A dynamic key-based server NFC security management system and method

By combining a reference clock signal and a physically non-cloning function to generate an initial key seed in the server's NFC security management, and by using server status parameters and network load to generate dynamic environmental factors, the vulnerability of keys to attacks and the static nature of keys in existing technologies are solved, realizing one-time key security management and improving anti-attack capabilities.

CN121968103BActive Publication Date: 2026-06-09ANHUI BAIXIN INFORMATION TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
ANHUI BAIXIN INFORMATION TECH CO LTD
Filing Date
2026-03-31
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

Existing NFC security management solutions for servers rely on fixed keys or static verification, which pose risks of key extraction, copying, or man-in-the-middle attacks. Furthermore, the dynamic key generation process is disconnected from the server environment, making it impossible to establish a one-time key and thus unable to effectively address advanced persistent threats.

Method used

The system generates an initial key seed by combining the local reference clock signal of the server with the response value of the physical non-cloning function. It monitors the status of the NFC reader to start a dynamic key negotiation session, generates dynamic environmental factors by combining server system status parameters and network load indicators, generates a temporary access key through a key derivation function, and updates and detects abnormal access behavior in real time.

Benefits of technology

This achieves deep binding between key generation and server operating status, eliminating key replay attacks, improving the self-containment and anti-attack capabilities of server NFC security management, and ensuring the uniqueness and security of temporary access keys.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN121968103B_ABST
    Figure CN121968103B_ABST
Patent Text Reader

Abstract

The application relates to the technical field of server NFC security authentication, in particular to a server NFC security management system and method based on a dynamic key, which comprises the following steps: combining a unique hardware response generated by a physically unclonable function with an internal reference clock to generate a dynamic initial key seed in a server local area; when an authorized NFC card is close, a session root key is calculated based on the seed, and the card identity is verified; a current system state parameter and a network load index of the server are introduced as dynamic environment factors in a real-time key generation process; the factors and an identity token are operated through a key derivation function to jointly generate a final temporary access key; the method utilizes the physical uniqueness of hardware and the instantaneous state of system operation, ensures that the key generated in each authentication has unpredictable and unreproducible characteristics, effectively resists key leakage and replay attacks, and improves the security of physical access authentication.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of server NFC security authentication technology, and in particular to a server NFC security management system and method based on dynamic keys. Background Technology

[0002] In the field of server hardware access control, Near Field Communication (NFC) technology is often used for authentication due to its convenience. Current mainstream solutions mostly rely on static verification using fixed keys or digital certificates pre-stored in NFC cards and servers. This method keeps confidential information residing in storage media for extended periods, making it vulnerable to key extraction, duplication, or man-in-the-middle attacks. Some improved solutions introduce time-based dynamic keys, but their dynamism heavily depends on accurate network time synchronization protocols. In isolated network environments or under attack, failure of the time synchronization mechanism can directly cause the entire authentication process to fail.

[0003] Another common security management method generates access tokens or session keys with fixed validity periods after authentication. However, the keys generated by this method are static during their validity period. If intercepted during transmission or use, attackers can perform replay attacks within the effective window, impersonating legitimate individuals to access the server. Existing technologies generally lack awareness and utilization of the server's transient operating environment, causing the key generation process to be disconnected from the real-time state of physical devices. This makes it impossible to construct a one-time-use, strongly environment-dependent ultimate temporary key, resulting in an inherent ambiguity in security boundaries when dealing with advanced persistent threats. Summary of the Invention

[0004] The purpose of this invention is to address the shortcomings of existing technologies by proposing a server NFC security management system and method based on dynamic keys.

[0005] To achieve the above objectives, the present invention adopts the following technical solution: a server NFC security management method based on dynamic keys, comprising:

[0006] Generate a local reference clock signal and a physical non-cloning function response value on the server, and combine the reference clock signal and the physical non-cloning function response value into an initial key seed;

[0007] The polling status of the NFC card reader is monitored. When an authorized NFC card proximity event is detected, a dynamic key negotiation session is initiated, and a session negotiation root key is calculated and generated based on the initial key seed and a preset hash iteration algorithm.

[0008] Read the card identity identifier stored in the authorized NFC card, compare and verify the card identity identifier with the trusted identifier preset in the whitelist database, and generate an authentication token after the verification is successful;

[0009] Obtain the current server system status parameters and network load indicators, and then encode the system status parameters and network load indicators together to generate a dynamic environmental factor sequence.

[0010] The authentication token and the dynamic environment factor sequence are combined and input into the session negotiation root key for key derivation function operation to generate the final temporary access key.

[0011] As a further aspect of the present invention, the step of initiating a dynamic key negotiation session and calculating and generating a session negotiation root key based on the initial key seed and a preset hash iteration algorithm includes:

[0012] The reference clock signal at the current moment is captured to generate microsecond-level timestamp data;

[0013] The physical non-clonable function response value is XORed with the microsecond-level timestamp data to generate dynamically obfuscated data.

[0014] The dynamically obfuscated data is used as input, and a hash iterative algorithm with a preset number of rounds is executed. After each iteration, a data segment of a fixed length is extracted from the middle.

