CN103581154B - Authentication method and device in system of Internet of Things - Google Patents
Authentication method and device in system of Internet of Things Download PDFInfo
- Publication number
- CN103581154B CN103581154B CN201210280775.XA CN201210280775A CN103581154B CN 103581154 B CN103581154 B CN 103581154B CN 201210280775 A CN201210280775 A CN 201210280775A CN 103581154 B CN103581154 B CN 103581154B
- Authority
- CN
- China
- Prior art keywords
- authentication
- tuple
- random number
- internet
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention discloses an authentication method and device in system of Internet of Things. When an Internet of Things terminal requests for authentication, a service platform sends the random number or the random number plus an authentication token to the Internet of Things terminal. The Internet of things terminal generates the authentication value according to the received random number or the random number plus the authentication token and returns the authentication value to the service platform. According to the received authentication value, the service platform determines whether the authentication to the Internet of Things terminal is passed. Compared with the prior art, the authentication method and device do not need to preset user names and passwords, so that the safety is improved. Moreover, no new hardware equipment needs further arranging, so that the method and device are convenient to realize.
Description
Technical field
The present invention relates to technology of Internet of things, particularly to the method for authenticating in Internet of things system and device.
Background technology
At present, the authentication mode in Internet of things system is generally as follows:
Internet-of-things terminal utilizes preset username and password registering service platform, and business platform passes through username and password
Internet-of-things terminal is authenticated.
But, the username and password in aforesaid way is easy to leak, and that is, safety is poor, if user name to be prevented
And password leakage, then need to increase new hardware device etc., implement cumbersome.
Content of the invention
In view of this, the invention provides the method for authenticating in Internet of things system and device, it is possible to increase safety, and just
In realization.
For reaching above-mentioned purpose, the technical scheme is that and be achieved in that:
A kind of method for authenticating in Internet of things system it is adaptable to the uicc card that uses of internet-of-things terminal for sim card scene,
Including:
A, business platform receive the service authentication request from an internet-of-things terminal;
Corresponding with the described internet-of-things terminal one untapped business mirror that b, described business platform will obtain and preserve
Weigh the random number in two tuples and be sent to described internet-of-things terminal, described do not issue institute using referring to random number therein
State internet-of-things terminal;Wherein, service authentication two tuple includes: random number and authentication values;
Receive the corresponding authentication authenticating tlv triple generation of random number that the basis of described internet-of-things terminal return receives
Value, if the service authentication binary that the random number that the authentication values receiving are received with the described internet-of-things terminal being preserved is located
Authentication values in group are consistent, then authentication is passed through, and otherwise, does not pass through.
A kind of method for authenticating in Internet of things system it is adaptable to the uicc card that uses of internet-of-things terminal for usim card field
Scape, comprising:
A, business platform receive the service authentication request from an internet-of-things terminal;
Corresponding with the described internet-of-things terminal one untapped business mirror that b, described business platform will obtain and preserve
Weigh the random number+authentication-tokens in two tuples and be sent to described internet-of-things terminal, described not using referring to random number+mirror therein
Power token had not issued described internet-of-things terminal;Wherein, service authentication two tuple includes: random number+authentication-tokens, and
Authentication values ,+represent combination;
Receive random number+authentication-tokens corresponding authentication five-tuple life that the basis of described internet-of-things terminal return receives
The authentication values becoming, if random number+authentication-tokens that the authentication values receiving are received with the described internet-of-things terminal being preserved
Authentication values in service authentication two tuple being located are consistent, then authentication is passed through, and otherwise, does not pass through.
A kind of business platform it is adaptable to internet-of-things terminal use uicc card for sim card scene, comprising:
Receiver module, for receiving the service authentication request from an internet-of-things terminal, and is sent to the first authentication module;
Described first authentication module, for not making corresponding with described internet-of-things terminal one preserved in acquisition module
Random number in service authentication two tuple is sent to described internet-of-things terminal, described not using referring to random number therein not
Once issued described internet-of-things terminal;Wherein, service authentication two tuple includes: random number and authentication values;Receive described Internet of Things
The authentication values that the random number corresponding authentication tlv triple that the basis that network termination returns receives generates, if the authentication values receiving
Mirror in service authentication two tuple that the random number being received with the described internet-of-things terminal preserving in described acquisition module is located
Weights are consistent, then authentication is passed through, and otherwise, does not pass through;
Acquisition module, for obtaining and preserving service authentication two tuple corresponding with described internet-of-things terminal.
A kind of business platform it is adaptable to internet-of-things terminal use uicc card for usim card scene, comprising:
Receiver module, for receiving the service authentication request from an internet-of-things terminal, and is sent to the first authentication module;
Described first authentication module, for not making corresponding with described internet-of-things terminal one preserved in acquisition module
Random number+authentication-tokens in service authentication two tuple are sent to described internet-of-things terminal, described not using referring to wherein
Random number+authentication-tokens do not issued described internet-of-things terminal;Wherein, service authentication two tuple includes: random number+mirror
Power token, and authentication values ,+represent combination;Receive random number+authentication order that the basis of described internet-of-things terminal return receives
The authentication values that board corresponding authentication five-tuple generates, if the authentication values receiving are received with the described internet-of-things terminal being preserved
To service authentication two tuple that is located of random number+authentication-tokens in authentication values consistent, then authentication is passed through, and otherwise, does not pass through;
Acquisition module, for obtaining and preserving service authentication two tuple corresponding with described internet-of-things terminal.
A kind of internet-of-things terminal, the uicc card that it uses is sim card, comprising:
3rd authentication module, for when needing to initiate internet of things service, sending service authentication request to business platform;And
Before ought getting authenticating result, if receiving the random number that described business platform sends, according to this random number pair
The authentication tlv triple answered generates authentication values, returns to described business platform.
A kind of internet-of-things terminal, the uicc card that it uses is usim card, comprising:
3rd authentication module, for when needing to initiate internet of things service, sending service authentication request to business platform;And
Before getting authenticating result, if receiving random number+authentication-tokens that described business platform sends, basis should
Random number+authentication-tokens corresponding authentication five-tuple generates authentication values, returns to described business platform ,+represent combination.
It can be seen that, using scheme of the present invention, when internet-of-things terminal request authentication, business platform is sent out to internet-of-things terminal
Send random number or random number+authentication-tokens, generated according to the random number receiving or random number+authentication-tokens by internet-of-things terminal
Authentication values, and return to business platform, whether business platform determines the authentication to internet-of-things terminal according to the authentication values receiving
Pass through, compared to prior art, scheme of the present invention need not preset username and password, thus improve safety, and,
New hardware device need not be increased, facilitate implementation.
Brief description
Fig. 1 is the flow chart of the method for authenticating embodiment when the uicc card that internet-of-things terminal uses is for sim card for the present invention.
Fig. 2 is the flow process of the method for authenticating embodiment when the uicc card that internet-of-things terminal uses is for usim card for the present invention
Figure.
The process that Fig. 3 obtains the corresponding service authentication of internet-of-things terminal two tuple in advance for business platform of the present invention is illustrated
Figure.
Fig. 4 is the stream of the method for authenticating preferred embodiment when the uicc card that internet-of-things terminal uses is for sim card for the present invention
Cheng Tu.
Fig. 5 is the stream of the method for authenticating preferred embodiment when the uicc card that internet-of-things terminal uses is for usim card for the present invention
Cheng Tu.
Fig. 6 is the composition structural representation of business platform embodiment of the present invention.
