CN107690145A - A kind of safety communicating method and system - Google Patents
A kind of safety communicating method and system Download PDFInfo
- Publication number
- CN107690145A CN107690145A CN201610640039.9A CN201610640039A CN107690145A CN 107690145 A CN107690145 A CN 107690145A CN 201610640039 A CN201610640039 A CN 201610640039A CN 107690145 A CN107690145 A CN 107690145A
- Authority
- CN
- China
- Prior art keywords
- terminal
- information
- response
- value
- notification information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 77
- 230000004044 response Effects 0.000 claims abstract description 396
- 230000006854 communication Effects 0.000 claims description 289
- 238000004891 communication Methods 0.000 claims description 281
- 238000012795 verification Methods 0.000 claims description 55
- 238000004458 analytical method Methods 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 abstract description 34
- 238000001629 sign test Methods 0.000 abstract 2
- 230000008569 process Effects 0.000 description 23
- 230000008859 change Effects 0.000 description 14
- 230000003993 interaction Effects 0.000 description 14
- 238000004364 calculation method Methods 0.000 description 6
- 230000000737 periodic effect Effects 0.000 description 5
- 239000013078 crystal Substances 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000001276 controlling effect Effects 0.000 description 2
- 230000002596 correlated effect Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000010355 oscillation Effects 0.000 description 2
- 230000008054 signal transmission Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000001208 nuclear magnetic resonance pulse sequence Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004904 shortening Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisions for transferring data to distant stations, e.g. from a sensing device
- G06K17/0029—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisions for transferring data to distant stations, e.g. from a sensing device the arrangement being specially adapted for wireless interrogation of grouped or bundled articles tagged with wireless record carriers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides a kind of safety communicating method and system, and this includes:First terminal is to second terminal transmission solicited message, the first timing when being sent, and pending data is comprised at least in solicited message;Second terminal receives solicited message, and the pending data in solicited message meets with a response data;First terminal sends response announcement information when the first timing reaches the first numerical value to second terminal, starts the second timing when responding announcement information and being sent;Second terminal receives response announcement information, treats signing messages and carries out signature operation, obtains signed data, sends response message to first terminal, information to be signed includes response data and second value;First terminal receives response message, obtains the third value that the second timing when response message starts to receive obtains;First terminal to signed data carry out sign test operation, third value is verified with whether second value matches, if sign test by and verify pass through, judge response message for security response information.
Description
Technical Field
The present invention relates to the field of electronic technologies, and in particular, to a secure communication method and system.
Background
In the card reading mechanism of the conventional card reader, after the card reader sends command data to the card when the card reader interacts with the card, the card reader waits to receive card response data within a preset FWT (frame waiting time), and the data received within the FWT are processed. Under the condition, the third party can hijack and tamper response data sent by the card to the card reader, and then send the tampered response data to the card reader, or the third party can pretend to be the card reader, and after the response information of the real card is hijacked, pretend to be the real card, and send the response information to the real card reader, namely, identity information of the card is remotely acquired, and authorization of the card reader is obtained.
Therefore, there is a need in the art for a new solution to solve the above problems.
Disclosure of Invention
The present invention is directed to solving one of the problems set forth above.
The invention mainly aims to provide a secure communication method, which comprises the following steps: the method comprises the steps that a first terminal sends request information to a second terminal, when the request information is sent, first timing is started according to a preset timing unit, and the request information at least comprises data to be processed; the second terminal receives the request information, and the second terminal obtains response data according to the data to be processed in the request information; the first terminal sends response notification information to the second terminal when the first timing reaches a first value, and starts second timing according to a preset timing unit when the response notification information is sent; the second terminal receives the response notification information, performs signature operation on the information to be signed to obtain signature data, and sends the response information to the first terminal, wherein the information to be signed comprises the response data and a second value, the second value is the sum of the time required for the second terminal to analyze the response notification information and the estimated time required for signature operation, and the response information comprises the information to be signed and the signature data; the first terminal receives the response message and obtains a third numerical value obtained by second timing when the response message begins to be received; and the first terminal performs signature verification operation on the signature data, verifies whether the third numerical value is matched with the second numerical value, and judges that the response information is safe response information if the signature verification is passed and the verification is passed.
In addition, the communication method adopted by the first terminal and the second terminal comprises the following steps: short-range wireless communication mode.
In addition, checking whether the third value matches the second value includes: and the first terminal judges whether the third value is within the effective threshold of the second value, wherein the effective threshold of the second value is [ T, T +2T ], T is the second value, and T is the time required by the response notification information or the response information to support the maximum communication distance through the communication protocol adopted by the first terminal and the second terminal.
In addition, the time required by the second terminal for analyzing the response notification information is the time required by the second terminal for estimating and analyzing the response notification information; or the second terminal starts third timing according to a preset timing unit when the response notification information is received; and the second terminal analyzes the response notification information and obtains the time required by analyzing the response notification information, which is obtained by the third timing when the analysis of the response notification information is finished.
In addition, the first terminal sends request information to the second terminal, wherein the first terminal sends the request information to the second terminal by using the first frequency band; the second terminal receives the request information, wherein the second terminal receives the request information by using the first frequency band; the first terminal sends response notification information to the second terminal when the timing reaches the first numerical value, wherein the first terminal sends the response notification information to the second terminal by using the second frequency band when the timing reaches the first numerical value; the second terminal receives the response notification information, wherein the second terminal receives the response notification information by using a second frequency band; the second terminal sends response information to the first terminal, wherein the response information is sent to the first terminal by the second terminal through the first frequency band; the first terminal receives the response message, including the first terminal receiving the response message using the first frequency band.
In addition, the first value is greater than or equal to a fourth value, and the fourth value is the time required by the second terminal to obtain response data according to the data to be processed in the request information; the first terminal prestores the fourth numerical value, or the first terminal negotiates with the second terminal before sending the request information to the second terminal, and the first terminal obtains the fourth numerical value.
In addition, the first terminal starts a first timer according to a preset timer unit when the request message is transmitted, including: the first terminal starts first timing by using a built-in clock of the first terminal when the request information is sent; the first terminal starts second timing according to a preset timing unit when the transmission of the response notification information is finished, and the method comprises the following steps: the first terminal starts second timing by using a built-in clock of the first terminal when the response notification information is sent; or, the first terminal starts the first timing according to a preset timing unit when the request message is sent, including: the first terminal starts to calculate the cycle number of the communication carrier when the request information is sent; the first terminal starts second timing according to a preset timing unit when the transmission of the response notification information is finished, and the method comprises the following steps: the first terminal starts to calculate the cycle number of the communication carrier when the first terminal finishes sending the response notification information; the method comprises the steps that a first terminal always generates a communication carrier in the process of communicating with a second terminal; or, the first terminal starts the first timing according to a preset timing unit when the request message is sent, including: the first terminal starts to calculate the pulse number of the communication carrier when the request information is sent; the first terminal starts second timing according to a preset timing unit when the transmission of the response notification information is finished, and the method comprises the following steps: the first terminal starts to calculate the pulse number of the communication carrier when the sending of the response notification information is finished; the method comprises the steps that a first terminal always generates a communication carrier in the process of communicating with a second terminal; or, the first terminal starts the first timing according to a preset timing unit when the request message is sent, including: the first terminal starts to record a first phase difference value of a waveform phase of a communication carrier relative to a first starting phase when the request information is sent by the first terminal, wherein the first starting phase is the waveform phase of the communication carrier when the request information is sent by the first terminal; the first terminal starts second timing according to a preset timing unit when the transmission of the response notification information is finished, and the method comprises the following steps: the first terminal starts to record a phase difference value of a waveform phase of the communication carrier relative to a second initial phase when the request information is sent by the first terminal, wherein the second initial phase is the waveform phase of the communication carrier when the first terminal finishes sending the response notification information; the first terminal always generates a communication carrier in the communication process of the first terminal and the second terminal.
Another primary object of the present invention is to provide a secure communication system, comprising: the first terminal is used for sending request information to the second terminal, and starting first timing according to a preset timing unit when the request information is sent, wherein the request information at least comprises data to be processed; the second terminal is used for receiving the request information and obtaining response data according to the data to be processed in the request information; the first terminal is further used for sending response notification information to the second terminal when the first timing reaches a first value, and starting second timing according to a preset timing unit when the response notification information is sent; the second terminal is further used for receiving the response notification information, performing signature operation on the information to be signed to obtain signature data, and sending the response information to the first terminal, wherein the information to be signed comprises the response data and a second numerical value, the second numerical value is the sum of the time required by the second terminal for analyzing the response notification information and the time required by the estimated signature operation, and the response information comprises the information to be signed and the signature data; the first terminal is also used for receiving the response information and acquiring a third numerical value obtained by second timing when the response information starts to be received; and performing signature verification operation on the signature data, verifying whether the third numerical value is matched with the second numerical value, and if the signature verification is passed and the verification is passed, judging that the response information is the safety response information.
In addition, the communication method adopted by the first terminal and the second terminal comprises the following steps: short-range wireless communication mode.
In addition, the first terminal is further configured to check whether the third value matches the second value, including: the first terminal is further configured to determine whether the third value is within an effective threshold of the second value, where the effective threshold of the second value is [ T, T +2T ], where T is the second value and T is a time required for the response notification message or the response message to support the maximum communication distance through a communication protocol employed by the first terminal and the second terminal.
