CN106034028A - Terminal equipment authentication method, apparatus and system thereof - Google Patents

Terminal equipment authentication method, apparatus and system thereof Download PDF

Info

Publication number
CN106034028A
CN106034028A CN201510115367.2A CN201510115367A CN106034028A CN 106034028 A CN106034028 A CN 106034028A CN 201510115367 A CN201510115367 A CN 201510115367A CN 106034028 A CN106034028 A CN 106034028A
Authority
CN
China
Prior art keywords
terminal
key
authorization
deciphering
device identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510115367.2A
Other languages
Chinese (zh)
Other versions
CN106034028B (en
Inventor
李俊奎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201910501817.XA priority Critical patent/CN110365484B/en
Priority to CN201510115367.2A priority patent/CN106034028B/en
Publication of CN106034028A publication Critical patent/CN106034028A/en
Application granted granted Critical
Publication of CN106034028B publication Critical patent/CN106034028B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

The invention provides a terminal equipment authentication method, an apparatus and a system thereof. The method comprises the following steps that a first terminal sends an authorization request message generated through using a stored first secret key to carry out encryption on a second secret key and a first equipment identification; a second terminal acquires the authorization request message and uses the stored first secret key to carry out decryption; when the decryption is successful, whether a first authorization equipment identification corresponding to the first equipment identification acquired through the decryption is stored is determined; if the first authorization equipment identification is stored, the first terminal is authorized and an authorization result message generated through using the second secret key to carry out encryption on a second equipment identification is sent; the first terminal acquires the authorization result message and uses the second secret key to carry out the decryption; and when the decryption is successful, whether a second authorization equipment identification corresponding to the second equipment identification acquired through the decryption is stored is determined, and based on a determination result, whether the second terminal is authorized is determined. In each embodiment of the invention, safety and reliability of terminal equipment authentication can be provided.

Description

A kind of terminal device authentication method, Apparatus and system
Technical field
The application belongs to communication information process field, particularly relates to a kind of terminal device authentication method, Apparatus and system.
Background technology
Along with mobile Internet and the development of Internet of Things, including the end of wearable device (such as Intelligent bracelet, intelligent watch etc.) End equipment is more and more universal, and is increasingly becoming the development trend of following intelligent mobile products application.
Wearable device often includes the multiple sensitive informations such as the account of user, identity, communication, property, if wearable Equipment is attacked by malice fishing, terminal deception, information intercepting etc. and is obtained authority, and user will cause immeasurable loss.Cause This, the security certificate certification of wearable device is increasingly taken seriously.It is currently based on the safety applications product of wearable device also Starting appearance, its solution mainly includes that wearable device is based on intelligent terminal (such as intelligent movable mobile phone, intelligent electric appliance etc.) Or the condition code of third-party application carries out authorization identifying to described intelligent terminal.
But the condition code used in existing wearable device authorization identifying solution is usually single constant condition code, and Verification process generally uses utilize the channel safety rank such as WIFI or bluetooth relatively low for unilateral authentication.Prior art Authorization and authentication method easilys lead to condition code and is intercepted, reveals or uses the intelligent terminal of forgery to cheat, and acquisition can be worn Wear the authority of equipment.In prior art, the authorization and authentication method of wearable device yet suffers from bigger potential safety hazard.
Summary of the invention
The application purpose is to provide a kind of terminal device authentication method, Apparatus and system, can be the intelligence including wearable device The two-way authentication in licensing process can be provided by terminal unit, improve the safety of terminal unit authorization identifying.
A kind of terminal device authentication method, Apparatus and system that the application provides are achieved in that
A kind of terminal device authentication method, described method includes:
First key of generation and the first device identification of first terminal are added by the preset key of first terminal transmission storage Request message is opened in the mandate of close generation;
Second terminal obtains mandate and opens request message, is decrypted by the preset key of storage, and according to the result of described deciphering Judge whether to open device authorization;
Result in described deciphering be successfully time, send utilize described deciphering obtain the first double secret key described in the second terminal second Device identification is encrypted the mandate of generation and opens results messages;
First terminal obtains mandate and opens results messages, and opens results messages solve with authorizing described in described first double secret key Close;If successful decryption, then open device authorization.