Specific embodiment
For problems of the prior art, the authentication side in the Internet of things system after a kind of improvement is proposed in the present invention
Case, it is possible to increase safety, and facilitate implementation.
Universal Integrated Circuit Card (uicc, the universal integrated circuit being used according to internet-of-things terminal
The difference of type card), is Subscriber Identity Module (sim, subscriber identity module) or complete according to it
The difference of ball Subscriber Identity Module (usim, universal subscriber identity module), scheme of the present invention
Implement and would also vary from, be described below respectively.
Fig. 1 is the flow chart of the method for authenticating embodiment when the uicc card that internet-of-things terminal uses is for sim card for the present invention.
As shown in figure 1, comprising the following steps:
Step 11: business platform receives the service authentication request from an internet-of-things terminal.
Step 12: corresponding with the internet-of-things terminal one untapped service authentication two that business platform will obtain and preserve
Random number in tuple is sent to internet-of-things terminal, has not issued internet-of-things terminal using referring to random number therein;Its
In, service authentication two tuple includes: random number and authentication values;Receive the random number that the basis of internet-of-things terminal return receives
The authentication values that corresponding authentication tlv triple generates, if the authentication values receiving and the internet-of-things terminal that preserved receive with
Authentication values in service authentication two tuple that machine number is located are consistent, then authentication is passed through, and otherwise, does not pass through.
It is preferred that before execution step 12, business platform can also read the configured information carrying in service authentication request,
Determine in service authentication request whether carry service authentication two tuple according to configured information, if it is not, then execution step 12;As
Fruit be it is determined that in service authentication request the random number that carries whether with service authentication two tuple being preserved in random
Number is identical, if it is not, then execution step 12, if it is, further determining that the authentication values that carry in service authentication request whether
Consistent with the authentication values in service authentication two tuple that the random number carrying in the service authentication request being preserved is located, if
It is that then authentication is passed through, and otherwise, does not pass through;Wherein, the random number in each service authentication two tuple preserving in business platform is equal
Different.
Correspondingly, regardless of whether authentication is passed through, business platform is required to notify authenticating result to internet-of-things terminal, and
Corresponding with the internet-of-things terminal one untapped service authentication binary that business platform obtains and preserves is carried in authenticating result
Random number in group;The random number carrying in service authentication request is internet-of-things terminal and gets from last authenticating result
Random number, in service authentication request, the authentication values that carry are internet-of-things terminal and get according to from last authenticating result
Random number corresponding authentication tlv triple generate authentication values.
Fig. 2 is the flow process of the method for authenticating embodiment when the uicc card that internet-of-things terminal uses is for usim card for the present invention
Figure.As shown in Fig. 2 comprising the following steps:
Step 21: business platform receives the service authentication request from an internet-of-things terminal.
Step 22: corresponding with the internet-of-things terminal one untapped service authentication two that business platform will obtain and preserve
Random number+authentication-tokens in tuple are sent to internet-of-things terminal, are not sent out using referring to random number+authentication-tokens therein
Gave internet-of-things terminal;Wherein, service authentication two tuple includes: random number+authentication-tokens, and authentication values ,+expression group
Close;Receive the corresponding authentication authenticating five-tuple generation of random number+authentication-tokens that the basis of internet-of-things terminal return receives
Value, if the business mirror that random number+authentication-tokens that the authentication values receiving are received with the internet-of-things terminal being preserved are located
The authentication values weighed in two tuples are consistent, then authentication is passed through, and otherwise, does not pass through.
It is preferred that before execution step 22, business platform can also read the configured information carrying in service authentication request,
Determine in service authentication request whether carry service authentication two tuple according to configured information, if it is not, then execution step 22;As
Fruit be it is determined that in service authentication request random number+authentication-tokens of carrying whether with the service authentication binary being preserved
Random number+authentication-tokens in group are identical, if it is not, then execution step 22, if it is, further determining that service authentication is asked
In the service authentication that whether is located with random number+authentication-tokens of carrying in the service authentication request being preserved of the authentication values that carry
Authentication values in two tuples are consistent, if it is, authentication is passed through, otherwise, do not pass through;Wherein, each preserving in business platform
Random number+authentication-tokens in service authentication two tuple are all different.
Correspondingly, regardless of whether authentication is passed through, business platform is required to notify authenticating result to internet-of-things terminal, and
Corresponding with the internet-of-things terminal one untapped service authentication binary that business platform obtains and preserves is carried in authenticating result
Random number+authentication-tokens in group;In service authentication request, random number+authentication-tokens of carrying are internet-of-things terminal from upper one
Random number+the authentication-tokens getting in secondary authenticating result, the authentication values carrying in service authentication request are internet-of-things terminal
The authentication values being generated according to the random number+authentication-tokens getting from last authenticating result corresponding authentication five-tuple.
As can be seen that in above-mentioned two embodiment, when internet-of-things terminal request authentication, business platform can to Internet of Things eventually
End sends random number or random number+authentication-tokens, by internet-of-things terminal according to the random number receiving or random number+authentication-tokens
Generate authentication values, and return to business platform, business platform determines the authentication to internet-of-things terminal according to the authentication values receiving
Whether pass through, compared to prior art, scheme of the present invention need not preset username and password, thus improve safety,
And, new hardware device need not be increased, facilitate implementation.
In addition, also can be by arranging configured information in service authentication request, the difference according to configured information is using different
Processing mode, very flexibly, and, also can by carrying random number or random number+authentication-tokens in authenticating result so that
One request of minimum need and a response can complete to authenticate, thus accelerating authority-identifying speed.
Further, in above-mentioned two embodiment, in authentication process, business platform needs are used corresponding with internet-of-things terminal
Service authentication two tuple, described service authentication two tuple can authentication during need when again go obtain it is also possible to
Obtain in advance, went to obtain before the service authentication receiving internet-of-things terminal is asked.Specifically, business is put down
Which internet-of-things terminal platform, have be known itself have subscribed business, then, business platform can be ordered at itself for each
The internet-of-things terminal of business, obtains its corresponding service authentication two tuple respectively in advance, and, in order to reduce information exchange time
Number, business platform can obtain it corresponding multiple, that is, respectively in advance for each in the internet-of-things terminal that itself have subscribed business
Two or more service authentication two tuple, so, in authentication process, business platform can be used directly the business mirror obtaining in advance
Weighing two tuples, thus eliminating the acquisition time, and then having further speeded up authority-identifying speed.
The process that Fig. 3 obtains the corresponding service authentication of internet-of-things terminal two tuple in advance for business platform of the present invention is illustrated
Figure.As shown in figure 3, comprising the following steps:
Step 31: for an internet-of-things terminal, business platform to operation management platform request authentication information, and by Internet of Things
International Mobile Station Equipment Identification (imei, international mobile equipment identity) of terminal etc. is sent to
Operation management platform.
Step 32: operation management platform find the corresponding international mobile subscriber identity of the imei receiving (imsi,
international mobile subscriber identification number).
It is previously stored with the corresponding relation between imei and imsi of each internet-of-things terminal in operation management platform.
Step 33: operation management platform sends authentication information to hlr/auc and obtains request (send authentication
Info req), wherein carry the imsi of internet-of-things terminal.
Attaching position register (hlr, home location register) and AUC (auc,
Authentication centre) authentication information offer equipment is provided, hlr and auc generally closes and sets, and is represented by hlr/
auc.
Step 34:hlr/auc generates authentication tlv triple or authentication five-tuple according to the imsi receiving, and carries in authentication
Operation management platform is returned in acquisition of information response (send authentication info cnf).