In addition, the second terminal is also used for analyzing the time required by the response notification information to be the time required by the second terminal for pre-estimating and analyzing the response notification information; or the second terminal is further configured to start third timing according to a preset timing unit when the response notification information is received; and the second terminal analyzes the response notification information and obtains the time required by analyzing the response notification information, which is obtained by the third timing when the analysis of the response notification information is finished.
In addition, the first terminal is configured to send request information to the second terminal, including that the first terminal is configured to send the request information to the second terminal by using the first frequency band; the second terminal is used for receiving the request information, and comprises a first frequency band used for receiving the request information by the second terminal; the first terminal is further used for sending response notification information to the second terminal when the timing reaches the first numerical value, and the first terminal is also used for sending the response notification information to the second terminal by using the second frequency band when the timing reaches the first numerical value; the second terminal is further configured to receive the response notification information, including that the second terminal is further configured to receive the response notification information using the second frequency band; the second terminal is further configured to send response information to the first terminal, including that the second terminal is further configured to send response information to the first terminal using the first frequency band; the first terminal is further configured to receive the response information, including the first terminal is further configured to receive the response information using the first frequency band.
In addition, the first value is greater than or equal to a fourth value, and the fourth value is the time required by the second terminal to obtain response data according to the data to be processed in the request information; the first terminal prestores the fourth numerical value, or the first terminal is further configured to negotiate with the second terminal before sending the request information to the second terminal, and the first terminal obtains the fourth numerical value.
In addition, the first terminal, configured to start a first timer according to a preset timer unit when the request message is completely sent, includes: the first terminal is used for starting first timing by using a built-in clock of the first terminal when the request information is sent; the first terminal, further configured to start second timing according to a preset timing unit when the sending of the response notification information is completed, includes: the first terminal is also used for starting second timing by using a built-in clock of the first terminal when the response notification information is sent; or, the first terminal, configured to start first timing according to a preset timing unit when the request message is sent, includes: the first terminal is used for starting to calculate the cycle number of the communication carrier by the first terminal when the request information is sent; the first terminal, further configured to start second timing according to a preset timing unit when the sending of the response notification information is completed, includes: the first terminal is also used for starting to calculate the cycle number of the communication carrier by the first terminal when the response notification information is sent; the method comprises the steps that a first terminal always generates a communication carrier in the process of communicating with a second terminal; or, the first terminal, configured to start first timing according to a preset timing unit when the request message is sent, includes: the first terminal is used for starting to calculate the pulse number of the communication carrier by the first terminal when the request information is sent; the first terminal, further configured to start second timing according to a preset timing unit when the sending of the response notification information is completed, includes: the first terminal is also used for starting to calculate the pulse number of the communication carrier wave by the first terminal when the response notification information is sent; the method comprises the steps that a first terminal always generates a communication carrier in the process of communicating with a second terminal; or, the first terminal, configured to start first timing according to a preset timing unit when the request message is sent, includes: the first terminal is used for starting to record a first phase difference value of the waveform phase of the communication carrier relative to a first starting phase when the request information is sent, and the first starting phase is the waveform phase of the communication carrier when the request information is sent by the first terminal; the first terminal, further configured to start second timing according to a preset timing unit when the sending of the response notification information is completed, includes: the first terminal is further used for starting to record a phase difference value of the waveform phase of the communication carrier relative to a second initial phase when the request information is sent, and the second initial phase is the waveform phase of the communication carrier when the first terminal responds to the notification information and sends the notification information; the first terminal always generates a communication carrier in the communication process of the first terminal and the second terminal.
The technical scheme provided by the invention can be seen that the invention provides a secure communication method and a system, the first terminal informs the second terminal of sending the response information by sending the response notification information, the first terminal verifies the signature data in the response information to ensure that the equipment sending the response information is the second terminal and the response information is not tampered, the first terminal judges whether the time obtained by timing is matched with the time in the received response information or not, the remote hijacking of the external equipment to the response information of the second terminal is avoided for forwarding, the purpose of avoiding receiving the hijacked or tampered response information is achieved, meanwhile, the waiting time of the first terminal for the response information after sending the request information is shortened, and the security and the efficiency of information interaction between the first terminal and the second terminal are improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a flowchart of a secure communication method according to embodiment 1 of the present invention;
fig. 2 is a flowchart of another secure communication method provided in embodiment 2 of the present invention;
fig. 3 is a block diagram of a secure communication system according to embodiment 3 of the present invention;
fig. 4 is a block diagram of another secure communication system provided in embodiment 4 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Example 1
Fig. 1 is a flowchart illustrating a secure communication method according to an embodiment of the present invention; the method comprises the following steps:
step 101, a first terminal sends request information to a second terminal, and when the request information is sent, first timing is started according to a preset timing unit, wherein the request information at least comprises data to be processed;
the first terminal may be a reader, for example, a card reader, a computer, a tablet computer, or a mobile phone; the second terminal may be a transponder, for example, a smart card, an electronic signature tool key, a key-holding device, a mobile phone, or an identification card.
In an optional implementation manner of this embodiment, the communication manner adopted by the first terminal and the second terminal includes a short-range wireless communication manner. The short-range wireless communication mode may include a communication mode following the following communication protocol: bluetooth communication protocol, infrared IrDA communication protocol, RFID communication protocol, ZigBee communication protocol, ultra wideband (UltraWideBand) communication protocol, short range communication (NFC) communication protocol, WiMedia communication protocol, GPS communication protocol, DECT communication protocol, wireless 1394 communication protocol, ISO14443 protocol, ISO15693 protocol, and dedicated wireless communication protocol, and of course, the following communication protocols that may appear in the future are equivalent to the above-mentioned communication protocols: the time required for data transmission under the maximum transmission distance supported by the communication protocol is less than the time required for data tampering by an external device.
In an optional implementation manner of this embodiment, before step 101, a step of establishing handshake communication between the first terminal and the second terminal may also be included, and when the first terminal is a card reader and the second terminal is a smart card or an identity card, a card searching process between the first terminal and the second terminal may also be included.
In this embodiment, the request information may be generated by the first terminal, or may be information received by the first terminal and generated by an authentication device such as a backend server. When the request information is generated by the first terminal, the risk that the request information is hijacked and tampered can be avoided, the safety of the request information is ensured, when the request information is generated by authentication equipment such as a background server and the like, the calculation amount of the first terminal is reduced, the authentication equipment is prevented from authenticating the tampered request information, and the safety of information interaction is improved.
102, the second terminal receives the request information, and the second terminal obtains response data according to the data to be processed in the request information;
in this embodiment, the data to be processed and the response data may be various information, for example, the data to be processed may be an authentication request, and the response data may be an authentication response or the like.
103, the first terminal sends response notification information to the second terminal when the first timing reaches a first value, and starts second timing according to a preset timing unit when the response notification information is sent;
in an optional implementation manner of this embodiment, the first value is greater than or equal to a fourth value, and the fourth value is a time required for obtaining the response data according to the data to be processed in the request information. The fourth value may be pre-stored in the first terminal, or may be negotiated with the second terminal before the first terminal sends the request message to the second terminal, and the first terminal obtains the fourth value, and optionally, the fourth value may be smaller than a frame waiting time in the existing communication protocol, so that the embodiment is compatible with the existing communication protocol, and it is ensured that the first terminal and the second terminal can normally communicate under the existing communication protocol. In this optional embodiment, the first terminal sends the response notification information to the second terminal after or at the time required for the second terminal to process the information to be processed to obtain the response data, which can ensure that the second terminal has obtained the response data when the first terminal sends the response notification information to the second terminal, avoid that the second terminal has not obtained the response data and thus the response fails or the third value cannot pass the verification of the second value when the first terminal sends the response notification information, and improve the communication efficiency. Optionally, the first terminal and the second terminal may obtain the fourth value only once in a process of processing a complete information interaction flow, or obtain the fourth value once before each request message is sent in a complete information interaction flow. The fourth value is obtained only once in a complete information interaction process, steps in the information interaction process can be reduced, communication efficiency is improved, the fourth value is obtained once before each request message is sent by the first terminal, the accuracy of the first terminal in controlling the sending time of the response notification message can be improved, and communication safety is further guaranteed.
In the above alternative embodiment, the first terminal pre-storing the fourth value includes, but is not limited to, the following embodiments: in a first mode, the first terminal may have one or more fourth values of the second terminal set before leaving the factory, and the first terminal obtains the device model of the second terminal before sending the request information to the second terminal, and matches the correct fourth value; in the second mode, the first terminal obtains the fourth value through other devices before communicating with the second terminal, for example, the fourth value matched with the second terminal is downloaded through the network, or the user of the first terminal inputs the fourth value through the input device of the first terminal.