A kind of terminal device authentication method, described method includes:
The second key and the first device identification of first terminal that first double secret key of first terminal transmission storage generates add The authorization request message of close generation;
Second terminal obtains authorization request message, is decrypted with the first key of storage;When described successful decryption, it is judged that be No storage has the first authorisation device mark corresponding with the first device identification of described deciphering acquisition;
Being sometimes in described judged result, described first terminal is awarded by described second terminal based on described first device identification Power, and send the mandate being encrypted generation with the second device identification of the second terminal described in described the second double secret key deciphered and obtain Results messages;
First terminal obtains Authorization result message, is decrypted with described second key;When successful decryption, it may be judged whether storage There is the second authorisation device mark corresponding with the second device identification that described deciphering obtains, and determine based on described judged result and be No described second terminal is authorized.
A kind of terminal device authentication method, described method includes:
The second key and the first device identification of first terminal that first double secret key of first terminal transmission storage generates add The authorization request message of close generation;
First terminal obtains the Authorization result message that the second terminal sends, and is decrypted with described second key;
Described first terminal is when described successful decryption, it may be judged whether the second device identification that storage has with described deciphering obtains is relative The the second authorisation device mark answered, and determine whether described second terminal is authorized based on described judged result.
A kind of terminal device authentication method, described method includes:
Second terminal obtains the authorization request message that first terminal sends, and is decrypted with the first key of storage;
Described second terminal is when described successful decryption, it may be judged whether the first device identification that storage has with described deciphering obtains is relative The the first authorisation device mark answered;
Described second terminal is sometimes in described judged result, awards described first terminal based on described first device identification Power, and send the mandate being encrypted generation with the second device identification of the second terminal described in described the second double secret key deciphered and obtain Results messages.
A kind of terminal device authentication device, described device includes:
First memory element, for storing the second authorisation device mark of the second terminal of the first key of generation, acquisition;
First ciphering unit, for generating the second key, and utilizes the second key and the first of acquisition described in described first double secret key Device identification is encrypted, and generates authorization request message;
First communication module, is used for sending described authorization request message, is additionally operable to receive the Authorization result message that the second terminal sends;
First deciphering judging unit, is used for utilizing Authorization result message described in described second double secret key to be decrypted, and is being decrypted into During merit, it is judged that whether described first memory element stores second mandate corresponding with the second device identification of described deciphering acquisition Device identification;
First authorization module, determines whether to enter described second terminal for judged result based on described first deciphering judging unit Row authorizes.
A kind of terminal device authentication device, described device includes:
Second communication module, for receiving authorization request message and the transmission Authorization result message that first terminal sends;
Second memory element, for storing the first authorisation device mark and the first key of the first terminal of acquisition;
Second deciphering judging unit, for utilizing authorization request message described in the first double secret key of storage to be decrypted, and in deciphering During success, it is judged that whether described second memory element stores the first authorisation device mark corresponding with described first device identification Know;
Second authorization module, judged result based on described second deciphering judging unit determines whether described first device identification institute Corresponding described first terminal authorizes.
Second ciphering unit, is sometimes for deciphering the judged result of judging unit described second, utilizes described second double secret key Second device identification of described second terminal is encrypted generation Authorization result message.
A kind of terminal device authentication system, described system includes:
First terminal, enters for sending the first device identification of the second key and the first terminal generated with the first double secret key of storage The authorization request message that row encryption generates;It is additionally operable to obtain the Authorization result message that the second terminal sends, and with described second key It is decrypted;It is additionally operable to when successful decryption, it may be judged whether the second device identification that storage has with described deciphering obtains is corresponding Second authorisation device mark, and determine whether described second terminal is authorized based on described judged result;
Second terminal, sends for first terminal and obtains authorization request message, and be decrypted with the first key of storage;Also use When at described successful decryption, it may be judged whether storage has first corresponding with described first device identification of described deciphering acquisition to award Power device identification;It is additionally operable in described judged result as sometimes, based on described first device identification, described first terminal is awarded Power, and send the mandate being encrypted generation with the second device identification of the second terminal described in described the second double secret key deciphered and obtain Results messages.