In 3gpp security system, core parameter ki exists only in hlr/auc, sim card and usim card, by strict
Security mechanism ensureing the safety of ki, and, can in hlr/auc preset authentication tlv triple and authentication five-tuple generating algorithm
Deng, generating algorithm of preset authentication tlv triple etc. in sim card, generating algorithm of preset authentication five-tuple etc. in usim card.
Specifically, the generating algorithm of authentication tlv triple is:
1st, random number (rand): produced by the randomizer of auc, the rand value generating every time is different from;
2nd, authentication parameter (sres): calculated by ki and rand by a3 algorithm;
3rd, encryption key (kc): calculated by ki and rand by a8 algorithm.
The generating algorithm of authentication five-tuple is:
1st, random number (rand): produced by the randomizer of auc, the rand value generating every time is different from;
2nd, authentication parameter (xres, also referred to as res are it is assumed that be expressed as xres in the present invention): by f2 algorithm by ki
Calculate with rand;
3rd, encryption key (ck): calculated by ki and rand by f3 algorithm;
4th, integrity key (ik): calculated by ki and rand by f4 algorithm;
5th, authentication-tokens (autn): generating algorithm is more complicated, no direct with scheme of the present invention due to how to generate
Relation, therefore be not described.
Assume to be directed to an internet-of-things terminal in the present embodiment, need disposably to return 5 service authentications to business platform
Two tuples, then, hlr/auc determines, according to the imsi of the internet-of-things terminal receiving, the uicc card that internet-of-things terminal uses first
For sim card or usim card, if sim card, then generate 5 authentications tlv triple (rand, kc, sres), if usim card,
Then generate 5 authentications five-tuple (rand, xres, ck, ik, autn), and 5 generated authentication tlv triple or 5 are authenticated five
Tuple returns to operation management platform.
Step 35~36: operation management platform generates service authentication according to the authentication tlv triple receiving or authentication five-tuple
Two tuples, and return to business platform.
If operation management platform have received 5 authentication tlv triple, for each authenticate tlv triple, can respectively according to
Secure Hash Algorithm 1 (sha-1, secure hash algorithm-1) calculates the cryptographic Hash (hash) of sres and kc therein
Value, thus obtaining 5 result of calculations, i.e. 5 authentication values (mr), each mr=sha-1 (sres+kc), so, for each mirror
Power tlv triple, you can respectively obtain its corresponding service authentication two tuple (rand, mr) that is to say, that each service authentication two
Rand in tuple be its corresponding authentication tlv triple in rand, the mr in each service authentication two tuple be according to its
The mr that corresponding authentication tlv triple calculates.
If operation management platform have received 5 authentication five-tuples, for each authenticate five-tuple, can respectively according to
Sha-1 algorithm calculates the hash value of its ck, thus obtaining 5 result of calculations, i.e. 5 mr, each mr=sha-1 (ck), so,
For each authenticate five-tuple, you can respectively obtain its corresponding service authentication two tuple (rand+autn, mr) that is to say, that
Rand+autn in each service authentication two tuple is the rand+autn in its corresponding authentication five-tuple, and each business is reflected
Weigh the mr that according to the mr in two tuples is, its corresponding authentication five-tuple calculates ,+represent combination, that is, splice.
Because operation management platform is Provider Equipment, it is trusty, therefore, it can authentication tlv triple and authentication five
Tuple opening is to operation management platform, but business platform is usually non-Provider Equipment, is fly-by-night, therefore, for guaranteeing
Authenticate the safety of tlv triple and authentication five-tuple it is impossible to tlv triple and authentication five-tuple opening will be authenticated to business platform, and
Need to be transformed to service authentication two tuple, and need to ensure counter to release authentication tlv triple and mirror from service authentication two tuple
Power five-tuple.
It should be noted that the above is only according to the mode that authentication tlv triple and authentication five-tuple generate authentication values lifting
Example explanation, is not limited to technical scheme, if adopting alternate manner, also possible, as long as ensure that
Counter can not release authentication tlv triple and authentication five-tuple from service authentication two tuple.
In order that technical scheme is clearer, clear, develop simultaneously preferred embodiment referring to the drawings, to this
Bright implementing of described scheme is described in further detail.
Fig. 4 is the stream of the method for authenticating preferred embodiment when the uicc card that internet-of-things terminal uses is for sim card for the present invention
Cheng Tu.As shown in figure 4, comprising the following steps:
Step 41: business platform receives the service authentication request from an internet-of-things terminal.
When internet-of-things terminal needs to initiate internet of things service, need to be authenticated initially to business platform, that is, to business
Service authentication request initiated by platform, and wherein portability has configured information and service authentication two tuple etc..
In actual applications, the indicating bit f that can arrange a bit is used as configured information, if the value of f is 1,
Then represent service authentication request in carry service authentication two tuple, if the value of f be 0 then it represents that service authentication request in
Do not carry service authentication two tuple.
Understand according to introduction before, if carrying service authentication two tuple in service authentication request, then, this business
Authenticate the random number that the random number in two tuples gets from last authenticating result for internet-of-things terminal, service authentication is asked
In the authentication values that carry be internet-of-things terminal according to the random number getting from last authenticating result corresponding authentication ternary
The authentication values that group generates.
For internet-of-things terminal, after the random number once carrying in authenticating result on getting, according to hlr/
In auc, identical mode generates this random number corresponding authentication tlv triple, afterwards, according to operation management platform identical side
Formula, generates authentication values according to this authentication tlv triple, and then obtains service authentication two tuple.
Step 42: business platform reads the configured information carrying in service authentication request, and is determined according to this configured information
Service authentication two tuple whether is carried in service authentication request, if it is not, then execution step 43, if it is, execution step
49.
Step 43: corresponding with the internet-of-things terminal one untapped business mirror that business platform is obtained in advance and preserves
Weigh the random number in two tuples and be sent to internet-of-things terminal, not whole using referring to that random number therein had not issued Internet of Things
End.
The number of service authentication two tuple corresponding with internet-of-things terminal that hypothesis business platform obtains in advance and preserves is 5
Individual, for ease of statement, respectively this 5 service authentication two tuples are referred to as service authentication two tuple 1, service authentication two tuple 2, industry
Business authentication two tuples 3, service authentication two tuple 4 and service authentication two tuple 5, and assume service authentication two tuple 2, service authentication
Two tuples 3, service authentication two tuple 4 and service authentication two tuple 5 do not use, then, in this step, business platform can select at random
Select untapped service authentication two tuple, such as service authentication two tuple 2, random number therein is sent to Internet of Things eventually
End.
Step 44~45: internet-of-things terminal generates authentication values according to the random number receiving corresponding authentication tlv triple, and
The authentication values of generation are returned to business platform.
In this step, internet-of-things terminal is according to generate the random number receiving corresponding with identical mode in hlr/auc
Authentication tlv triple, afterwards, according to operation management platform identical mode, according to this authentication tlv triple generate authentication values.
Step 46: business platform determines the random number institute that the authentication values receiving are received with the internet-of-things terminal preserving
Service authentication two tuple in authentication values whether consistent, if it is, execution step 47, otherwise, execution step 48.
With reference to the citing in step 43, if the mirror in the authentication values that receive of business platform and service authentication two tuple 2
Weights are consistent, then execution step 47, otherwise, execution step 48.
Step 47: authentication is passed through, business platform sends authentication successful message to internet-of-things terminal, and the business that wherein carries is put down
Random number in corresponding with internet-of-things terminal one untapped service authentication two tuple that platform obtains in advance and preserves, terminates
Flow process.