In the above optional embodiments, the first terminal and the second terminal negotiate to obtain the fourth value, which includes but is not limited to the following embodiments: in the first mode, a first terminal generates a negotiation request and a first random number and sends the negotiation request and the first random number to a second terminal; the second terminal receives the negotiation request and the first random number, signs the first random number by using a second terminal private key to obtain first random number signature data, generates a second random number, and sends the first random number signature data, a second terminal certificate and the second random number to the first terminal; the first terminal receives the first random number signature data, the second terminal certificate and the second random number, verifies the first random number signature data and the second terminal certificate respectively, signs the second random number by using a first terminal private key if the first random number signature data and the second terminal certificate pass the verification, obtains second random number signature data, and sends the second random number signature data and the first terminal certificate to the second terminal; the second terminal receives the second random number signature data and the first terminal certificate, verifies the second random number signature data and the first terminal certificate respectively, obtains a fourth numerical value if the second random number signature data and the first terminal certificate are verified to be passed, encrypts the fourth numerical value by using the first terminal public key, generates a fourth numerical value ciphertext and sends the fourth numerical value ciphertext to the first terminal; the first terminal receives the fourth numerical value ciphertext, and decrypts the fourth numerical value ciphertext by using a first terminal private key to obtain a fourth numerical value; in a second mode, the first terminal generates a negotiation request and a first random number, and sends the negotiation request, the first random number and a first terminal certificate to the second terminal; the second terminal receives the negotiation request, the first random number and the first terminal certificate, verifies the first terminal certificate, signs the first random number by using a second terminal private key if the first random number passes the verification, obtains first random number signature data, generates a second random number, encrypts the second random number by using a first terminal public key to obtain a second random number ciphertext, and sends the second random number ciphertext, the second terminal certificate and the first random number signature data to the first terminal; the first terminal receives the second random number ciphertext, the second terminal certificate and the first random number signature data, verifies the second terminal certificate and the first random number signature data respectively, decrypts the second random number ciphertext through the first terminal private key if the second random number ciphertext and the first random number signature data pass verification, obtains a second random number, signs the second random number through the first terminal private key, obtains second random number signature data, generates a third random number, encrypts the third random number through the second terminal public key, obtains a third random number ciphertext, processes the second random number and the third random number according to a preset rule, obtains a first transmission key, and sends the second random number signature data and the third random number ciphertext to the second terminal; the second terminal receives the second random number signature data and the third random number ciphertext, verifies the second random number signature data respectively, decrypts the third random number ciphertext by using a second terminal private key if the second random number signature data and the third random number ciphertext pass verification to obtain a third random number, and processes the second random number and the third random number according to a preset rule to obtain a second transmission key; acquiring a fourth numerical value, encrypting the fourth numerical value by using a second transmission key to obtain a fourth numerical value ciphertext, and sending the fourth numerical value ciphertext to the first terminal; and the first terminal receives the fourth numerical value ciphertext, decrypts the fourth numerical value ciphertext by using the first transmission key, and obtains a fourth numerical value.
In the above optional embodiment, the fourth value may be obtained by the second terminal through calculation according to the type of information interaction, its own calculation capability, the adopted communication protocol, and other information, or may be pre-stored in the second terminal.
104, the second terminal receives the response notification information, performs signature operation on the information to be signed to obtain signature data, and sends the response information to the first terminal, wherein the information to be signed comprises the response data and a second value, the second value is the sum of the time required by the second terminal for analyzing the response notification information and the estimated time required for performing the signature operation, and the response information comprises the information to be signed and the signature data;
in this embodiment, in this optional implementation manner, the second terminal may sign the information to be signed by using a private key built in the second terminal, so that the first terminal may determine whether the true sender of the response information is the second terminal according to whether the signature verification of the signature data passes, and determine whether the response information has been tampered, thereby further ensuring the security of the response information.
In an optional implementation manner of this embodiment, the time required for the second terminal to analyze the response notification information is time required for the second terminal to predict and analyze the response notification information; the second terminal obtains the time required for analyzing the response notification information in an estimated mode, the estimated time required for analyzing the response notification information by the equipment can be prestored in factory equipment of the second terminal, the estimated time can also be obtained by the second terminal according to the time required for analyzing the response notification information at the previous time, the second terminal does not need to perform timing operation, and the calculated amount of the second terminal is reduced.
In an optional implementation manner of this embodiment, the second terminal starts the third time counting according to a preset time counting unit when the response notification information is received; and the second terminal analyzes the response notification information and obtains the time required by analyzing the response notification information, which is obtained by the third timing when the analysis of the response notification information is finished. The second terminal obtains the time required for analyzing the response notification information in a timing mode, the second numerical value is accurate, and the safety is higher.
In this embodiment, the second terminal may estimate the time required for the current signature operation according to the time required for the previous signature operation, and the estimated time required for the signature operation of the device may also be pre-stored in the factory setting of the second terminal, where the second value includes the estimated time required for the signature operation, and the second value is more accurate and higher in security.
105, the first terminal receives the response message and obtains a third numerical value obtained by second timing when the response message starts to be received; and the first terminal performs signature verification operation on the signature data, verifies whether the third numerical value is matched with the second numerical value, and judges that the response information is safe response information if the signature verification is passed and the verification is passed.
In this embodiment, the first terminal performs signature verification on the signature data, and can determine whether the second value in the response information has been tampered, and also determine whether the sender of the response information is a real second terminal, so as to avoid the situation that the response information is tampered after being intercepted by the external device, and the first terminal receives and processes the tampered response information, thereby improving the communication security between the first terminal and the second terminal. The specific operation method of the signature verification operation is well known in the art and will not be described herein. It should be noted that, in this embodiment, there is no order between the operation of performing the signature verification operation on the signature data by the first terminal and the operation of verifying whether the third value and the second value are matched, the signature verification operation may be completed first, the verification operation may be completed first, or both the operations may be completed simultaneously.
In an optional implementation manner of this embodiment, to check whether the third value matches with the second value, there may be various implementation manners, such as: the first method is that the first terminal judges whether a third value is within an effective threshold of the second value, the effective threshold of the second value is [ T, T +2T ], if the third value is within the effective threshold of the second value, the verification is passed, if the third value is not within the effective threshold of the second value, the verification is not passed, wherein T is the second value, and T is the time required by the response notification information or the response information to support the maximum communication distance through a communication protocol adopted by the first terminal and the second terminal; the first terminal judges whether the second value is within an effective threshold of a third value, the effective threshold of the third value is [ S-2t, S ], if the second value is within the effective threshold of the third value, the verification is passed, if the second value is not within the effective threshold of the third value, the verification is not passed, wherein S is the third value, and t is the time required by the response notification information or the response information to support the maximum communication distance through a communication protocol adopted by the first terminal and the second terminal; and thirdly, the first terminal judges whether the difference value between the third terminal and the second terminal is within an effective threshold value, wherein the effective threshold value is [0, 2t ], if the difference value is within the effective threshold value, the verification is passed, and if the difference value is not within the effective threshold value, the verification is not passed, wherein t is the time required by the response notification information or the response information to support the maximum communication distance through the communication protocol adopted by the first terminal and the second terminal. The following explains the value of the effective threshold by taking the first embodiment as an example: the sum of the time required by the second terminal for analyzing the response notification information and the time required for predicting signature operation is different according to different types of the second terminal and different factors such as computing power, and the stronger the computing power of the second terminal is, the smaller the value of the second numerical value T is; the calculation method of t is as follows: the maximum communication distance supported by the communication protocol adopted by the first terminal and the second terminal is L, the signal transmission speed is C, and t is L/C, wherein the specific value of t can be carried in factory information of the first terminal or a communication protocol adopted when the first terminal and the second terminal communicate; the effective threshold range of the second value should be less than or equal to the sum T of the time required by the second terminal to analyze the response notification information and the time required to predict the signature operation, and the sum of the transmission time T of the response notification information and the transmission time T of the response information, and when the distance between the first terminal and the second terminal is close enough, the value of T is negligible, that is, the effective threshold of the second value should be greater than or equal to T and less than or equal to T + 2T. It should be noted that, in this embodiment, when the transmission rate of the communication protocol used by the first terminal and the second terminal is fast enough, the computing capability of the second terminal is strong enough, and the distance between the first terminal and the second terminal is close enough, the second value and the value of t are both in the nanosecond level, and there may be a case that when the first terminal actually receives the response information, the third value is smaller than the second timing minimum unit of the first terminal, that is, when the second timing reaches 0, the first terminal starts to receive the response information.
In the technical scheme, under the condition of short-distance wireless communication, the time required for data transmission under the maximum transmission distance supported by the communication protocol is less than the time required for data to be tampered by the external device, so that the time for sending the tampered response information to the first terminal is greater than the effective threshold of the second value, that is, if the response information is tampered by the external device, the third value is greater than the effective threshold of the second value, and the first terminal can judge the response information as dangerous response information. If the real distance between the first terminal and the second terminal exceeds the distance supported by the communication protocol, the external device hijacks the response information of the second terminal in different places and forwards the response information to the first terminal, and because the real transmission distance of the response information is larger than the maximum distance supported by the communication protocol, the real transmission time of the response information is also larger than t, the third value exceeds the effective threshold range of the second value, and the first terminal can judge the response information as dangerous information. That is, the first terminal checks the time contained in the response message by using the time when the response message is received, so that the risk that the first terminal processes the information hijacked by the external device can be avoided.
