Disclosure of Invention
The disclosure is in part intended to introduce concepts in a simplified form that are further described below in the detailed description. The disclosure is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
Some embodiments of the present disclosure propose device processing methods, apparatuses, devices, computer readable media and program products to solve one or more of the technical problems mentioned in the background section above.
In a first aspect, some embodiments of the present disclosure provide a device processing method, applied to a near field communication device, where the method further includes, in response to the near field communication device being activated by a target device having a near field communication function, transmitting challenge data stored in a static random access memory to the target device, monitoring a response data packet transmitted by the target device and responding to the challenge data, verifying correctness and validity of the response data packet by using a device authentication key stored in advance, to obtain a first verification result, in response to the first verification result characterizing correctness and validity, executing an unlocking process of the target device, and in response to the target device being in an unlocked state, automatically executing a setting process operation of an unlocking event.
Optionally, the method further comprises the steps of obtaining a challenge value which is currently generated by the micro control unit periodically, determining the challenge value, a random number and a time stamp as adjustment data, wherein the random number is a value which is generated by the micro control unit and used for guaranteeing data validity, the time stamp is a generation time corresponding to the challenge value generated by the micro control unit, and presetting the target equipment state to be a waiting response state and a low-power consumption processing execution state.
Optionally, the generation of the response data packet includes the steps of reading the challenge data from the static random access memory, verifying the validity and freshness of the challenge data to obtain a second verification result, responding to the second verification result to represent no error, generating signature information aiming at the challenge data by using a pre-stored device authentication key, and determining the current authentication state and the signature information as the response data packet.
Optionally, the near field communication device performs at least one of setting, in a device production stage, data required by device operation corresponding to the near field communication device to be written into a target nonvolatile memory included in the near field communication device, wherein the data required by device operation includes basic data, device identification information and a device authentication key, and configuring initial security parameters and an access control policy.
Optionally, the near field communication device performs at least one of the following setting in a security setting stage, namely performing read-write protection processing on a sensitive data area in the target nonvolatile memory, performing locking processing on a key data area in the target nonvolatile memory, and performing write protection processing on firmware in the target nonvolatile memory.
Optionally, the near field communication device performs at least one of the following setting in a function test stage, namely testing a communication function corresponding to the near field communication device, a target bus communication function and a read-write function corresponding to the static random access memory, and performing challenge and response test on the near field communication device to simulate an actual authentication process and verify the safety of the device.
Optionally, the near field communication device performs at least one of setting default parameters, default security levels and challenge update frequencies for the near field communication device in an initial configuration stage, and initializing a data area corresponding to the static random access memory to clear data.
Optionally, the near field communication device performs at least one of the following setting in the binding and sharing stage, namely sending the device authentication key to a target application in the target device for key storage, and writing near field communication structured data for pulling up the target application in the target device in the static random access memory.
Optionally, in the low-power state of the near field communication device, at least one processing operation of powering the near field communication module and the micro control unit in advance to support achieving a target secondary unlocking operation, cutting off at least one unnecessary function module, setting the near field communication module as a passive wake-up mechanism, closing the micro control unit to periodically generate a challenge value, setting a byte size corresponding to the challenge value, shortening a response time corresponding to a response data packet to a target time, optimizing a verification path, and sending low-power alarm information to the target device.
In a second aspect, some embodiments of the present disclosure provide a device processing apparatus, applied to a near field communication device, including a transmitting unit configured to activate a built-in near field communication module in response to the near field communication device being activated by a target device having a near field communication function, to transmit challenge data stored in a static random access memory to the target device, a verification unit configured to listen to a response data packet sent by the target device and responding to the challenge data, and perform correctness and validity verification on the response data packet by using a device authentication key stored in advance, to obtain a first verification result, a first execution unit configured to perform unlocking processing of the target device in response to the first verification result indicating that the first verification result is correct and valid, and a second execution unit configured to automatically perform a set processing operation of an unlocking event in response to the target device being in an unlocked state.
Optionally, the device further comprises a step of acquiring a challenge value which is currently generated by the micro control unit periodically, a step of determining the challenge value, a random number and a time stamp as adjustment data, wherein the random number is a value which is generated by the micro control unit and used for guaranteeing the validity of the data, the time stamp is a generation time corresponding to the challenge value generated by the micro control unit, and the target equipment state is preset to be in a waiting response state and a low-power consumption processing state is executed.