With reference to the citing in step 43, due to service authentication two tuple 1 and service authentication two tuple 2 using, because
In this this step, one can be randomly choosed from remaining 3 service authentication two tuples, such as service authentication two tuple 3, will wherein
Random number carry and be sent to internet-of-things terminal in authentication successful message.
Step 48: authentication is not passed through, business platform sends failed authentication message to internet-of-things terminal, wherein carries business
Random number in corresponding with internet-of-things terminal one untapped service authentication two tuple that platform obtains in advance and preserves, knot
Line journey.
With reference to the citing in step 43, due to service authentication two tuple 1 and service authentication two tuple 2 using, because
In this this step, one can be randomly choosed from remaining 3 service authentication two tuples, such as service authentication two tuple 3, will wherein
Random number carry and be sent to internet-of-things terminal in failed authentication message.
Step 49: business platform determines whether the random number carrying in service authentication request is reflected with the business being preserved
The random number weighed in two tuples is identical, that is, whether effectively to determine the random number carrying in service authentication request, if it is, execution
Step 410, otherwise, execution step 43.
Step 410: business platform determine in service authentication request the authentication values that carry whether with the service authentication being preserved
Authentication values in service authentication two tuple that the random number carrying in request is located are consistent, if it is, execution step 47, no
Then, execution step 48.
Assume that the authentication values carrying in service authentication request are according to the generating random number in service authentication two tuple 1,
So, if business platform determines in the authentication values carrying in service authentication request and service authentication two tuple 1 being preserved
Authentication values are consistent, then execution step 47, otherwise, execution step 48.
After authentication is passed through, internet-of-things terminal and business platform can generate identical according to the authentication values used in authentication process
Session key, and carry out the encrypted transmission of transaction data using this session key, with ensure internet-of-things terminal and business platform it
Between contact data safety.
Fig. 5 is the stream of the method for authenticating preferred embodiment when the uicc card that internet-of-things terminal uses is for usim card for the present invention
Cheng Tu.As shown in figure 5, comprising the following steps:
Step 51: business platform receives the service authentication request from an internet-of-things terminal.
When internet-of-things terminal needs to initiate internet of things service, need to be authenticated initially to business platform, that is, to business
Service authentication request initiated by platform, and wherein portability has configured information and service authentication two tuple etc..
In actual applications, the indicating bit f that can arrange a bit is used as configured information, if the value of f is 1,
Then represent service authentication request in carry service authentication two tuple, if the value of f be 0 then it represents that service authentication request in
Do not carry service authentication two tuple.
Understand according to introduction before, if carrying service authentication two tuple in service authentication request, then, this business
Authenticate random number+mirror that the random number+authentication-tokens in two tuples get from last authenticating result for internet-of-things terminal
Power token, in service authentication request the authentication values that carry be internet-of-things terminal according to get from last authenticating result with
The authentication values that machine number+authentication-tokens corresponding authentication five-tuple generates.
For internet-of-things terminal, after the random number+authentication-tokens once carrying in authenticating result on getting, press
Generate this random number+authentication-tokens corresponding authentication five-tuple according to identical mode in hlr/auc, afterwards, according to operation
Management platform identical mode, generates authentication values according to this authentication five-tuple, and then obtains service authentication two tuple.
Step 52: business platform reads the configured information carrying in service authentication request, and is determined according to this configured information
Service authentication two tuple whether is carried in service authentication request, if it is not, then execution step 53, if it is, execution step
59.
Step 53: corresponding with the internet-of-things terminal one untapped business mirror that business platform is obtained in advance and preserves
Random number+the authentication-tokens weighed in two tuples are sent to internet-of-things terminal, not using referring to random number+authentication-tokens therein not
Once issued internet-of-things terminal.
The number of service authentication two tuple corresponding with internet-of-things terminal that hypothesis business platform obtains in advance and preserves is 5
Individual, for ease of statement, respectively this 5 service authentication two tuples are referred to as service authentication two tuple 1, service authentication two tuple 2, industry
Business authentication two tuples 3, service authentication two tuple 4 and service authentication two tuple 5, and assume service authentication two tuple 2, service authentication
Two tuples 3, service authentication two tuple 4 and service authentication two tuple 5 do not use, then, in this step, business platform can select at random
Select untapped service authentication two tuple, such as service authentication two tuple 2, random number+authentication-tokens therein are sent to
Internet-of-things terminal.
Step 54~55: internet-of-things terminal generates according to the random number+authentication-tokens receiving corresponding authentication five-tuple
Authentication values, and the authentication values of generation are returned to business platform.
In this step, internet-of-things terminal is made according to being generated the random number+authentication receiving with identical mode in hlr/auc
Board corresponding authentication five-tuple, afterwards, according to operation management platform identical mode, according to this authentication five-tuple generate authentication
Value.
Step 56: the random number that the authentication values that business platform determination receives are received with the internet-of-things terminal being preserved+
Whether the authentication values in service authentication two tuple that authentication-tokens are located are consistent, if it is, execution step 57, otherwise, execution
Step 58.
With reference to the citing in step 53, if the mirror in the authentication values that receive of business platform and service authentication two tuple 2
Weights are consistent, then execution step 57, otherwise, execution step 58.
Step 57: authentication is passed through, business platform sends authentication successful message to internet-of-things terminal, and the business that wherein carries is put down
Random number+authentication in corresponding with internet-of-things terminal one untapped service authentication two tuple that platform obtains in advance and preserves
Token, terminates flow process.
With reference to the citing in step 53, due to service authentication two tuple 1 and service authentication two tuple 2 using, because
In this this step, one can be randomly choosed from remaining 3 service authentication two tuples, such as service authentication two tuple 3, will wherein
Random number+authentication-tokens carry and be sent to internet-of-things terminal in authentication successful message.
Step 58: authentication is not passed through, business platform sends failed authentication message to internet-of-things terminal, wherein carries business
Random number+mirror in corresponding with internet-of-things terminal one untapped service authentication two tuple that platform obtains in advance and preserves
Power token, terminates flow process.
With reference to the citing in step 53, due to service authentication two tuple 1 and service authentication two tuple 2 using, because
In this this step, one can be randomly choosed from remaining 3 service authentication two tuples, such as service authentication two tuple 3, will wherein
Random number+authentication-tokens carry and be sent to internet-of-things terminal in failed authentication message.
Step 59: business platform determine random number+authentication-tokens of carrying in service authentication request whether with preserved
Random number+authentication-tokens in one service authentication two tuple are identical, that is, determine the random number+mirror carrying in service authentication request
Whether power token is effective, if it is, execution step 510, otherwise, execution step 53.
Step 510: business platform determine in service authentication request the authentication values that carry whether with the service authentication being preserved
Authentication values in service authentication two tuple that the random number carrying in request+authentication-tokens are located are consistent, if it is, executing step
Rapid 57, otherwise, execution step 58.
Assume that the authentication values carrying in service authentication request are according to the random number in service authentication two tuple 1+authentication order
Board generates, then, if business platform determines the authentication values carrying in service authentication request and the service authentication two being preserved
Authentication values in tuple 1 are consistent, then execution step 57, otherwise, execution step 58.
After authentication is passed through, internet-of-things terminal and business platform can generate identical according to the authentication values used in authentication process
Session key, and carry out the encrypted transmission of transaction data using this session key, with ensure internet-of-things terminal and business platform it
Between contact data safety.