In an optional embodiment of the present invention, the first terminal starts the first timing according to a preset timing unit when the transmission of the request message is completed, and the first terminal starts the second timing according to the preset timing unit when the transmission of the response notification message is completed, and there may be a plurality of preset timing units, such as: the method comprises the steps that a first terminal starts first timing by using a built-in clock of the first terminal when the request information is sent; the first terminal starts second timing by using a built-in clock of the first terminal when the response notification information is sent; in this mode, the second value represents a time value, and the valid threshold of the second value represents a time range, for example, when the second value is 100 μm, and the time required for the response notice message or the response message to pass through the communication protocol employed by the first terminal and the second terminal to support the maximum communication distance is 10 μm, the valid threshold of the second value is 100 μm, 120 μm]The specific implementation of the step 105 of using the third value to verify the second value is that the third value is [100 μm, 120 μm ]]If so, the verification is passed; in the second mode, the first terminal starts to calculate the cycle number of the communication carrier when the request information is sent; the first terminal starts to calculate the cycle number of the communication carrier when the first terminal finishes sending the response notification information; in this embodiment, the second value represents a period number, and the valid threshold of the second value represents a period number range, for example, when the second value is 100 periods, and the period number variation value generated when the communication carrier supports the maximum communication distance via the communication protocol used by the first terminal and the second terminal is 10 periods, the valid threshold of the second value is [100, 120%]In one cycle, step 105 is performed by checking the second value with the third value in a manner such that the third value is [100, 120 ]]When the internal time is correctPassing; in a third mode, the first terminal starts to calculate the pulse number of the communication carrier wave by the first terminal when the request information is sent; the first terminal starts to calculate the pulse number of the communication carrier when the sending of the response notification information is finished; in this embodiment, the second number represents a number of pulses, and the effective threshold of the second number represents a range of numbers of pulses, for example, when the second number is 100 pulses, and the number of pulses generated by the communication carrier passing through the communication protocol supporting the maximum communication distance between the first terminal and the second terminal has a variation value of 10 pulses, the effective threshold of the second number is [100, 120%]The specific implementation of the pulse, step 105, of checking the second value with the third value is that the third value is [100, 120 ]]If so, the verification is passed; the first terminal starts to record a first phase difference value of the waveform phase of the communication carrier relative to a first initial phase when the request information is sent, wherein the first initial phase is the waveform phase of the communication carrier when the request information is sent by the first terminal; the first terminal starts to record a phase difference value of a waveform phase of the communication carrier relative to a second initial phase when the request information is sent by the first terminal, wherein the second initial phase is the waveform phase of the communication carrier when the first terminal finishes sending the response notification information; in this way, the second value is indicative of a phase difference value, and the effective threshold value of the second value is indicative of a range of phase difference values, e.g. when the second value is a phase difference ofWhen the phase difference generated when the communication carrier wave passes through the communication protocol supporting the maximum communication distance adopted by the first terminal and the second terminal is theta, the effective threshold value of the second value is theta The specific implementation of step 105 of using the third value to verify the second value is that the third value is present If so, the check is passed. The first timing and the second timing are performed by the preset timing unit in the first mode to the third mode, the timing method is simple, the existing first terminal does not need to be greatly improved, the first timing and the second timing are performed by the preset timing unit in the fourth mode, and compared with periodic or pulse timing, the phase timing precision is high, and response information is safer. In the second to fourth aspects of the present optional embodiment, during the communication between the first terminal and the second terminal, the first terminal always generates a communication carrier signal, in terms of communication technology, the communication carrier signal is an electric wave generated by an oscillator and transmitted on a communication channel, and is modulated to transmit data, the communication carrier signal is an unmodulated periodic oscillation signal, and the communication carrier signal may be a sine wave or a non-sine wave (e.g., a periodic pulse train).
In an alternative embodiment of step 104, the second terminal may also perform a third timing in a similar manner as the first timing or the second timing performed by the first terminal, such as: in the first mode, the second terminal starts first timing by using a built-in clock of the second terminal when the response notification information is received; in the second mode, the second terminal starts to calculate the cycle number of the communication carrier when the response notification information is received; in a third mode, the second terminal starts to calculate the pulse number of the communication carrier when the response notification information is received; the second terminal starts to record a first phase difference value of the waveform phase of the communication carrier relative to a first initial phase when the second terminal finishes receiving the response notification information, wherein the first initial phase is the waveform phase of the communication carrier when the first terminal finishes sending the request information; when the preset timing unit of the first mode is adopted to carry out third timing, the second terminal is required to be the terminal of the active crystal oscillator, when the preset timing unit of the second mode or the fourth mode is adopted to carry out third timing, the second terminal is not required to be the terminal of the active crystal oscillator, when the preset timing unit of the fourth mode is adopted to carry out third timing, the phase timing precision is higher compared with period or pulse timing, and the response information is safer. In modes two to four of this optional embodiment, during the communication between the first terminal and the second terminal, the first terminal always generates a communication carrier signal, and the second terminal always receives the communication carrier signal.
In a fourth aspect of the above-described optional embodiments, a specific implementation scheme of "the first terminal starts recording a first phase difference value of a waveform phase of the communication carrier with respect to a first start phase when the first terminal finishes transmitting the request message", where the first start phase is the waveform phase of the communication carrier when the first terminal finishes transmitting the request message "is briefly described below: when the request information is sent, the first terminal sets the phase value of the current communication carrier signal to be 0, takes the 0 value as a first initial phase, and then reads the phase value of the communication carrier signal in real time, so as to obtain a first phase difference value of the waveform phase of the communication carrier signal relative to the first initial phase in real time; or when the request information is sent, the first terminal detects the current communication carrier phase by using an oscillographic element inside the first terminal, sets the current communication carrier phase as a first initial phase, and then starts to detect the change of the phase difference value of the communication carrier signal in real time, so as to obtain the first phase difference value of the waveform phase of the communication carrier signal relative to the first initial phase in real time. The implementation scheme of "the first terminal starts recording the phase difference value of the waveform phase of the communication carrier wave relative to the second start phase when the first terminal finishes sending the request message, and the second start phase is the waveform phase of the communication carrier wave when the first terminal finishes sending the response notification message" is similar to the above implementation scheme, and is not described in detail here.
The phase change speed of the communication carrier signal is positively correlated with the frequency of the communication carrier signal, and by detecting the change difference in the phase of the communication carrier signal with respect to the first start phase at a certain X time, the time interval between the X time and the time at which the first terminal has transmitted the completion request information, for example, can be accurately recorded based on the phase change differenceWhen the frequency of the communication carrier signal is v, the duration of one period is vThe phase change of one cycle is 360 deg., then the time required for the phase of the communication carrier signal to change by 1 deg. isTherefore, the first terminal detects the time interval by measuring the phase change of the communication carrier signal, and compared with the period and the pulse of the communication carrier signal, the timing precision can be greatly improved.
In an optional implementation manner of this embodiment, a fifth value is prestored in the first terminal, or the first terminal negotiates with the second terminal before sending the request message to the second terminal, and the first terminal obtains the fifth value, where the fifth value is a time required by the second terminal to send the response message after the second terminal estimates that the response notification message is received. The first terminal judges whether the fifth numerical value is larger than the safety door threshold value, the sixth numerical value is a safety threshold value preset by the first terminal, if the fifth numerical value is larger than the safety threshold value, the step 101 is executed, and if the fifth numerical value is smaller than the safety threshold value, the first terminal selects the following alternative communication mode:
step A, a first terminal sends request information to a second terminal, and when the request information is sent, first timing is started according to a preset timing unit, wherein the request information at least comprises data to be processed; step B, the second terminal receives the request information, and the second terminal obtains response information according to the request information; step C, the first terminal sends response notification information to the second terminal when the first timing reaches the Mth value, and starts second timing according to a preset timing unit when the response notification information is sent; step D, the second terminal receives the response notification information and sends the response information to the first terminal; and step E, allowing the first terminal to start receiving the response information when the second timing reaches the effective threshold value of the Nth numerical value, wherein the Nth numerical value is the time required by the second terminal to send the response information after receiving the response notification information.
As can be seen from the alternative communication mode, in the alternative communication mode, the second terminal does not need to count time, the first terminal does not need to perform operations such as signature verification on the response information, the alternative communication mode has better efficiency, but in the alternative, since the nth value is not the time taken for the second terminal to actually receive the response notification information and send the response information, but only an estimated time, when the estimated time is much greater than the real time, then it is possible that, before the first timing of the first terminal reaches the valid threshold of the nth value, the second terminal sends a response message to the first terminal, the first terminal cannot receive the response information, and when the external device hijacks the response information and tampers the response information and sends false response information to the first terminal, and under the condition that the second timing of the first terminal is still within the effective threshold of the Nth numerical value, the safety risk is brought to data interaction. Therefore, the first terminal needs to preset a safety threshold, when the nth value is smaller than the preset safety threshold, the alternative communication mode is adopted, the communication efficiency is considered on the premise that the safety is not affected, and when the nth value is larger than the preset safety threshold, the communication mode provided by the embodiment is adopted, so that the safety is improved. That is, the first terminal selects the communication mode based on the time required from the completion of the second terminal receiving the response notification message to the transmission of the response message, so that the communication efficiency and the security of the first terminal can be further improved.
In the secure communication method provided by this embodiment, the first terminal notifies the second terminal to send the response information to the first terminal by sending the response notification information, the first terminal performs signature verification on signature data in the response information, it is ensured that the device sending the response information is the second terminal and the response information is not tampered, the first terminal determines whether the time obtained by timing is matched with the time in the received response information, and avoids that an external device remotely hijacks the response information of the second terminal to forward, so as to achieve the purpose of avoiding receiving the hijacked or tampered response information, and at the same time, the waiting time of the first terminal for the response information after sending the request information is also shortened, and the security and efficiency of information interaction between the first terminal and the second terminal are improved.
Example 2
This example differs from example 1 in that: the first terminal and the second terminal communicate with each other in different frequency bands according to different types of the information, other implementation processes are the same as those in embodiment 1, and details of the same contents are omitted, which can be referred to related descriptions in embodiment 1.