[0015] The intermediate fixed-length data segments extracted after all rounds of iteration are cyclically shifted and concatenated to form the session negotiation root key.

[0016] As a further aspect of the present invention, the step of comparing and verifying the card identity identifier with a trusted identifier pre-installed in a whitelist database, and generating an authentication token after successful verification, includes:

[0017] Extract the encrypted card identity identifier from the storage sector of the authorized NFC card, and decrypt and restore it using the card identity decryption key stored in the secure area of ​​the server;

[0018] The decrypted and restored card identity identifier is compared in full text with each of the trusted identifiers in the whitelist database;

[0019] When a completely matching trusted identifier is found, the card identity is determined to be legitimate, and a token generation instruction is triggered;

[0020] According to the trigger token generation instruction, obtain the unique session identifier and the verification pass time point of the session, and combine the unique session identifier, the verification pass time point and the matching trusted identifier;

[0021] The pre-shared token is used to generate a key to perform a message authentication code operation on the combined data, generating the authentication token containing identity information and timeliness data.

[0022] As a further aspect of the present invention, the step of obtaining the current server system status parameters and network load indicators, and then mixing and encoding the system status parameters and the network load indicators to generate a dynamic environmental factor sequence includes:

[0023] The system functions are called to collect the current CPU usage, memory free percentage, and number of currently running processes of the server, which constitute the system status parameters.

[0024] The network load metric is constructed by reading the round-trip latency, data packet transmission rate, and reception rate of the current network connection from the network interface controller.

[0025] The current utilization rate of the central processing unit, the percentage of free memory, the number of currently running processes, the round-trip latency, the data packet sending rate, and the receiving rate are each quantized into fixed-length bit strings;

[0026] All the quantized fixed-length bit strings are arranged in a predetermined order, and separators are inserted between adjacent bit strings;

[0027] The complete bit string after being arranged and delimited is compressed and encoded to generate the dynamic environment factor sequence used to characterize the real-time system operating environment.

[0028] As a further aspect of the present invention, the step of merging the authentication token and the dynamic environment factor sequence and inputting them into the session negotiation root key for key derivation function operation to generate the final temporary access key includes:

[0029] The authentication token is converted into a first byte array, and the dynamic environment factor sequence is converted into a second byte array;

[0030] The first byte array and the second byte array are concatenated to form a derived input data block;

[0031] The session negotiation root key is used as the key input to the key derivation function, and the derived input data block is used as the message input to the key derivation function.

[0032] Execute the key derivation function and output a pseudo-random byte stream of the specified length;

[0033] Extract the initial preset length bytes from the output pseudo-random byte stream as the final temporary access key.

[0034] As a further aspect of the present invention, it also includes the operation of using the temporary access key for access control and communication protection:

[0035] The temporary access key is used to encrypt the instruction set of the authorized server operation to generate encrypted instruction ciphertext;

[0036] The encrypted instruction ciphertext is transmitted to the authorized NFC card via the NFC card reader;

[0037] Upon receiving an encrypted response from the authorized NFC card, the encrypted response is decrypted using the same temporary access key to obtain the plaintext response.

[0038] Based on the access permission code contained in the response plaintext, a decision is made as to whether to enable the server's physical access interface or perform specific management operations.

[0039] As a further aspect of the present invention, a dynamic key update and session termination mechanism is also included:

[0040] The duration of the current session is monitored starting from the moment the temporary access key is generated;

[0041] Compare the duration of the current session with a preset key validity period threshold;

[0042] When the duration of the current session reaches or exceeds the key validity period threshold, a session termination notification is immediately sent to the authorized NFC card, and the temporary access key, the session negotiation root key, and related session state data stored in the server memory are cleared.

[0043] After clearing, wait for the NFC reader to poll again to start a new dynamic key negotiation session.

[0044] As a further aspect of the present invention, a detection and response mechanism for abnormal access behavior is also included:

[0045] During key negotiation and session, the frequency of authentication requests from the NFC reader is continuously monitored;

[0046] If the frequency of the authentication request exceeds a preset abnormal frequency threshold within a unit of time, the card that initiated the request will be marked as a suspicious card.

[0047] For all subsequent authentication requests marked with the suspicious identifier, a challenge-response enhanced verification process is initiated. This process requires, in addition to verifying the card's identity identifier, to additionally verify the card's dynamic response to random challenges.

[0048] If the dynamic response verification fails, the card identifier will be permanently added to the blacklist database, and a security alert will be triggered on the server.

[0049] The challenge-response enhancement verification process includes:

[0050] The server generates a cryptographically secure random number as the challenge;

[0051] The inquiry is sent via an NFC reader to an NFC card marked with the suspicious identifier;

[0052] It is expected that the NFC card will use its internal security element to calculate and generate a cryptographic signature as the dynamic response, combining the challenge with the card's private key.

[0053] The server uses the pre-stored public key corresponding to the card to verify the received dynamic response;

[0054] The verification result serves as one of the final criteria for determining whether access is permitted.

[0055] As a further aspect of the present invention, the generation of the local reference clock signal and the physical non-cloning function response value of the server includes:

[0056] The high-precision clock chip on the server motherboard is invoked to generate a hardware-level time pulse signal that is unaffected by the operating system's time adjustment, which serves as the reference clock signal.

