阅读说明：本技术 一种离线设备的安全认证方法 (Safety authentication method for off-line equipment ) 是由 沈志春 夏玥 吴欣延 于 2021-06-30 设计创作，主要内容包括：本发明提供一种离线设备的安全认证方法,包括主设备首次与从设备连接后,执行首次认证步骤：从设备对初始密钥进行填充,得到第一填充密钥,将第一填充密钥与第一随机数进行异或计算形成第一组输入分组数据,使用第一组输入分组数据与ID识别码组合形成第一哈希函数的输入,计算第一哈希函数的第一哈希值；使用第一填充密钥与第二随机数进行异或计算形成第二组输入分组数据并与第一哈希值组合形成第二哈希函数的输入,并计算第二哈希函数的输出值作为从设备的第一验证哈希值；将从设备的ID识别码以及第一验证哈希值发送至主设备；主设备对第一验证哈希值进行验证,如第一验证哈希值不通过验证,则终止认证。本发明能够低成本的实现离线设备的认证。(The invention provides a safety authentication method of off-line equipment, which comprises the following steps that after a master device is connected with a slave device for the first time, the first authentication is executed: filling the initial key by the slave equipment to obtain a first filling key, carrying out XOR calculation on the first filling key and a first random number to form a first group of input grouped data, combining the first group of input grouped data and the ID identification code to form the input of a first hash function, and calculating a first hash value of the first hash function; performing XOR calculation by using the first padding key and the second random number to form a second group of input packet data, combining the second group of input packet data with the first hash value to form an input of a second hash function, and calculating an output value of the second hash function as a first verification hash value of the slave device; sending the ID identification code of the slave equipment and the first verification hash value to the master equipment; and the master device verifies the first verification hash value, and if the first verification hash value does not pass the verification, the authentication is terminated. The invention can realize the authentication of the off-line equipment with low cost.)

1. A security authentication method of an offline device, comprising:

after the master equipment is connected with the slave equipment for the first time, executing a first authentication step;

when the master device is connected with the slave device subsequently, executing a subsequent authentication step;

the method is characterized in that:

the first authentication step includes:

the slave device fills the stored initial key to obtain a first filling key with a preset length, the first filling key and a first random number are subjected to XOR calculation to form a first group of input packet data, the first group of input packet data and an ID identification code are combined to form input of a first hash function, and a first hash value of the first hash function is calculated;

performing XOR calculation using the first padding key and a second random number to form a second group of input packet data, combining the second group of input packet data with the first hash value to form an input of a second hash function, and calculating an output value of the second hash function as a first verification hash value of the slave device; sending the ID identification code of the slave device and the first verification hash value to the master device;

and the master equipment verifies the first verification hash value, and if the first verification hash value does not pass the verification, the authentication is terminated.

2. The security authentication method of the offline device according to claim 1, wherein:

the preset length of the first padding key is the width of the hash function input packet.

3. The security authentication method of the offline device according to claim 1, wherein:

populating the initial key includes: on the left side of the initial key a binary number 0 is used for padding.

4. The security authentication method of the offline device according to claim 1, wherein:

the verifying the first verification hash value by the master device includes: the master device applies a verification algorithm the same as that of the slave device, performs hash calculation on the ID identification code of the slave device, obtains a first target hash value, and judges whether the first verification hash value is consistent with the first target hash value.

5. The security authentication method of the offline device according to any one of claims 1 to 4, wherein:

after the primary device passes the verification of the first verification hash value, the primary device further executes:

the slave device generates a third random number and a fourth random number, the third random number and the fourth random number are respectively encrypted by applying the initial key to respectively form a first ciphertext and a second ciphertext, the first ciphertext and the second ciphertext are spliced to form first spliced data, and the first spliced data are sent to the master device.

6. The security authentication method of the offline device according to claim 5, wherein:

and after receiving the first splicing data, the main device decrypts the first splicing data to obtain a first decryption random number, a second decryption random number and a decryption key, judges whether the first decryption random number is consistent with the third random number, judges whether the second decryption random number is consistent with the fourth random number, and verifies the consistency of the decryption key and the initial key.