Fig. 2 is a flowchart illustrating a secure communication method according to embodiment 2 of the present invention, where the method includes:
step 201, a first terminal sends request information to a second terminal by using a first frequency band, and starts first timing according to a preset timing unit when the request information is sent, wherein the request information at least comprises data to be processed;
step 202, the second terminal receives the request information by using the first frequency band, and the second terminal obtains response data according to the data to be processed in the request information;
step 203, the first terminal sends response notification information to the second terminal by using the second frequency band when the first timing reaches the first value, and starts second timing according to a preset timing unit when the response notification information is sent;
step 204, the second terminal receives the response notification information by using a second frequency band, the second terminal performs signature operation on the information to be signed to obtain signature data, the second terminal transmits response information to the first terminal by using the first frequency band, the information to be signed comprises response data and a second numerical value, the second numerical value is the sum of the time required by the second terminal to analyze the response notification information and the estimated time required by the signature operation, and the response information comprises the information to be signed and the signature data;
step 205, the first terminal receives the response message by using the first frequency band, and obtains a third value obtained by the second timing when the response message starts to be received; and the first terminal performs signature verification operation on the signature data, verifies whether the third numerical value is matched with the second numerical value, and judges that the response information is safe response information if the signature verification is passed and the verification is passed.
In this embodiment, the first frequency band and the second frequency band are different frequency bands, for example, the first frequency band is 13.56MHZ frequency band, the second frequency band is 2.4G frequency band, and both the first terminal and the second terminal are devices supporting dual-frequency band communication.
In this embodiment, on the basis of embodiment 1, the first terminal and the second frequency band adopt a method of replacing frequency bands to transmit/receive response notification information, so that a third party cannot hijack the response notification information in the frequency band for transmitting the request information and cannot know the correct time for transmitting the response information, that is, the third party cannot attack the first terminal when the second time of the first terminal reaches the preset threshold range by using false response information, and cannot start timing to obtain the second value after obtaining the response notification information, thereby ensuring the security of the communication device on the basis of ensuring the communication security.
Example 3
In this embodiment, a secure communication system is provided, as shown in fig. 3, the secure communication system includes a first terminal 301 and a second terminal 302, in this embodiment, the first terminal 301 may be a reader, for example, a card reader, a computer, a tablet computer, or a mobile phone; the second terminal 302 may be a transponder, for example, a smart card, an electronic signature tool key, a key card, a device, a mobile phone, or an identification card.
The secure communication system of this embodiment is configured to execute the secure communication method in embodiment 1, and the implementation of the functions in the system may refer to the related description in embodiment 1, and the same contents or similar flows are not repeated here, and only briefly described below:
the first terminal 301 is configured to send request information to the second terminal 302, and start first timing according to a preset timing unit when the request information is sent, where the request information at least includes data to be processed;
the second terminal 302 is configured to receive the request information, and obtain response data according to the data to be processed in the request information;
the first terminal 301 is further configured to send response notification information to the second terminal 302 when the first timing reaches a first value, and start second timing according to a preset timing unit when the response notification information is sent;
the second terminal 302 is further configured to receive the response notification information, perform a signature operation on the information to be signed to obtain signature data, and send the response information to the first terminal 301, where the information to be signed includes the response data and a second value, the second value is a sum of time required for the second terminal 302 to analyze the response notification information and time required for performing the signature operation, and the response information includes the information to be signed and the signature data;
the first terminal 301 is further configured to receive the response information, and obtain a third value obtained by the second timing when the response information starts to be received; and performing signature verification operation on the signature data, verifying whether the third numerical value is matched with the second numerical value, and if the signature verification is passed and the verification is passed, judging that the response information is the safety response information.
In an optional implementation manner of this embodiment, the communication manner adopted by the first terminal 301 and the second terminal 302 includes a short-range wireless communication manner. The short-range wireless communication mode may include a communication mode following the following communication protocol: bluetooth communication protocol, infrared IrDA communication protocol, RFID communication protocol, ZigBee communication protocol, ultra wideband (ultra wideband) communication protocol, short range communication (NFC) communication protocol, WiMedia communication protocol, GPS communication protocol, DECT communication protocol, wireless 1394 communication protocol, and dedicated wireless communication protocol, although the following communication protocols that may appear in the future are equivalent to the above-mentioned communication protocols: the time required for data transmission under the maximum transmission distance supported by the communication protocol is less than the time required for data tampering by an external device.
In an optional implementation manner of this embodiment, the first value is greater than or equal to a fourth value, and the fourth value is a time required for obtaining the response data according to the data to be processed in the request information. The fourth value may be pre-stored in the first terminal 301, or may be negotiated with the second terminal 302 before the first terminal 301 sends the request message to the second terminal 302, and the first terminal 301 obtains the fourth value, optionally, the fourth value may be smaller than a frame waiting time in an existing communication protocol, so that the present embodiment may be compatible with the existing communication protocol, and it is ensured that the first terminal 301 and the second terminal 302 can normally communicate under the existing communication protocol. In this optional embodiment, the first terminal 301 sends the response notification information to the second terminal 302 after the time required for the second terminal 302 to process the information to be processed to obtain the response data or after the time, which can ensure that the second terminal 302 already obtains the response data when the first terminal 301 sends the response notification information to the second terminal 302, and avoid that the second terminal 302 does not obtain the response data yet and the response fails or the third value cannot pass the check on the second value when the first terminal 301 sends the response notification information, thereby improving the communication efficiency. Alternatively, the first terminal 301 and the second terminal 302 may obtain the fourth value only once in a process of processing a complete information interaction flow, or obtain the fourth value once before each request message is sent in a complete information interaction flow of the first terminal 301. The fourth value is obtained only once in a complete information interaction process, steps in the information interaction process can be reduced, communication efficiency is improved, the fourth value is obtained once before the first terminal 301 sends each request message, the accuracy of the first terminal 301 controlling the sending time of the response notification message can be improved, and communication safety is further guaranteed.
In the above alternative embodiment, the first terminal 301 pre-stores the fourth value, which includes but is not limited to the following embodiments: in a first manner, the first terminal 301 may have one or more fourth values of the second terminal 302 set before the first terminal 301 leaves a factory, and before the first terminal 301 sends the request information to the second terminal 302, the device model of the second terminal 302 is obtained, and a correct fourth value is obtained by matching; in the second mode, the first terminal 301 obtains the fourth value through other devices before communicating with the second terminal 302, for example, downloading the fourth value matched with the second terminal 302 through the network, or the user of the first terminal 301 inputs the fourth value through the input device of the first terminal 301.
In this embodiment, the second terminal 302 may use a private key built in the second terminal 302 to sign the information to be signed, so that the first terminal 301 may determine whether the real sender of the response information is the second terminal 302 according to whether the signature verification of the signature data passes, and determine whether the response information has been tampered, thereby further ensuring the security of the response information.
In an optional implementation manner of this embodiment, the time required for the second terminal 302 to analyze the response notification information is the time required for the second terminal 302 to pre-estimate analysis of the response notification information; the second terminal 302 obtains the time required for analyzing the response notification information in an estimated manner, where the time may be set in a factory setting of the second terminal 302, or may be estimated by the second terminal 302 according to the time required for analyzing the response notification information at the previous time, and the second terminal 302 does not need to perform a timing operation, thereby reducing the calculation amount of the second terminal 302. In an optional implementation manner of this embodiment, the second terminal 302 is further configured to start a third time counting according to a preset time counting unit when the reception of the response notification information is completed; and analyzing the response notification information to obtain the time required for analyzing the response notification information, which is obtained by the third timing when the analysis of the response notification information is finished. In this optional embodiment, the second terminal 302 obtains the time required for analyzing the response notification information in a timing manner, and the second value is more accurate and has higher security.
In this embodiment, the second terminal 302 may estimate the time required for performing the signature operation according to the time required for analyzing the response notification information last time, and the factory setting of the second terminal 302 may also prestore the time, where the second value includes the estimated time required for performing the signature operation, and the second value is more accurate and has higher security.