So far, that is, complete the introduction with regard to the inventive method embodiment.
It should be noted that in the various embodiments described above and preferred embodiment, needing in the information of contact between each network element
Content to be carried, describe only the content directly related with scheme of the present invention, in addition, specifically also needs to which carries
A little contents can be decided according to the actual requirements.
Based on above-mentioned introduction, Fig. 6 is the composition structural representation of business platform embodiment of the present invention.As shown in fig. 6, bag
Include: receiver module, the first authentication module and acquisition module, it is preferred that also can further include: the second authentication module.
When the uicc card that internet-of-things terminal uses is for sim card, the function of each module shown in Fig. 6 is as follows respectively.
Receiver module, for receiving the service authentication request from an internet-of-things terminal, and is sent to the first authentication module;
First authentication module, for the untapped business corresponding with internet-of-things terminal that will preserve in acquisition module
Authenticate the random number in two tuples and be sent to internet-of-things terminal, not whole using referring to that random number therein had not issued Internet of Things
End;Wherein, service authentication two tuple includes: random number and authentication values;The basis that reception internet-of-things terminal returns receives
The authentication values that random number corresponding authentication tlv triple generates, if the Internet of Things preserving in the authentication values receiving and acquisition module
Authentication values in service authentication two tuple that the random number that terminal receives is located are consistent, then authentication is passed through, and otherwise, does not pass through;
Acquisition module, for obtaining and preserving service authentication two tuple corresponding with internet-of-things terminal.
Wherein, receiver module can be further used for, and service authentication request is sent to the second authentication module;
Correspondingly, the second authentication module, for reading the configured information carrying in service authentication request, according to configured information
Determine in service authentication request and whether carry service authentication two tuple, if it is not, then notifying the first authentication module to execute itself
Function;If it is, determine the random number that carries in service authentication request whether with a business mirror preserving in acquisition module
The random number weighed in two tuples is identical, if it is not, then notifying the first authentication module to execute itself function, if it is, further
Determine the authentication values that carry in service authentication request whether with the service authentication request that preserves in acquisition module in carry random
Authentication values in service authentication two tuple that number is located are consistent, if it is, authentication is passed through, otherwise, do not pass through;Wherein, obtain
Random number in each service authentication two tuple preserving in module is all different;
First authentication module and the second authentication module can be further used for, regardless of whether authentication is passed through, all by authentication knot
Fruit notifies to internet-of-things terminal, and carries corresponding with internet-of-things terminal one preserving in acquisition module in authenticating result not
Random number in service authentication two tuple using;In service authentication request, the random number that carries is internet-of-things terminal from upper one
The random number getting in secondary authenticating result, in service authentication request, the authentication values that carry are internet-of-things terminal according to from upper one
The authentication values that the random number corresponding authentication tlv triple getting in secondary authenticating result generates.
In addition, receiver module receive service authentication request before, acquisition module can to operation management platform request with
The corresponding service authentication of internet-of-things terminal two tuple, and receive service authentication two tuple of operation management platform return;Operation pipe
Service authentication two tuple that platform returns is for operation management platform according to the authentication getting from authentication information offer equipment
Tlv triple generates;It is preferred that the number of service authentication two tuple of operation management platform return is two or more.
When the uicc card that internet-of-things terminal uses is for usim card, the function of each module shown in Fig. 6 is as follows respectively.
Receiver module, for receiving the service authentication request from an internet-of-things terminal, and is sent to the first authentication module;
First authentication module, for the untapped business corresponding with internet-of-things terminal that will preserve in acquisition module
Random number+the authentication-tokens authenticating in two tuples are sent to internet-of-things terminal, not using referring to random number+authentication-tokens therein
Do not issued internet-of-things terminal;Wherein, service authentication two tuple includes: random number+authentication-tokens, and authentication values ,+table
Show combination;Random number+authentication-tokens corresponding authentication five-tuple that the basis that reception internet-of-things terminal returns receives generates
Authentication values, if the industry that random number+authentication-tokens that the authentication values receiving are received with the internet-of-things terminal being preserved are located
Authentication values in business authentication two tuples are consistent, then authentication is passed through, and otherwise, does not pass through;
Acquisition module, for obtaining and preserving service authentication two tuple corresponding with internet-of-things terminal.
Wherein, receiver module can be further used for, and service authentication request is sent to the second authentication module;
Correspondingly, the second authentication module, for reading the configured information carrying in service authentication request, according to configured information
Determine in service authentication request and whether carry service authentication two tuple, if it is not, then notifying the first authentication module to execute itself
Function;If it is, determine random number+authentication-tokens of carrying in service authentication request whether with acquisition module in preserve one
Random number+authentication-tokens in individual service authentication two tuple are identical, if it is not, then notifying the first authentication module to execute itself work(
Can, if it is, further determine that the authentication values that carry in service authentication request whether with the business mirror that preserves in acquisition module
Authentication values in service authentication two tuple that the random number+authentication-tokens carrying in power request are located are consistent, if it is, authentication
Pass through, otherwise, do not pass through;Wherein, the random number+authentication-tokens in each service authentication two tuple preserving in acquisition module are equal
Different;
First authentication module and the second authentication module can be further used for, regardless of whether authentication is passed through, all by authentication knot
Fruit notifies to internet-of-things terminal, and carries corresponding with internet-of-things terminal one preserving in acquisition module in authenticating result not
Random number+authentication-tokens in service authentication two tuple using;In service authentication request, random number+authentication-tokens of carrying are
Random number+the authentication-tokens getting from last authenticating result for internet-of-things terminal, the mirror carrying in service authentication request
Weights be internet-of-things terminal according to the random number+authentication-tokens getting from last authenticating result corresponding authenticate five yuan
The authentication values that group generates.
In addition, receiver module receive service authentication request before, acquisition module can to operation management platform request with
The corresponding service authentication of internet-of-things terminal two tuple, and receive service authentication two tuple of operation management platform return;Operation pipe
Service authentication two tuple that platform returns is for operation management platform according to the authentication getting from authentication information offer equipment
Five-tuple generates;It is preferred that the number of service authentication two tuple of operation management platform return is two or more.
The present invention discloses a kind of internet-of-things terminal embodiment, comprising: the 3rd authentication module.
When the uicc card that internet-of-things terminal uses is for sim card, the function of the 3rd authentication module is as follows.
3rd authentication module, for when needing to initiate internet of things service, sending service authentication request to business platform;And
Before ought getting authenticating result, if receiving the random number that business platform sends, corresponding according to this random number
Authentication tlv triple generates authentication values, returns to business platform.
3rd authentication module can be further used for, and arranges configured information in service authentication request, to indicate business mirror
Whether carry service authentication two tuple in power request, and be designated as in service authentication request carrying business when configured information
When authenticating two tuples, service authentication request in arrange service authentication two tuple, including: from business platform send upper
The random number getting in authenticating result, and according to the corresponding authentication of the random number getting from last authenticating result
The authentication values that tlv triple generates.
Wherein, authentication tlv triple includes: random number, authentication parameter and encryption key;
3rd authentication module authenticates tlv triple according to generating random number, and calculates in authentication tlv triple according to pre-defined algorithm
Authentication parameter and the cryptographic Hash of encryption key, using result of calculation as the authentication values in service authentication two tuple, will authenticate in ternary
Random number as the random number in service authentication two tuple.
When the uicc card that internet-of-things terminal uses is for usim card, the function of the 3rd authentication module is as follows.