A kind of terminal device authentication system, described system includes:
First terminal, enters for sending the first device identification of the second key and the first terminal generated with the first double secret key of storage The authorization request message that row encryption generates;It is additionally operable to obtain the Authorization result message that the second terminal sends, and with described second key It is decrypted;It is additionally operable to when successful decryption, it may be judged whether the second device identification that storage has with described deciphering obtains is corresponding Second authorisation device mark, and determine whether described second terminal is authorized based on described judged result;
Second terminal, sends for first terminal and obtains authorization request message, and be decrypted with the first key of storage;Also use When at described successful decryption, it may be judged whether storage has first corresponding with described first device identification of described deciphering acquisition to award Power device identification;It is additionally operable in described judged result as sometimes, based on described first device identification, described first terminal is awarded Power, and send the mandate being encrypted generation with the second device identification of the second terminal described in described the second double secret key deciphered and obtain Results messages.
A kind of terminal device authentication method of the application offer, Apparatus and system, can ensure and carry out between multiple terminals opening equipment Authorize and the certification of device authorization.First terminal can utilize the preset key encrypted authentication key prestored and device identification to be formed Request message is opened in mandate, and so only same storage has the second terminal of preset key just can be decrypted, completes a side and award The certification that power is opened.The device identification of the second terminal is encrypted, by first by the authentication secret that deciphering then can be utilized to obtain Terminal is decrypted, and described first terminal just can be opened authorization identifying by successful decryption, completes terminal unit and opens authorization requests Two-way authentication.Further, after opening the device identification of mandate, acquisition authorisation device, it is possible to use the application provides Terminal device authentication method carry out the authorities such as application on terminal unit or equipment and carry out authorization identifying.During device authorization Still use the two-way authentication of multiple terminals, and in two-way authentication interacting message, add device identification and authentication secret, the most in fact Execute the authentication secret used in mode and can also can be greatly improved the terminal unit of such as wearable device for dynamically updating Authorization identifying, improves the safety of terminal unit authorization identifying.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present application or technical scheme of the prior art, below will be to embodiment or prior art In description, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is only to remember in the application Some embodiments carried, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to Other accompanying drawing is obtained according to these accompanying drawings.
Fig. 1 is the method flow schematic diagram of the application a kind of embodiment of a kind of terminal device authentication method;
Fig. 2 is the method flow schematic diagram of the application a kind of embodiment of a kind of terminal device authentication method;
Fig. 3 is the schematic flow sheet of the application a kind of terminal device authentication method another kind embodiment;
Fig. 4 is the schematic flow sheet of the application a kind of terminal device authentication method another kind embodiment;
Fig. 5 is the modular structure schematic diagram of the application a kind of terminal device authentication a kind of embodiment of device;
Fig. 6 is the modular structure schematic diagram of the application a kind of terminal device authentication device another kind embodiment;
Fig. 7 is the modular structure schematic diagram of the application a kind of terminal device authentication device another kind embodiment;
Fig. 8 is the modular structure schematic diagram of the application a kind of terminal device authentication a kind of embodiment of device;
Fig. 9 is the modular structure schematic diagram of the application a kind of terminal device authentication device another kind embodiment;
Figure 10 is the modular structure schematic diagram of the application a kind of terminal device authentication device another kind embodiment.
Detailed description of the invention
For the technical scheme making those skilled in the art be more fully understood that in the application, below in conjunction with in the embodiment of the present application Accompanying drawing, the technical scheme in the embodiment of the present application is clearly and completely described, it is clear that described embodiment is only It is some embodiments of the present application rather than whole embodiments.Based on the embodiment in the application, ordinary skill people The every other embodiment that member is obtained under not making creative work premise, all should belong to the scope of the application protection.
Terminal described herein can include but not limited to the terminal unit of wearable device.The mandate of described terminal unit is recognized Card can be by including but not limited to that the terminal unit of user side is connected to by the connected mode such as Wi-Fi or cellular mobile network The terminal unit of the Internet and server-side carries out the application scenarios of authorization identifying, it is also possible to by including but not limited to that bluetooth passes The modes such as transmission protocol, NFC near-field communication etc. and wired connection are connected the application carrying out authorization identifying with other intelligent terminals Scene.Below the application as a example by the authorization identifying between the terminal unit and intelligent mobile mobile phone of wearable device to the application institute State method and device to be described in detail.Wearable device described herein includes but not limited to be loaded with Intelligent treatment core The watch of sheet, glasses, footwear, cap, clothing, jewelry etc. can be with wearable device.