In this embodiment, the first terminal 301 performs signature verification operation on the signature data, and can determine whether the second value in the response information has been tampered, and also determine whether the sender of the response information is the real second terminal 302, so as to avoid the situation that the response information is tampered after an external device intercepts the response information, and the first terminal 301 receives and processes the tampered response information, thereby improving the communication security between the first terminal 301 and the second terminal 302. The specific operation method of the signature verification operation is well known in the art and will not be described herein. It should be noted that, in this embodiment, there is no sequence between the operation of performing the signature verification operation on the signature data by the first terminal 301 and the operation of verifying whether the third value and the second value are matched, the signature verification operation may be completed first, the verification operation may be completed first, or both the operations may be completed simultaneously. In an optional implementation manner of this embodiment, to check whether the third value matches with the second value, there may be various implementation manners, such as: in the first manner, the first terminal 301 determines whether the third value is within the valid threshold of the second value, where the valid threshold of the second value is [ T, T +2T ], if the third value is within the valid threshold of the second value, the check is passed, and if the third value is not within the valid threshold of the second value, the check is not passed, where T is the second value, and T is the time required for the response notification information or the response information to support the maximum communication distance via the communication protocol adopted by the first terminal 301 and the second terminal 302; in a second mode, the first terminal 301 determines whether the second value is within a valid threshold of a third value, where the valid threshold of the third value is [ S-2t, S ], if the second value is within the valid threshold of the third value, the check is passed, and if the second value is not within the valid threshold of the third value, the check is not passed, where S is the third value, and t is a time required for the response notification information or the response information to support the maximum communication distance via a communication protocol adopted by the first terminal 301 and the second terminal 302; in a third manner, the first terminal 301 determines whether the difference between the third terminal and the second terminal 302 is within an effective threshold, where the effective threshold is [0, 2t ], if the difference is within the effective threshold, the check is passed, and if the difference is not within the effective threshold, the check is not passed, where t is a time required for the response notification information or the response information to pass through the communication protocol adopted by the first terminal 301 and the second terminal 302 to support the maximum communication distance. The following explains the value of the effective threshold by taking the first embodiment as an example: the sum of the time required by the second terminal 302 to analyze the response notification information and the time required by the estimated signature operation is different according to different types of the second terminal 302 and different factors such as computing power, and the stronger the computing power of the second terminal 302 is, the smaller the value of the second value T is; the calculation method of t is as follows: the maximum communication distance supported by the communication protocol used by the first terminal 301 and the second terminal 302 is L, and the signal transmission speed is C, then t is L/C, and the specific value of t may be carried in the factory information of the first terminal 301, or may be carried in the communication protocol used when the first terminal 301 and the second terminal 302 communicate; the valid threshold range of the second value should be less than or equal to the sum of the time required for the second terminal 302 to analyze the response notification information and the time required to predict the signature operation, and the sum of the response notification information transmission time T and the response information transmission time T, and when the distance between the first terminal 301 and the second terminal 302 is sufficiently short, the value of T is negligible, that is, the valid threshold of the second value should be greater than or equal to T and less than or equal to T + 2T. It should be noted that, when the transmission rate of the communication protocol used by the first terminal 301 and the second terminal 302 is fast enough, the computing capability of the second terminal 302 is strong enough, and the distance between the first terminal 301 and the second terminal 302 is close enough, the values of the second value and t are both in the nanosecond level, and there may be a case that when the first terminal 301 actually receives the response information, the third value is smaller than the minimum unit of the second timing of the first terminal 301, that is, when the second timing reaches 0, the first terminal 301 starts to receive the response information.
In the technical solution, under the condition of short-distance wireless communication, the time required for data transmission at the maximum transmission distance supported by the communication protocol is less than the time required for data to be tampered with by the external device, and therefore, the time for sending the tampered response information to the first terminal 301 is greater than the effective threshold of the second value, that is, if the response information is tampered with by the external device, the third value is greater than the effective threshold of the second value, and the first terminal 301 may determine the response information as dangerous response information. If the actual distance between the first terminal 301 and the second terminal 302 exceeds the distance supported by the communication protocol, and the external device hijacks the response information of the second terminal 302 in a different place and forwards the response information to the first terminal 301, since the actual transmission distance of the response information is greater than the maximum distance supported by the communication protocol, and the actual transmission time of the response information is also greater than t, the third value is greater than the effective threshold of the second value, and the first terminal 301 can determine the response information as dangerous information. That is, the first terminal 301 checks the time included in the response information using the time at which the response information was received, so that the risk that the first terminal 301 processes the information hijacked by the external device can be avoided.
In an optional embodiment of the present invention, the first terminal 301 is configured to start the first timing according to a preset timing unit when the request message is completely transmitted, and the first terminal 301 is further configured to start the second timing according to the preset timing unit when the response notification message is completely transmitted, where there may be a plurality of preset timing units, such as: the first mode is that the first terminal 301 is configured to start first timing by using a clock built in the first terminal 301 when the request message is sent; the first terminal 301 is further configured to start second timing by using a clock built in the first terminal 301 when the transmission of the response notification information is completed; in this mode, the second value represents a time value, and the valid threshold of the second value represents a time range, for example, when the second value is 100 μm, and the time required for the response notification message or the response message to pass through the communication protocol used by the first terminal 301 and the second terminal 302 to support the maximum communication distance is 10 μm, the valid threshold of the second value is [100 μm, 120 μm]The specific implementation of "checking the second value with the third value" is that the third value is [100 μm, 120 μm ]]If so, the verification is passed; in the second mode, the first terminal 301 is configured to start to calculate the number of cycles of the communication carrier by the first terminal 301 when the request information is sent; the first terminal 301, further configured to start to calculate the number of cycles of the communication carrier by the first terminal 301 when the transmission of the response notification information is completed; in this mode, the second numberThe value represents a period number, and the effective threshold of the second value represents a period number range, for example, when the second value is 100 periods, and the variation value of the period number generated by the communication carrier supporting the maximum communication distance via the communication protocol used by the first terminal 301 and the second terminal 302 is 10 periods, the effective threshold of the second value is [100, 120 ]]In one cycle, the specific implementation of "checking the second value with the third value" is that the third value is [100, 120 ]]If so, the verification is passed; in a third mode, the first terminal 301 is configured to start to calculate the number of pulses of the communication carrier by the first terminal 301 when the request information is sent; the first terminal 301, further configured to start to calculate the number of pulses of the communication carrier by the first terminal 301 when the transmission of the response notification information is completed; in this embodiment, the second value represents a number of pulses, and the effective threshold of the second value represents a range of numbers of pulses, for example, when the second value is 100 pulses, and the number of pulses generated by the communication carrier passing through the communication protocol supporting the maximum communication distance between the first terminal 301 and the second terminal 302 has a variation value of 10 pulses, the effective threshold of the second value is [100, 120%]The specific implementation of the pulse "checking the second value with the third value" is that the third value is [100, 120 ]]If so, the verification is passed; fourth, the first terminal 301 is configured to, when the request information is sent completely, start recording a first phase difference value of a waveform phase of the communication carrier with respect to a first starting phase by the first terminal 301, where the first starting phase is the waveform phase of the communication carrier when the request information is sent completely by the first terminal 301; the first terminal 301 is further configured to, when the request information is completely transmitted, start recording a phase difference value of a waveform phase of the communication carrier with respect to a second start phase, where the second start phase is the waveform phase of the communication carrier when the first terminal 301 completes transmission of the response notification information; in this way, the second value is indicative of a phase difference value, and the effective threshold value of the second value is indicative of a range of phase difference values, e.g. when the second value is a phase difference ofThe communication carrier wave passes throughWhen the phase difference generated by the maximum communication distance supported by the communication protocol adopted by the first terminal 301 and the second terminal 302 is theta, the effective threshold of the second value is thetaThe specific implementation of "checking the second numerical value with the third numerical value" is that the third numerical value is presentIf so, the check is passed. The first timing and the second timing are performed by the preset timing unit in the first to third modes, the timing method is simple, the existing first terminal 301 does not need to be greatly improved, and the first timing and the second timing are performed by the preset timing unit in the fourth mode. In the second to fourth modes of the present optional embodiment, during the communication between the first terminal 301 and the second terminal 302, the first terminal 301 always generates a communication carrier signal, in terms of communication technology, the communication carrier signal is an electric wave generated by an oscillator and transmitted on a communication channel, and is modulated to transmit data, the communication carrier signal is an unmodulated periodic oscillation signal, and the communication carrier signal may be a sine wave or a non-sine wave (e.g., a periodic pulse sequence).
In an optional implementation manner of this embodiment, the second terminal 302 may also perform a third timing in a similar manner as the first timing or the second timing performed by the first terminal 301, such as: in the first mode, the second terminal 302 starts the first timing by using the built-in clock of the second terminal 302 when the response notification information is received; in the second mode, the second terminal 302 starts to calculate the number of cycles of the communication carrier when the response notification information is received; in a third mode, when the second terminal 302 finishes receiving the response notification information, the second terminal 302 starts to calculate the number of pulses of the communication carrier; in a fourth mode, when the second terminal 302 finishes receiving the response notification message, the second terminal 302 starts to record a first phase difference value of the waveform phase of the communication carrier relative to a first starting phase, where the first starting phase is the waveform phase of the communication carrier when the first terminal 301 finishes sending the request message; when the second terminal 302 is required to be the terminal having the crystal oscillator as the third timer is performed by using the preset timer unit of the first mode, and when the third timer is performed by using the preset timer unit of the second or fourth mode, it is not necessary to require the second terminal 302 to be the terminal having the crystal oscillator as the active timer, and when the third timer is performed by using the preset timer unit of the fourth mode, the accuracy of phase timing is higher and the response information is safer than that of period or pulse timing. In the second to fourth modes of the present optional embodiment, during the communication between the first terminal 301 and the second terminal 302, the first terminal 301 always generates a communication carrier signal, and the second terminal 302 always receives the communication carrier signal.
In the fourth embodiment of the above-mentioned optional embodiment, a specific implementation scheme of "the first terminal 301 starts recording the first phase difference value of the waveform phase of the communication carrier with respect to the first start phase when the first terminal 301 finishes transmitting the request message", where the first start phase is the waveform phase of the communication carrier when the first terminal 301 finishes transmitting the request message "is briefly described below: when the request information is sent, the first terminal 301 sets the phase value of the current communication carrier signal to 0, and takes the 0 value as a first initial phase, and then reads the phase value of the communication carrier signal in real time, so as to obtain a first phase difference value of the waveform phase of the communication carrier signal relative to the first initial phase in real time; alternatively, when the request message is completely transmitted, the first terminal 301 detects the current communication carrier phase by using an oscillographic element inside the first terminal 301, sets the current communication carrier phase as the first start phase, and then starts to detect the change in the phase difference value of the communication carrier signal in real time, so as to obtain the first phase difference value of the waveform phase of the communication carrier signal relative to the first start phase in real time. The implementation of "the first terminal 301 starts recording the phase difference value of the waveform phase of the communication carrier at the time when the first terminal 301 finishes transmitting the request message with respect to the second start phase, which is the waveform phase of the communication carrier at the time when the first terminal 301 finishes transmitting the response notification message" is similar to the above implementation, and will not be described in detail here.