Optionally, in the low-power state of the near field communication device, at least one processing operation of powering the near field communication module and the micro control unit in advance to support achieving a target secondary unlocking operation, cutting off at least one unnecessary function module, setting the near field communication module as a passive wake-up mechanism, closing the micro control unit to periodically generate a challenge value, setting a byte size corresponding to the challenge value, shortening a response time corresponding to a response data packet to a target time, and sending low-power alarm information to the target device.
In a third aspect, some embodiments of the present disclosure provide an electronic device comprising one or more processors, a storage device having one or more programs stored thereon, which when executed by the one or more processors, cause the one or more processors to implement a method as described in any of the implementations of the first aspect.
In a fourth aspect, some embodiments of the present disclosure provide a computer readable medium having a computer program stored thereon, wherein the program when executed by a processor implements a method as described in any of the implementations of the first aspect.
In a fifth aspect, some embodiments of the present disclosure provide a computer program product comprising a computer program which, when executed by a processor, implements the method described in any of the implementations of the first aspect above.
The above embodiments of the present disclosure have the following beneficial effects that the device processing method of some embodiments of the present disclosure realizes efficient unlocking of the device by the near field communication technology on the basis of guaranteeing authentication security. Specifically, the reason for the low unlocking efficiency of the related equipment is that the safety protection measures of the equipment are not perfect enough and are easy to be attacked maliciously, so that the data leakage and the illegal access of the functions of the equipment are caused. Meanwhile, the interaction mode of the equipment and the user is single, the operation is complex, the user experience is affected, the use logic of the equipment is complex, and the efficiency is low. Based on this, the device processing method of some embodiments of the present disclosure first, in response to the above-described near field communication device being activated by a target device having a near field communication function, the built-in near field communication module transmits challenge data stored in the static random access memory to the above-described target device. Here, the convenience of interaction between the device and the user can be greatly improved by using the near field communication technology. The challenge data stored by the static random access memory can be kept constant as long as the power is kept on. And sending the challenge data to the target device to be processed as a response, so as to realize effective security authentication of the target device. And then, monitoring a response data packet which is sent by the target device and is used for responding to the challenge data, and verifying the correctness and the validity of the response data packet by utilizing a pre-stored device authentication key to obtain a first verification result. The validity and the validity of the response data packet are verified, so that the effective safety authentication of the equipment can be realized on the basis of ensuring the data safety of the equipment. Then, in response to the fact that the first verification result is characterized as correct and valid, after the safety certification is ensured to pass, the target equipment unlocking process can be automatically executed to carry out subsequent relevant equipment processing operation. Finally, in response to the target device being in an unlocked state, the set processing operation of the unlocking event is automatically executed. In conclusion, through the technology of the near field communication function, the interaction mode of the equipment and the user can be diversified and facilitated. Through the back and forth verification of the challenge data and the response data packet between the equipment and the user, the safety authentication in the equipment unlocking process can be realized, the safety protection of the equipment is ensured, and the occurrence of malicious attack, which causes the occurrence of equipment data leakage and illegal function access, is avoided.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete. It should be understood that the drawings and embodiments of the present disclosure are for illustration purposes only and are not intended to limit the scope of the present disclosure.
It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings. Embodiments of the present disclosure and features of embodiments may be combined with each other without conflict.
It should be noted that the terms "first," "second," and the like in this disclosure are merely used to distinguish between different devices, modules, or units and are not used to define an order or interdependence of functions performed by the devices, modules, or units.
It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those of ordinary skill in the art will appreciate that "one or more" is intended to be understood as "one or more" unless the context clearly indicates otherwise.
The names of messages or information interacted between the various devices in the embodiments of the present disclosure are for illustrative purposes only and are not intended to limit the scope of such messages or information.
Operations such as collection, storage, use, etc. of personal information (e.g., response packets) of a user involved in the present disclosure involve the relevant organization or individual being up to the end of obligations including developing personal information security impact assessment, fulfilling informed obligations to the personal information body, soliciting authorized consent of the personal information body in advance, etc., before performing the corresponding operations.
The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
With continued reference to fig. 1, a flow 100 of some embodiments of a device processing method according to the present disclosure is shown. The device processing method is applied to near field communication devices and comprises the following steps:
And step 101, responding to the fact that the near field communication device is activated by a target device with near field communication function to activate a built-in near field communication module, and sending challenge data stored in a static random access memory to the target device so as to perform response processing of the challenge data.