3rd authentication module, for when needing to initiate internet of things service, sending service authentication request to business platform;And
Before ought getting authenticating result, if receiving random number+authentication-tokens that business platform sends, random according to this
Number+authentication-tokens corresponding authentication five-tuple generates authentication values, returns to business platform ,+represent combination.
3rd authentication module can be further used for, and arranges configured information in service authentication request, to indicate business mirror
Whether carry service authentication two tuple in power request, and be designated as in service authentication request carrying business when configured information
When authenticating two tuples, service authentication request in arrange service authentication two tuple, including: from business platform send upper
Random number+the authentication-tokens getting in authenticating result, and random according to get from last authenticating result
The authentication values that number+authentication-tokens corresponding authentication five-tuple generates.
Wherein, authentication five-tuple includes: random number, authentication parameter, encryption key, integrity key and authentication-tokens;
3rd authentication module generates authentication five-tuple according to random number+authentication-tokens, and calculates authentication according to pre-defined algorithm
The cryptographic Hash of the encryption key in five-tuple, using result of calculation as the authentication values in service authentication two tuple, will authenticate five-tuple
In random number+authentication-tokens as the random number+authentication-tokens in service authentication two tuple.
The specific workflow of said apparatus embodiment refer to the respective description in preceding method embodiment, herein no longer
Repeat.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention
Within god and principle, any modification, equivalent substitution and improvement done etc., should be included within the scope of protection of the invention.
Claims (22)
1. the method for authenticating in a kind of Internet of things system is it is adaptable to the Universal Integrated Circuit Card uicc that internet-of-things terminal uses is use
The scene of family identification card sim is it is characterised in that include:
A, business platform receive the service authentication request from an internet-of-things terminal;
Corresponding with the described internet-of-things terminal one untapped service authentication two that b, described business platform will obtain and preserve
Random number in tuple is sent to described internet-of-things terminal, described has not issued described thing using referring to random number therein
Networked terminals;Wherein, service authentication two tuple includes: random number and authentication values;
Receive the corresponding authentication values authenticating tlv triple generation of random number that the basis of described internet-of-things terminal return receives, such as
In service authentication two tuple that the random number that the authentication values that fruit receives are received with the described internet-of-things terminal being preserved is located
Authentication values consistent, then authentication is passed through, and otherwise, does not pass through;
Before described step b, further include:
Described business platform reads the configured information carrying in described service authentication request, according to described configured information determines
Service authentication two tuple whether is carried in service authentication request, if it is not, then execution step b;
If it is, determine the random number that carries in the request of described service authentication whether with the service authentication binary being preserved
Random number in group is identical, if it is not, then execution step b, carries if it is, further determining that in described service authentication request
Service authentication two tuple that whether is located with the random number that carries in the described service authentication request being preserved of authentication values in
Authentication values are consistent, if it is, authentication is passed through, otherwise, do not pass through;Wherein, each business mirror preserving in described business platform
The random number weighed in two tuples is all different.
2. method according to claim 1 is it is characterised in that methods described further includes:
Regardless of whether authentication is passed through, described business platform all notifies authenticating result to described internet-of-things terminal, and in described mirror
Corresponding with the described internet-of-things terminal one untapped business mirror that described business platform obtains and preserves is carried in power result
Weigh the random number in two tuples;The random number carrying in described service authentication request is described internet-of-things terminal from last mirror
The random number that gets in power result, the authentication values carrying in described service authentication request be described internet-of-things terminal according to from
The authentication values that the random number corresponding authentication tlv triple getting in last authenticating result generates.
3. method according to claim 2 is it is characterised in that the acquisition of described business platform is corresponding with described internet-of-things terminal
Service authentication two tuple include:
Before receiving described service authentication request, described business platform is to operation management platform request with described Internet of Things eventually
Hold corresponding service authentication two tuple, and receive service authentication two tuple that described operation management platform returns;
Service authentication two tuple that described operation management platform returns provides according to from authentication information for described operation management platform
The authentication tlv triple getting in equipment generates;
The number of service authentication two tuple that described operation management platform returns is two or more.
4. method according to claim 3 it is characterised in that
Described authentication tlv triple includes: random number, authentication parameter and encryption key;
Described according to authentication tlv triple generate service authentication two tuple include: according to pre-defined algorithm calculate authentication tlv triple in mirror
Weight parameter and the cryptographic Hash of encryption key, using result of calculation as the authentication values in service authentication two tuple, will authenticate in tlv triple
Random number as the random number in service authentication two tuple.
5. the method according to claim 1,2 or 3 is it is characterised in that the method further includes:
If authentication is passed through, described internet-of-things terminal and described business platform are respectively according to the authentication values life used in authentication process
Become identical session key, and carry out the encrypted transmission of transaction data using described session key.
6. the method for authenticating in a kind of Internet of things system is it is adaptable to the Universal Integrated Circuit Card uicc that internet-of-things terminal uses is complete
The scene of ball Subscriber Identity Module usim is it is characterised in that include:
A, business platform receive the service authentication request from an internet-of-things terminal;
Corresponding with the described internet-of-things terminal one untapped service authentication two that b, described business platform will obtain and preserve
Random number+authentication-tokens in tuple are sent to described internet-of-things terminal, described not using referring to random number therein+authentication order
Described internet-of-things terminal do not issued by board;Wherein, service authentication two tuple includes: random number+authentication-tokens, and authentication
Value ,+represent combination;
Receive what random number+authentication-tokens corresponding authentication five-tuple that the basis that described internet-of-things terminal returns receives generated
Authentication values, if random number+authentication-tokens that the authentication values receiving are received with the described internet-of-things terminal being preserved are located
Service authentication two tuple in authentication values consistent, then authentication is passed through, and otherwise, does not pass through;
Before described step b, further include:
Described business platform reads the configured information carrying in described service authentication request, according to described configured information determines
Service authentication two tuple whether is carried in service authentication request, if it is not, then execution step b;
If it is, determine random number+authentication-tokens of carrying in the request of described service authentication whether with the industry being preserved
Random number+authentication-tokens in business authentication two tuples are identical, if it is not, then execution step b, if it is, further determining that institute
State the random number+authentication carrying during whether the authentication values carrying in service authentication request are asked with the described service authentication being preserved
Authentication values in service authentication two tuple that token is located are consistent, if it is, authentication is passed through, otherwise, do not pass through;Wherein, institute
Random number+the authentication-tokens stated in each service authentication two tuple preserving in business platform are all different.
7. method according to claim 6 is it is characterised in that methods described further includes:
Regardless of whether authentication is passed through, described business platform all notifies authenticating result to described internet-of-things terminal, and in described mirror
Corresponding with the described internet-of-things terminal one untapped business mirror that described business platform obtains and preserves is carried in power result
Weigh the random number+authentication-tokens in two tuples;Random number+the authentication-tokens carrying in described service authentication request are described thing
Random number+authentication-tokens that networked terminals get from last authenticating result, the mirror carrying in described service authentication request
Weights are described internet-of-things terminal according to the corresponding authentication of random number+authentication-tokens getting from last authenticating result
The authentication values that five-tuple generates.
8. method according to claim 7 is it is characterised in that the acquisition of described business platform is corresponding with described internet-of-things terminal
Service authentication two tuple include:
Before receiving described service authentication request, described business platform is to operation management platform request with described Internet of Things eventually
Hold corresponding service authentication two tuple, and receive service authentication two tuple that described operation management platform returns;
Service authentication two tuple that described operation management platform returns provides according to from authentication information for described operation management platform
The authentication five-tuple getting in equipment generates;
The number of service authentication two tuple that described operation management platform returns is two or more.