The phase change speed of the communication carrier signal is positively correlated with the frequency of the communication carrier signal, and by detecting the change difference of the phase of the communication carrier signal at a certain X time with respect to the first start phase, the time interval between the X time and the time at which the first terminal 301 has transmitted the completion request information can be accurately recorded based on the phase change difference, for example, when the frequency of the communication carrier signal is ν, the duration of one cycle thereof is νThe phase change of one cycle is 360 deg., then the time required for the phase of the communication carrier signal to change by 1 deg. isAs can be seen, the first terminal 301 detects the time interval by measuring the phase change of the communication carrier signal, and can greatly improve the timing accuracy compared with the period and the pulse of the communication carrier signal.
In the secure communication system provided in this embodiment, the first terminal 301 notifies the second terminal 302 of sending the response information by sending the response notification information, the first terminal 301 performs signature verification on signature data in the response information to ensure that the device sending the response information is the second terminal 302 and the response information is not tampered, the first terminal 301 determines whether the time counted by the first terminal is matched with the time in the received response information, thereby preventing an external device from remotely hijacking the response information of the second terminal 302 and forwarding the response information, achieving the purpose of preventing the hijacked or tampered response information from being received, simultaneously shortening the waiting time of the first terminal 301 for the response information after sending the request information, and improving the security and efficiency of information interaction between the first terminal 301 and the second terminal 302.
Example 4
This example differs from example 3 in that: the first terminal 401 and the second terminal 402 communicate using different frequency bands according to different types of the information, and other implementation processes are the same as those in embodiment 3, and the same contents are not described in detail again, which can be referred to in the related description of embodiment 3.
Fig. 4 shows a block diagram of a secure communication system provided in embodiment 4 of the present invention, where the system includes:
the first terminal 401 is configured to send request information to the second terminal 402 by using a first frequency band, and start first timing according to a preset timing unit when the request information is sent, where the request information at least includes data to be processed;
the second terminal 402 is configured to receive the request information using the first frequency band, and the second terminal 402 obtains response data according to the data to be processed in the request information;
the first terminal 401 is further configured to send response notification information to the second terminal 402 by using the second frequency band when the first timing reaches the first value, and start second timing according to a preset timing unit when the response notification information is sent;
the second terminal 402 is further configured to receive the response notification information using the second frequency band, the second terminal 402 performs signature operation on the information to be signed to obtain signature data, the second terminal 402 transmits the response information to the first terminal 401 using the first frequency band, the information to be signed includes the response data and a second value, the second value is the sum of time required for the second terminal 402 to analyze the response notification information and time required for estimating the signature operation, and the response information includes the information to be signed and the signature data;
the first terminal 401 is further configured to receive the response information using the first frequency band, and obtain a third value obtained by second timing when the response information starts to be received; the first terminal 401 performs signature verification operation on the signature data, verifies whether the third numerical value is matched with the second numerical value, and determines that the response information is safe response information if the signature verification is passed and the verification is passed.
In this embodiment, the first frequency band and the second frequency band are different frequency bands, for example, the first frequency band is 13.56MHZ frequency band, the second frequency band is 2.4G frequency band, and both the first terminal 401 and the second terminal 402 are devices supporting dual-band communication.
In this embodiment, on the basis of embodiment 3, the first terminal 401 and the second frequency band use a mode of replacing frequency bands to transmit/receive response notification information, so that a third party cannot hijack the response notification information in the frequency band for transmitting the request information and cannot know the correct time for transmitting the response information, that is, the false response information cannot be used to attack the first terminal 401 when the second time of the first terminal 401 reaches the preset threshold range, and the time cannot be started to obtain the second value after the response notification information is obtained, so that the security of the communication device is ensured on the basis of ensuring the communication security.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (14)
1. A secure communication method, comprising:
the method comprises the steps that a first terminal sends request information to a second terminal, when the request information is sent, first timing is started according to a preset timing unit, and the request information at least comprises data to be processed;
the second terminal receives the request information, and the second terminal obtains response data according to the data to be processed in the request information;
the first terminal sends response notification information to the second terminal when the first timing reaches a first value, and starts second timing according to a preset timing unit when the response notification information is sent;
the second terminal receives the response notification information, the second terminal performs signature operation on the information to be signed to obtain signature data, the second terminal sends response information to the first terminal, the information to be signed comprises the response data and a second numerical value, the second numerical value is the sum of the time required by the second terminal for analyzing the response notification information and the time required by the estimated signature operation, and the response information comprises the information to be signed and the signature data;
the first terminal receives the response message and obtains a third numerical value obtained by the second timing when the response message begins to be received; and the first terminal performs signature verification operation on the signature data, verifies whether the third numerical value is matched with the second numerical value, and judges that the response information is safe response information if the signature verification is passed and the verification is passed.
2. The method of claim 1, wherein the communication scheme adopted by the first terminal and the second terminal comprises: short-range wireless communication mode.
3. The method of claim 1 or 2, wherein said checking whether said third value matches said second value comprises:
the first terminal determines whether the third value is within an effective threshold of the second value, where the effective threshold of the second value is [ T, T +2T ], where T is the second value, and T is a time required by the response notification message or the response message to support a maximum communication distance through a communication protocol adopted by the first terminal and the second terminal.
4. A method according to any one of claims 1 to 3, comprising:
the time required by the second terminal for analyzing the response notification information is the time required by the second terminal for predicting and analyzing the response notification information; or,
the second terminal starts third timing according to a preset timing unit when the response notification information is received; and the second terminal analyzes the response notification information to obtain the time required for analyzing the response notification information, which is obtained by the third timing when the analysis of the response notification information is finished.
5. The method according to any one of claims 1 to 4,
the first terminal sends request information to the second terminal, wherein the request information is sent to the second terminal by the first terminal through the first frequency band;
the second terminal receives the request information, wherein the second terminal receives the request information by using the first frequency band;
the first terminal sends response notification information to the second terminal when the timing reaches a first value, wherein the response notification information is sent to the second terminal by using the second frequency band when the timing reaches the first value;
the second terminal receiving the response notification information, including the second terminal receiving the response notification information using the second frequency band;
the second terminal sends response information to the first terminal, wherein the response information is sent to the first terminal by the second terminal by using the first frequency band;
and the first terminal receives the response information, wherein the first terminal receives the response information by using the first frequency band.
6. The method according to any one of claims 1 to 5,
the first numerical value is greater than or equal to a fourth numerical value, and the fourth numerical value is the time required by the second terminal to obtain response data according to the data to be processed in the request information;
the first terminal prestores the fourth numerical value, or the first terminal negotiates with the second terminal before sending request information to the second terminal, and the first terminal obtains the fourth numerical value.
7. The method according to any one of claims 1 to 6,
the first terminal starts first timing according to a preset timing unit when the request message is sent, and the method comprises the following steps: the first terminal starts first timing by using a built-in clock of the first terminal when the request information is sent; the first terminal starts second timing according to a preset timing unit when the sending of the response notification information is finished, and the method comprises the following steps: the first terminal starts second timing by using a built-in clock of the first terminal when the response notification information is sent;
or,
the first terminal starts first timing according to a preset timing unit when the request message is sent, and the method comprises the following steps: the first terminal starts to calculate the cycle number of the communication carrier when the request information is sent; the first terminal starts second timing according to a preset timing unit when the sending of the response notification information is finished, and the method comprises the following steps: the first terminal starts to calculate the cycle number of the communication carrier when the first terminal finishes sending the response notification information; the first terminal always generates the communication carrier in the communication process of the first terminal and the second terminal;
or,
the first terminal starts first timing according to a preset timing unit when the request message is sent, and the method comprises the following steps: the first terminal starts to calculate the pulse number of the communication carrier wave by the first terminal when the request information is sent; the first terminal starts second timing according to a preset timing unit when the sending of the response notification information is finished, and the method comprises the following steps: the first terminal starts to calculate the pulse number of the communication carrier when the response notification information is sent; the first terminal always generates the communication carrier in the communication process of the first terminal and the second terminal;
or,
the first terminal starts first timing according to a preset timing unit when the request message is sent, and the method comprises the following steps: the first terminal starts to record a first phase difference value of a waveform phase of a communication carrier relative to a first starting phase when the first terminal finishes sending the request message, wherein the first starting phase is the waveform phase of the communication carrier when the first terminal finishes sending the request message; the first terminal starts second timing according to a preset timing unit when the sending of the response notification information is finished, and the method comprises the following steps: the first terminal starts to record a phase difference value of a waveform phase of a communication carrier relative to a second initial phase when the first terminal finishes sending the request message, wherein the second initial phase is the waveform phase of the communication carrier when the first terminal finishes sending the response notification message; and the first terminal always generates the communication carrier in the communication process of the first terminal and the second terminal.
