| CPC H04L 9/0819 (2013.01) [H04L 9/0861 (2013.01); H04L 9/14 (2013.01); H04L 9/3073 (2013.01); H04W 12/06 (2013.01)] | 20 Claims |
|
1. A method for communicating with an authenticator, comprising:
Step S1, obtaining, by a client, a first key stored in the client, generating a first client identification and a first authenticator identification according to the first key, obtaining a second key corresponding to the first key, generating a first session key according to the second key, and broadcasting data comprising the first client identification according to a preset time interval;
Step S2, scanning, by the authenticator, the broadcast data, obtaining the first client identification in the broadcast data, obtaining a third key stored in the authenticator, verifying the first client identification according to the third key, executing Step S3 when the verifying of the first client identification is successful, rescanning the broadcast data when the verifying of the first client identification is failed;
Step S3, generating, by the authenticator, a second authenticator identification according to the third key, obtaining a fourth key corresponding to the third key, generating a second session key according to the fourth key, notifying that the verifying of the first client identification is successful, stopping scanning, and broadcasting broadcast data comprising the second authenticator identification;
Step S4, stopping, by the client, broadcasting from the client, starting to scan the broadcast data sent from the authenticator, parsing the broadcast data sent from the authenticator that obtained by scanning to obtain the second authenticator identification, and verifying the second authenticator identification, establishing a short-range communication connection with the authenticator and executing Step S5 when the verifying of the second authenticator identification is successful, ending the method when the verifying of the second authenticator identification is failed;
Step S5, obtaining, by the client, a first handshake key by computation with the first session key, performing computation on client data with the first handshake key to obtain a client data digest value, and sending a handshake command comprising the client data and the client data digest value to the authenticator;
Step S6, obtaining, by the authenticator, the client data and the client data digest value according to the handshake command, obtaining a second handshake key by computation with the second session key, verifying the client data according to the second handshake key, the client data and the client data digest value, performing computation on authenticator data with the second handshake key to obtain an authenticator data digest value when the verifying of the client data is successful, and sending a handshake response comprising the authenticator data and the authenticator data digest value to the client;
Step S7, obtaining, by the client, the authenticator data and the authenticator data digest value according to the handshake response, and verifying the authenticator data according to the first handshake key, the authenticator data and the authenticator digest value, executing Step S8 in case of a successful handshake when the verifying of the authenticator data is successful; otherwise, performing disconnection;
Step S8, obtaining, by the client, a first encryption key by computation with the first session key, performing computation on operating data with the first encryption key to obtain encryption data, and sending an operating command comprising the encryption data to the authenticator; and
Step S9, obtaining, by the authenticator, the encryption data in the operating command, obtaining a second encryption key by computation with the second session key, decrypting the encryption data with the second encryption key to obtain operating data, performing a corresponding operation according to the operating data to obtain operating result data, performing computation on the operating result data with the second encryption key to obtain operating response data, and sending an operating response comprising the operating response data to the client.
|