7. The security authentication method of the offline device according to claim 6, wherein:

after the master device verifies the consistency between the decryption key and the initial key, the master device further executes: and the slave equipment encrypts the ID identification code and the count value of the counter by using the first padding key to respectively form a third ciphertext and a fourth ciphertext, splices the third ciphertext and the fourth ciphertext to form second spliced data, and sends the second spliced data to the master equipment.

8. The security authentication method of the offline device according to claim 7, wherein:

and after receiving the second spliced data, the master device decrypts the second spliced data to obtain third decrypted data and fourth decrypted data, judges the consistency of the third decrypted data and the ID identification code and judges the consistency of the fourth decrypted data and the count value, and if the second spliced data is verified, the master device passes the safety certification of the slave device.

9. The security authentication method of the offline device according to any one of claims 1 to 4, wherein:

the subsequent authentication step comprises:

the slave device fills the stored initial key to obtain a second filling key with a preset length, the second filling key and a fifth random number are subjected to XOR calculation to form a third group of input packet data, the third group of input packet data and an ID identification code are combined to form an input of a third hash function, and a third hash value of the third hash function is calculated;

performing exclusive-or calculation using the second padding key and a sixth random number to form a fourth set of input packet data, combining the fourth set of input packet data with the third hash value to form an input of a fourth hash function, and calculating an output value of the fourth hash function as a second verification hash value of the slave device; sending the ID identification code of the slave device and the second verification hash value to the master device;

and the master device applies the same verification algorithm as the slave device, performs hash calculation on the ID identification code of the slave device, obtains a second target hash value, and judges whether the second verification hash value is consistent with the second target hash value.

10. The security authentication method of the offline device according to claim 9, wherein:

and after the master device passes the verification of the second verification hash value, obtaining a count value of the slave device, and judging whether the count value +1 stored in the slave device is less than or equal to the maximum use number value stored in the master device, if so, passing the safety authentication of the slave device, otherwise, not passing the safety authentication of the slave device.

Technical Field

The invention relates to the field of security authentication of master and slave devices, in particular to a security authentication method of an offline device.

Background

With the development of electronic technology, some electronic devices need to be securely authenticated for use, for example, an authenticated device is a slave device, a device for performing security authentication is a master device, when the slave device needs to perform security authentication, the slave device needs to be connected to the master device, and the master device reads data of the slave device and checks the data of the slave device to determine whether the slave device passes the security authentication.

Generally, when the master device performs security authentication on the slave device, data such as a slave device ID number or a key needs to be acquired from the server, and therefore, the master device needs to provide a network communication module to realize communication with the server. However, some master devices are not able to communicate with the server based on security considerations, such devices are often referred to as offline devices. Since the offline device is not in network connection with network devices such as a server, the master device cannot upload the ID numbers of the slave devices to the server for comparison during security authentication, and the master device itself cannot store the ID numbers of all the slave devices, the slave devices cannot perform one-object-one-code authentication in the conventional offline device.

At present, a single symmetric encryption algorithm or an asymmetric encryption algorithm is adopted, that is, the same or corresponding encryption and decryption algorithms are run on the master device and the slave device, when the symmetric encryption algorithm is adopted, the master device and the slave device need to store the same key, and if the key of one of the master device or the slave device is broken, all the master device and the slave device are all broken; when the asymmetric encryption algorithm is adopted, the algorithm has large calculation amount, high power consumption, long safety authentication time and increased corresponding physical cost of the master device and the slave device.

For this purpose, some offline devices are provided with a counter, and the number of uses is counted by the counter, and the count value of the counter is subjected to security authentication. For example, after the master device and the slave device pass the first authentication, the master device records a count value of a counter of the slave device, and when the master device is subsequently connected with the slave device, the slave device calculates an ID identification code through a hash algorithm to obtain a hash value, sends the ID identification code and the hash value to the master device, and the master device determines whether the hash value is correct, and if the hash value is correct, sends an instruction of adding 1 to the count value to the slave device and reads a slave device count value of the slave device; the master device determines whether the read slave device count value is greater than the count value recorded by the master device plus 1, and if so, authentication of the slave device is not passed.