In some embodiments, in response to the near field communication device activating a built-in near field communication module by a target device having a near field communication function, an execution subject of the device processing method (for example, near field communication device) may transmit challenge data stored in a static random access memory to the target device to perform response processing of the challenge data. The near field Communication device may be a device to be unlocked, which has a Near Field Communication (NFC) function. In different scenarios, the near field communication device may be a device of different functionality. For example, for a door lock only secure interaction scenario, the near field communication device may be a smart door lock with near field communication functionality. For another example, for an intelligent home scenario, the near field communication device may be a control device corresponding to an intelligent home control system having a near field communication function. The target device where the near field communication function is present may be an object that activates the near field communication device. In practice, the target device may be a handheld device supporting near field communication corresponding to the manipulation object. For example, in a smart door lock scenario, the target device may be a mobile terminal (e.g., a cell phone, a remote control, etc.) that the target user holds. And through the mobile terminal, the unlocking processing of the intelligent door lock is realized by utilizing a near field communication technology. In a smart home scenario, the target device may be a mobile terminal (e.g., a mobile phone, a remote control, etc.) that is held by the target user. The unlocking treatment and various control treatments of the intelligent furniture are realized by the mobile terminal through a near field communication technology. The near field communication module may be an NFC module in a near field communication device. For example, the NFC module may be an NFC wireless keyboard (Keypad). It should be noted that the condition that the near field communication device is activated by the target device may be set by the near field communication device in the production phase. For example, the condition of activation may be that a distance between the target device's corresponding NFC interface and a near field communication module in the near field communication device is less than a target value. SRAM (Static Random-Access Memory) is a semiconductor Memory based on a flip-flop structure, and stores data through a transistor bistable circuit, so long as power supply is maintained, information can be stored for a long period of time, and periodic refreshing like DRAM (dynamic Random Access Memory) is not required. Challenge data (CHALLENGE DATA) in NFC refers to dynamically generated data used to verify the identity of a device or user during secure authentication, typically involving encryption protocols and two-way verification mechanisms. The core function of the challenge data is to ensure the authenticity and data integrity of both communication parties and prevent replay attacks and identity falsification through temporarily generated random numbers (nonces) or encrypted instructions. The subject of the response processing of the challenge data described above is the target device. The target device performs an authentication process by responding to the challenge data.
As an example, the executing entity may receive a challenge data acquisition request sent by the target device over the RF interface (Radio FrequencyInterface). And the executing body sends the challenge data stored at the current time to the target equipment according to the challenge data acquisition request.
It should be noted that, for the target device being a mobile device, when the target device locks the screen, obvious marks are marked at the NFC tag positions of the devices (such as the smart lock and the electronic device), so that the user is guided to approach the middle part (usually the NFC antenna position) of the mobile phone to the tag center, and the angle deviation is reduced. And a high-sensitivity NFC chip (such as NXP PN 532) is adopted, so that a wide range of induction distance (0-5 cm) is supported, and the dependence on accurate lamination is reduced. And a short-distance strong magnetic field area is arranged at the equipment end, the mobile equipment is close to the screen locking, namely the rapid wake-up is triggered, and the NFC controller is forcedly activated (the equipment MCU is required to support the low-power wake-up NFC module).
In some optional implementations of some embodiments, before step 101, the method further includes:
In a first step, a challenge value is obtained that is currently periodically generated by a micro control unit (Microcontroller Unit, MCU). That is, the challenge value may be content that the micro control unit periodically generates. For example, challenge values are generated every 10 minutes. In practice, the MCU may generate the challenge value on a random period. The Challenge value (Challenge) in device authentication is a core element in a secure authentication protocol, and is mainly used for verifying the authenticity of a device or a user identity, and preventing replay attacks and counterfeiting risks. The key function is to ensure the uniqueness and security of each authentication interaction through dynamically generated random numbers or encryption parameters. For example, for a smart door lock scenario, the MCU generates a new random challenge value every 5 minutes through I2C (Inter-INTEGRATED CIRCUIT). For smart home scenarios, the MCU generates a new random challenge value every 10 minutes.
And secondly, determining the challenge value, the random number and the time stamp as adjustment data. The time stamp may be a time stamp generated by the challenge value, or may be a time stamp corresponding to the challenge value obtained. Wherein the random number is a value generated by the micro control unit for guaranteeing the validity of the data. The time stamp is a generation time corresponding to the challenge value generated by the micro control unit.
And thirdly, presetting the target equipment state to be a waiting response state and executing a low-power consumption processing state. The wait response state may be a state in which the target device is waiting to respond to the challenge data.
