strategy verified；If the second information output policy uses Asymmetric arithmetic is encrypted, then the second authentication policy be with encryption after the encryption that matches of strategy of output the plan verified Slightly.When the second information output policy be signature after output tactful time, the second authentication policy be with signature after export tactful phase The sign test strategy of coupling, now, safety equipment can use the PKI of background system server and the second information packet to the Two process information carry out sign test, after sign test is passed through, show that background system server is verified by safety equipment, only after checking After platform system server passes through, just perform subsequent operation, improve safety.Thus can ensure that safety equipment are according to the second checking Policy validation second processes information.

Step S111, safety equipment, after checking the second process information is passed through, obtain the 3rd authentication code and the 3rd information Output policy；

Concrete, in the present embodiment, the second information packet that background system server sends comprises open command, peace Full equipment, after checking the second process information is passed through, directly obtains the 3rd authentication code, and the 3rd authentication code can be the first certification Code, it is also possible to be the second authentication codes of obtaining from the second information of safety equipment, it is also possible to be that the 3rd of safety equipment generation is recognized Card code.

Certainly, safety equipment also obtain the 3rd information output policy, the 3rd information output policy can be encryption after defeated The strategy gone out, it is also possible to be signature after output strategy.After using encryption, the strategy of output ensure that the safety that information is transmitted And verifiability；Use in addition to the safety and verifiability that after signing, the strategy of output transmits except ensure that information, The non repudiation that the information that also assures that sends.

As can be seen here, the unlatching operation execution method of the present invention, controlled device only checking the 3rd process information is used to lead to Later, just can perform to open the flow process of operation according to open command, it is ensured that open the safety that operation performs.

Figure 11 illustrates the unlatching operation execution system of another embodiment of the present invention, sees Figure 11, in the present embodiment, opens Opening operation execution system uses step S101 as shown in Figure 10 to perform to open operation, at this only to this to the method for step S116 The structure opening operation execution system is briefly described, and it is only a kind of that the structure opening operation execution system of the present invention divides Signal, it is also possible to use other dividing mode, numerous to list herein, only one of which dividing mode is illustrated.

In the present embodiment, the second information comprises open command.

Open operation execution system to include: controlled device 10 and the response system of above-mentioned process information；Wherein, peace Full equipment 20 also includes: the 4th authentication module 206 and the 3rd transceiver module 207d；

4th authentication module 206 is according to second authentication policy checking the second process information, and processes information in checking second By rear, the first acquisition module 201 is indicated to obtain the 3rd authentication code and the 3rd information output policy；

First processing module 203, always according to the 3rd information output policy, carries out the 5th process to the 3rd information packet, obtains Obtaining the 3rd process information, the 3rd information packet carries out the 6th process to the 3rd information and obtains, and the 3rd information at least includes: 3rd authentication code and open command；

3rd transceiver module 207d also exports the 3rd process information and the 3rd information packet；

In flow chart or at this, any process described otherwise above or method description are construed as, and expression includes One or more is for realizing the module of code, fragment or the portion of the executable instruction of the step of specific logical function or process Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not by shown or discuss suitable Sequence, including according to involved function by basic mode simultaneously or in the opposite order, performs function, and this should be by the present invention Embodiment person of ordinary skill in the field understood.

Should be appreciated that each several part of the present invention can realize by hardware, software, firmware or combinations thereof.Above-mentioned In embodiment, the software that multiple steps or method in memory and can be performed by suitable instruction execution system with storage Or firmware realizes.Such as, if realized with hardware, with the most the same, available well known in the art under Any one or their combination in row technology realize: have the logic gates for data signal realizes logic function Discrete logic, there is the special IC of suitable combination logic gate circuit, programmable gate array (PGA), on-the-spot Programmable gate array (FPGA) etc..

Those skilled in the art are appreciated that and realize all or part of step that above-described embodiment method is carried Suddenly the program that can be by completes to instruct relevant hardware, and described program can be stored in a kind of computer-readable storage medium In matter, this program upon execution, including one or a combination set of the step of embodiment of the method.

