CN103532963A - IOT (Internet of Things) based equipment authentication method, device and system - Google Patents
IOT (Internet of Things) based equipment authentication method, device and system Download PDFInfo
- Publication number
- CN103532963A CN103532963A CN201310498925.9A CN201310498925A CN103532963A CN 103532963 A CN103532963 A CN 103532963A CN 201310498925 A CN201310498925 A CN 201310498925A CN 103532963 A CN103532963 A CN 103532963A
- Authority
- CN
- China
- Prior art keywords
- information
- internet
- management platform
- remote management
- things equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses an IOT based equipment authentication method, device and system, and relates to the field of authentication of IOT terminals and servers. In order to guarantee the safety of an IOT system and the authentication effectiveness, a remote management platform generates a first message when receiving a bidirectional authentication request of IOT equipment; an IOT equipment message and the generated first message are sent to an authentication center; the authentication center seeks a root key message K corresponding to the IOT equipment according to the IOT equipment message, generates a bidirectional authentication message according to the root key message and the first message and returns the bidirectional authentication message to the remote management platform; and the remote management platform finishes bidirectional authentication according to the bidirectional authentication message and the IOT equipment. According to the provided method and system, only legal IOT equipment can be accessed to the management platform, illegal equipment can be prevented from being accessed, and simultaneously, the legitimate right of a user using the IOT equipment can be protected from loss.
Description
Technical field
The present invention relates to the field of authentication of internet-of-things terminal and server.
Background technology
Internet of Things is called as after computer, the Internet, and the third wave of world's information industry has represented Information Technology Development direction of future generation, and the states such as the U.S., European Union, China launch respectively Internet of Things development plan, carries out correlation technique and industry prediction layout.
Along with popularizing of technology of Internet of things, more and more traditional commodities, as automobile, intelligent gauge, consumer electronics, watch-dog etc. are embedded into transducer and communication module, become internet of things equipment.The operational environment of these internet of things equipments (as unattended operation, high temperature, high humidity, frequent vibration and rock etc.) is more complicated and severe than traditional mobile terminal.These internet of things equipments are used the mobile network of operator conventionally, communicate with Internet of Things remote management platform, complete specific task.
In order to guarantee that Internet of things system moves safely and reliably, there are two problems to need to consider, the one, illegal internet of things equipment access Internet of things system, and then attack carrier network; The 2nd, the remote management platform that assailant forges, sends instruction, attacks or control internet of things equipment.
At true identity and its of entity, claim status incongruence time, can think illegal internet of things equipment.Such as device A, having forged false identity (is false No. ID, software and hardware information etc.), if remote management platform does not authenticate device A, but the direct access-in management platform of the device A of leaving, device A can be uploaded false business information to remote management platform, thereby affects the function of remote management platform.And other equipment that device A can also be lower with remote management platform administration communicate, such as pushing spoofing to these equipment, send rogue program etc. to cheat or to damage those equipment.
Such as forging false management platform, lawless person lures equipment B access into, if equipment B does not authenticate the false management platform of this forgery, but the access way providing by lawless person is directly linked into this falseness management platform, lawless person just can carry out by this falseness management platform the operation of control appliance B, and then all information of equipment B are for illegal object.Therefore, the problems referred to above all can normally be runed by traffic affecting.First solution carries out two-way authentication with remote management platform before being internet of things equipment access Internet of things system.
But, how internet of things equipment authenticates with application server or management platform, there is no at present standard agreement, the application of some Internet of Things, is used shared secret mechanism to carry out unilateral authentication to equipment, and this scheme supposes to authenticate that in both sides, to have a side be believable conventionally, it is believable to be that server side is considered to, Authentication devices identity only, authentication server identity not, and can be on server the key of pre-stored equipment or private information for subsequent authentication.This authentication mode cannot be applicable to the authentication that third party builds remote management platform, because this situation lower platform and internet of things equipment are all incredible, between two incredible entities, be difficult to shared secret information, thereby be not suitable for using symmetric key mechanisms to authenticate.In addition, two-way authentication is not the stack of two unilateral authentication, and existing unilateral authentication scheme can not simple extension be that two-way authentication is applied to the incredible scene of both sides.
Moreover if preserve key or the secret information of property networked devices on remote management platform, when internet of things equipment scale sharply increases, the information that preserve will magnanimity increase, maintenance difficulties is very big.And, when internet of things equipment need to switch remote management platform because cooperation policy changes, between two remote management platforms, also need to exchange key or secret information, exist equally potential safety hazard.
Therefore, existing Internet of Things authentication techniques, cannot realize the demand of verifying mutually the other side's legitimacy between internet of things equipment and remote management platform, to guarantee the fail safe of Internet of Things system.
Summary of the invention
Technical problem to be solved by this invention is in order to guarantee the fail safe of Internet of Things system, can guarantee again the validity of authentication, proposes a kind of internet of things equipment authentication method, device and system.
In order to solve the problems of the technologies described above, the invention provides a kind of internet of things equipment authentication method, comprising:
Remote management platform, after receiving the two-way authentication request of internet of things equipment, generates the first information; Bing Xiang AUC sends the first information of internet of things equipment information and generation;
The root key information K that described AUC is corresponding with described internet of things equipment according to described internet of things equipment information searching, and return to described remote management platform according to described root key information K and first information generation two-way authentication information;
Described remote management platform completes two-way authentication according to described two-way authentication information and described internet of things equipment.
Further, the root key information K corresponding with described internet of things equipment according to described internet of things equipment information searching of described AUC; In the time cannot finding,
To described remote management platform feedback query failed message or authentification failure message.
Further, the first information that described remote management platform generates is random number R;
Described AUC comprises according to the step of described root key information K and first information generation two-way authentication information: described AUC generates according to described root key information K and random number R the key K that participates in computing in two-way authentication ', and according to key K ' and the operation result of random number R use respectively the first algorithm and the second algorithm to draw two-way authentication information, this two-way authentication information comprises the first authentication information A1 and the second authentication information A2.