8. A secure communication system, comprising:
the first terminal is used for sending request information to the second terminal, and starting first timing according to a preset timing unit when the request information is sent, wherein the request information at least comprises data to be processed;
the second terminal is used for receiving the request information and obtaining response data according to the data to be processed in the request information;
the first terminal is further used for sending response notification information to the second terminal when the first timing reaches a first value, and starting second timing according to a preset timing unit when the response notification information is sent;
the second terminal is further configured to receive the response notification information, perform a signature operation on the information to be signed to obtain signature data, and send response information to the first terminal, where the information to be signed includes the response data and a second value, the second value is a sum of time required for the second terminal to analyze the response notification information and time required for performing the signature operation, and the response information includes the information to be signed and the signature data;
the first terminal is further configured to receive the response message, and obtain a third numerical value obtained by the second timing when the response message starts to be received; and performing signature verification operation on the signature data, verifying whether the third numerical value is matched with the second numerical value, and if the signature verification is passed and the verification is passed, judging that the response information is safe response information.
9. The system according to claim 8, wherein the communication method adopted by the first terminal and the second terminal comprises: short-range wireless communication mode.
10. The system of claim 8 or 9, wherein said checking whether said third value matches said second value comprises:
the first terminal is further configured to determine whether the third value is within a valid threshold of the second value, where the valid threshold of the second value is [ T, T +2T ], where T is the second value, and T is a time required by the response notification information or the response information to support a maximum communication distance through a communication protocol adopted by the first terminal and the second terminal.
11. The system according to any one of claims 8-10, comprising:
the second terminal is further configured to analyze the time required for analyzing the response notification information as time required for the second terminal to predict and analyze the response notification information; or,
the second terminal is further configured to start third timing according to a preset timing unit when the response notification information is received; and the second terminal analyzes the response notification information to obtain the time required for analyzing the response notification information, which is obtained by the third timing when the analysis of the response notification information is finished.
12. The system according to any one of claims 8-11,
the first terminal is used for sending request information to the second terminal, and the request information comprises the request information sent by the first terminal to the second terminal by using a first frequency band;
the second terminal is configured to receive the request information, including that the second terminal is configured to receive the request information using the first frequency band;
the first terminal is further configured to send response notification information to the second terminal when the timing reaches the first value, including that the first terminal is further configured to send response notification information to the second terminal by using the second frequency band when the timing reaches the first value;
the second terminal is further configured to receive the response notification information, including that the second terminal is further configured to receive the response notification information using the second frequency band;
the second terminal is further configured to send response information to the first terminal, including that the second terminal is further configured to send response information to the first terminal using the first frequency band;
the first terminal is further configured to receive the response information, including that the first terminal is further configured to receive the response information using the first frequency band.
13. The system according to any one of claims 8-12, comprising:
the first numerical value is greater than or equal to a fourth numerical value, and the fourth numerical value is the time required by the second terminal to obtain response data according to the data to be processed in the request information;
the first terminal prestores the fourth numerical value, or the first terminal is further configured to negotiate with the second terminal before sending request information to the second terminal, and the first terminal obtains the fourth numerical value.
14. The system according to any one of claims 8 to 13,
the first terminal, configured to start first timing according to a preset timing unit when the request message is sent, includes: the first terminal is used for starting first timing by using a built-in clock of the first terminal when the request information is sent; the first terminal is further configured to start second timing according to a preset timing unit when the sending of the response notification information is completed, and includes: the first terminal is further used for starting second timing by using a built-in clock of the first terminal when the response notification information is sent;
or,
the first terminal, configured to start first timing according to a preset timing unit when the request message is sent, includes: the first terminal is used for starting to calculate the cycle number of the communication carrier by the first terminal when the request information is sent; the first terminal is further configured to start second timing according to a preset timing unit when the sending of the response notification information is completed, and includes: the first terminal is further configured to start to calculate the number of cycles of the communication carrier by the first terminal when the sending of the response notification information is completed; the first terminal always generates the communication carrier in the communication process of the first terminal and the second terminal;
or,
the first terminal, configured to start first timing according to a preset timing unit when the request message is sent, includes: the first terminal is used for starting to calculate the pulse number of the communication carrier wave by the first terminal when the request information is sent; the first terminal is further configured to start second timing according to a preset timing unit when the sending of the response notification information is completed, and includes: the first terminal is further configured to start to calculate the number of pulses of the communication carrier by the first terminal when the sending of the response notification information is completed; the first terminal always generates the communication carrier in the communication process of the first terminal and the second terminal;
or,
the first terminal, configured to start first timing according to a preset timing unit when the request message is sent, includes: the first terminal is configured to start to record a first phase difference value of a waveform phase of a communication carrier with respect to a first starting phase when the request information is sent, where the first starting phase is the waveform phase of the communication carrier when the request information is sent by the first terminal; the first terminal is further configured to start second timing according to a preset timing unit when the sending of the response notification information is completed, and includes: the first terminal is further configured to start recording, by the first terminal, a phase difference value of a waveform phase of a communication carrier with respect to a second start phase when the request information is sent, where the second start phase is the waveform phase of the communication carrier when the response notification information is sent by the first terminal; and the first terminal always generates the communication carrier in the communication process of the first terminal and the second terminal.
Priority Applications (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610640039.9A CN107690145A (en) | 2016-08-05 | 2016-08-05 | A kind of safety communicating method and system |
| PCT/CN2017/095991 WO2018024242A1 (en) | 2016-08-05 | 2017-08-04 | Method and system for secure communication |
| US16/323,516 US11159946B2 (en) | 2016-08-05 | 2017-08-04 | Method and system for secure communication |
| JP2018562175A JP6698880B2 (en) | 2016-08-05 | 2017-08-04 | Safe communication method and system |
| EP17836423.8A EP3495980B1 (en) | 2016-08-05 | 2017-08-04 | Method and system for secure communication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610640039.9A CN107690145A (en) | 2016-08-05 | 2016-08-05 | A kind of safety communicating method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107690145A true CN107690145A (en) | 2018-02-13 |
Family
ID=61151206
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610640039.9A Pending CN107690145A (en) | 2016-08-05 | 2016-08-05 | A kind of safety communicating method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107690145A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1271420A2 (en) * | 2001-06-29 | 2003-01-02 | Alps Electric Co., Ltd. | Passive entry with anti-theft function |
| CN101964074A (en) * | 2010-09-29 | 2011-02-02 | 上海中科国嘉技术转移有限公司 | Radio-frequency electronic identifier and radio-frequency identification system and realization method thereof |
| CN102034063A (en) * | 2009-09-28 | 2011-04-27 | 西门子(中国)有限公司 | Method for adjusting continuous wave transmission time and reader |
| CN102754106A (en) * | 2009-12-23 | 2012-10-24 | 原子能和辅助替代能源委员会 | Method of protection in a contactless radiofrequency communication |
| CN102882683B (en) * | 2012-09-26 | 2015-04-22 | 南京三宝科技股份有限公司 | Synchronizable RFID (radio-frequency identification) security authentication method |
| CN104658186A (en) * | 2015-02-05 | 2015-05-27 | 广东小天才科技有限公司 | Intelligent alarm method and system |
| CN105763492A (en) * | 2016-04-26 | 2016-07-13 | 电子科技大学 | Basic-expansion-model-channel-information-based physical layer authentication method |
-
2016
- 2016-08-05 CN CN201610640039.9A patent/CN107690145A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1271420A2 (en) * | 2001-06-29 | 2003-01-02 | Alps Electric Co., Ltd. | Passive entry with anti-theft function |
| CN102034063A (en) * | 2009-09-28 | 2011-04-27 | 西门子(中国)有限公司 | Method for adjusting continuous wave transmission time and reader |
| CN102754106A (en) * | 2009-12-23 | 2012-10-24 | 原子能和辅助替代能源委员会 | Method of protection in a contactless radiofrequency communication |
| CN101964074A (en) * | 2010-09-29 | 2011-02-02 | 上海中科国嘉技术转移有限公司 | Radio-frequency electronic identifier and radio-frequency identification system and realization method thereof |
| CN102882683B (en) * | 2012-09-26 | 2015-04-22 | 南京三宝科技股份有限公司 | Synchronizable RFID (radio-frequency identification) security authentication method |
| CN104658186A (en) * | 2015-02-05 | 2015-05-27 | 广东小天才科技有限公司 | Intelligent alarm method and system |
| CN105763492A (en) * | 2016-04-26 | 2016-07-13 | 电子科技大学 | Basic-expansion-model-channel-information-based physical layer authentication method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2869917C (en) | Detecting a communication tap via signal monitoring | |
| KR102761490B1 (en) | Method and apparatus for authenticating car smart key | |
| US10609552B2 (en) | System and method for data communication protection | |
| US9400901B2 (en) | Method for operating a communication system | |
| WO2018024241A1 (en) | Data communication method and system | |
| US11159946B2 (en) | Method and system for secure communication | |
| CN107690133B (en) | Data communication method and system | |
| CN107690144B (en) | Data communication method and system | |
| CN112688774A (en) | Secure communication method and system for protecting key negotiation by using timing communication | |
| CN107688749B (en) | Secure communication method and system | |
| CN107689946B (en) | Data communication method and data communication system | |
| CN107690145A (en) | A kind of safety communicating method and system | |
| CN107690143B (en) | Data communication method and system | |
| CN107688760B (en) | Data communication method and data communication system | |
| JP2020529089A (en) | Payment processing | |
| US10567956B2 (en) | Data communication method and system | |
| CN107688761B (en) | Data communication method and data communication system | |
| CN107690141B (en) | Data communication method and system | |
| CN107690142B (en) | Data communication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180213 |
|
| RJ01 | Rejection of invention patent application after publication |