[0057] A challenge code is sent to the physically unclonable function circuitry built into the server processor. The physically unclonable function circuitry processes the challenge code based on its internal non-replicable physical characteristics to generate a unique physically unclonable function response value.

[0058] As a further aspect of the present invention, the present invention also includes a server NFC security management system based on dynamic keys. The system includes a memory, a processor, and a computer program stored in the memory and running on the processor. When the processor executes the computer program, it implements the steps of the server NFC security management method based on dynamic keys described above.

[0059] Compared with the prior art, the advantages and positive effects of the present invention are as follows:

[0060] By generating a locally generated physically unclonable function (PUF) response value and combining it with an internal reference clock signal to form the initial key seed, the dependency on a pre-set fixed key or an external time source is removed. The unclonability and unpredictability of the PUF response ensure the uniqueness and physical security of the key seed, while the local reference clock provides a time reference for subsequent dynamic processes that is undisturbed by external interference. This combination gives the source of key negotiation a self-contained, self-synchronizing dynamic characteristic, solving the security risks and single points of failure problems caused by fixed key storage leakage and reliance on external time synchronization.

[0061] In the final stage of key derivation, server system status parameters and network load metrics are acquired and encoded in real time as dynamic environmental factors. These factors, along with the authentication token, are used to generate a temporary access key. Because system load, memory usage, and CPU consumption are highly random and non-repeatable at micro-levels, the final generated key is deeply bound to the server's operational state at a specific instant. Even if the same authorization card is used to repeatedly initiate authentication within a very short time interval, or if the previous authentication data is intercepted due to a replay attack, the millisecond-level changes in the server's real-time environmental factors will prevent the derivation of the same valid temporary key. This achieves true one-time key authentication, eliminating the possibility of external attacks based on key replay. Attached Figure Description

[0062] Figure 1 This is a flowchart of the server NFC security management method based on dynamic keys according to the present invention;

[0063] Figure 2 Generate a timeliness analysis graph for session identifiers and tokens;

[0064] Figure 3 A flowchart for generating dynamic environmental factor sequences;

[0065] Figure 4 Generate security strength assessment diagrams for each stage of the dynamic key process;

[0066] Figure 5 Line graph showing the abnormal access behavior detection and response mechanism. Detailed Implementation

[0067] To make the objectives, technical solutions, and advantages of this invention clearer, the invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the invention.

[0068] In the description of this invention, it should be understood that the terms "length," "width," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," and "outer," etc., indicating orientation or positional relationships, are based on the orientation or positional relationships shown in the accompanying drawings and are only for the convenience of describing the invention and simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, or be constructed and operated in a specific orientation, and therefore should not be construed as a limitation of the invention. Furthermore, in the description of this invention, "a plurality of" means two or more, unless otherwise explicitly specified.

[0069] See Figure 1 The system generates a reference clock signal and a physical non-cloning function response value locally on the server, and combines them into an initial key seed. The system continuously monitors the polling status of the NFC reader. When an authorized NFC card is detected near, a dynamic key negotiation session is automatically initiated. Based on the initial key seed and a preset hash iteration algorithm, a session negotiation root key is calculated and generated specifically for this session. Subsequently, the card identifier stored in the authorized NFC card is read and compared with a trusted identifier pre-set in a whitelist database. Upon successful verification, an authentication token is generated. The system status parameters and network load metrics of the current server are obtained and encoded together to generate a dynamic environment factor sequence. The generated authentication token and the dynamic environment factor sequence are merged and input into the key derivation function driven by the session negotiation root key for computation, outputting the final temporary access key.

[0070] In one embodiment of the present invention, a high-precision clock chip integrated into the server motherboard, such as a real-time clock circuit, is invoked by a dedicated driver of the operating system kernel. The high-precision clock chip directly reads the stable pulses generated by the crystal oscillator and generates a series of digital waveform signals with a fixed period and duty cycle. This series of digital waveform signals is defined as a hardware-level reference clock signal. It can be understood that the reference clock signal is independent of the server operating system's software clock and is not affected by manual system time adjustments or network time protocol synchronization, ensuring the immutability of the time source. A physically unclonable function (PHF) circuit packaged within the processor chip receives a binary challenge code of a specific length sent from the security management module. Based on physical characteristics such as the microscopic differences in the threshold voltage of its internal transistors or the randomness of metal interconnect delays, the PHF circuit performs unpredictable transformation processing on the input challenge code, ultimately outputting a fixed-length and unique PHF response value. The generated reference clock signal and the PHF response value are sent to a key seed combining unit, which can concatenate the two according to a predetermined byte interleaving order to form an initial key seed.

[0071] In some embodiments, after the NFC reader detects the radio frequency field of the authorized card and completes the initial communication handshake, the security management module initiates a dynamic key negotiation session. Immediately upon initiating the dynamic key negotiation session, the clock sampling unit of the security management module extracts a complete periodic segment from the continuous reference clock signal stream, converting the rising and falling edges of the pulses within this segment into a high-precision microsecond-level timestamp data. Optionally, the microsecond-level timestamp data can be a 64-bit unsigned integer. Subsequently, the key derivation engine performs a bitwise XOR operation on the physically unclonable function response value and the microsecond-level timestamp data, generating dynamically obfuscated data. The randomness of the dynamically obfuscated data stems from both the static uniqueness of the physically unclonable function response and the dynamic variability of the timestamp.