However, on the one hand, this method can only verify the authenticity of the slave device connected to the master device, and if a lawless person connects a discarded or lost slave device to the master device, it can still pass the security authentication, and cause a security risk to the use of the offline device. On the other hand, the existing offline equipment authentication method basically only depends on a hash function for processing a ciphertext, an encryption algorithm is single, the safety is not high, and potential safety hazards also exist.

Disclosure of Invention

The first purpose of the invention is to provide a safety authentication method for off-line equipment with high authentication safety.

A second object of the present invention is to provide a security authentication method for an offline device that can prevent a slave device that has been discarded or lost from being reused.

In order to achieve the purpose of the invention, the security authentication method of the off-line equipment provided by the invention comprises the steps of executing the first authentication after the main equipment is connected with the slave equipment for the first time; when the master device is connected with the slave device subsequently, executing a subsequent authentication step; wherein the first authentication step comprises: the slave device fills the stored initial key to obtain a first filling key with a preset length, the first filling key and a first random number are subjected to XOR calculation to form a first group of input packet data, the first group of input packet data and the ID identification code are combined to form input of a first hash function, and a first hash value of the first hash function is calculated; performing XOR calculation by using the first padding key and the second random number to form a second group of input packet data, combining the second group of input packet data and the first hash value to form an input of a second hash function, and calculating an output value of the second hash function as a first verification hash value of the slave device; sending the ID identification code of the slave equipment and the first verification hash value to the master equipment; and the master device verifies the first verification hash value, and if the first verification hash value does not pass the verification, the authentication is terminated.

According to the scheme, when the master device and the slave device are authenticated for the first time, operations such as filling and XOR calculation need to be carried out on the initial key, and the operations are not only dependent on a hash algorithm, so that the formed first verification hash value is higher in safety, the master device is safer for the safety authentication of the slave device, and potential safety hazards caused by the fact that a hash function is used singly can be avoided. In addition, the initial keys used by the master device and the slave device are preset, and only the master device and the slave device store the same initial key, and a third party cannot acquire the initial key, so that the algorithm has higher security.

Preferably, the preset length of the first padding key is the width of the hash function input packet. Therefore, the operation of the first padding key and the first random number can be facilitated, the width of the generated first group of input grouped data can be guaranteed, and the subsequent calculation is facilitated.

Further, the padding of the initial key comprises: the left side of the initial key is filled with a binary number 0.

Further, the verifying the first verification hash value by the master device includes: the master device applies the same verification algorithm as the slave device, performs hash calculation on the ID identification code of the slave device, obtains a first target hash value, and judges whether the first verification hash value is consistent with the first target hash value.

Therefore, the master device and the slave device use the same algorithm to calculate, so that the first verification hash value is theoretically consistent with the first target hash value, and the verification of the first verification hash value can be conveniently realized.

Further, after the master device passes the verification of the first verification hash value, the method further comprises the following steps: the slave device generates a third random number and a fourth random number, the third random number and the fourth random number are encrypted by applying an initial key respectively to form a first ciphertext and a second ciphertext respectively, the first ciphertext and the second ciphertext are spliced to form first spliced data, and the first spliced data are sent to the master device.

The main device decrypts the first splicing data after receiving the first splicing data, obtains a first decryption random number, a second decryption random number and a decryption key, judges whether the first decryption random number is consistent with the third random number, judges whether the second decryption random number is consistent with the fourth random number, and verifies the consistency of the decryption key and the initial key.

Further, after verifying the consistency between the decryption key and the initial key, the master device further performs: the slave equipment encrypts the ID identification code and the count value of the counter by using the first padding key to respectively form a third ciphertext and a fourth ciphertext, splices the third ciphertext and the fourth ciphertext to form second spliced data, and sends the second spliced data to the master equipment.