Additionally, each functional unit in each embodiment of the present invention can be integrated in a processing module, it is also possible to It is that unit is individually physically present, it is also possible to two or more unit are integrated in a module.Above-mentioned integrated mould Block both can realize to use the form of hardware, it would however also be possible to employ the form of software function module realizes.Described integrated module is such as When fruit is using the form realization of software function module and as independent production marketing or use, it is also possible to be stored in a computer In read/write memory medium.

Storage medium mentioned above can be read only memory, disk or CD etc..

In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " specifically show Example " or the description of " some examples " etc. means to combine this embodiment or example describes specific features, structure, material or spy Point is contained at least one embodiment or the example of the present invention.In this manual, to the schematic representation of above-mentioned term not Necessarily refer to identical embodiment or example.And, the specific features of description, structure, material or feature can be any One or more embodiments or example in combine in an appropriate manner.

Although above it has been shown and described that embodiments of the invention, it is to be understood that above-described embodiment is example Property, it is impossible to be interpreted as limitation of the present invention, those of ordinary skill in the art is without departing from the principle of the present invention and objective In the case of above-described embodiment can be changed within the scope of the invention, revise, replace and modification.The scope of the present invention Limited by claims and equivalent thereof.

Claims

1. an information output method, it is characterised in that including:

Safety equipment obtain operation requests；

Described safety equipment, after getting described operation requests, obtain location information and/or the identification information of controlled device；

Described identification information and/or described location information are verified by described safety equipment, and after being verified, and obtain the One authentication code and first information output policy；

Described safety equipment, according to described first information output policy, carry out the first process to first information packet, it is thus achieved that the One processes information, and described first information packet carries out the second process to the first information and obtains, and the described first information is at least Including: described first authentication code；

Described safety equipment output described first processes information and described first information packet.

Method the most according to claim 1, it is characterised in that described safety equipment are to described identification information and/or location The step that information carries out verifying includes:

Described safety equipment obtain the identification information prestored；

Described safety equipment verify that described identification information is the most consistent with the described identification information prestored, if described identification information Consistent with the described identification information prestored, then verify that described identification information passes through；And/or

Described safety equipment obtain the orientation range information prestored；

Described location information described in whether being included in the orientation range information that prestores verified by described safety equipment, if described fixed Position information in the described orientation range information prestored, then verifies that described location information is passed through.

Method the most according to claim 1 and 2, it is characterised in that described safety equipment are getting described operation requests After, the step of the identification information obtaining location information and/or controlled device includes:

Described operation requests comprises fourth process information and the 4th information packet；

Described fourth process information carries out the 7th process to described 4th information packet and obtains, described 4th information data Bag carries out the 8th process to the 4th information and obtains, and described 4th information at least includes: described identification information and/or described fixed Position information；

Described fourth process, after getting described operation requests, is believed by described safety equipment according to described 4th information packet Breath is verified, and after being verified, obtains described identification information and/or described location according to described 4th information packet Information.

Method the most according to claim 3, it is characterised in that the described 7th is processed as encryption or signature process.

Method the most according to claim 3, it is characterised in that described 4th information also includes: the 4th authentication code.

Method the most according to claim 4, it is characterised in that described 4th information also includes: the 4th authentication code.

7. according to the method described in claim 5 or 6, it is characterised in that described 4th authentication code is: random number, time parameter Or dynamic password value.

8. according to the method described in any one of claim 1,2,4 to 6, it is characterised in that

Described first information output policy be encryption after output strategy；

Described first is processed as encryption；Or

Described first information output policy be signature after output strategy；

Described first is processed as signature processes.

9. according to the method described in any one of claim 1,2,4 to 6, it is characterised in that the described first information also includes operation Request and/or described identification information and/or described location information.

10. according to the method described in any one of claim 1,2,4 to 6, it is characterised in that described first authentication code is: random Number, time parameter or dynamic password value.

11. 1 kinds of response methods processing information, it is characterised in that including:

Safety equipment use the first process information and institute as described in the method output as described in any one of the claims 1 to 10 State first information packet；

After background system server receives described first process information and described first information packet, obtain described first Information and the first authentication policy；

Described background system server processes information according to described first authentication policy checking described first；

Described background system server, after verifying that described first process information passes through, exports the first response message response described the One processes information.