In some optional implementations of some embodiments, the near field communication device performs at least one of the following settings during a device production phase:
And 1, writing data required by the operation of the device corresponding to the near field communication device into a target nonvolatile memory (EEPROM) included in the near field communication device. The data required by the operation of the equipment comprises basic data, equipment identification information and equipment authentication keys. The underlying data may be, among other things, the most basic data required for the device to operate. For example, the base data may include device parameters, device status. The device identification information may characterize identity information of the device. In practice, the device identification information may include a device identifier and a unique device ID. The device authentication key may be a key required in the device authentication process.
Setting 2, configuring initial security parameters and access control strategies. The initial security parameters of the device are basic security configuration which ensures that the device is deployed for the first time or restored to factory settings, and the initial security parameters cover hardware, software and core settings of a network layer. The initial security parameters may include, but are not limited to, at least one of identity authentication parameters, network and communication security parameters. Firmware and software security parameters, physical and environmental parameters. The access control policy may be a rule system for dynamically managing access rights of equipment resources, and needs to combine identity, role and environmental attribute to achieve fine management and control.
In some optional implementations of some embodiments, the near field communication device performs at least one of the following settings in a security setup phase:
And 1, performing read-write protection processing on a sensitive data area in the target nonvolatile memory. The sensitive data area may be a storage area corresponding to the sensitive data. Aiming at the intelligent door lock scene, the EEPROM is subjected to write protection by a safety management module of the door lock, so that the data is prevented from being tampered.
Setting 2, locking the key data area in the target nonvolatile memory. The key data area may be a storage area corresponding to the device authentication key. Setting up read-write protection of sensitive data area (such as authentication key storage area) in EEPROM, and locking device key area to prevent unauthorized access.
And 3, performing write protection processing on the firmware in the target nonvolatile memory. Aiming at an intelligent door lock scene, if the door lock supports firmware update, firmware write protection is set through a firmware management interface, so that the safety of the firmware is ensured.
In some optional implementations of some embodiments, the near field communication device performs at least one of the following settings during the functional test phase:
and 1, testing a communication function corresponding to the near field communication equipment, a target bus communication function and a read-write function corresponding to the static random access memory. The communication function corresponding to the near field communication device may be an NFC communication function. The target bus communication function may be an I2C connection function. The read-write function corresponding to the static random access memory can be an SRAM read-write function, and besides, NFC RF communication can be tested.
And 2, performing challenge and response tests on the near field communication equipment to simulate an actual authentication process and verify the safety of the equipment. Here, a complete challenge-response test is performed, simulating the actual authentication process, verifying the security of the device.
In some optional implementations of some embodiments, the near field communication device performs at least one of the following settings in an initial configuration phase:
Setting 1, setting default parameters, default security level and challenge updating frequency for the near field communication device. In practice, default parameters, default security levels, and challenge update frequency may be set through a configuration interface or App of the device. For the intelligent door lock scene, default parameters of the door lock are set through a configuration interface or an App of the door lock, for example, NFC communication frequency is 13.56MHz, and data format is NFC Data Exchange Format. The default security level of the door lock is configured to be high and the challenge update frequency is set to once every 5 minutes. And initializing the SRAM data area of the door lock, and clearing the previous data. For the smart home scene, default parameters of the system, such as NFC communication frequency, data format and the like, are set through a configuration interface or an App of the system. The default security level of the configuration system is medium, setting the challenge update frequency to once every 10 minutes. Initializing a system SRAM data area.
And 2, initializing the data area corresponding to the static random access memory to clear the data.
In some optional implementations of some embodiments, the near field communication device performs at least one of the following settings in the binding and sharing phase:
And 1, sending the device authentication key to a target application in the target device so as to store the key. In practice, the secret key stored in the NFC Tag is transferred to the App through a service server or Bluetooth and the like, and is stored in the App. And when the sharing device is given to an authorized user, the key is transferred to the user's App in the same manner.
Setting 2, writing near field communication structured data for pulling up a target application in the target device in the static random access memory. In practice, NDEF information is written in KEYPAD NFC SRAM to ensure that the target device can correctly identify the App that needs to be pulled up.
Alternatively, NFC unlocking without app on may be achieved by the following settings:
Firstly, through deep cooperation of system-level NFC event monitoring and a hardware-level security module, an NFC unlocking function of the mobile equipment in a screen locking or no-application running state is realized. The specific core architecture is divided into three layers:
the device side integrates an NFC chip (such as NXP PN 7642) with a Secure Element (SE), stores device keys and generates dynamic challenge values.
And 2, receiving challenge data through a system-level NFC service (such as NFCADAPTER of Android or Core NFC of iOS) at the mobile equipment end, and completing encryption response by using SE or TEE (trusted execution environment).
And 3, communication protocol, namely adopting a lightweight encryption protocol (such as HMAC-SHA 256) to realize challenge-response interaction, and ensuring data integrity and replay attack prevention.
Then, the following configuration is performed for the NFC tag:
1 setting up the NDEF record by embedding a custom URI (e.g., yourapp:// nfc-unlock), triggering system level operations without launching the application.
2, Setting the data format by adopting NFC Forum Type 5 label (ISO 15693) to support a rapid data exchange and anti-collision mechanism.
The integrated processing operation of the security module is as follows:
1, a device authentication key (e.g., AES-256) is stored in a SE chip (e.g., NXP PN 532) and protected by hardware encryption.
The MCU periodically generates a random challenge value (such as 32 byte Nonce) through the I2C interface and writes to the SRAM area of the NFC tag.
And 102, monitoring a response data packet which is sent by the target device and is used for responding to the challenge data, and verifying the correctness and the validity of the response data packet by utilizing a pre-stored device authentication key to obtain a first verification result.
In some embodiments, the executing body may verify the correctness and validity of the response data packet sent by the target device and responding to the challenge data by using a device authentication key stored in advance, so as to obtain a first verification result. The response data packet may be a data packet after responding to the challenge data. The response data packet may include response information and response encryption information for responding to the challenge data. The device authentication key may be a key that authenticates the device. The correctness verification may be to verify whether the response packet is correct. In practice, the accuracy of the reply information and the response encryption information may be checked by the device authentication key. The validity of the response data packet is checked by checking the receipt time stamp of the response data packet. The first verification result may be a verification result of whether the response data packet is correct or valid. Here, the near field communication device triggers packet listening by the target duration to listen if the target device sent the response packet.
It should be noted that in the challenge and response mechanism, asynchronous wake-up and low power wake-up designs are supported. Asynchronous wake-up may be when the device detects that the mobile device is close (even if the mobile device locks the screen), sends challenge data (including a timestamp, a random number) through NFC, if the first read fails (e.g., the mobile device does not wake up an application), the device buffers the challenge data in SRAM and allows repeated reads (up to 3 retries) within 3 seconds, improving the fault tolerance. The low-power consumption wake-up design can be that the NFC module of the device is in a low-power consumption monitoring mode when in standby, and the MCU is only woken up when the NFC field intensity of the mobile device is detected, so that frequent power consumption polling is avoided, and instant response is ensured.
In some optional implementations of some embodiments, generating the response packet includes the steps of:
First, the challenge data is read from the sram.
And secondly, verifying the validity and freshness of the challenge data to obtain a second verification result. The validity verification ensures that Challenge data (Challenge) accords with expected rules in terms of logic, format and encryption result, and prevents counterfeiting or falsification attack. For example, validity verification may include format verification, encryption result matching, and business logic verification. Freshness verification is to prevent replay attacks (REPLAY ATTACK) while ensuring that the challenge data is time-efficient. Freshness verification may include time stamp verification, random number/sequence number incrementing, dynamic key updating. The second verification result may include a validity verification result and a freshness verification result. Freshness verification may be a verification process that confirms whether challenge information is newly generated.
And thirdly, generating signature information aiming at the challenge data by utilizing a pre-stored device authentication key in response to the second verification result. Wherein the signature information may be an HMAC signature.
And fourth, determining the current authentication state and the signature information as response data packets.
And step 103, performing the target equipment unlocking process in response to the fact that the first verification result is characterized as correct and valid.
In some embodiments, the execution body may perform a device unlocking process in response to the first verification result characterizing correct and valid. That is, under the condition that the first verification result is determined to be characterized to be correct and effective, the characterization target device passes through device authentication and supports near field communication interaction.
And 104, responding to the target equipment in an unlocking state, and automatically executing the setting processing operation of the unlocking event.
In some embodiments, the execution body may automatically perform a setting processing operation of the unlock event in response to the target device being in the device unlock state. The unlocking event may be the whole event process of performing device authentication and device unlocking between the near field communication device and the target device. In practice, the various processing operations may include, but are not limited to, at least one of unlocking event storage processes, updating device states, purging sensitive data from SRAM. For example, for a smart door lock scenario, various processing operations may include logging an unlock event, clearing sensitive data in the SRAM, and resetting the door lock state. For example, for smart home scenarios, various processing operations may include logging unlock events, clearing sensitive data in the SRAM, and resetting the smart home system state.