9. method according to claim 8 it is characterised in that
Described authentication five-tuple includes: random number, authentication parameter, encryption key, integrity key and authentication-tokens;
Described according to authentication five-tuple generate service authentication two tuple include: according to pre-defined algorithm calculate authentication five-tuple in plus
The cryptographic Hash of close key, using result of calculation as the authentication values in service authentication two tuple, by the random number+mirror in authentication five-tuple
Power token is as the random number+authentication-tokens in service authentication two tuple.
10. the method according to claim 6,7 or 8 is it is characterised in that the method further includes:
If authentication is passed through, described internet-of-things terminal and described business platform are respectively according to the authentication values life used in authentication process
Become identical session key, and carry out the encrypted transmission of transaction data using described session key.
A kind of 11. business platforms are it is adaptable to the Universal Integrated Circuit Card uicc that internet-of-things terminal uses is Subscriber Identity Module sim's
Scene is it is characterised in that include:
Receiver module, for receiving the service authentication request from an internet-of-things terminal, and is sent to the first authentication module;
Described first authentication module, corresponding with described internet-of-things terminal one for preserving in acquisition module untapped
Random number in service authentication two tuple is sent to described internet-of-things terminal, described is not sent out using referring to random number therein
Gave described internet-of-things terminal;Wherein, service authentication two tuple includes: random number and authentication values;Receive described Internet of Things eventually
The authentication values that the random number corresponding authentication tlv triple that the basis that end returns receives generates, if the authentication values receiving and institute
State the authentication values in service authentication two tuple at random number place that the described internet-of-things terminal preserving in acquisition module receives
Unanimously, then authentication is passed through, and otherwise, does not pass through;
Acquisition module, for obtaining and preserving service authentication two tuple corresponding with described internet-of-things terminal;
Described business platform further includes: the second authentication module;
Described receiver module is further used for, and the request of described service authentication is sent to described second authentication module;
Described second authentication module, for reading the configured information carrying in described service authentication request, according to described instruction letter
Breath determines in described service authentication request whether carry service authentication two tuple, if it is not, then notifying described first authentication mould
Block executes itself function;If it is, determine the random number that carries in the request of described service authentication whether with described acquisition module
Random number in one service authentication two tuple of middle preservation is identical, if it is not, then notifying described first authentication module execution certainly
Body function, if it is, further determine that the authentication values that carry in the request of described service authentication whether with described acquisition module in
Authentication values in service authentication two tuple that the random number carrying in the described service authentication request preserving is located are consistent, if
It is that then authentication is passed through, and otherwise, does not pass through;Wherein, random in each service authentication two tuple preserving in described acquisition module
Number is all different.
12. business platforms according to claim 11 it is characterised in that
Described first authentication module and described second authentication module are further used for, regardless of whether authentication is passed through, all by authentication knot
Fruit notify to described internet-of-things terminal, and carry in described authenticating result in described acquisition module preserve with described Internet of Things
Random number in corresponding untapped service authentication two tuple of terminal;The random number carrying in described service authentication request
It is the random number that described internet-of-things terminal gets from last authenticating result, the mirror carrying in described service authentication request
Weights are described internet-of-things terminal according to the random number getting from last authenticating result corresponding authentication tlv triple life
The authentication values becoming.
13. business platforms according to claim 12 it is characterised in that
Before described receiver module receives the request of described service authentication, described acquisition module to operation management platform request with
Described internet-of-things terminal corresponding service authentication two tuple, and receive the service authentication binary that described operation management platform returns
Group;
Service authentication two tuple that described operation management platform returns provides according to from authentication information for described operation management platform
The authentication tlv triple getting in equipment generates;
The number of service authentication two tuple that described operation management platform returns is two or more.
A kind of 14. business platforms are it is adaptable to the Universal Integrated Circuit Card uicc that internet-of-things terminal uses is Global Subscriber identification card
The scene of usim is it is characterised in that include:
Receiver module, for receiving the service authentication request from an internet-of-things terminal, and is sent to the first authentication module;
Described first authentication module, corresponding with described internet-of-things terminal one for preserving in acquisition module untapped
Random number+authentication-tokens in service authentication two tuple are sent to described internet-of-things terminal, described not using refer to therein with
Machine number+authentication-tokens had not issued described internet-of-things terminal;Wherein, service authentication two tuple includes: random number+authentication order
Board, and authentication values ,+represent combination;Receive random number+authentication-tokens pair that the basis of described internet-of-things terminal return receives
The authentication values that the authentication five-tuple answered generates, if what the authentication values receiving and the described internet-of-things terminal being preserved received
Authentication values in service authentication two tuple that random number+authentication-tokens are located are consistent, then authentication is passed through, and otherwise, does not pass through;
Acquisition module, for obtaining and preserving service authentication two tuple corresponding with described internet-of-things terminal;
Described business platform further includes: the second authentication module;
Described receiver module is further used for, and the request of described service authentication is sent to described second authentication module;
Described second authentication module, for reading the configured information carrying in described service authentication request, according to described instruction letter
Breath determines in described service authentication request whether carry service authentication two tuple, if it is not, then notifying described first authentication mould
Block executes itself function;If it is, determine random number+authentication-tokens of carrying in the request of described service authentication whether with described
Random number+authentication-tokens in service authentication two tuple preserving in acquisition module are identical, if it is not, then notifying described the
One authentication module executes itself function, if it is, further determining that the authentication values that carry in the request of described service authentication whether
The service authentication two being located with the random number+authentication-tokens carrying in the described service authentication request preserving in described acquisition module
Authentication values in tuple are consistent, if it is, authentication is passed through, otherwise, do not pass through;Wherein, preserve in described acquisition module is every
Random number+authentication-tokens in individual service authentication two tuple are all different.
15. business platforms according to claim 14 it is characterised in that
Described first authentication module and described second authentication module are further used for, regardless of whether authentication is passed through, all by authentication knot
Fruit notify to described internet-of-things terminal, and carry in described authenticating result in described acquisition module preserve with described Internet of Things
Random number+authentication-tokens in corresponding untapped service authentication two tuple of terminal;Take in described service authentication request
Random number+the authentication-tokens of band are random number+authentication order that described internet-of-things terminal gets from last authenticating result
Board, the authentication values carrying in described service authentication request are described internet-of-things terminal and obtain according to from last authenticating result
The authentication values that the random number+authentication-tokens corresponding authentication five-tuple arriving generates.
16. business platforms according to claim 15 it is characterised in that
Before described receiver module receives the request of described service authentication, described acquisition module to operation management platform request with
Described internet-of-things terminal corresponding service authentication two tuple, and receive the service authentication binary that described operation management platform returns
Group;
Service authentication two tuple that described operation management platform returns provides according to from authentication information for described operation management platform
The authentication five-tuple getting in equipment generates;
The number of service authentication two tuple that described operation management platform returns is two or more.
A kind of 17. internet-of-things terminals, the Universal Integrated Circuit Card uicc that it uses is Subscriber Identity Module sim it is characterised in that wrapping
Include:
3rd authentication module, for when needing to initiate internet of things service, sending service authentication request to business platform;And working as
Before getting authenticating result, if receiving the random number that described business platform sends, corresponding according to this random number
Authentication tlv triple generates authentication values, returns to described business platform;
Described 3rd authentication module is further used for, and arranges configured information, to indicate described industry in the request of described service authentication
Whether carry service authentication two tuple in business authentication request, and be designated as described service authentication request when described configured information
In when carrying service authentication two tuple, in the request of described service authentication, service authentication two tuple is set.