Further, the step that described remote management platform completes two-way authentication according to described two-way authentication information and internet of things equipment comprises:
(1) described remote management platform sends to described internet of things equipment by the described first information and the second authentication information A2;
(2) described internet of things equipment generates according to the described first information and root key information K the key K that participates in computing in two-way authentication ', and according to key K ' and the operation result of random number R, according to first algorithm consistent with described AUC and the second algorithm, calculate respectively the 3rd authentication information A1 ' and the 4th authentication information A2 ', and described the 3rd authentication information A1 ' is sent to remote management platform, simultaneously, whether described internet of things equipment relatively the 4th authentication information A2 ' is consistent with described the second authentication information A2 that the remote management platform receiving sends, if unanimously, authenticating remote management platform identity, otherwise not by the authentication to described remote management platform,
(3) whether the 3rd authentication information A1 ' that described remote management platform relatively receives is consistent with the first authentication information A1, if unanimously, verifies internet of things equipment identity; Otherwise not by the authentication to described internet of things equipment; .
Further, internet of things equipment also comprises before sending two-way authentication request:
Described internet of things equipment is submitted to described remote management platform by device id and international mobile subscriber identity IMSI in advance; Described remote management platform is stored in device id, IMSI and corresponding AUC's address information in the facility information table of maintenance.
Further, when described internet of things equipment sends two-way authentication request to described remote management platform, described device id is sent to described remote management platform, and described remote management platform finds according to described equipment sign number IMSI and the AUC address that described device id is corresponding from facility information table.
Further, current remote management platform P1 receives the switching remote management platform request of internet of things equipment, the information that comprises target remote management platform P2 in request, if P1 can communicate by letter with P2, between P1 and P2, set up secure tunnel, P1 sends to this internet of things equipment sign and shared key K after P2 by secure tunnel, P1 sweep equipment sign and record corresponding to shared key K; P1 is by internet of things equipment described in successful switch message and P2 address notification, and described internet of things equipment is replaced P1 address with P2 address.
In order to solve the problems of the technologies described above, the present invention also provides a kind of internet of things equipment, described internet of things equipment, and for sending two-way authentication request to remote management platform, and receiving remote management platform is returned to two-way authentication information; Also for completing two-way authentication with described remote management platform according to described two-way authentication information.
Alternatively, the step that described internet of things equipment and described remote management platform complete two-way authentication according to described two-way authentication information comprises:
The first information that described internet of things equipment receiving remote management platform is returned and the second authentication information A2;
Described internet of things equipment generates according to the described first information and root key information K the key K that participates in computing in two-way authentication ', and according to key K ' and the operation result of random number R according to predetermined the first algorithm and the second algorithm, calculate the 3rd authentication information A1 ' and the 4th authentication information A2 ', and described the 3rd authentication information A1 ' is sent to remote management platform, simultaneously, whether described internet of things equipment relatively the 4th authentication information A2 ' is consistent with described the second authentication information A2 that the remote management platform receiving sends, if unanimously, authenticating remote management platform identity.
In order to solve the problems of the technologies described above, the present invention also provides a kind of remote management platform, and described remote management platform, for after receiving the two-way authentication request of internet of things equipment, generates the first information; Bing Xiang AUC sends the first information of internet of things equipment information and generation; The two-way authentication information of also returning for receiving AUC, and complete two-way authentication according to described two-way authentication information and described internet of things equipment.
Alternatively, the first information that described remote management platform generates is random number R;
The step that described remote management platform completes two-way authentication according to described two-way authentication information and described internet of things equipment comprises:
Described remote management platform sends to described internet of things equipment by the described first information and the second authentication information A2;
Whether the 3rd authentication information A1 ' that described remote management platform relatively receives is consistent with the first authentication information A1, if unanimously, verifies internet of things equipment identity;
The first authentication information A1 and the second authentication information A2 are that described AUC is according to the described first information and root key information K, generate the key K that participates in computing in two-way authentication ', and according to key K ' and the operation result of random number R according to the first predetermined algorithm and the second algorithm, calculate, described the 3rd authentication information A1 ' is that described internet of things equipment is according to the described first information and root key information K, generate the key K that participates in computing in two-way authentication ', and according to key K ' obtain according to first algorithm consistent with described AUC with the operation result of random number R.
In order to solve the problems of the technologies described above, the present invention also provides a kind of AUC, described AUC, the internet of things equipment information and the first information that for receiving remote management platform, send; The root key information K corresponding with described internet of things equipment according to described internet of things equipment information searching, when finding, returns to described remote management platform according to described root key information K and first information generation two-way authentication information; In the time cannot finding, to described remote management platform feedback query failed message or authentification failure message.
Alternatively, the first information that the described remote management platform that described AUC receives sends is random number R;
Described AUC generates according to described root key information K and random number R the key K that participates in computing in two-way authentication ', and according to key K ' and the operation result of random number R use respectively the first algorithm and the second algorithm to draw two-way authentication information, this two-way authentication information comprises the first authentication information A1 and the second authentication information A2.
In order to solve the problems of the technologies described above, the present invention also provides a kind of internet of things equipment Verification System, comprises above-mentioned internet of things equipment, remote management platform and AUC.
Method and system provided by the invention can guarantee that internet of things equipment and remote management platform can work under a safe and reliable environment, guarantee to only have legal internet of things equipment access-in management platform, avoid normally runing because illegality equipment access affects business, guarantee that user's internet of things equipment legitimate rights and interests do not incur loss simultaneously.
Accompanying drawing explanation
Fig. 1 is the structural representation of a kind of internet of things equipment Verification System of the embodiment of the present invention;
Fig. 2 is the flow chart of a kind of internet of things equipment authentication method of the embodiment of the present invention.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, hereinafter in connection with accompanying drawing, embodiments of the invention are elaborated.It should be noted that, in the situation that not conflicting, the embodiment in the application and the feature in embodiment be combination in any mutually.