12. methods according to claim 11, it is characterised in that

When described first information output policy be encryption after output tactful time, described first authentication policy be with described encryption after The deciphering that matches of strategy of output the strategy verified, or described first authentication policy be with described encryption after the plan of output The encryption slightly matched the strategy verified；

When described first information output policy be signature after output tactful time, described first authentication policy be with described signature after The sign test strategy that the strategy of output matches.

13. according to the method described in claim 11 or 12, it is characterised in that described background system server output the first response Described in information response, the first process information includes:

Described background system server obtains the second authentication code and the second information output policy；

According to described second information output policy, the second information packet is carried out the 3rd process, it is thus achieved that described second processes letter Breath, described second information packet carries out fourth process to the second information and obtains, and described second information at least includes: described Second authentication code；

Export described second process information and described second information packet.

14. methods according to claim 13, it is characterised in that

Described second information output policy be encryption after output strategy；

Described 3rd is processed as encryption；Or

Described second information output policy be signature after output strategy；

Described 3rd is processed as signature processes.

15. methods according to claim 13, it is characterised in that described second authentication code is:

Described first authentication code that described background system server obtains from the described first information；Or

The second authentication code that described background system server generates.

16. methods according to claim 14, it is characterised in that described second authentication code is:

17. according to the method described in any one of claim 14 to 16, it is characterised in that described second authentication code is: random number, Time parameter or dynamic password value.

18. methods according to claim 13, it is characterised in that described second information also includes: open command.

19. according to the method described in any one of claim 14 to 16, it is characterised in that described second information also includes: open Instruction.

20. methods according to claim 17, it is characterised in that described second information also includes: open command.

Open operation execution method for 21. 1 kinds, it is characterised in that

Background system server uses the second process letter as described in the method output as described in any one of the claims 13 to 17 Breath and described second information packet；

After described safety equipment receive described second process information and described second information packet, obtain described second letter Breath, and obtain the second authentication policy；

Described safety equipment process information according to described second authentication policy checking described second；

Described safety equipment, after verifying that described second process information is passed through, generate open command, and described open command are sent out Deliver to controlled device；

After described controlled device receives described open command, perform to open the flow process of operation according to described open command.

22. methods according to claim 21, it is characterised in that

When described second information output policy be encryption after output tactful time, described second authentication policy be with described encryption after The deciphering that matches of strategy of output the strategy verified, or described second authentication policy be with described encryption after the plan of output The encryption slightly matched the strategy verified；

When described second information output policy be signature after output tactful time, described second authentication policy be with described signature after The sign test strategy of the strategy matching of output.

Open operation execution method for 23. 1 kinds, it is characterised in that including:

Background system server uses the second process letter as described in the method output as described in any one of the claims 18 to 20 Breath and described second information packet；

Described open command, after verifying that described second process information is passed through, is sent to controlled device by described safety equipment；

Described controlled device receives described open command, performs to open the flow process of operation according to described open command.

24. methods according to claim 23, it is characterised in that

Open operation execution method for 25. 1 kinds, it is characterised in that including:

Described safety equipment, after verifying that described second process information passes through, generate open command, and obtain the 3rd authentication code with And the 3rd information output policy；

Described safety equipment, according to described 3rd information output policy, carry out the 5th process to the 3rd information packet, it is thus achieved that the Three process information, and described 3rd information packet carries out the 6th process to the 3rd information and obtains, and described 3rd information is at least Including: described 3rd authentication code and described open command；

Described safety equipment output the described 3rd processes information and described 3rd information packet；

After described controlled device receives described 3rd process information and described 3rd information packet, obtain described 3rd letter Breath, and obtain the 3rd authentication policy；

Described controlled device processes information according to described 3rd authentication policy checking the described 3rd；

Described controlled device, after verifying that described 3rd process information is passed through, performs to open the stream of operation according to described open command Journey.