18. internet-of-things terminals according to claim 17 are it is characterised in that described 3rd authentication module is reflected in described business
In power request, service authentication two tuple of setting includes: gets from the last authenticating result that described business platform sends
Random number, and according to the random number getting from last authenticating result corresponding authentication tlv triple generate authentication values.
19. internet-of-things terminals according to claim 18 it is characterised in that
Described authentication tlv triple includes: random number, authentication parameter and encryption key;
Described 3rd authentication module authenticates tlv triple according to generating random number, and calculates in authentication tlv triple according to pre-defined algorithm
Authentication parameter and the cryptographic Hash of encryption key, using result of calculation as the authentication values in service authentication two tuple, will authenticate in ternary
Random number as the random number in service authentication two tuple.
A kind of 20. internet-of-things terminals, the Universal Integrated Circuit Card uicc that it uses is Global Subscriber identification card usim, and its feature exists
In, comprising:
3rd authentication module, for when needing to initiate internet of things service, sending service authentication request to business platform;And working as
Before getting authenticating result, if receiving random number+authentication-tokens that described business platform sends, random according to this
Number+authentication-tokens corresponding authentication five-tuple generates authentication values, returns to described business platform ,+represent combination;
Described 3rd authentication module is further used for, and arranges configured information, to indicate described industry in the request of described service authentication
Whether carry service authentication two tuple in business authentication request, and be designated as described service authentication request when described configured information
In when carrying service authentication two tuple, in the request of described service authentication, service authentication two tuple is set.
21. internet-of-things terminals according to claim 20 are it is characterised in that described 3rd authentication module is reflected in described business
In power request, service authentication two tuple of setting includes: gets from the last authenticating result that described business platform sends
Random number+authentication-tokens, and according to the corresponding authentication of random number+authentication-tokens getting from last authenticating result
The authentication values that five-tuple generates.
22. internet-of-things terminals according to claim 21 it is characterised in that
Described authentication five-tuple includes: random number, authentication parameter, encryption key, integrity key and authentication-tokens;
Described 3rd authentication module generates authentication five-tuple according to random number+authentication-tokens, and calculates authentication according to pre-defined algorithm
The cryptographic Hash of the encryption key in five-tuple, using result of calculation as the authentication values in service authentication two tuple, will authenticate five-tuple
In random number+authentication-tokens as the random number+authentication-tokens in service authentication two tuple.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210280775.XA CN103581154B (en) | 2012-08-08 | 2012-08-08 | Authentication method and device in system of Internet of Things |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210280775.XA CN103581154B (en) | 2012-08-08 | 2012-08-08 | Authentication method and device in system of Internet of Things |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103581154A CN103581154A (en) | 2014-02-12 |
CN103581154B true CN103581154B (en) | 2017-01-25 |
Family
ID=50052089
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210280775.XA Active CN103581154B (en) | 2012-08-08 | 2012-08-08 | Authentication method and device in system of Internet of Things |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103581154B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104917730B (en) * | 2014-03-12 | 2019-04-26 | 腾讯科技(深圳)有限公司 | A kind of method for authenticating and system, authentication server |
CN105813070B (en) * | 2014-12-29 | 2019-08-30 | 中国移动通信集团公司 | A kind of method and device that car-mounted terminal is communicated by mobile terminal |
CN105610872B (en) * | 2016-03-16 | 2018-09-07 | 中国联合网络通信集团有限公司 | Internet-of-things terminal encryption method and internet-of-things terminal encryption device |
CN105847432B (en) * | 2016-05-23 | 2018-11-23 | 成都亿闻科技有限公司 | Remote vehicle control method and device based on Internet of Things |
CN108632231A (en) * | 2017-03-24 | 2018-10-09 | 中移(杭州)信息技术有限公司 | A kind of internet of things equipment, Internet of Things authentication platform, authentication method and system |
CN110191467B (en) * | 2018-02-23 | 2022-10-18 | 中移物联网有限公司 | Authentication method, equipment, device and storage medium for Internet of things equipment |
CN108737381B (en) * | 2018-04-23 | 2021-11-16 | 厦门盛华电子科技有限公司 | Extension authentication method of Internet of things system |
CN109474916B (en) * | 2018-11-19 | 2020-09-18 | 海信集团有限公司 | Equipment authentication method, device and machine readable medium |
CN111343133B (en) * | 2018-12-19 | 2022-05-13 | 中移物联网有限公司 | Authentication method, authentication equipment and computer readable storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1756428A (en) * | 2004-09-30 | 2006-04-05 | 华为技术有限公司 | Method for carrying out authentication for terminal user identification module in IP multimedia subsystem |
CN101123778A (en) * | 2007-09-29 | 2008-02-13 | 大唐微电子技术有限公司 | Network access authentication method and its USIM card |
CN101990204A (en) * | 2009-08-07 | 2011-03-23 | 中国移动通信集团公司 | Method and device for accessing service by using card inserted terminal |
-
2012
- 2012-08-08 CN CN201210280775.XA patent/CN103581154B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1756428A (en) * | 2004-09-30 | 2006-04-05 | 华为技术有限公司 | Method for carrying out authentication for terminal user identification module in IP multimedia subsystem |
CN101123778A (en) * | 2007-09-29 | 2008-02-13 | 大唐微电子技术有限公司 | Network access authentication method and its USIM card |
CN101990204A (en) * | 2009-08-07 | 2011-03-23 | 中国移动通信集团公司 | Method and device for accessing service by using card inserted terminal |
Also Published As
Publication number | Publication date |
---|---|
CN103581154A (en) | 2014-02-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103581154B (en) | Authentication method and device in system of Internet of Things | |
JP5579872B2 (en) | Secure multiple UIM authentication and key exchange | |
TWI475862B (en) | Secure bootstrapping for wireless communications | |
CN109729523B (en) | Terminal networking authentication method and device | |
CN103597799B (en) | service access authentication method and system | |
CN107800539A (en) | Authentication method, authentication device and Verification System | |
Tsay et al. | A vulnerability in the umts and lte authentication and key agreement protocols | |
CN105898743B (en) | A kind of method for connecting network, apparatus and system | |
CN107924437A (en) | Method and associated wireless devices and server for the security provisions for making it possible to realize voucher | |
CN110049492A (en) | The unified certification frame of heterogeneous network | |
CN103201998A (en) | Data processing for securing local resources in a mobile device | |
CN104935426B (en) | Cryptographic key negotiation method, user equipment and short-range communication control network element | |
CN104125567B (en) | Home eNodeB accesses method for authenticating, device and the Home eNodeB of network side | |
WO2016161583A1 (en) | Gprs system key enhancement method, sgsn device, ue, hlr/hss and gprs system | |
CN103686651B (en) | A kind of authentication method based on urgent call, equipment and system | |
US11956626B2 (en) | Cryptographic key generation for mobile communications device | |
CN104955039B (en) | A kind of method and apparatus of network authentication certification | |
CN102318386A (en) | Service-based authentication to a network | |
CN109788480A (en) | A kind of communication means and device | |
CN105813060A (en) | Method and device for obtaining virtual user identity | |
CN104509144B (en) | Security association is realized during terminal is attached to access net | |
CN104168566B (en) | A kind of method and device of access network | |
CN109756451B (en) | Information interaction method and device | |
CN110062381A (en) | A kind of method and device obtaining user identifier | |
CN108123918A (en) | A kind of account authentication login method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |