The content of the invention
The present invention proposes a kind of sound wave authentication method to make up the deficiencies in the prior art, and the technology uses the volume of high frequency sound waveCode, makes full use of the transmittability of high frequency sound wave, in sound of the equipment end real-time coding/decoding comprising one time key coding informationFrequency flows, and in the case where that need not install additional communication device, the direct transmission of data is realized between authenticating device, quick and preciselyIt is safely completed certification end and is certified the two-way authentication at end.
In order to meet transmission requirement, the present invention solves its technical problem by the following technical programs.The technical scheme is mainComprising two parts:First, the identity identifying method based on acoustic communication;2nd, authentication of the realization based on acoustic communication isSystem design.With reference to Fig. 1, one kind utilizes acoustic communication identity authentication method, it is characterised in that methods described is based on acoustic communicationThe identity identifying method of checking equipment, comprises the following steps:
Step 10, system initialization, certification both sides agreement identifying algorithm initial parameter;
Step 20, the side of being certified send detecting probe information activating and authenticating equipment;
Step 30, authenticating device play the audio signal comprising its equipment unique identifying number;
Step 40, the side of being certified generate one time key by identifying algorithm;
Step 50, the side of being certified are encoded one time key by real-time audio stream;
Step 60, certification end receive real-time audio information, carry out solution code authentication;
Step 70, certification end are processed authentication result.Real-time audio is encoded, is passed to and is certified end;
Step 80, the side of being certified receive the authentication result audio stream of step 7 broadcasting, are decoded and shown authentication result.
Further, the step 10 is comprised the following steps:
Step 11. authenticating party authentication initialization algorithm parameter, the identifying algorithm parameter information comprises at least following information:The shared key and accurate universal time of authenticating party unique identifying number and correspondence authenticating party unique identifying number.
Step 12. side of being certified authentication initialization algorithm parameter, the identifying algorithm parameter information is comprised at least to be believedBreath:The side of being certified has permission the list of certification successful authenticating party unique identifying number, the corresponding shared key list of unique identifying numberAnd accurate universal time.
Further, the step 20 is comprised the following steps:
Step 21, the side of being certified are reached near certification method, apparatus, and in the spherical scope of a diameter of 0.1m~2m, triggering is recognizedCard operation;
Step 22, be certified method, apparatus send audio probe signals activating and authenticating method, apparatus.
Further, the side of being certified described in step 21 holds mobile terminal device, smart mobile phone or panel computer and is recognizedCard operation;Certification method, apparatus described in step 21 are mobile terminal device, smart mobile phone, panel computer or embedded device.
Further, certification method, apparatus are constantly in audio select state described in step 21.
Further, the step 30 is comprised the following steps:
After step 31. authenticating device receives probe signals, the equipment unique mark coded audio of broadcast playback oneself;
Further, stop after one section of set time of equipment unique mark coded audio of step 31 broadcast playback oneselfOnly play, energy-conservation can be reached and the purpose of interference is reduced.
Further, the step 40 is comprised the following steps:
Step 41. is certified unique sign number that method, apparatus have correctly received authenticating device, retrieves whether this equipment has thisThe shared key of authenticating device.If inquiry is present, into step 42, otherwise authentification failure.
Step 42. uses TOTP algorithms (Time-Based One-Time Password Algorithm) and step 10The parameter and shared key of initialization, generate disposable certification key.TOTP algorithms are existing ripe identifying algorithm, reference can be made toRFC (Request For Comments) document RFC 6238.
The acoustic communication checking equipment includes:Sound wave input module;Sound wave output module;Time synchronized module;Sound waveEncoding and decoding;Identifying algorithm processor module.
Further, the sound wave input module, for by the microphone in equipment or other sound collection equipments, adoptingSound near collection equipment in limited range;
Further, the sound wave output module, for by the loudspeaker in equipment or other audio playing devices,Broadcast encoder or uncoded audio stream information;
Further, the time synchronized module, realizes the time synchronized between multiple equipment, it is ensured that identifying algorithm canNormal accurate work.Time synchronized module is divided into Network Synchronization and offline synchronization both of which;
Further, the time network is synchronous and offline synchronization pattern is:
Network time synchronization module can be by internet, by time synchronized server real-time synchronization UTC(Universal Time Coordinated) carrys out the Coordinated Universal Time(UTC).
Offtime synchronization module carries out offline time timing using real-time clock module, it is ensured that be consistent with UTC.
Further, the sound wave coding/decoding module is to include acoustic coded module harmony wave decoder module, and sound wave is compiledCode module can be encoded into audio stream text message;Sound wave decoder module will can be taken in the audio stream with coding informationThe information of band is decoded into text message;
Further, the identifying algorithm processor module is to be carried out generating OTP keys and verified close using OTP algorithmThe processing module of key.