26. methods according to claim 25, it is characterised in that

Described 3rd information output policy be encryption after output strategy；

Described 5th is processed as encryption；Or

Described 3rd information output policy be signature after output strategy；

Described 5th is processed as signature processes.

27. methods according to claim 26, it is characterised in that

When described 3rd information output policy be encryption after output tactful time, described 3rd authentication policy be with described encryption after The deciphering that matches of strategy of output the strategy verified, or described 3rd authentication policy be with described encryption after the plan of output The encryption slightly matched the strategy verified；

When described 3rd information output policy be signature after output tactful time, described 3rd authentication policy be with described signature after The sign test strategy of the strategy matching of output.

28. according to the method described in any one of claim 25 to 27, it is characterised in that described 3rd authentication code is:

Described first authentication code；

Described second authentication code that described safety equipment obtain from described second information；Or

The 3rd authentication code that described safety equipment generate.

29. according to the method described in any one of claim 25 to 27, it is characterised in that described 3rd authentication code is: random number, Time parameter or dynamic password value.

30. methods according to claim 28, it is characterised in that described 3rd authentication code is: random number, time parameter or Person's dynamic password value.

Open operation execution method for 31. 1 kinds, it is characterised in that including:

Described safety equipment, after verifying that described second process information is passed through, obtain the 3rd authentication code and the 3rd information output plan Slightly；

32. methods according to claim 31, it is characterised in that

Described 3rd information output policy be encryption after output strategy；

Described 5th is processed as encryption；Or

Described 3rd information output policy be signature after output strategy；

Described 5th is processed as signature processes.

33. methods according to claim 32, it is characterised in that

34. according to the method described in any one of claim 31 to 33, it is characterised in that described 3rd authentication code is:

Described first authentication code；

The 3rd authentication code that described safety equipment generate.

35. according to the method described in any one of claim 31 to 33, it is characterised in that described 3rd authentication code is: random number, Time parameter or dynamic password value.

36. methods according to claim 34, it is characterised in that described 3rd authentication code is: random number, time parameter or Person's dynamic password value.

37. 1 kinds of safety equipment, it is characterised in that including: the first acquisition module, the first authentication module, the first processing module with And first transceiver module；

Described first acquisition module is used for obtaining operation requests, after getting described operation requests, obtain location information and/or The identification information of controlled device；

Described first authentication module is for verifying described identification information and/or location information, and after being verified, refers to Show that described first acquisition module obtains the first authentication code and first information output policy；

First information packet, for according to described first information output policy, is carried out at first by described first processing module Reason, it is thus achieved that first processes information, and described first information packet carries out the second process to the first information and obtains, described first Information at least includes: described first authentication code；

Described first transceiver module is used for exporting described first process information and described first information packet.

38. according to the safety equipment described in claim 37, it is characterised in that

Described first acquisition module also obtains the identification information prestored；

Described first authentication module also verifies that described identification information is the most consistent with the described identification information prestored, if described mark Knowledge information is consistent with the described identification information prestored, then verify that described identification information passes through；And/or

Described first acquisition module also obtains orientation range information；

Described first authentication module also verifies described location information described in whether being included in the orientation range information that prestores, if Described location information in the described orientation range information prestored, then verifies that described location information is passed through.

39. according to the safety equipment described in claim 37 or 38, it is characterised in that comprise fourth process in described operation requests Information and the 4th information packet；Described fourth process information is described 4th information packet to be carried out the 7th process obtain , described 4th information packet carries out the 8th process to the 4th information and obtains, and described 4th information at least includes: described Identification information and/or described location information；Described safety equipment also include: the 3rd authentication module；

Described 3rd authentication module is also after described first acquisition module gets described operation requests, according to described 4th information Described fourth process information is verified by packet, and after being verified, indicates described first acquisition module according to described 4th information packet obtains described identification information and/or described location information.

40. according to the safety equipment described in claim 39, it is characterised in that the described 7th is processed as encryption or signature Process.

41. according to the safety equipment described in claim 39, it is characterised in that described 4th information also includes: the 4th authentication code.

42. safety equipment according to claim 40, it is characterised in that described 4th information also includes: the 4th authentication code.