Before carrying out authorization identifying between terminal devices, can first carry out verifying that the terminal unit requiring authorization identifying whether may be used Letter, then further can authorize to requiring that the terminal unit authorized opens authorization identifying after being verified.Adopt By the leading authentication method whether terminal unit authorization identifying opened described herein, can effectively reduce illegal terminal equipment Carry out authorization identifying, block the authorization identifying communication of wearable device or other-end equipment and illegal terminal early.Fig. 1 is The method flow schematic diagram of herein described one embodiment of a kind of terminal device authentication method, as described in Figure 1, described method can To include:
First key of generation and the first device identification of first terminal are carried out by the preset key of S1: first terminal transmission storage Request message is opened in the mandate that encryption generates.
First key key1 of generation and the first device identification of first terminal are entered by preset key key0 of first terminal storage Row encryption, formed mandate open request message MSG_A1, and send described mandate open request message MSG_A1.
Described first terminal can be smart mobile phone described above, can also move intelligence for other in other application scenarios Can terminal.In the present embodiment can using send authorize open request message MSG_A1 terminal unit as first terminal, can To open the terminal unit of request message MSG_A1 as the second terminal, example in concrete implementation mode by receiving described mandate In the present embodiment can using smart mobile phone as described in first terminal, using described wearable device as the second terminal.Certainly, In above-described embodiment, the second terminal to such as wearable device carries out the first terminal of authorization identifying and can also arrange for special Server, or intelligent terminal managing device etc..
Can store preset key key0 in advance in described first terminal, arrange when this preset key can include dispatching from the factory is initial Change key, or with the second terminal make an appointment arrange may be used for open device authorization or the key of device authorization certification. Described first terminal can generate the first key key1, described first key key1 and may be used for and include described wearable device The second terminal carry out authorization identifying.Described first terminal can be raw by the application in terminal or preset key schedule Become described first key key1, the first described key key1 can include the data forms such as the numeral of routine, character, symbol Key.
It is then possible to utilize the described preset key key0 described first key key1 and the first of first terminal to including generation Device identification app_divice_id is encrypted, and request message MSG_A1 is opened in the mandate forming described first terminal.Described First device identification app_divice_id of one terminal can be for unique identification information identifying this first terminal equipment, specifically IMEI, the MAC that such as can include smart mobile phone or other device identification strings etc..
After request message MSG_A1 is opened in the described mandate of formation, described first terminal can send the described mandate request of opening and disappear Breath MSG_A1.Concrete transmission mode can include that broadcasting described mandate by WIFI or bluetooth etc. opens request message MSG_A1, naturally it is also possible to include other communication modes etc. utilizing dedicated channel or network.
First terminal can utilize the first device identification of the preset key of storage the first key to generating and first terminal to carry out Encryption, forms mandate and opens request message MSG_A1, it is possible to by broadcast or point-to-point etc. in the way of send described in award Power opens request message MSG_A1.
S2: the second terminal obtains mandate and opens request message, is decrypted by the preset key of storage, it is possible to according to described solution Close result judges whether to open device authorization.
Described second terminal can obtain the mandate of described first terminal transmission and open request message MSG_A1, it is possible to use storage Preset key key0 the mandate of described acquisition is opened request message MSG_A1 be decrypted;Described second terminal is according to institute The result stating deciphering judges whether to open device authorization.
Described second terminal can get described first terminal with acceptance and open with the mandate of broadcast or the transmission of point-to-point form Logical message.Described second terminal the most also prestores preset key key0, such as the wearable device such as Intelligent bracelet, intelligent watch In prestore when dispatching from the factory arrange preset key key0, the preset key in described second terminal can with described first terminal such as In smart mobile phone, the preset key of storage is identical, can complete information encryption or the deciphering of correspondence.Certain is embodiment at other In can also be for the key that is mutually matched.In actual applications, the preset key of the wearable device of described second terminal generally may be used To include the authentication secret of plant, the preset key of described first terminal can include first terminal by a certain application from specially Download with server or service provider side and obtain, naturally it is also possible to include the key of Default Value in advance.
Second terminal described herein can include but not limited to be loaded with the watch of Intelligent treatment chip, glasses, footwear, cap, The wearable device of clothing, jewelry, bracelet, suspension member etc..