The present invention is directed to the mobile network who uses operator, the internet of things equipment communicating with Internet of Things management platform.The present invention seeks to design certificate scheme between a kind of internet of things equipment effectively and management platform, to keep the continuity of current internet of things service, thereby avoid or reduce user's economic loss.Guarantee to only have legal internet of things equipment access-in management platform, avoid normally runing because illegality equipment access affects business, guarantee that user's internet of things equipment legitimate rights and interests do not incur loss simultaneously.
In conjunction with Fig. 1 illustrate the embodiment of the present invention based on internet of things equipment authentication method, device and system, the authentication method of the embodiment of the present invention, comprising:
Remote management platform, after receiving the two-way authentication request of internet of things equipment, generates the first information; Bing Xiang AUC sends the first information of internet of things equipment information and generation; The root key information K that described AUC is corresponding with described internet of things equipment according to described internet of things equipment information searching, when finding, returns to described remote management platform according to described root key information K and first information generation two-way authentication information; In the time cannot finding, to described remote management platform feedback query failed message or authentification failure message; Described remote management platform does not pass through the authentication to described internet of things equipment according to described inquiry failed message or authentification failure message; Or complete two-way authentication according to described two-way authentication information and described internet of things equipment.
Wherein, the first information that described remote management platform generates is random number R;
When not finding, described AUC is according to described inquiry failed message or authentification failure message, and remote management platform is not by the authentication to described internet of things equipment; Now can assert that this internet of things equipment is illegality equipment.
When finding,
Described AUC comprises according to the step of described root key information K and first information generation two-way authentication information:
Described AUC generates according to described root key information K and random number R the key K that participates in computing in two-way authentication ', and according to key K ' and the operation result of random number R use respectively the first algorithm and the second algorithm to draw two-way authentication information, this two-way authentication information comprises the first authentication information A1 and the second authentication information A2.
Wherein, the step that described remote management platform completes two-way authentication according to described two-way authentication information and internet of things equipment comprises:
(1) described remote management platform sends to described internet of things equipment by the described first information and the second authentication information A2;
(2) described internet of things equipment is according to the described first information and root key information K, generate the key K that participates in computing in two-way authentication ', and according to key K ' and the operation result of random number R, according to first algorithm consistent with described AUC and the second algorithm, calculate respectively the 3rd authentication information A1 ' and the 4th authentication information A2 ', and described the 3rd authentication information A1 ' is sent to remote management platform, simultaneously, whether described internet of things equipment relatively the 4th authentication information A2 ' is consistent with described the second authentication information A2 that the remote management platform receiving sends, if unanimously, authenticating remote management platform identity,
(3) whether the 3rd authentication information A1 ' that described remote management platform relatively receives is consistent with the first authentication information A1, if unanimously, verifies internet of things equipment identity.
Wherein, internet of things equipment and remote management platform session key generation in verification process, and use session key to be encrypted follow-up communication.
Wherein, in internet of things equipment Yu Mou operator, sign after contract, described internet of things equipment is submitted to described remote management platform by device id and international mobile subscriber identity IMSI in advance; Described remote management platform is stored in device id, IMSI and corresponding AUC's address information in the facility information table of maintenance; When described internet of things equipment sends two-way authentication request to described remote management platform, described device id is sent to described remote management platform, and described remote management platform finds according to described equipment sign number IMSI and the AUC address that described device id is corresponding from facility information table.
The information such as the device id of internet of things equipment, IMSI are kept in remote management platform, in the process of network authentication internet of things equipment, having introduced user signing contract information simultaneously---root key information K, above-mentioned verification process binds together the CAMEL-Subscription-Information of internet of things equipment and operator.If remote management platform is judged internet of things equipment information and the remote management platform institute canned data that this internet of things equipment to be detected claims, be not inconsistent or be not stored in remote management platform, assert that this internet of things equipment to be detected is illegality equipment.Otherwise, assert further.
For usurping other people CAMEL-Subscription-Information (as stolen SIM card or copying SIM) illegality equipment, remote management platform can be according to the binding relationship of device identification and IMSI, the access of refusal illegality equipment; For illegality equipment that send to forge IMSI and device id number, in verification process, can identify this equipment and whether really there is the user signing contract information that it is claimed.
Embodiment 1: device A is bound with card p by registration phase, when card p is put into equipment B, if B is illegality equipment, to remote management platform, do not register, in the table of safeguarding in Internet of Things management platform, search the information less than B equipment and p binding, platform is directly refused the request of B, and can further B be piped off.
Embodiment 2: equipment B is through assailant's transformation, can forge arbitrarily and identify and No. IMSI, and issue remote management platform, the process of telemanagement authentication internet of things equipment B, compare the result that B calculates, because B does not have root key K, therefore cannot be by authentication, platform can judge that B does not have claimed user signing contract information, and equipment B is illegality equipment.
Embodiment 3: device A is legal, authentication is passed through, but user is used for doing illegal thing, AUC after authentication can know that malfeasance is that card p by device A and binding thereof sends, can take further measures, for example freeze the function of magnetic card or equipment, stop business and so on.
Authentication method of the present invention, the user signing contract information of internet of things equipment and binding arrives first in advance remote management platform and registered, and guarantees to only have legal remote management platform just can be connected with AUC, obtains K information.Illegal remote management platform cannot be connected with AUC, cannot obtain K information, cannot the authentication to remote management platform by internet of things equipment.
Internet of things equipment is before being used, need to sign contract with operator, in smart card in internet of things equipment, write in advance the user signing contract information of this operator, comprise K, IMSI etc., internet of things equipment can be linked in the network of operator by the above-mentioned user signing contract information in smart card, and completes data communication function.User signing contract information in smart card is the identify label of internet of things equipment in carrier network, and remote management platform is storage key K not, in K Zhi AUC and internet of things equipment.