Further, after receiving the second splicing data, the master device decrypts the second splicing data to obtain third decryption data and fourth decryption data, determines consistency between the third decryption data and the ID identification code, determines consistency between the fourth decryption data and the count value, and if the third decryption data and the fourth decryption data pass verification, passes security authentication of the slave device.

Therefore, the slave device further encrypts and transmits the count value of the counter to the master device, the master device further needs to verify the count value, if the count value of the counter is not accurate, the slave device cannot pass the security authentication of the slave device, and actually, the slave device is judged whether to be an illegally recycled slave device according to the count value of the slave device, so that the slave device is prevented from being illegally recycled.

Further, the subsequent authentication step includes: the slave device fills the stored initial key to obtain a second filling key with a preset length, the second filling key and a fifth random number are subjected to XOR calculation to form a third group of input packet data, the third group of input packet data and the ID identification code are combined to form the input of a third hash function, and a third hash value of the third hash function is calculated; performing exclusive-or calculation using the second padding key and a sixth random number to form a fourth group of input packet data, combining the fourth group of input packet data with a third hash value to form an input of a fourth hash function, and calculating an output value of the fourth hash function as a second verification hash value of the slave device; sending the ID identification code of the slave equipment and the second verification hash value to the master equipment; the master device applies the same verification algorithm as the slave device, performs hash calculation on the ID identification code of the slave device, obtains a second target hash value, and judges whether the second verification hash value is consistent with the second target hash value.

Further, after the master device passes the verification of the second verification hash value, the count value of the slave device is obtained, and whether the count value +1 stored in the slave device is smaller than or equal to the maximum use number value stored in the master device or not is judged, if yes, the slave device passes the security authentication, otherwise, the slave device does not pass the security authentication.

Therefore, if the count value +1 stored by the slave device is greater than the maximum use number stored by the master device, the slave device is indicated to be reused and is likely to be illegally recycled, and therefore the safety authentication of the slave device is not passed. Therefore, potential safety hazards caused by illegal recycling of the equipment by lawbreakers can be effectively avoided.

Drawings

Fig. 1 is a block diagram of a master device and a slave device to which the security authentication method of the offline device of the present invention is applied.

Fig. 2 is a flowchart of an embodiment of a security authentication method for an offline device according to the present invention.

Fig. 3 is a first part of a flow chart of the first authentication of the slave device in the embodiment of the security authentication method of the offline device of the invention.

Fig. 4 is a second part of the flow chart of the first authentication of the slave device in the embodiment of the security authentication method of the offline device of the invention.

Fig. 5 is a first part of a flow chart of subsequent authentication of the slave device in the embodiment of the security authentication method of the offline device of the present invention.

Fig. 6 is a second part of the flow chart of the subsequent authentication of the slave device in the embodiment of the security authentication method of the offline device of the present invention.

The invention is further explained with reference to the drawings and the embodiments.

Detailed Description

Referring to fig. 1, the offline device includes a master device 10 and a slave device 20, and neither the master device 10 nor the slave device 20 is provided with a network communication module, that is, is not provided with a module such as WIFI or bluetooth, and does not communicate with a server, so that neither the master device 10 nor the slave device 20 can obtain data such as a slave device ID from the server.

The master device 10 is provided with a master controller 11, an authentication assistance processor 12, a master device communication interface module 13, and a nonvolatile memory 14, and the slave device 20 is provided with an authentication assistance processor 22, a slave device communication interface module 23, and a nonvolatile memory 24. The main controller 11 is a main control unit of the main device 10, and for example, an MCU chip is selected; the authentication assisting processor 12 of the host device 10 is a processing module that performs a security authentication process, and communicates with the host controller 11 via the I2C bus. The authentication assistance processor 22 of the slave device 20 is a processing module that performs a security authentication procedure in correspondence with the authentication assistance processor 12 of the master device 10.