43. according to the safety equipment described in claim 41 or 42, it is characterised in that described 4th authentication code is: random number, time Between parameter or dynamic password value.

44. according to the safety equipment described in claim 37, it is characterised in that

Described first is processed as encryption；Or

Described first information output policy be signature after output strategy；

Described first is processed as signature processes.

45. safety equipment according to claim 43, it is characterised in that

Described first is processed as encryption；Or

Described first information output policy be signature after output strategy；

Described first is processed as signature processes.

46. according to the safety equipment described in any one of claim 37,38,40 to 42,44,45, it is characterised in that described first Information also includes operation requests and/or described identification information and/or described location information.

47. according to the safety equipment described in any one of claim 37,38,40 to 42,44,45, it is characterised in that described first Authentication code is: random number, time parameter or dynamic password value.

48. 1 kinds of response systems processing information, it is characterised in that including: as described in any one of the claims 37 to 47 Safety equipment and background system server；Described background system server includes the second acquisition module, the second authentication module And second transceiver module；

Described second transceiver module is for receiving the described first process information of described safety equipment output and described first letter Breath packet；

Described second acquisition module is for receiving at described the first of described safety equipment output at described second transceiver module After reason information and described first information packet, obtain the described first information and the first authentication policy；

Described second authentication module for according to described first authentication policy checking described first process information, and verify described in After first process information is passed through, indicate described second transceiver module to export the first response message and respond described first process information.

49. systems according to claim 48, it is characterised in that

50. according to the system described in claim 48 or 49, it is characterised in that described background system server also includes at second Reason module；

Described second acquisition module is additionally operable to obtain the second authentication code and the second information output policy；

Second information packet, for according to described second information output policy, is carried out at the 3rd by described second processing module Reason, it is thus achieved that described second processes information, and described second information packet carries out fourth process to the second information and obtains, described Second information at least includes: described second authentication code；

Described second transceiver module is additionally operable to export described second process information and described second information packet.

51. systems according to claim 50, it is characterised in that

Described 3rd is processed as encryption；Or

Described 3rd is processed as signature processes.

52. systems according to claim 50, it is characterised in that described second authentication code is:

Described first authentication code that described second acquisition module obtains from the described first information；Or

Described background system server also includes that the second generation module, described second generation module generate described second authentication code, Described second acquisition module obtains described second authentication code that described second generation module generates.

53. systems according to claim 51, it is characterised in that described second authentication code is:

54. according to the system described in any one of claim 51 to 53, it is characterised in that described second authentication code is: random number, Time parameter or dynamic password value.

55. according to the system described in any one of claim 51 to 53, it is characterised in that described second information also includes: open Instruction.

56. systems according to claim 50, it is characterised in that described second information also includes: open command.

57. systems according to claim 54, it is characterised in that described second information also includes: open command.

Open operation execution systems for 58. 1 kinds, it is characterised in that including: controlled device and as claim 50 to 54 is arbitrary The response system of the process information described in Xiang；Wherein, described safety equipment also include: the 4th authentication module, the first generation module And the 3rd transceiver module；

Described first acquisition module receives described second at described first transceiver module and processes information and described second Information Number After bag, also obtain described second information, and obtain the second authentication policy；

Described 4th authentication module processes information according to described second authentication policy checking described second, and in checking described second After process information is passed through, indicate described first generation module to generate open command, and indicate described 3rd transceiver module by described Open command sends to controlled device；

59. systems according to claim 58, it is characterised in that

Open operation execution systems for 60. 1 kinds, it is characterised in that including: controlled device and as claim 55 to 57 is arbitrary The response system of the process information described in Xiang；Wherein, described safety equipment also include: the 4th authentication module and the 3rd transmitting-receiving mould Block；

Described first acquisition module receives described second process information and described second information at described first transceiver module After packet, also obtain described second information, and obtain the second authentication policy；

Described 4th authentication module processes information according to described second authentication policy checking described second, and in checking described second After process information is passed through, described 3rd transceiver module is indicated to send described open command to controlled device；