The embodiment of the present invention is used the scheme of symmetric key, can guarantee fail safe, validity, reasonability.
Verification process of the present invention is:
1) Internet of Things is submitted to Internet of Things remote management platform by internet of things equipment sequence number and IMSI corresponding to SIM card in advance, and Internet of Things remote management platform is preserved this two tuple for each internet of things equipment like this.
2) before internet of things equipment is communicated by letter with remote management platform, internet of things equipment, remote management platform and operator complete the above two two-way authentication.
3), in verification process, generate the session encryption key of communication subsequently.
4) internet of things equipment and remote management platform regularly carry out two-way authentication, and new session key more.
This programme has the following advantages:
1, two-way authentication assurance Internet of Things is communicated by letter under security context with remote management platform, guarantees the interests of internet of things equipment owner, operator.
2, the two-way authentication in the present invention has tripartite to participate in, AUC of operator and internet of things equipment carry out authentication calculations, remote management platform and internet of things equipment are responsible for authentication and are checked, remote management platform does not need the key that preservation object networked devices is relevant, fail safe and extensibility have been increased, internet of things equipment does not need to introduce the extra key for device authentication, but reuses the key in card, has simplified the flow process that internet of things equipment is produced.
The embodiment of the present invention can also realize the switching between remote management platform, current remote management platform P1 receives the switching remote management platform request of internet of things equipment, the information that comprises target remote management platform P2 in request, if P1 can communicate by letter with P2, between P1 and P2, set up secure tunnel, P1 identifies corresponding record (<ID, IMSI by this internet of things equipment, AUC of operator address>) by secure tunnel, send to after P2, P1 sweep equipment identifies corresponding record; P1 is by internet of things equipment described in successful switch message and P2 address notification, and described internet of things equipment is replaced P1 address with P2 address.
Embodiment
(S1) internet of things equipment is submitted to remote management platform by device id and IMSI.
In internet of things equipment can plug-in card or can not the CAMEL-Subscription-Information root key K of plug-in card Zhong You operator, internet of things equipment is in advance by device id and block corresponding IMSI and deposit on Internet of Things remote management platform.
(S2) remote management platform is stored in device id, IMSI and corresponding AUC's address information in the facility information table of maintenance.
Internet of Things remote management platform needs in advance at local memory device information table T, and preservation object networked devices identification number and block corresponding IMSI in T, can be used following data structure<ID, IMSI, AUC of operator address>.
(S3) internet of things equipment sends two-way authentication request to remote management platform, and device id is sent to remote management platform; As remote management platform accepts request, carry out S4, otherwise carry out S14.
(S4) remote management platform finds according to equipment sign number IMSI and the AUC address that this device id is corresponding from facility information table.
(S5) remote management platform sends the random number R of internet of things equipment information and generation to AUC; Networked devices information comprises device id.
(S6) the root key information K corresponding according to internet of things equipment information searching of AUC, if do not found, carry out S14, if found, look for, according to root key information and random number R, generate the key K that participates in computing in two-way authentication ', and according to key K ' and the operation result of random number R use respectively the first algorithm and the second algorithm to draw two-way authentication information, this two-way authentication information comprises the first authentication information A1 and the second authentication information A2.
The message of receiving remote management platform, AUC parses R, and IMSI finds by IMSI the root key information K of operator that internet of things equipment is corresponding, and by F (K op R)=K ', K ' is for participating in the key of computing in two-way authentication.
A1=f1(K’op?R)
A2=f2(K’op?R)
Wherein, op is any binary operator, as with or, XOR etc.
(S7) AUC returns to remote management platform by the two-way authentication information of generation.
(S8) remote management platform sends to internet of things equipment by random number R and the second authentication information A2.
(S9) internet of things equipment is according to random number R and root key information K, generate the key K that participates in computing in two-way authentication ', and according to key K ' and the operation result of random number R, according to the mode consistent with AUC, calculate respectively the 3rd authentication information A1 ' and the 4th authentication information A2 ', relatively whether the 4th authentication information A2 ' is consistent with the second authentication information A2 that the remote management platform receiving sends, if unanimously, and authenticating remote management platform identity; If inconsistent, carry out S14.
Remote management platform returns to random number R and A2, and by F (K op R)=K ', K ' is for participating in the key of computing in two-way authentication.
A1’=f1(K’op?R)
A2’=f2(K’op?R)
Wherein, op is any binary operator, as with or, XOR etc.
As A2=A2 ', internet of things equipment authentication remote management platform, returns to remote management platform authentication by A1 '; Otherwise authentification failure is returned to remote management platform.
(S10) internet of things equipment sends to remote management platform by the 3rd authentication information A1 '.
(S11) whether the 3rd authentication information A1 ' that remote management platform relatively receives is consistent with the first authentication information A1, if unanimously, verifies internet of things equipment identity, if inconsistent, carries out S14.
(S12) if internet of things equipment is received the two-way authentication success message that remote management platform returns, internet of things equipment and remote management platform session key generation in verification process, and use session key to be encrypted follow-up communication.
As receive remote management platform two-way authentication success message, and session key generation, internet of things equipment should be used encryption mechanism to communicate by letter with remote management platform, avoids victim to destroy or insert incorrect information.
SK=f3(K’op?R)
Wherein, op is any binary operator, as with or, XOR etc.
(S13) if current remote management platform P1 receives the switching remote management platform request of internet of things equipment, the information that comprises target remote management platform P2 in request, if P1 can communicate by letter with P2, between P1 and P2, set up secure tunnel, P1 identifies corresponding record (<ID by this internet of things equipment, IMSI, AUC of operator address>) by secure tunnel, send to after P2, P1 sweep equipment identifies corresponding record; P1 is by successful switch message and P2 address notification internet of things equipment, and internet of things equipment is replaced P1 address with P2 address; If P1 can not communicate by letter with P2, carry out S14.