[0072] In practice, the generation of the session negotiation root key based on dynamically obfuscated data is handled by the hash iteration algorithm engine. The key derivation engine uses the dynamically obfuscated data as the initial input for the hash iteration algorithm's iterative operations. A preset number of iterations are strictly executed. After each iteration, an intermediate state value is calculated, and a fixed-length data segment is extracted from this intermediate state value; for example, the first 256 bits of the intermediate 512-bit state value are extracted as the intermediate fixed-length data segment. After completing all preset number of iterations, multiple intermediate fixed-length data segments are obtained. Subsequently, a cyclic shift and concatenation unit processes all intermediate fixed-length data segments. The processing includes cyclically shifting each data segment to the left by different offsets, and then concatenating all the shifted data segments sequentially into a longer bit sequence. This final bit sequence is defined as the session negotiation root key. This process ensures that the session negotiation root key is deeply bound to the precise time of each session initiation and the uniqueness of the server hardware. In some embodiments, the number of iterations, the position and length of the data segment being truncated, and the rules for cyclic shifting of the hash iteration algorithm are predefined and cannot be changed.

[0073] To specifically describe the computational relationship for deriving intermediate data segments from dynamically obfuscated data, the following formula is introduced:

[0074]

[0075] in: Indicates the first The function extracts a fixed-length data segment from the middle of the round of iterations. This indicates that the input data is processed. Iterative operations of the round hash iterative algorithm Represents dynamically obfuscated data, operators This indicates extracting the first part of the input data. The formula describes the operation of each bit. It expresses the deterministic computational relationship between the intermediate data segment and the dynamically obfuscated data in each round.

[0076] In one embodiment of the present invention, after an authorized NFC card is brought close to the server's NFC reader, the encrypted card identification identifier in the card's storage sector is read. The encrypted format indicates that the card identification identifier was processed using a symmetric encryption algorithm when written to the card. The card identification decryption key, stored in the server's secure area, is accessed by the security management module. This decryption key is a pre-distributed and securely stored key specifically used to decrypt the card identification identifier. The security management module uses the decryption key to decrypt and restore the read encrypted data, outputting the original plaintext card identification identifier. The plaintext card identification identifier is typically a string or binary sequence with specific encoding rules.

[0077] In some embodiments, the decrypted and restored card identity identifier is sent to the comparison and verification module. The comparison and verification module accesses a whitelist database, which contains multiple pre-defined trusted identifiers. These trusted identifiers are legitimate card identifiers that have been pre-registered and are authorized to access the server. The comparison and verification module performs a full-text comparison between the decrypted and restored card identity identifier and each trusted identifier in the whitelist database. A full-text comparison means performing a complete character-to-character or bit-to-bit consistency comparison. When the comparison and verification module finds a complete match between the decrypted and restored card identity identifier and a trusted identifier in the whitelist database, it determines that the authorized NFC card is legitimate. The determination of the card's legitimacy triggers a token generation command, an internal signal that instructs the token generation module to begin operation.

[0078] In practice, after receiving the token generation instruction, the token generation module collects multiple data elements required to generate the authentication token. The token generation module obtains the unique session identifier for this dynamic key negotiation session from the session management unit. This unique session identifier is a globally unique value generated at the start of the session. The token generation module obtains the verification success time from the system clock; this time records the precise moment when the card's identity identifier was successfully verified. The token generation module also records the trusted identifier that successfully matched during the full-text comparison. Subsequently, the token generation module combines these three data elements—the unique session identifier, the verification success time, and the matched trusted identifier—according to a predetermined format. This combination format can be simple byte concatenation or a structured encapsulation with length information.

[0079] It can be understood that the pre-shared token generation key is a secret key shared in advance between the server and the backend authentication system. The token generation module uses the pre-shared token generation key to perform message authentication code (MAC) calculations on the combined data. The MAC calculation can employ a hash-based MAC algorithm or a cryptographic MAC algorithm. The calculation process uses the pre-shared token generation key and the combined data as input to generate a fixed-length MAC value. This calculated MAC value, along with some or all of the original data used for calculation, constitutes the final authentication token. The authentication token therefore contains the card's identity information and the token's validity period. In some embodiments, the specific data structure of the authentication token can be a concatenation of the verification pass time, a trusted identifier, and the MAC value. Optionally, a unique session identifier can also be included in the authentication token and transmitted or stored together.

[0080] To describe the generation relationship of message authentication code operations, the following formula is introduced:

[0081]

[0082] in: The function represents the generated authentication token. This indicates a data concatenation operation. This indicates a trusted identifier that was matched during the full-text comparison. Indicates the point in time when the verification passed, function This indicates the message authentication code calculation. This indicates the pre-shared token generation key. This represents data composed of a unique session identifier, the time of successful verification, and a matching trusted identifier. The formula clearly defines the components of the authentication token and its dependencies on the input data and keys.