In some optional implementations of some embodiments, in a low-battery state of the near field communication device, at least one of the following processing operations is performed:
And 1, pre-powering the near field communication module and the micro control unit to support the target secondary unlocking operation. That is, when the main battery is low in power, the pre-stored power supplies power to the NFC module (passive mode) and the MCU minimum system (I2C, SRAM, NFC controller only), supporting at least 10 unlocking operations
Operation 2. At least one unnecessary functional module is cut off. That is, when the battery voltage is detected to be lower than the threshold value (such as 2.8V), the power supply of unnecessary modules (such as a display screen and a wireless communication module) is automatically cut off, and only the NFC receiver, the MCU low-power consumption core unit and the SRAM maintaining circuit are reserved.
And 3, setting the near field communication module as a passive wake-up mechanism. The passive wake-up mechanism may be that 1, the NFC module works in a passive mode (Tag mode), and is activated only when the NFC antenna of the mobile device approaches (power consumption <10 μa standby), so as to avoid high power consumption caused by active scanning. 2, when the mobile equipment is close, the equipment is awakened through NFC field intensity induction (energy coupling in ISO/IEC 14443 protocol) without continuous monitoring.
And 4, closing the micro control unit to periodically generate a challenge value, and setting the corresponding byte size of the challenge value. The periodic generation of the challenge value by closing the micro control unit can be that a standby state does not periodically generate a new challenge (the power consumption of the original function is about 1 mA/time), and only a single challenge is temporarily generated when NFC is triggered, so that the operation power consumption of the MCU is reduced. Setting the challenge value corresponding byte size may be that the challenge value length is reduced from 32 bytes to 16 bytes (e.g., just random number, omitting the timestamp) at low power, but retaining the anti-replay mechanism (last 10 nonces recorded by SRAM, refusing repetition).
And 5, shortening the response time corresponding to the response data packet to the target time. In practice, the response timeout time is shortened from 30 seconds to 10 seconds, and the active time of the NFC module and the MCU is reduced.
It should be noted that, when the device (such as the smart lock and the internet of things terminal) enters a low-power state (such as the battery voltage is lower than a preset threshold value and is generally lower than 3.0V), the NFC module is prevented from continuously monitoring to cause power exhaustion, the user is ensured to trigger unlocking through NFC, the device is prevented from being "dead" and inaccessible, and the security of the authentication mechanism (such as key protection and challenge freshness verification) is not reduced when the battery voltage is low.
And 6, optimizing the verification path. The optimized verification path may skip non-critical checking (such as optional steps of writing user ID), directly check HMAC response and Nonce uniqueness, and reduce calculation power consumption. The verification path may be a verification path of a response data packet in the process of device authentication.
And after step 104, the steps further include:
the execution body may send the low battery warning information to the target device.
Optionally, the executing body may cut off at least one unnecessary functional module, including the steps of:
And the first step, obtaining the residual electric quantity corresponding to the near field communication equipment in the current time.
And secondly, selecting corresponding necessary function module information according to the electric quantity interval corresponding to the residual electric quantity. The necessary function module information can represent each necessary function module capable of supplying power in the electric quantity interval. I.e. different power intervals, correspond to different executable necessary functional modules.
And thirdly, displaying each necessary function module and the corresponding power supply identifier in the necessary function module information on a power supply page so as to enable an operation object to carry out power supply adjustment of each necessary function module. The power supply page may be a page that processes power supply related events.
And step four, receiving the adjusted necessary function module set for power supply.
And fifthly, determining whether normal power supply can be realized according to the power consumption corresponding to each necessary functional module in the necessary functional module set.
And a sixth step of performing power supply processing for the above-described necessary function module set in response to determining that normal power supply of the necessary power supply module set can be achieved, and taking the remaining function module set as at least one unnecessary function module to perform power supply cancellation processing.
And seventh, in response to determining that normal power supply of the necessary power supply module set cannot be realized, displaying the necessary power supply module with lower priority, the mark for not supplying power and the reason for not supplying power on the power supply page according to the priority of the power supply module corresponding to the necessary power supply module, so as to adaptively adjust the operation object to obtain the target necessary function module set.
And eighth, performing power supply processing for the target necessary function module set, and taking the rest function module set as at least one unnecessary function module to perform power supply cancellation processing.