Before internet of things equipment is brought into use, internet of things equipment is issued remote management platform by device id and IMSI and is completed registration, and remote management platform obtains AUC of operator address according to IMSI.After registration, remote management platform use table T preserves the corresponding IMSI of SIM card, Virtual network operator AUC address in each internet of things equipment sign, equipment.
If internet of things equipment is switched to P2 by remote management platform P1, between P1 and P2, set up secure tunnel (VPN or SSL), P1 sends to P2 by this equipment corresponding record in T by secure tunnel, and P1 deletes this record.P1 is by successful switch message and P1 address notification internet of things equipment, and internet of things equipment is replaced P1 address with P2 address.
Internet of things equipment will authenticate with platform P2 and communicate by letter afterwards.
(S14) finish work at present.
Wherein, f1, f2, f3 is encryption function, can choose MD5, SHA1 scheduling algorithm, also can adopt privately owned algorithm.
Internet of things equipment can also have following function:
Exceed after fixed time t, again initiate authentication request, and generate new session key.
If there is the internet of things equipment initiation authentication request that takes place frequently, report to the police.
The Verification System that the embodiment of the present invention provides, comprises above-mentioned internet of things equipment, remote management platform and AUC.
Authentication method of the present invention, device and system, can guarantee that internet of things equipment and remote management platform can work under a safe and reliable environment, guarantee to only have legal internet of things equipment access-in management platform, avoid normally runing because illegality equipment access affects business, guarantee that user's internet of things equipment legitimate rights and interests do not incur loss simultaneously.
Although the disclosed execution mode of the present invention as above, the execution mode that described content just adopts for the ease of understanding the present invention, not in order to limit the present invention.Technical staff in any the technical field of the invention; do not departing under the prerequisite of the disclosed spirit and scope of the present invention; can do any modification and variation what implement in form and in details; but scope of patent protection of the present invention, still must be as the criterion with the scope that appending claims was defined.
Claims (14)
1. an internet of things equipment authentication method, is characterized in that, comprising:
Remote management platform, after receiving the two-way authentication request of internet of things equipment, generates the first information; Bing Xiang AUC sends the first information of internet of things equipment information and generation;
The root key information K that described AUC is corresponding with described internet of things equipment according to described internet of things equipment information searching, and return to described remote management platform according to described root key information K and first information generation two-way authentication information;
Described remote management platform completes two-way authentication according to described two-way authentication information and described internet of things equipment.
2. authentication method according to claim 1, is characterized in that,
The root key information K that described AUC is corresponding with described internet of things equipment according to described internet of things equipment information searching; In the time cannot finding,
To described remote management platform feedback query failed message or authentification failure message.
3. authentication method according to claim 1, is characterized in that, the first information that described remote management platform generates is random number R;
Described AUC comprises according to the step of described root key information K and first information generation two-way authentication information: described AUC generates according to described root key information K and random number R the key K that participates in computing in two-way authentication ', and according to key K ' and the operation result of random number R use respectively the first algorithm and the second algorithm to draw two-way authentication information, this two-way authentication information comprises the first authentication information A1 and the second authentication information A2.
4. authentication method according to claim 3, is characterized in that, the step that described remote management platform completes two-way authentication according to described two-way authentication information and internet of things equipment comprises:
(1) described remote management platform sends to described internet of things equipment by the described first information and the second authentication information A2;
(2) described internet of things equipment generates according to the described first information and root key information K the key K that participates in computing in two-way authentication ', and according to key K ' and the operation result of random number R, according to first algorithm consistent with described AUC and the second algorithm, calculate respectively the 3rd authentication information A1 ' and the 4th authentication information A2 ', and described the 3rd authentication information A1 ' is sent to remote management platform, simultaneously, whether described internet of things equipment relatively the 4th authentication information A2 ' is consistent with described the second authentication information A2 that the remote management platform receiving sends, if unanimously, authenticating remote management platform identity, otherwise not by the authentication to described remote management platform,
(3) whether the 3rd authentication information A1 ' that described remote management platform relatively receives is consistent with the first authentication information A1, if unanimously, verifies internet of things equipment identity; Otherwise not by the authentication to described internet of things equipment; .
5. authentication method according to claim 1, is characterized in that, internet of things equipment also comprises before sending two-way authentication request:
Described internet of things equipment is submitted to described remote management platform by device id and international mobile subscriber identity IMSI in advance; Described remote management platform is stored in device id, IMSI and corresponding AUC's address information in the facility information table of maintenance.
6. authentication method according to claim 5, it is characterized in that, when described internet of things equipment sends two-way authentication request to described remote management platform, described device id is sent to described remote management platform, and described remote management platform finds according to described equipment sign number IMSI and the AUC address that described device id is corresponding from facility information table.
7. authentication method according to claim 1, is characterized in that, also comprises:
Current remote management platform P1 receives the switching remote management platform request of internet of things equipment, the information that comprises target remote management platform P2 in request, if P1 can communicate by letter with P2, between P1 and P2, set up secure tunnel, P1 sends to this internet of things equipment sign and shared key K after P2 by secure tunnel, P1 sweep equipment sign and record corresponding to shared key K; P1 is by internet of things equipment described in successful switch message and P2 address notification, and described internet of things equipment is replaced P1 address with P2 address.
8. an internet of things equipment, is characterized in that,
Described internet of things equipment, for sending two-way authentication request to remote management platform, and receiving remote management platform is returned to two-way authentication information; Also for completing two-way authentication with described remote management platform according to described two-way authentication information.
9. internet of things equipment according to claim 8, is characterized in that,
The step that described internet of things equipment and described remote management platform complete two-way authentication according to described two-way authentication information comprises:
The first information that described internet of things equipment receiving remote management platform is returned and the second authentication information A2;
Described internet of things equipment generates according to the described first information and root key information K the key K that participates in computing in two-way authentication ', and according to key K ' and the operation result of random number R according to predetermined the first algorithm and the second algorithm, calculate the 3rd authentication information A1 ' and the 4th authentication information A2 ', and described the 3rd authentication information A1 ' is sent to remote management platform, simultaneously, whether described internet of things equipment relatively the 4th authentication information A2 ' is consistent with described the second authentication information A2 that the remote management platform receiving sends, if unanimously, authenticating remote management platform identity.