Described second terminal can be decrypted by preset key key0 of storage after obtaining authorization request message MSG_A1.As Authorization request message MSG_A1 that the most described second terminal obtains is the message using preset key key0 to be encrypted equally, The most described second terminal can utilize preset key key0 of self to be decrypted successfully accordingly.If described second terminal Get uses forgery, terminal unit deception etc. to send the authorization request message of coming for illegal terminal equipment, and it is non-preset close Key key0 encryption, described second terminal can not successful decryption, then it can not be opened device authorization certification.Described Two terminal units can impose the whether deciphering of message successful decryption to judge according to the described mandate to obtaining please with the mandate obtained The terminal unit asking message corresponding is the most legal, legal, and it is opened device authorization, it is allowed to carry out authorization identifying with it;No Then can be regarded as illegal terminal equipment, it can be carried out authorization requests refusal, shielding etc. and process.
Described second terminal can obtain mandate and open request message MSG_A1, is decrypted it, it is possible to according to deciphering Result judges whether to open device authorization, if allow the equipment opening request message MSG_A1 with the mandate obtained to authorize Certification.
S3: the result in described deciphering be successfully time, send the second terminal described in the first double secret key utilizing described deciphering to obtain Second device identification is encrypted the mandate of generation and opens results messages.
Result in described deciphering be successfully time, described second terminal can open device authorization;Described second terminal utilizes described Second device identification auth_divice_id of described second terminal is encrypted by the first key key0 that deciphering obtains, and formation is awarded Power opens results messages MSG_B1, and sends described mandate and open results messages MSG_B1.If described second terminal utilizes Request message MSG_A1 successful decryption, the most described second terminal are opened in the mandate obtained by preset key key0 of self storage Equipment can open the service of device authorization, it is allowed to the information carrying out authorization identifying with other-end equipment is mutual.
In the application preferred embodiment, under terminal unit one-to-many or multi-to-multi application scenarios, the application is preferred Embodiment provides a kind of authentication method distinguishing different terminal equipment based on device identification.Concrete, the result in described deciphering is During success, described second terminal is opened device authorization and be may include that
Result in described deciphering be successfully time, the first device identification that described second terminal obtains based on described deciphering is to described the One terminal opens device authorization.
When request message MSG_A1 success is opened in the mandate of first terminal described in the most described second terminal deciphering, can obtain To the first device identification of described first terminal equipment, can store in locally applied file, the most described second terminal is open-minded Could be arranged to the first device identification according to this successful decryption during device authorization the terminal that described first device identification is corresponding is set The standby service opening device authorization certification, it is allowed to described second terminal and this first terminal carry out the interacting message of authorization identifying.Institute State the second terminal still to obtain the mandate of other-end equipment when described first terminal is opened device authorization and open request Message MSG_A1, but the terminal unit that the authorization request message of non-successful decryption is corresponding can not opened device authorization, it is possible to The second terminal unit is not deciphered or the terminal unit such as Unrecorded device identification does not open device authorization.
After successful decryption described above, described second terminal can complete to open described first terminal the certification of authorization requests, The most described second terminal further can carry out Registration Authentication to described first terminal, may be used for described first terminal to institute State the second terminal to carry out registering, identifying and open authorization identifying, complete described first terminal to described second terminal registration registration, Open device authorization certification etc..Second terminal described in the present embodiment can utilize described open mandate to ask message MSG_A1 Second device identification auth_divice_id of described second terminal is encrypted by the first key key1 that deciphering obtains, and formation is awarded Power opens results messages MSG_B1.Described second terminal equally broadcast in the way of WIFI or bluetooth, or Send described mandate with other point-to-point communication modes and open results messages MSG_B1.Wearable in majority such as Intelligent bracelet etc. Second terminal of equipment can be provided with short distance or mobile communications network or the module of proprietary data communication network, permissible Realize the information communication between described first terminal and described second terminal, complete information mutual.
Described second terminal can utilize the first key of acquisition to encrypt described second device identification when described successful decryption, will receive Take away logical results messages and feed back to described first terminal.
S4: first terminal obtains mandate and opens results messages, is decrypted with described first key;If successful decryption, the most open-minded Device authorization.
Described first terminal can receive the mandate of the described second terminal transmission of acquisition and open message, and such as smart mobile phone passes through bluetooth Scanning acquires the wearable device Authorization result message by Bluetooth broadcast.Described second terminal can utilize described generation The mandate that first key key1 docking results take is opened results messages MSG_B1 and is decrypted.If successful decryption, the most permissible Represent that the second terminal unit sending described Authorization result message is reliable, the relevant information of described second terminal can be registered, Second device identification auth_divice_id of the such as second terminal unit, it is possible to open device authorization, is used for and wearable device Carry out the interacting message of authorization identifying, complete the certification that the device authorization of the second terminal is opened.