[0083] See Figure 2 This is a timeliness analysis chart for session identifier and token generation, showing three core time-consuming metrics at different test points during the authentication token generation phase. Token generation is the main time-consuming part of the entire process, accounting for approximately 70-80%, and is a key area for optimization. The session identifier generation time is very stable, indicating that its underlying implementation is reliable and not easily affected by external environments. Fluctuations in token generation time may be related to factors such as system load, input data length, or algorithm iteration count. Quantifying the time cost of the authentication token generation process provides a data foundation for system throughput and response time analysis. It clarifies that token generation is a performance bottleneck, providing a basis for subsequent algorithm optimization or hardware acceleration. The stability of session identifier generation demonstrates the system's session management capabilities in high-concurrency scenarios.

[0084] See Figure 3 In one embodiment of the present invention, the system's status acquisition module calls the performance counter interface provided by the operating system kernel to collect the current CPU utilization rate of the server. The current CPU utilization rate is a percentage value representing the processor's busy level. The status acquisition module also collects the memory free percentage, which represents the proportion of available physical memory to total physical memory. The status acquisition module also collects the number of currently running processes, which is the total number of processes active in the operating system kernel. The current CPU utilization rate, memory free percentage, and number of currently running processes together constitute the system status parameters. The network monitoring module reads real-time network data from the driver layer of the server's network interface controller. The network monitoring module reads the round-trip latency of the current network connection, which is the time interval between a data packet being sent from the server and receiving confirmation from the other party. The network monitoring module reads the data packet sending rate and receiving rate of the current network connection, which are the number of network data packets successfully sent and received per unit time. The round-trip latency, data packet sending rate, and receiving rate together constitute the network load index.

[0085] In some embodiments, the quantization encoding unit standardizes the collected parameters. The quantization encoding unit quantizes the current CPU utilization, memory free percentage, number of currently running processes, round-trip time (RTD), packet transmission rate, and reception rate into fixed-length bit strings. The length of the fixed-length bit string corresponding to each parameter is predefined; for example, the current CPU utilization can be represented by an 8-bit bit string representing 256 levels between 0 and 100%. The quantization encoding unit arranges all fixed-length bit strings in a predetermined order. This predetermined order may be: first, arranging the bit strings containing the system status parameters (CPU utilization, memory free percentage, and number of currently running processes), and then arranging the bit strings containing the network load metrics (RRT, RTD, packet transmission rate, and reception rate). The quantization encoding unit inserts a specific separator between adjacent bit strings. This separator is a unique bit pattern used to distinguish different data fields during subsequent decoding. The quantization encoding unit performs compression encoding on the complete bit string after permutation and insertion of delimiters. Compression encoding can employ lossless compression algorithms such as run-length encoding or dictionary encoding. The resulting more compact bit sequence is defined as the dynamic environment factor sequence. The dynamic environment factor sequence characterizes the real-time system operating environment of the server at the time of key generation.

[0086] In practice, the derivation operation of the temporary access key is performed by the key derivation function module. The key derivation function module first converts the authentication token into a first-byte array. The authentication token is typically in binary or hexadecimal string form, and the conversion process parses it into a continuous byte sequence according to its encoding format. The key derivation function module then converts the dynamic environment factor sequence into a second-byte array. The dynamic environment factor sequence is a compressed bit string, and the conversion process directly divides this bit string into bytes of 8 bits each. The key derivation function module concatenates the first and second-byte arrays, appending the data from the second-byte array to the end of the first-byte array to form a longer derived input data block. The key derivation function module receives the session negotiation root key and uses it as the key input to the key derivation function. The key derivation function can be a hash-based message authentication code key derivation function or a password-based key derivation function. The key derivation function module uses the derived input data block as the message input to the key derivation function. The key derivation function module executes a key derivation function, which takes the session negotiation root key and a derived input data block as input. After multiple rounds of iterative computation, it outputs a pseudo-random byte stream of a specified length. Optionally, the specified length can be configured according to the strength of the required temporary access key. Finally, the key derivation function module extracts bytes of a preset length from the output pseudo-random byte stream. The preset length is, for example, 128 bits or 256 bits. This extracted portion of bytes is defined as the final temporary access key. It can be understood that the generation of the temporary access key depends on the authentication token, the dynamic environment factor sequence, and the session negotiation root key.

[0087] To describe the operation of extracting a temporary access key from a pseudo-random byte stream, the following formula is introduced:

[0088]

[0089] in: Indicates the final temporary access key used, function This indicates that a key derivation function is executed with the input key and input data as parameters, and the output pseudo-random byte stream is extracted from byte 1 to byte 2. The byte part, This represents the session negotiation root key, which is used as the key input. This represents a derived input data block used as message input. This indicates the number of bytes of the preset length. The formula clearly defines the relationship between the temporary access key, the session negotiation root key, the derived input data block, and the extraction length.