And ninth, taking the necessary function module set or the target necessary function module set as a module power supply alternative scheme corresponding to the electric quantity interval.
And tenth, responding to the receiving of the supply determining information for the electric quantity interval at the next time, and displaying the module power supply alternative scheme to select the operation object.
As one of the inventive points of the present disclosure, another technical problem "how to achieve user-satisfactory and customized power supply in the case of limited power supply" is solved, so as to ensure power supply requirements of the near field communication module and the fine tuning unit. Based on the above, the present disclosure makes preliminary determination of necessary function module information through the correspondence between the electric quantity region and the necessary function module information. Based on the preliminary determination, user satisfaction and customized power supply are realized through customized selection of the power supply module. On the basis, the generation of the module supply alternative scheme can realize the efficient completion of the configuration of the necessary functional modules under the condition that the supply of the electric quantity interval also occurs at the next time.
The above embodiments of the present disclosure have the following beneficial effects that the device processing method of some embodiments of the present disclosure realizes efficient unlocking of the device by the near field communication technology on the basis of guaranteeing authentication security. Specifically, the reason for the low unlocking efficiency of the related equipment is that the safety protection measures of the equipment are not perfect enough and are easy to be attacked maliciously, so that the data leakage and the illegal access of the functions of the equipment are caused. Meanwhile, the interaction mode of the equipment and the user is single, the operation is complex, the user experience is affected, the use logic of the equipment is complex, and the efficiency is low. Based on this, the device processing method of some embodiments of the present disclosure first, in response to the above-described near field communication device being activated by a target device having a near field communication function, the built-in near field communication module transmits challenge data stored in the static random access memory to the above-described target device. Here, the convenience of interaction between the device and the user can be greatly improved by using the near field communication technology. The challenge data stored by the static random access memory can be kept constant as long as the power is kept on. And sending the challenge data to the target device to be processed as a response, so as to realize effective security authentication of the target device. And then, monitoring a response data packet which is sent by the target device and is used for responding to the challenge data, and verifying the correctness and the validity of the response data packet by utilizing a pre-stored device authentication key to obtain a first verification result. The validity and the validity of the response data packet are verified, so that the effective safety authentication of the equipment can be realized on the basis of ensuring the data safety of the equipment. Then, in response to the fact that the first verification result is characterized as correct and valid, after the safety certification is ensured to pass, the target equipment unlocking process can be automatically executed to carry out subsequent relevant equipment processing operation. Finally, in response to the target device being in an unlocked state, the set processing operation of the unlocking event is automatically executed. In conclusion, through the technology of the near field communication function, the interaction mode of the equipment and the user can be diversified and facilitated. Through the back and forth verification of the challenge data and the response data packet between the equipment and the user, the safety authentication in the equipment unlocking process can be realized, the safety protection of the equipment is ensured, and the occurrence of malicious attack, which causes the occurrence of equipment data leakage and illegal function access, is avoided.
With further reference to fig. 2, as an implementation of the method shown in the above figures, the present disclosure provides some embodiments of an apparatus processing device, which correspond to those method embodiments shown in fig. 1, and which are particularly applicable in various electronic apparatuses.
As shown in fig. 2, a device processing apparatus 200 includes a transmission unit 201, an authentication unit 202, a first execution unit 203, and a second execution unit 204. The device comprises a sending unit 201, a verification unit 202, a first execution unit 203 and a second execution unit 204, wherein the sending unit is configured to respond to the fact that the near field communication device is activated by a target device with near field communication function to send challenge data stored in a static random access memory to the target device, the verification unit 202 is configured to monitor a response data packet sent by the target device and responding to the challenge data, and verify the correctness and the validity of the response data packet by utilizing a pre-stored device authentication key to obtain a first verification result, the first execution unit 203 is configured to respond to the fact that the first verification result represents correct and valid to execute unlocking processing of the target device, and the second execution unit 204 is configured to respond to the fact that the target device is in an unlocking state to automatically execute setting processing operation of an unlocking event.
In some optional implementations of some embodiments, the apparatus 200 further includes an obtaining unit, a determining unit, and a setting unit (not shown in the figure). Wherein the acquisition unit may be configured to acquire the challenge value currently generated by the micro control unit cycle. The determination unit may be configured to determine the challenge value, a random number, and a time stamp as adjustment data, wherein the random number is a value generated by the micro control unit to ensure validity of the data, and the time stamp is a generation time corresponding to the challenge value generated by the micro control unit. The setting unit may be configured to set the above-described target device state in advance to a wait response state and to execute a low power consumption processing state.