The master device communication interface module 13 and the slave device communication interface module 23 perform data communication with each other, and both communication interface modules execute the same communication data protocol, for example, they may be a contact data interface, which may be a single bus data interface, an I2C communication interface, or the like, or a contactless interface, which may be a NFC/RFID-like wireless communication interface.

The nonvolatile memories 14 and 24 of the master device 10 and the slave device 20 are both memories with an electrical erasing function, in which data can still be stored in case of power failure, the nonvolatile memory 14 is used for storing data such as ID identification code, initial key and count value of the master device 10, the nonvolatile memory 24 is used for storing data such as ID identification code, initial key and count value of the slave device 20, and in this embodiment, the nonvolatile memories 14 and 24 are not limited to flash, EEPROM, FRAM, MTP and the like.

In this embodiment, the master device 10 is applied to perform security authentication on the slave device 20, specifically, the security authentication is divided into a first authentication step of the slave device and a subsequent authentication step of the slave device. The first authentication step of the slave device is an authentication step executed when the slave device accesses the communication interface of the master device for the first time, and the subsequent authentication step of the slave device is an authentication step executed between the master device and the slave device every time the slave device works after passing the first authentication.

Referring to fig. 2, step S1 is first executed, and the master device determines whether to connect to the slave device, that is, whether there is a slave device to establish a connection with the master device. For example, the master device monitors the access of the slave device through pressure or interface level change or field intensity change, if the master device confirms the connection to the slave device, step S2 is executed, whether the slave device accesses the master device for the first time is judged, if yes, step S3 is executed, the slave device first authentication step is executed, otherwise, step S4 is executed, and the slave device subsequent authentication step is executed.

Referring to fig. 3 and 4, if the slave device is connected to the master device for the first time, the master controller of the master device sends a secure authentication start instruction to the authentication assistance processor of the master device through the I2C bus, and at this time, the authentication assistance processor of the master device sends a "find slave device" instruction to the slave device through the master device communication interface module.

After receiving the command of "finding the slave", the slave first executes step S11 to obtain the initial key K stored in the non-volatile memory 24, and fills the initial key K with 0, specifically, on the left side of the initial key K, to obtain the first padding key K1. Preferably, the first padding key K1 has a length L, i.e. has an L-bit binary number, wherein the length L is the width of the hash function input packet. Next, the slave device generates a random number R1, and the random number R1 is the first random number of the present embodiment. Then, the first padding key K1 is xored with the first random number R1 until the length L is reached, and therefore, the calculation result obtained by the xored is also data of the length L as the first set of input packet data of the first hash function.

Then, step S12 is executed, an input of a first hash function is formed by combining the first group of packet data and the ID identifier of the slave device, and a result of the first hash function is calculated, where the calculation result of the first hash function is a first hash value, and the first hash function adopted in the present embodiment is a universal hash algorithm, including but not limited to MD5, SHA-1, SHA-3, SHA-256, and other hash algorithms.

Then, step S13 is performed to generate a second random number R2, and the first padding key K1 is xored with the second random number R2 to form a second group of input packet data. Next, step S14 is executed to combine the second group of input packet data with the first hash value to form an input of a second hash function, and to calculate a value of the second hash function, which is the first verification hash value Q. Then, the slave device executes step S15, and transmits the ID code stored in the nonvolatile memory 24 to the authentication assistance processor 12 of the master device together with the first verification hash value Q.

After receiving the ID code and the first verification hash value transmitted from the slave device, the master device authentication assistance processor performs step S16 to verify the first verification hash value. Specifically, the master device obtains the first target hash value Q1 by using the same algorithm as the slave device and by using the ID code of the slave device, for example, the master device also obtains the first target hash value Q1 by padding the initial key, performing an exclusive or calculation using the initial key and the first random number, calculating the value of the first hash function, and performing a series of calculations similar to the slave device.