In preferred embodiment, at successful decryption described in described first terminal, open device authorization and may include that described first During terminal unit successful decryption, the described second device identification auth_divice_id obtained based on described deciphering is whole to described second End opens device authorization.
When deciphering the second authorization terminal deciphering message MSG_B1 success of wearable device such as the first terminal of smart mobile phone, permissible Obtain the device identification of described wearable device, can smart mobile phone side registration storage can with the device identification of wearable device, The first described key key1 can also be stored simultaneously.So, smart mobile phone can obtain and store the equipment mark of wearable device Knowing, only device identification to described storage can open device authorization, open device authorization to strengthen be that point-to-point type is opened by open Logical device authorization, can effectively stop illegal wearable device to open device authorization authentication service, improve terminal unit two-way authentication Safety.
After the above-mentioned message interaction process opening authorization identifying, described first terminal such as smart mobile phone can obtain and store There is the second device identification auth_divice_id of the second terminal such as Intelligent bracelet etc., it is possible to the first of the described generation that storage generates Key key1;Described second terminal can also store the device identification of described first terminal such as smart mobile phone equally App_divice_id and described first key key1, completes described first terminal and the second terminal opens the two-way authentication of device authorization. Compared to traditional only wearable device unidirectional authorization identifying to smart mobile phone or server etc., the embodiment of the present application is authorizing First carry out opening the two-way authentication of device authorization before certification, the safety of terminal device authentication mandate can be increased substantially.
First terminal described above and the second terminal are two-way open device authorization services/functionalities after, device authorization can be carried out and recognize Card.Fig. 2 is the method flow schematic diagram of a kind of embodiment of a kind of terminal device authentication method described herein, as in figure 2 it is shown, The method carrying out authorization identifying after described first terminal and the second terminal unit open authorization identifying function may include that
The second key and the first device identification of first terminal that first double secret key of S1 ': first terminal transmission storage generates are carried out The authorization request message that encryption generates.
First terminal can be with the first key key1 of storage the second key key2 to generating and the first equipment mark of first terminal Know app_divice_id and be encrypted formation authorization request message MSG_A2, and send described authorization request message MSG_A2.
Described first terminal can utilize the application on described first terminal to generate the second key key2, the second key of described generation Key2 can include authentication secret that is random or that generate according to pre-defined algorithm, concrete be referred to above-mentioned first terminal and open and set The the first key key1 generated in standby licensing process, does not repeats at this.Described in aforementioned, first terminal is when opening device authorization Generating the first key key1, and stored, first terminal described herein can utilize described the to generate described in double secret key The second key key2 and the first device identification app_divice_id of described first terminal be encrypted, formed wearable Authorization request message MSG_A2 of second terminal such as equipment, it is possible to by WIFI or bluetooth, the short haul connection side such as infrared Formula or point-to-point or other private communication modes send described authorization request message MSG_A2, for described second terminal receiving area Reason.
S2 ': the second terminal obtains authorization request message, is decrypted with the first key of storage;When described successful decryption, sentence Disconnected whether storage deciphers, with described, the first authorisation device mark that the first device identification obtained is corresponding.
Described second terminal can obtain authorization request message MSG_A2, and with the first key key1 of storage to described acquisition Authorization request message MSG_A2 be decrypted.Described first device identification described deciphering obtained when described successful decryption First authorisation device mark Pre_app_divice_id of app_divice_id and storage compares, it may be judged whether have and described the One the first corresponding for device identification app_divice_id authorisation device mark Pre_app_divice_id.The second described terminal can Thinking wearable device, concrete can including but not limited to is loaded with the watch of Intelligent treatment chip, glasses, footwear, cap, clothes The wearable device of dress, jewelry, bracelet, suspension member etc..
In the present embodiment, the first terminal of smart mobile phone can be authenticated by the second terminal of wearable device.Described in aforementioned Two terminals can obtain the first key key1 that first terminal sends, described second terminal during opening device authorization request Can receive and obtain authorization request message MSG_A2 that first terminal sends, then can utilize described first key key1 pair Described authorization request message MSG_A2 is decrypted.If deciphering unsuccessfully, described first terminal is set by the most described second terminal Standby authorization failure.