10. a remote management platform, is characterized in that,
Described remote management platform, for after receiving the two-way authentication request of internet of things equipment, generates the first information; Bing Xiang AUC sends the first information of internet of things equipment information and generation; The two-way authentication information of also returning for receiving AUC, and complete two-way authentication according to described two-way authentication information and described internet of things equipment.
11. remote management platforms according to claim 10, is characterized in that,
The first information that described remote management platform generates is random number R;
The step that described remote management platform completes two-way authentication according to described two-way authentication information and described internet of things equipment comprises:
Described remote management platform sends to described internet of things equipment by the described first information and the second authentication information A2;
Whether the 3rd authentication information A1 ' that described remote management platform relatively receives is consistent with the first authentication information A1, if unanimously, verifies internet of things equipment identity;
The first authentication information A1 and the second authentication information A2 are that described AUC is according to the described first information and root key information K, generate the key K that participates in computing in two-way authentication ', and according to key K ' and the operation result of random number R according to the first predetermined algorithm and the second algorithm, calculate, described the 3rd authentication information A1 ' is that described internet of things equipment is according to the described first information and root key information K, generate the key K that participates in computing in two-way authentication ', and according to key K ' obtain according to first algorithm consistent with described AUC with the operation result of random number R.
12.Yi Zhong AUC, is characterized in that,
Described AUC, the internet of things equipment information and the first information that for receiving remote management platform, send; The root key information K corresponding with described internet of things equipment according to described internet of things equipment information searching, when finding, returns to described remote management platform according to described root key information K and first information generation two-way authentication information; In the time cannot finding, to described remote management platform feedback query failed message or authentification failure message.
13. AUCs according to claim 12, is characterized in that,
The first information that the described remote management platform that described AUC receives sends is random number R;
Described AUC generates according to described root key information K and random number R the key K that participates in computing in two-way authentication ', and according to key K ' and the operation result of random number R use respectively the first algorithm and the second algorithm to draw two-way authentication information, this two-way authentication information comprises the first authentication information A1 and the second authentication information A2.
14. 1 kinds of internet of things equipment Verification Systems, is characterized in that, comprise internet of things equipment, the remote management platform as described in claim 10 or 11 and the AUC as described in claim 12 or 13 as described in claim 8 or 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310498925.9A CN103532963A (en) | 2013-10-22 | 2013-10-22 | IOT (Internet of Things) based equipment authentication method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310498925.9A CN103532963A (en) | 2013-10-22 | 2013-10-22 | IOT (Internet of Things) based equipment authentication method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103532963A true CN103532963A (en) | 2014-01-22 |
Family
ID=49934642
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310498925.9A Pending CN103532963A (en) | 2013-10-22 | 2013-10-22 | IOT (Internet of Things) based equipment authentication method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103532963A (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580260A (en) * | 2015-02-10 | 2015-04-29 | 成都英力拓信息技术有限公司 | Safety method applicable to intelligent terminal of internet of things |
| CN105099710A (en) * | 2015-08-28 | 2015-11-25 | 中国航天科工集团第二研究院七〇六所 | Cross-domain access control method for trusted radio frequency identification network |
| CN105610872A (en) * | 2016-03-16 | 2016-05-25 | 中国联合网络通信集团有限公司 | Internet of Things terminal encryption method and Internet of Things terminal encryption device |
| CN105978692A (en) * | 2016-04-18 | 2016-09-28 | 南京邮电大学 | Implementation method of 3GPP authentication and key agreement protocol |
| CN106549924A (en) * | 2015-09-22 | 2017-03-29 | 中国移动通信集团公司 | A kind of communication security protection methods, devices and systems |
| CN106658349A (en) * | 2015-10-30 | 2017-05-10 | 中国电信股份有限公司 | Method for automatically generating and updating shared key and system thereof |
| CN107005836A (en) * | 2014-12-16 | 2017-08-01 | 微软技术许可有限责任公司 | Subscriber identity module pond |
| CN107395341A (en) * | 2017-06-23 | 2017-11-24 | 陈景辉 | A kind of Internet of Things safety certification chip and the access control method based on the chip |
| CN107895111A (en) * | 2017-10-11 | 2018-04-10 | 西安电子科技大学 | Internet of things equipment supply chain trust systems management method, computer program, computer |
| CN108111468A (en) * | 2016-11-24 | 2018-06-01 | 法乐第(北京)网络科技有限公司 | A kind of business performs method and device |
| CN108156126A (en) * | 2016-12-02 | 2018-06-12 | 阿里巴巴集团控股有限公司 | The burning method of calibration and device of internet of things equipment, identity identifying method and device |
| CN108696528A (en) * | 2018-05-28 | 2018-10-23 | 中国联合网络通信集团有限公司 | Data transmission method, terminal, acquisition platform and server |
| CN108881304A (en) * | 2018-07-27 | 2018-11-23 | 江苏恒宝智能系统技术有限公司 | A kind of pair of internet of things equipment carries out the method and system of safety management |
| CN109451504A (en) * | 2019-01-03 | 2019-03-08 | 中国联合网络通信集团有限公司 | Internet of Things mould group method for authenticating and system |
| CN109963281A (en) * | 2017-12-25 | 2019-07-02 | 华为技术有限公司 | A kind of method for authenticating, equipment and system |
| CN110012468A (en) * | 2019-06-06 | 2019-07-12 | 成都鼎桥通信技术有限公司 | A kind of secure access authentication method and system |
| WO2019201154A1 (en) * | 2018-04-17 | 2019-10-24 | 阿里巴巴集团控股有限公司 | Method and apparatus for communication between internet of things devices |
| CN110856170A (en) * | 2019-11-18 | 2020-02-28 | 中国联合网络通信集团有限公司 | Data transmission method and device and communication system of Internet of things |
| CN111125648A (en) * | 2018-11-01 | 2020-05-08 | 大唐移动通信设备有限公司 | Equipment change method and device |
| CN111865879A (en) * | 2019-04-29 | 2020-10-30 | 阿里巴巴集团控股有限公司 | Internet of things access method and system and corresponding Internet of things equipment |
| CN112448970A (en) * | 2019-08-29 | 2021-03-05 | 阿里巴巴集团控股有限公司 | Equipment connection method and system and corresponding Internet of things equipment |
| CN113612627A (en) * | 2021-07-09 | 2021-11-05 | 中电海康集团有限公司 | Protocol adaptation processing method and system applied to intelligent lamp pole |
| US11240218B2 (en) | 2016-04-27 | 2022-02-01 | Huawei Technologies Co., Ltd. | Key distribution and authentication method and system, and apparatus |
| WO2022027564A1 (en) * | 2020-08-07 | 2022-02-10 | Nokia Shanghai Bell Co., Ltd. | Secure network architecture |
| CN114779673A (en) * | 2021-12-14 | 2022-07-22 | 国网江苏省电力工程咨询有限公司 | Power pipe gallery sensing monitoring method based on screening and control signal optimization |
| CN115767522A (en) * | 2023-01-09 | 2023-03-07 | 中国电子科技集团公司第三十研究所 | Internet of things application security enhancement system and method based on communication security integrated design |
| CN113612627B (en) * | 2021-07-09 | 2024-05-28 | 中电海康集团有限公司 | Protocol adaptation processing method and system applied to intelligent lamp post |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101132649A (en) * | 2007-09-29 | 2008-02-27 | 大唐微电子技术有限公司 | Network access authentication method and its USIM card |
| US20090191857A1 (en) * | 2008-01-30 | 2009-07-30 | Nokia Siemens Networks Oy | Universal subscriber identity module provisioning for machine-to-machine communications |
| CN102137397A (en) * | 2011-03-10 | 2011-07-27 | 西安电子科技大学 | Authentication method based on shared group key in machine type communication (MTC) |
-
2013
- 2013-10-22 CN CN201310498925.9A patent/CN103532963A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101132649A (en) * | 2007-09-29 | 2008-02-27 | 大唐微电子技术有限公司 | Network access authentication method and its USIM card |
| US20090191857A1 (en) * | 2008-01-30 | 2009-07-30 | Nokia Siemens Networks Oy | Universal subscriber identity module provisioning for machine-to-machine communications |
| CN102137397A (en) * | 2011-03-10 | 2011-07-27 | 西安电子科技大学 | Authentication method based on shared group key in machine type communication (MTC) |
Cited By (42)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107005836B (en) * | 2014-12-16 | 2021-02-12 | 微软技术许可有限责任公司 | Subscriber identity module pooling |
| CN107005836A (en) * | 2014-12-16 | 2017-08-01 | 微软技术许可有限责任公司 | Subscriber identity module pond |
| CN104580260B (en) * | 2015-02-10 | 2017-08-11 | 成都英力拓信息技术有限公司 | A kind of safety method suitable for Intelligent terminal for Internet of things |
| CN104580260A (en) * | 2015-02-10 | 2015-04-29 | 成都英力拓信息技术有限公司 | Safety method applicable to intelligent terminal of internet of things |
| CN105099710A (en) * | 2015-08-28 | 2015-11-25 | 中国航天科工集团第二研究院七〇六所 | Cross-domain access control method for trusted radio frequency identification network |
| CN106549924B (en) * | 2015-09-22 | 2019-06-28 | 中国移动通信集团公司 | A kind of communication security protection methods, devices and systems |
| CN106549924A (en) * | 2015-09-22 | 2017-03-29 | 中国移动通信集团公司 | A kind of communication security protection methods, devices and systems |
| CN106658349B (en) * | 2015-10-30 | 2020-11-20 | 中国电信股份有限公司 | Method and system for automatically generating and updating shared secret key |
| CN106658349A (en) * | 2015-10-30 | 2017-05-10 | 中国电信股份有限公司 | Method for automatically generating and updating shared key and system thereof |
| CN105610872B (en) * | 2016-03-16 | 2018-09-07 | 中国联合网络通信集团有限公司 | Internet-of-things terminal encryption method and internet-of-things terminal encryption device |
| CN105610872A (en) * | 2016-03-16 | 2016-05-25 | 中国联合网络通信集团有限公司 | Internet of Things terminal encryption method and Internet of Things terminal encryption device |
| CN105978692A (en) * | 2016-04-18 | 2016-09-28 | 南京邮电大学 | Implementation method of 3GPP authentication and key agreement protocol |
| US11240218B2 (en) | 2016-04-27 | 2022-02-01 | Huawei Technologies Co., Ltd. | Key distribution and authentication method and system, and apparatus |
| CN108111468A (en) * | 2016-11-24 | 2018-06-01 | 法乐第(北京)网络科技有限公司 | A kind of business performs method and device |
| CN108156126A (en) * | 2016-12-02 | 2018-06-12 | 阿里巴巴集团控股有限公司 | The burning method of calibration and device of internet of things equipment, identity identifying method and device |
| CN107395341A (en) * | 2017-06-23 | 2017-11-24 | 陈景辉 | A kind of Internet of Things safety certification chip and the access control method based on the chip |
| CN107895111A (en) * | 2017-10-11 | 2018-04-10 | 西安电子科技大学 | Internet of things equipment supply chain trust systems management method, computer program, computer |
| CN107895111B (en) * | 2017-10-11 | 2021-06-11 | 西安电子科技大学 | Internet of things equipment supply chain trust system management method, computer program and computer |
| CN109963281B (en) * | 2017-12-25 | 2021-05-11 | 华为技术有限公司 | Authentication method, device and system |
| CN109963281A (en) * | 2017-12-25 | 2019-07-02 | 华为技术有限公司 | A kind of method for authenticating, equipment and system |
| WO2019201154A1 (en) * | 2018-04-17 | 2019-10-24 | 阿里巴巴集团控股有限公司 | Method and apparatus for communication between internet of things devices |
| US11729156B2 (en) | 2018-04-17 | 2023-08-15 | Alibaba Group Holding Limited | Method and apparatus for communication between internet of things devices |
| CN108696528B (en) * | 2018-05-28 | 2020-12-01 | 中国联合网络通信集团有限公司 | Data transmission method, terminal, acquisition platform and server |
| CN108696528A (en) * | 2018-05-28 | 2018-10-23 | 中国联合网络通信集团有限公司 | Data transmission method, terminal, acquisition platform and server |
| CN108881304A (en) * | 2018-07-27 | 2018-11-23 | 江苏恒宝智能系统技术有限公司 | A kind of pair of internet of things equipment carries out the method and system of safety management |
| CN111125648A (en) * | 2018-11-01 | 2020-05-08 | 大唐移动通信设备有限公司 | Equipment change method and device |
| CN111125648B (en) * | 2018-11-01 | 2022-03-29 | 大唐移动通信设备有限公司 | Equipment change method and device |
| CN109451504B (en) * | 2019-01-03 | 2021-11-16 | 中国联合网络通信集团有限公司 | Internet of things module authentication method and system |
| CN109451504A (en) * | 2019-01-03 | 2019-03-08 | 中国联合网络通信集团有限公司 | Internet of Things mould group method for authenticating and system |
| CN111865879A (en) * | 2019-04-29 | 2020-10-30 | 阿里巴巴集团控股有限公司 | Internet of things access method and system and corresponding Internet of things equipment |
| CN111865879B (en) * | 2019-04-29 | 2022-12-20 | 阿里巴巴集团控股有限公司 | Internet of things access method and system and corresponding Internet of things equipment |
| CN110012468A (en) * | 2019-06-06 | 2019-07-12 | 成都鼎桥通信技术有限公司 | A kind of secure access authentication method and system |
| CN112448970A (en) * | 2019-08-29 | 2021-03-05 | 阿里巴巴集团控股有限公司 | Equipment connection method and system and corresponding Internet of things equipment |
| CN110856170A (en) * | 2019-11-18 | 2020-02-28 | 中国联合网络通信集团有限公司 | Data transmission method and device and communication system of Internet of things |
| WO2022027564A1 (en) * | 2020-08-07 | 2022-02-10 | Nokia Shanghai Bell Co., Ltd. | Secure network architecture |
| EP4193566A4 (en) * | 2020-08-07 | 2024-04-17 | Nokia Solutions & Networks Oy | Secure network architecture |
| CN113612627A (en) * | 2021-07-09 | 2021-11-05 | 中电海康集团有限公司 | Protocol adaptation processing method and system applied to intelligent lamp pole |
| CN113612627B (en) * | 2021-07-09 | 2024-05-28 | 中电海康集团有限公司 | Protocol adaptation processing method and system applied to intelligent lamp post |
| CN114779673A (en) * | 2021-12-14 | 2022-07-22 | 国网江苏省电力工程咨询有限公司 | Power pipe gallery sensing monitoring method based on screening and control signal optimization |
| CN114779673B (en) * | 2021-12-14 | 2023-08-01 | 国网江苏省电力工程咨询有限公司 | Electric power pipe gallery sensing monitoring method based on screening control signal optimization |
| CN115767522B (en) * | 2023-01-09 | 2023-05-05 | 中国电子科技集团公司第三十研究所 | Internet of things application security enhancement system and method for communication security integrated design |
| CN115767522A (en) * | 2023-01-09 | 2023-03-07 | 中国电子科技集团公司第三十研究所 | Internet of things application security enhancement system and method based on communication security integrated design |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103532963A (en) | IOT (Internet of Things) based equipment authentication method, device and system | |
| CN106878318B (en) | Block chain real-time polling cloud system | |
| CN103517273A (en) | Authentication method, managing platform and Internet-of-Things equipment | |
| CN104185176B (en) | A kind of long-range initial method of Internet of Things virtual user identification module card and system | |
| Duc et al. | Defending RFID authentication protocols against DoS attacks | |
| CN111444273B (en) | Data authorization method and device based on block chain | |
| Zhong et al. | Distributed blockchain-based authentication and authorization protocol for smart grid | |
| CN1937498A (en) | Dynamic cipher authentication method, system and device | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| CN110147666B (en) | Lightweight NFC identity authentication method in scene of Internet of things and Internet of things communication platform | |
| CN105897424A (en) | Method for enhancing identity authentication | |
| CN109474437B (en) | Method for applying digital certificate based on biological identification information | |
| Abughazalah et al. | Secure improved cloud-based RFID authentication protocol | |
| CN110035071A (en) | A kind of long-range double factor mutual authentication method, client and server-side towards industrial control system | |
| CN104869102A (en) | Authorization method, device and system based on xAuth protocols | |
| CN103780580A (en) | Method, server and system for providing capability access strategy | |
| CN108260102A (en) | The car-ground communication Non-Access Stratum authentication methods of LTE-R based on allograph | |
| CN113595985A (en) | Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip | |
| CN101976363A (en) | Hash function based RFID (Radio Frequency Identification Devices) authentication method | |
| CN105656862A (en) | Authentication method and device | |
| CN103905194A (en) | Identity traceability authentication method and system | |
| US20120284787A1 (en) | Personal Secured Access Devices | |
| CN111431840A (en) | Security processing method and device | |
| CN102983979B (en) | Based on the Quick RFID authentication method of shared secret information between label | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140122 |
|
| RJ01 | Rejection of invention patent application after publication |