[0090] In one embodiment of the present invention, the access control module on the server needs to encrypt a set of instructions for a series of authorized server operations using a temporary access key. The instruction set may include specific operation commands such as opening a specific port, starting a backup program, or entering maintenance mode. The access control module employs a symmetric encryption algorithm, such as the Advanced Encryption Standard (AES) algorithm, using the temporary access key as the encryption key to encrypt the plaintext of the instruction set. The encryption operation outputs encrypted instruction ciphertext. The encrypted instruction ciphertext is wirelessly transmitted to a nearby authorized NFC card via an NFC reader connected to the server using the NFC communication protocol. It is understood that the encryption process ensures the confidentiality of the operation instructions during transmission, preventing eavesdropping or tampering by unauthorized devices.

[0091] In some embodiments, after receiving the encrypted instruction ciphertext, the authorized NFC card decrypts the ciphertext using the same temporary access key within its internal secure element, restoring the plaintext operation instruction and executing the corresponding logic. After executing the logic, the authorized NFC card generates an encrypted response, which is the card's reply to the server's instruction, also encrypted using the temporary access key. The server receives the encrypted response from the authorized NFC card via an NFC reader. The access control module on the server decrypts the received encrypted response using the same temporary access key, obtaining the plaintext response. The plaintext response contains an access permission code, which is a result identifier generated by the authorized NFC card based on its internal policies and status. The access control module parses the plaintext response, reads the access permission code, and decides whether to open the server's physical access interface based on the specific value or content of the access permission code. The physical access interface can be the control circuit of an electronic door lock, or it can decide whether to execute a specific management operation, such as loading a specific configuration file or starting a system service.

[0092] In practice, the dynamic key update and session termination mechanism is handled by a separate session lifecycle management module. The session lifecycle management module starts timing the session when the access control module generates the temporary access key, recording the duration of the current session. Internally, the session lifecycle management module stores a preset key validity period threshold, which defines the maximum allowed activity time for a single session. The module continuously compares the current session duration with this threshold. When the module detects that the current session duration has reached or exceeded the threshold, it immediately triggers the session termination process. This process includes sending a session termination notification to the authorized NFC card. This notification is a specific formatted data packet transmitted over the NFC channel, informing the card that the session is about to end. Subsequently, the session lifecycle management module instructs the server memory management unit to clear the temporary access key, session negotiation root key, and related session state data stored in the server memory. This memory clearing operation ensures that no key materials remain in memory. After the clearing operation is complete, the server NFC subsystem re-enters the initial listening state, waiting for the NFC reader to poll for new card proximity events, thereby initiating a new dynamic key negotiation session. Optionally, the key validity period threshold can be configured and adjusted according to different security policies. For an example illustrating the access control decision logic, refer to Table 1, which describes the server behaviors that different access permission codes may trigger.

[0093] Table 1: Example Table of Access Permission Codes and Corresponding Server Behaviors

[0094]

[0095] In practical implementation, monitoring and threshold comparison of session duration can be achieved through a simple comparison logic. The session lifecycle management module internally maintains a session start timestamp and a current timestamp. The module periodically retrieves the current timestamp and subtracts the session start timestamp to obtain the current session duration. It then compares the current session duration with a key validity period threshold, which can be set to a fixed value, such as 300 seconds. The comparison operation can be formally represented as determining whether the inequality "current session duration ≥ key validity period threshold" holds true. When the inequality holds true, the session termination process is triggered. Optionally, the key validity period threshold can also be a dynamically calculated value based on the parameters negotiated in this session. In some embodiments, the key validity period threshold is associated with the strength of the temporary access key or the system load during negotiation.

[0096] See Figure 4This is a security strength assessment chart for each stage of dynamic key generation, visually demonstrating the security strength of the five core stages in a server NFC security management method based on dynamic keys. From the initial key seed to the temporary access key, the security strength shows a clear increasing trend, consistent with the security design principle of "root of trust → derived key → final key". The high scores of the dynamic environment factor and authentication token demonstrate the significant advantages of this method in resisting replay attacks and static key leakage. The scores of the initial key seed and session negotiation root key are relatively low and can be further improved by enhancing the uniqueness of the PUF response or optimizing the hash iteration algorithm. Decomposing the complex key generation process into quantifiable stages facilitates overall security assessment and horizontal comparison. Identifying the security weaknesses of each stage provides a clear direction for subsequent security enhancements and algorithm optimization.

[0097] In one embodiment of the present invention, the server's security management module continuously monitors the authentication request frequency from the NFC reader during dynamic key negotiation and session establishment. The authentication request frequency refers to the number of NFC card interactions requesting authentication received per unit time. The security management module internally presets an abnormal frequency threshold, which defines the maximum number of authentication requests allowed per unit time. The security management module statistically analyzes the authentication request frequency in real time and compares the statistically obtained authentication request frequency with the preset abnormal frequency threshold. If the comparison finds that the authentication request frequency exceeds the preset abnormal frequency threshold per unit time, the security management module marks the currently requesting card identifier as a suspicious identifier. The card identifier is the identity information read from the NFC card. The marking operation means setting a suspicious status flag for the card identifier in the internal status table.