61. systems according to claim 60, it is characterised in that

Open operation execution systems for 62. 1 kinds, it is characterised in that including: controlled device and as claim 50 to 54 is arbitrary The response system of the process information described in Xiang；Wherein, described safety equipment also include: the 4th authentication module, the first generation module And the 3rd transceiver module；

Described 4th authentication module processes information according to described second authentication policy checking described second, and in checking described second After process information is passed through, described first generation module is indicated to generate open command；

Described first acquisition module also obtain described first generation module generate open command, and obtain the 3rd authentication code with And the 3rd information output policy；

Described first processing module, according to described 3rd information output policy, carries out the 5th process to the 3rd information packet, obtains Obtaining the 3rd process information, described 3rd information packet carries out the 6th process to the 3rd information and obtains, described 3rd information At least include: described 3rd authentication code and described open command；

Described 3rd transceiver module output the described 3rd processes information and described 3rd information packet；

Described controlled device includes: the 4th transceiver module, the 3rd acquisition module, the 5th authentication module and execution module；

Described 4th transceiver module receives the described 3rd and processes information and described 3rd information packet；

Described 3rd acquisition module obtains described 3rd information, and obtains the 3rd authentication policy；

Described 5th authentication module processes information according to described 3rd authentication policy checking the described 3rd, and in checking the described 3rd After process information is passed through, instruction performs module and performs to open the flow process of operation according to described open command.

63. systems according to claim 62, it is characterised in that

Described 3rd information output policy be encryption after output strategy；

Described 5th is processed as encryption；Or

Described 3rd information output policy be signature after output strategy；

Described 5th is processed as signature processes.

64. according to the system described in claim 62 or 63, it is characterised in that

65. according to the system described in claim 62 or 63, it is characterised in that described 3rd authentication code is:

Described first authentication code；

The 3rd authentication code that described safety equipment generate.

66. systems according to claim 64, it is characterised in that described 3rd authentication code is:

Described first authentication code；

The 3rd authentication code that described safety equipment generate.

67. according to the system described in claim 62 or 63 or 66, it is characterised in that described 3rd authentication code is: random number, time Between parameter or dynamic password value.

68. systems according to claim 64, it is characterised in that described 3rd authentication code is: random number, time parameter or Person's dynamic password value.

69. systems according to claim 65, it is characterised in that described 3rd authentication code is: random number, time parameter or Person's dynamic password value.

Open operation execution systems for 70. 1 kinds, it is characterised in that including: controlled device and as claim 55 to 57 is arbitrary The response system of the process information described in Xiang；Wherein, described safety equipment also include: the 4th authentication module and the 3rd transmitting-receiving mould Block；

Described 4th authentication module processes information according to described second authentication policy checking described second, and in checking described second After process information is passed through, described first acquisition module is indicated to obtain the 3rd authentication code and the 3rd information output policy；

Described first processing module, always according to described 3rd information output policy, carries out the 5th process to the 3rd information packet, Obtaining the 3rd process information, described 3rd information packet carries out the 6th process to the 3rd information and obtains, described 3rd letter Breath at least includes: described 3rd authentication code and described open command；

3rd transceiver module also exports described 3rd process information and described 3rd information packet；

71. systems according to claim 70, it is characterised in that

Described 3rd information output policy be encryption after output strategy；

Described 5th is processed as encryption；Or

Described 3rd information output policy be signature after output strategy；

Described 5th is processed as signature processes.

72. according to the system described in claim 70 or 71, it is characterised in that

73. according to the system described in claim 70 or 71, it is characterised in that described 3rd authentication code is:

Described first authentication code；

The 3rd authentication code that described safety equipment generate.

74. according to the system described in claim 72, it is characterised in that described 3rd authentication code is:

Described first authentication code；

The 3rd authentication code that described safety equipment generate.

75. according to the system described in claim 70 or 71 or 74, it is characterised in that described 3rd authentication code is: random number, time Between parameter or dynamic password value.

76. according to the system described in claim 72, it is characterised in that described 3rd authentication code is: random number, time parameter or Person's dynamic password value.

77. according to the system described in claim 73, it is characterised in that described 3rd authentication code is: random number, time parameter or Person's dynamic password value.