The advantage of the invention is that:
(1) information transmission is carried out by high frequency sound wave, the existing equipment of user terminal adds branch by module without transformation or newlyHold such communication modes.
(2) high frequency sound wave bidirectional communication protocol is defined, the duplex communication of authenticating party and the side of being certified is realized.
(3) audio stream authentication information is the one time key of real-time coding, even if audio stream information is replicated, cannot also be enteredThe multiple certification of row, it is ensured that the security of certification.
(4) TOTP verification modes are carried using acoustic communication, safe, application scenarios are wide.
(5) communication distance can play the adjustable communication distance that decibel realizes 0.1m~2m by adjusting audio.
Specific embodiment
As shown in figure 1, the invention provides a kind of identity identifying method based on sound wave two-way communication, by three part groupsInto:Certification both sides (including be singly not limited only to, mobile phone terminal and sound wave access control equipment), and rights management backstage.
With reference to Fig. 1, whole identifying procedure is related to authenticating party and the side of being certified, and the side of being certified can be pre-installed on smart mobile phoneApplication program;Authenticating party can be both the authentication application program of smart mobile phone, or recognize comprising the customized of each generic moduleCard equipment (referring to Fig. 2).
Implement scene, sets the owner that the side of being certified is hand-held intelligent mobile phone in detail below;Authenticating party leads to for support sound waveBelieve the access controller of certification.Details are as follows for specific implementation method:
Certification both sides holonomic system initialization first, completes the setting of identifying algorithm initial parameter.
The system initialization is the volume solution of burning in the application program and authenticating device processor of prepackage in smart mobile phoneCoded program and authentication procedure are consistent.
Time parameter in initial parameter:Mobile phone carries out time synchronized by internet using real-time time synchronization module;Access controller takes Offtime synchronization module mode, it is ensured that the time synchronized with mobile phone.
The algorithm secret key that initialization authority information is included, mobile phone A PP obtains user's quilt by network from certification backstageThe permissions list of the equipment of mandate and the corresponding seed key of each authority.
Can be triggered manually when in the range of user's handheld mobile phone equipment arrival access controller equipment nearby 0.1m~2mAuthentication operation.The action of triggering manually can be click on the specific button in program, or shake mobile phone triggering.
Handset program after triggering command is received, by mobile phone speaker play encoded probe signals audio stream withActivation access control equipment.
Further, the frequency range of the audio stream of coding is 17kHz~22kHz.
Gate inhibition end is constantly in listening state, after it receives probe signals, plays uniquely marked comprising its equipment immediatelyKnow the audio signal of coding.
As shown in figure 3, after mobile phone has correctly received the unique identifying number of authenticating device, in retrieval local data permissions listWhether the permission grant and corresponding TOPT shared key of the access control equipment is included.
Further, wherein local permissions list is serviced from remote rights management system by way of network is downloadedDevice is obtained.Authority relation between user and equipment can be managed and be changed by right management server.
If in permissions list comprising the access control equipment authority, can according to TOTP algorithm combination shared keys and currentlyTime generates disposable certification key.
Mobile phone terminal is encoded one time key by real-time audio stream.
The one time key of generation is carried out the real-time stream encryption of audio and carries out audio loop play by mobile phone A PP.
Access control equipment is constantly in listening state, receives and verify the coding sound comprising one time key of mobile phone terminal broadcastingFrequency is flowed, and then the audio having correctly received is decoded, and the mobile phone A PP obtained after decoding is transferred to the disposable of access control equipmentKey.
The TOTP shared key parameters that access control equipment is locally stored by access control equipment, the output of binding time synchronization moduleTime, using TOTP algorithms, generate TOTP one time keys, and the key of mobile phone terminal transmission after the key and decoding is comparedIt is right, if comparison result is consistent, control door-lock opening, certification success.If comparison result is inconsistent, without door lock action, recognizeCard failure.
Authentication result is carried out real-time audio stream encryption and played by access control equipment.
Mobile phone terminal receives the authentication result audio stream of access control equipment broadcasting, is decoded and shown authentication result.
After mobile phone A PP correctly receives the authentication result audio stream of step 72 broadcasting, decoded, and on the display deviceDisplaying authentication result.
Mobile phone A PP carries out log recording, and the uploading system central server in the case where there is network to authentication resultPut on record.
Certification scene has a many places application scenarios in actual life, such as work attendance, register, be not limited only in the present inventionGate inhibition's scene preferred embodiment.
Presently preferred embodiments of the present invention is the foregoing is only, is not intended to limit the invention, it is all according to the present patent application patentImpartial change, modification and improvement that scope is done etc., all should be within protection scope of the present invention.