[0098] In some embodiments, for all subsequent authentication requests marked as suspicious, the security management module initiates a challenge-response enhanced verification process. Initiating this process means adding an extra cryptographic verification step to the regular card identifier comparison with the whitelist database. The challenge-response enhanced verification process requires additional verification of the card's dynamic response to random challenges. The dynamic response is cryptographic evidence calculated by the NFC card based on the received random challenge from the server. If the security management module fails to verify the dynamic response, it permanently adds the requesting card identifier to the blacklist database, which records a list of prohibited card identifiers. After permanently adding the card identifier to the blacklist database, the security management module triggers a security alarm on the server. This alarm can send a notification to the administrator, log a security event, or activate an audible and visual alarm.

[0099] In practice, initiating the challenge-response enhanced verification process involves a series of specific cryptographic operations. A challenge generator on the server generates a cryptographically secure random number as the challenge; this random number is unpredictable. The server sends the generated challenge to the NFC card currently flagged as suspicious via an NFC reader. The server expects the NFC card to use its integrated secure element, combining the received challenge with the card's private key stored in the secure element, to calculate a cryptographic signature using a digital signature algorithm. The NFC card then returns this cryptographic signature as a dynamic response to the server. The card's private key is the private key portion of an asymmetric key pair pre-injected into the card's secure element. Upon receiving the dynamic response, the server verifies it using a pre-stored public key corresponding to the suspicious card. The verification operation involves decrypting or verifying the signature using the public key to confirm that the signature was indeed generated by the corresponding private key and that the challenge data has not been tampered with. It can be understood that the result of the public key verification serves as one of the server's final criteria for determining whether to allow access to the suspicious card; even if the card's identifier is on a whitelist, if the dynamic response verification fails, the access request will be rejected.

[0100] To describe the challenge-response verification logic, the following formula is introduced:

[0101]

[0102] in: The function represents the verification result, with a value of either true or false. This represents a function that uses a public key to verify the signature and the original message. This indicates the public key pre-stored on the server that corresponds to the currently suspicious identification card. This represents the cryptographic signature returned by the NFC card as a dynamic response. This represents a random challenge generated by the server. When... A value of true indicates that the dynamic response verification passed; a value of false indicates that the verification failed. The formula defines the mathematical relationship for dynamic response verification. In some embodiments, the algorithm used to generate the dynamic response is an elliptic curve digital signature algorithm. Optionally, the challenge-response enhancement verification process can also be performed before regular verification, serving as the first line of defense for access. It is understood that this mechanism can effectively resist replay attacks based on identity duplication.

[0103] See Figure 5This is a line graph illustrating the abnormal access behavior detection and response mechanism. It shows the changes in the frequency of NFC authentication requests over 60 minutes, visually presenting the characteristics of the abnormal attack period. The request frequency during the attack period was 2–5 times the normal level, with dramatic fluctuations, consistent with the behavior patterns of automated attack tools. After the attack, the system quickly returned to normal, indicating that the blacklist mechanism and enhanced verification process successfully blocked malicious access. This visually demonstrates the feasibility and effectiveness of the "frequency threshold-based anomaly detection" and "challenge-response enhanced verification" mechanisms. It quantifies the system's response capability under attack, providing data for optimizing security strategies. It clearly demonstrates the potential threat of abnormal access behavior to the system, emphasizing the necessity of dynamic security management.

[0104] The above are merely preferred embodiments of the present invention and are not intended to limit the present invention in any other way. Any person skilled in the art may make changes or modifications to the above-disclosed technical content to create equivalent embodiments that can be applied to other fields. However, any simple modifications, equivalent changes, and modifications made to the above embodiments based on the technical essence of the present invention without departing from the scope of the present invention shall still fall within the protection scope of the present invention.

Claims

1. A server NFC security management method based on dynamic keys, characterized in that, The method includes: Generate a local reference clock signal and a physical non-cloning function response value on the server, and combine the reference clock signal and the physical non-cloning function response value into an initial key seed; The polling status of the NFC card reader is monitored. When an authorized NFC card proximity event is detected, a dynamic key negotiation session is initiated, and a session negotiation root key is calculated and generated based on the initial key seed and a preset hash iteration algorithm. Read the card identity identifier stored in the authorized NFC card, compare and verify the card identity identifier with the trusted identifier preset in the whitelist database, and generate an authentication token after the verification is successful; Obtain the current server system status parameters and network load indicators, and then encode the system status parameters and network load indicators together to generate a dynamic environmental factor sequence. The authentication token and the dynamic environment factor sequence are combined and input into the session negotiation root key for key derivation function operation to generate the final temporary access key, including: The authentication token is converted into a first byte array, and the dynamic environment factor sequence is converted into a second byte array; The first byte array and the second byte array are concatenated to form a derived input data block; The session negotiation root key is used as the key input to the key derivation function, and the derived input data block is used as the message input to the key derivation function. Execute the key derivation function and output a pseudo-random byte stream of the specified length; Extract the initial preset length bytes from the output pseudo-random byte stream as the final temporary access key.

2. The server NFC security management method based on dynamic keys according to claim 1, characterized in that, The process of initiating a dynamic key negotiation session and calculating and generating a session negotiation root key based on the initial key seed and a preset hash iteration algorithm includes: The reference clock signal at the current moment is captured to generate microsecond-level timestamp data; The physical non-clonable function response value is XORed with the microsecond-level timestamp data to generate dynamically obfuscated data. The dynamically obfuscated data is used as input, and a hash iterative algorithm with a preset number of rounds is executed. After each iteration, a data segment of a fixed length is extracted from the middle. The intermediate fixed-length data segments extracted after all rounds of iteration are cyclically shifted and concatenated to form the session negotiation root key.