In step S16, it is compared whether the first verification hash value is the same as the first target hash value Q1, and if not, step S25 is performed to terminate the security authentication of the slave device, i.e., the slave device does not pass the security authentication. If the determination result of step S16 is yes, the authentication assistance processor 12 of the master device transmits a "start authentication flow instruction" to the slave device 20 through the master device communication interface module 13, that is, performs step S17.

At this time, the slave device executes step S18, and upon receiving the "start authentication flow instruction", the two sets of random numbers internally generated by the authentication assistance processor 22 of the slave device are the third random number RndB and the fourth random number RndK, respectively. Then, the authentication assisting processor 22 encrypts two groups of random numbers by using the initial key K, for example, the third random number RndB and the fourth random number RndK are encrypted by using a symmetric encryption algorithm of the initial key K and a ciphertext block chaining mode with an initial value of all zero, and two groups of ciphertext data are respectively obtained by calculation, which are the first ciphertext EK (RndB) and the second ciphertext EK (RndK), and the first ciphertext EK (RndB) and the second ciphertext EK (RndK) are spliced to form the first spliced data EK1, and the first spliced data EK1 is sent to the master device. The symmetric encryption algorithm used in step S18 refers to an encryption algorithm in which the master device and the slave device have the same key and the same algorithm structure, and includes, but is not limited to, symmetric encryption algorithms such as 3DES, AES, SM7, and the like.

After receiving the first splicing data EK1, the master device executes step S19, decrypts the first splicing data EK1 using a symmetric encryption algorithm and a ciphertext block chaining mode calculation procedure with all zeros as initial values, obtains a first decrypted random number RndK 'and a second decrypted random number RndB', and further obtains a decryption key. Then, step S20 is executed to determine whether the first splicing parameter EK1 passes the verification. Specifically, the master device compares whether the first decryption random number RndK 'is the same as the third random number RndK, and compares whether the second decryption random number RndB' is the same as the fourth random number RndB, and compares the consistency of the decryption key with the initial key K. If any of the above comparisons is inconsistent, the verification is not passed, step S25 is performed, the authentication of the slave device is terminated, and if the three items of the above comparisons are consistent, step S21 is performed.

In step S21, the slave device encrypts the ID identifier P of the slave device and the Counter count value Counter with the first padding key K1 to generate a third ciphertext ek (P) and a fourth ciphertext ek (Counter), respectively, where the third ciphertext ek (P) is the ciphertext corresponding to the ID identifier P, and the fourth ciphertext ek (Counter) is the ciphertext corresponding to the Counter count value Counter. And then splicing the third ciphertext and the fourth ciphertext to form second spliced data EK2, and sending the second spliced data EK2 to the master device.

After receiving the second concatenation data EK2, the master device performs step S22 to decrypt the second concatenation data EK2 by using the same algorithm to obtain third decrypted data and fourth decrypted data, where the third decrypted data is decrypted data corresponding to the third ciphertext EK (P), i.e., data corresponding to the ID code P, and the fourth decrypted data is decrypted data corresponding to the fourth ciphertext EK (Counter), i.e., data corresponding to the Counter value Counter. Then, step S23 is executed to determine whether the second splicing data EK2 passes the verification. Specifically, the third decrypted data is judged to be consistent with the ID identification code P of the slave device, and the fourth decrypted data is judged to be consistent with the count value Counter, if the third decrypted data is identical with the ID identification code P of the slave device and the fourth decrypted data is identical with the count value Counter, step S24 is executed through verification, the slave device is confirmed to pass the first authentication, otherwise, step S25 is executed, and the authentication of the slave device is terminated, that is, the slave device does not pass the first authentication.

Preferably, after the slave device passes the first authentication, the master device needs to record the ID identification code of the slave device and the count value of the counter corresponding to the ID identification code, so as to provide a basis for comparison in subsequent security authentication.

The following authentication procedure performed at each boot of the slave device is described with reference to fig. 5 and 6. First, the main controller 11 of the master device 10 transmits an instruction of security authentication initiation to the authentication assistance processor 12 through the I2C bus, and the authentication assistance processor 12 transmits a "find slave instruction" to the slave device 20 through the master device communication interface module 13.