In some optional implementations of some embodiments, at least one of powering the near field communication module and the micro control unit in advance to support achieving the target secondary unlocking operation, switching off at least one unnecessary functional module, setting the near field communication module as a passive wake-up mechanism, turning off the micro control unit to periodically generate a challenge value, setting a byte size corresponding to the challenge value, and shortening a response time corresponding to the response data packet to the target time is performed when the near field communication device is in a low-power state. The device also comprises means for sending the low battery alert message to the target device.
It will be appreciated that the elements described in the device processing apparatus 200 correspond to the various steps in the method described with reference to fig. 1. Thus, the operations, features and advantages described above for the method are equally applicable to the device processing apparatus 200 and the units contained therein, and are not described here again.
Referring now to fig. 3, a schematic diagram of an electronic device (e.g., a near field communication device) 300 suitable for use in implementing some embodiments of the present disclosure is shown. The electronic device shown in fig. 3 is merely an example and should not impose any limitations on the functionality and scope of use of embodiments of the present disclosure.
As shown in fig. 3, the electronic device 300 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 301 that may perform various suitable actions and processes in accordance with programs stored in a read-only memory 302 or programs loaded from a storage 308 into a random access memory 303. In the random access memory 303, various programs and data necessary for the operation of the electronic device 300 are also stored. The processing means 301, the read only memory 302 and the random access memory 303 are connected to each other by a bus 304. An input/output interface 305 is also connected to the bus 304.
In general, devices may be connected to the input/output interface 305 including input devices 306 such as a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc., output devices 307 including a Liquid Crystal Display (LCD), speaker, vibrator, etc., storage devices 308 including magnetic tape, hard disk, etc., and communication devices 309. The communication means 309 may allow the electronic device 300 to communicate with other devices wirelessly or by wire to exchange data. While fig. 3 shows an electronic device 300 having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead. Each block shown in fig. 3 may represent one device or a plurality of devices as needed.
In particular, according to some embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, some embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such embodiments, the computer program may be downloaded and installed from a network via communications device 309, or from storage device 308, or from read only memory 302. The above-described functions defined in the methods of some embodiments of the present disclosure are performed when the computer program is executed by the processing means 301.
It should be noted that, in some embodiments of the present disclosure, the computer readable medium may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of a computer-readable storage medium may include, but are not limited to, an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In some embodiments of the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In some embodiments of the present disclosure, however, the computer-readable signal medium may comprise a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to electrical wiring, fiber optic cable, RF (radio frequency), and the like, or any suitable combination of the foregoing.
In some embodiments, the clients, servers may communicate using any currently known or future developed network protocol, such as HTTP (HyperText Transfer Protocol ), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the internet (e.g., the internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed networks.
The computer readable medium may be included in the electronic device or may exist alone without being incorporated into the electronic device. The computer readable medium carries one or more programs, when the one or more programs are executed by the electronic device, the electronic device is caused to activate a built-in near field communication module in response to the near field communication device being activated by a target device with a near field communication function, send challenge data stored in a static random access memory to the target device, monitor a response data packet sent by the target device and responding to the challenge data, perform correctness and validity verification on the response data packet by using a device authentication key stored in advance to obtain a first verification result, characterize correct and valid operation of the target device in response to the first verification result, and automatically execute various setting operations of an unlocking event in response to the target device being in an unlocking state.
Computer program code for carrying out operations for some embodiments of the present disclosure may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in some embodiments of the present disclosure may be implemented by means of software, or may be implemented by means of hardware. The described units may also be provided in a processor, for example as a processor comprising a sending unit, a verification unit, a first execution unit and a second execution unit. The names of these units do not constitute a limitation on the unit itself in some cases, and for example, the first execution unit may also be described as "a unit that performs the target device unlocking process described above in response to the first verification result indicating that the characterization is correct and valid".
The functions described above herein may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic that may be used include Field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems-on-a-chip (SOCs), complex Programmable Logic Devices (CPLDs), and the like.
Some embodiments of the present disclosure also provide a computer program product comprising a computer program which, when executed by a processor, implements any of the above-described device processing methods.
The foregoing description is only of the preferred embodiments of the present disclosure and description of the principles of the technology being employed. It will be appreciated by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combination of the above technical features, but encompasses other technical features formed by any combination of the above technical features or their equivalents without departing from the spirit of the invention. Such as the above-described features, are mutually substituted with (but not limited to) the features having similar functions disclosed in the embodiments of the present disclosure.