3. The server NFC security management method based on dynamic keys according to claim 2, characterized in that, The step of comparing and verifying the card identity identifier with a trusted identifier pre-installed in the whitelist database, and generating an authentication token after successful verification, includes: Extract the encrypted card identity identifier from the storage sector of the authorized NFC card, and decrypt and restore it using the card identity identifier decryption key stored in the secure area of ​​the server; The decrypted and restored card identity identifier is compared in full text with each of the trusted identifiers in the whitelist database; When a completely matching trusted identifier is found, the NFC card is deemed legitimate, and a token generation instruction is triggered. According to the trigger token generation instruction, obtain the unique session identifier and the verification pass time point of the session, and combine the unique session identifier, the verification pass time point and the matching trusted identifier; The pre-shared token is used to generate a key to perform a message authentication code operation on the combined data, generating the authentication token containing identity information and timeliness data.

4. The server NFC security management method based on dynamic keys according to claim 3, characterized in that, The step of obtaining the current server system status parameters and network load indicators, and then encoding the system status parameters and network load indicators together to generate a dynamic environmental factor sequence includes: The system functions are called to collect the current CPU usage, memory free percentage, and number of currently running processes of the server, which constitute the system status parameters. The network load metric is constructed by reading the round-trip latency, data packet transmission rate, and reception rate of the current network connection from the network interface controller. The current utilization rate of the central processing unit, the percentage of free memory, the number of currently running processes, the round-trip latency, the data packet sending rate, and the receiving rate are each quantized into fixed-length bit strings; All the quantized fixed-length bit strings are arranged in a predetermined order, and separators are inserted between adjacent bit strings; The complete bit string after being arranged and delimited is compressed and encoded to generate the dynamic environment factor sequence used to characterize the real-time system operating environment.

5. The server NFC security management method based on dynamic keys according to claim 1, characterized in that, It also includes operations for access control and communication protection using the temporary access key: The temporary access key is used to encrypt the instruction set of the authorized server operation to generate encrypted instruction ciphertext; The encrypted instruction ciphertext is transmitted to the authorized NFC card via the NFC card reader; Upon receiving an encrypted response from the authorized NFC card, the encrypted response is decrypted using the same temporary access key to obtain the plaintext response. Based on the access permission code contained in the response plaintext, a decision is made as to whether to enable the server's physical access interface or perform specific management operations.

6. The server NFC security management method based on dynamic keys according to claim 5, characterized in that, It also includes dynamic key update and session termination mechanisms: The duration of the current session is monitored starting from the moment the temporary access key is generated; Compare the duration of the current session with a preset key validity period threshold; When the duration of the current session reaches or exceeds the key validity period threshold, a session termination notification is immediately sent to the authorized NFC card, and the temporary access key, the session negotiation root key, and related session state data stored in the server memory are cleared. After clearing, wait for the NFC reader to poll again to start a new dynamic key negotiation session.

7. A server NFC security management method based on dynamic keys according to claim 6, characterized in that, It also includes mechanisms for detecting and responding to abnormal access behavior: During key negotiation and session, the frequency of authentication requests from the NFC reader is continuously monitored; If the frequency of the authentication request exceeds a preset abnormal frequency threshold within a unit of time, the card identity identifier that initiates the request will be marked as a suspicious identifier. For all subsequent authentication requests marked with the suspicious identifier, a challenge-response enhanced verification process is initiated, which requires, in addition to verifying the card identity identifier, to additionally verify the dynamic response of the NFC card to random challenges; If the dynamic response verification fails, the card identity identifier will be permanently added to the blacklist database, and a security alarm will be triggered on the server. The challenge-response enhancement verification process includes: The server generates a cryptographically secure random number as the challenge; The inquiry is sent via an NFC reader to an NFC card marked with the suspicious identifier; The NFC card uses its internal security element to calculate and generate a cryptographic signature as the dynamic response, combining the challenge with the NFC card's private key. The server uses the pre-stored public key corresponding to the NFC card to verify the received dynamic response; The verification result serves as one of the final criteria for determining whether access is permitted.

8. A server NFC security management method based on dynamic keys according to claim 7, characterized in that, The local reference clock signal and physical non-cloning function response value generated by the server include: The high-precision clock chip on the server motherboard is invoked to generate a hardware-level time pulse signal that is unaffected by the operating system's time adjustment, which serves as the reference clock signal. A challenge code is sent to the physically unclonable function circuitry built into the server processor. The physically unclonable function circuitry processes the challenge code based on its internal non-replicable physical characteristics to generate a unique physically unclonable function response value.

9. A server NFC security management system based on dynamic keys, comprising a memory, a processor, and a computer program stored in the memory and running on the processor, characterized in that, When the processor executes the computer program, it implements the steps of the server NFC security management method based on dynamic keys as described in any one of claims 1 to 8.