Upon receiving the "find slave instruction" from the slave device, step S31 is executed to obtain the initial key K stored in the non-volatile memory 24, and to pad the initial key K, specifically, to pad 0 on the left side of the initial key K, to obtain a second padding key K2, where the length L is the width of the hash function input packet in this embodiment. Next, the slave device generates a fifth random number. Then, the second padding key K2 is xored with the fifth random number until the length L is reached, and the data obtained by the xored is applied as the third input packet data of the hash function.

Then, step S32 is executed, an input of a third hash function is formed by combining the third group of packet data with the ID identifier of the slave device, and a result of the third hash function is calculated, where the result of the third hash function is a third hash value, and the hash function adopted in the present embodiment is a universal hash algorithm, including but not limited to MD5, SHA-1, SHA-3, SHA-256, and the like.

Then, step S33 is performed to generate a sixth random number, and the second padding key K2 is xored with the sixth random number to form a fourth group of input packet data. Next, step S34 is executed, the fourth group of input packet data is combined with the third hash value to form an input of a fourth hash function, and a value of the fourth hash function is obtained by calculation, which is the second verification hash value. Then, step S35 is executed, and the slave device transmits the ID code stored in the nonvolatile memory 24 to the authentication assistance processor 12 of the master device together with the second verification hash value.

After the master device receives the ID identifier of the slave device and the second verification hash value, step S36 is executed, the ID identifier corresponding to the slave device is calculated through the same algorithm, and a second target hash value is obtained through calculation, and it is determined whether the second verification hash value is the same as the second target hash value, if not, step S40 is executed, and the authentication of the slave device is terminated, that is, the slave device does not pass the authentication.

If the second verification hash value is the same as the second target hash value, step S37 is executed, and the authentication assistance processor 12 of the master device sends a "verification counter value instruction" to the slave device 20 through the master device communication interface module 13, and the slave device sends the count value of the counter to the master device, and at this time, the master device acquires the count value sent by the slave device.

Then, the master device performs step S38 to determine whether the counter value +1 sent from the slave device is less than or equal to the maximum number of uses stored in the master device, and if so, performs step S39 to confirm that the slave device passes the subsequent security authentication, otherwise, performs step S40 to terminate the authentication of the slave device.

Preferably, the count value of the counter will be incremented by one time each time the slave device passes the security authentication, and the master device also records the count value of the slave device correspondingly.

It can be seen that, during the first authentication, the master device already records the count value of the slave device, and during the subsequent authentication, the master device verifies whether the slave device is illegally used according to the count value of the slave device, so as to avoid the slave device being illegally used, especially for the case that a lawbreaker utilizes the discarded genuine slave device to recycle.

In addition, in the first authentication flow of the master device and the slave device, the encryption processing of the data does not only depend on the hash function, but also includes a series of operations such as padding and xor calculation on the initial key, so that the security of the authentication is higher, and the following three aspects are embodied: firstly, the key used for the first authentication is agreed by both parties in advance, and cannot be known by a third party; secondly, as a third party for illegally intercepting information, the obtained information only has the ID identification code of the slave equipment and the result of 'response' of the hash function, and the initial key cannot be calculated according to the two data; third, since the key is not known to the lawbreaker, a consistent response cannot be imitated.

In addition, because the count value sent by the slave device is encrypted, the method has higher security and concealment for the verification process, and the authentication process of the embodiment also has instantaneity, namely the authentication is only valid at that time, and after a general encryption algorithm is cracked, the previous encryption result can be decrypted, so the embodiment has no problem. In addition, the embodiment does not need to increase the hardware cost of the offline device, and can realize the safety certification of the offline device at low cost.

Finally, it should be emphasized that the present invention is not limited to the above-described embodiments, for example, the change of the type of the hash algorithm used, or the change of the key used by the master device and the slave device, etc., and these changes should be included in the protection scope of the claims of the present invention.