If successful decryption, then the first device identification that can the deciphering of described authorization request message MSG_A2 will be obtained App_divice_id compares with device identification that is that obtain when opening device authorization service and that store, it may be judged whether award with opening Device identification during power service is consistent.Aforementioned second terminal unit can obtain the first of storage first terminal when opening device authorization Device identification, can identify described first device identification of described second terminal storage as the first authorisation device herein Pre_app_divice_id, is labeled as the mark of reliable terminal unit.Certainly, one-to-many or multipair is faced at terminal unit Under many application scenarios, described second terminal can store multiple described first authorisation device mark, and each described first is awarded Power device identification can a corresponding first terminal equipment.Described second terminal can be by described first device identification App_divice_id compares with described first authorisation device mark Pre_app_divice_id, it may be judged whether storage has with described First the first corresponding for device identification app_divice_id authorisation device mark Pre_app_divice_id.
If it is judged that for not having, even if then to described authorization messages MSG_A2 successful decryption, it is also possible to arrange not to described Described in authorization messages, the first terminal corresponding to the first device identification app_divice_id does not authorizes, or the second terminal pair The failure of described first terminal authorization identifying.
S3 ': be sometimes in described judged result, described first terminal is carried out by described second terminal based on described first device identification Authorize, and send the second device identification of the second terminal described in the second double secret key obtained with described deciphering and be encrypted awarding of generation Power results messages.
Certainly, be sometimes in described judged result, described second terminal based on described first device identification app_divice_id to institute State first terminal to authorize;Described second terminal utilizes the second key key2 of deciphering acquisition second to described second terminal Device identification auth_divice_id is encrypted, and forms Authorization result message MSG_B2, and sends described Authorization result message MSG_B2。
Concrete, described second terminal can based on obtaining first terminal described in described first device identification app_divice_id labelling, First terminal is authorized.After described in the embodiment of the present application, the second terminal carries out authorization identifying to described first terminal, institute State first terminal and also need to described second terminal is carried out reverse certification, improve authorization identifying between smart mobile phone and wearable device Safety and reliability.Therefore, the second key key2 encryption that described second terminal can utilize described deciphering to obtain is described Second device identification auth_divice_id of the second terminal, forms the Authorization result message feeding back to described first terminal MSG_B2.Certainly, described second terminal can send described Authorization result message MSG_B2, concrete interacting message transmission Mode is referred to first terminal and the second terminal message interactive mode in other embodiments of the application, does not repeats at this.
S4 ': first terminal obtains Authorization result message, is decrypted with described second key;When successful decryption, it may be judged whether Storage has the second authorisation device mark corresponding with the second device identification of described deciphering acquisition, and true based on described judged result Determine whether described second terminal to be authorized.
Described first terminal can obtain Authorization result message MSG_B2, and authorizes knot with described second key key2 to described Really message MSG_B2 is decrypted;When successful decryption by described deciphering obtain the second device identification auth_divice_id with Second authorisation device mark Pre_auth_divice_id of storage compares, it may be judged whether have and described second device identification The second corresponding for auth_divice_id authorisation device mark Pre_auth_divice_id, and determine whether based on described judged result Described second terminal is authorized.
Described first terminal can obtain Authorization result message MSG_B2 by WIFI or bluetooth etc., and utilizes described generation The second key key2 be decrypted.If successful decryption, then can the deciphering of described Authorization result message MSG_B2 will be obtained The the second device identification auth_divice_id taken compares with device identification that is that obtain when opening device authorization service and that store, Judge whether to be consistent with device identification when opening authorization service.Aforementioned first terminal equipment can obtain also when opening device authorization Storing the second device identification of the second terminal, described second device identification that herein can be stored by described first terminal is as second Authorisation device mark Pre_auth_divice_id, is labeled as the mark of reliable terminal unit.Certainly, one is faced at terminal unit To under the many or application scenarios of multi-to-multi, described first terminal can store multiple described second authorisation device mark, each Individual described second authorisation device mark can corresponding second terminal unit, as storage have Intelligent bracelet, the second of intelligent watch Authorisation device mark etc..Described second device identification auth_divice_id can be authorized with described second and set by described first terminal Standby mark Pre_auth_divice_id compares, it may be judged whether storage has and described second device identification auth_divice_id phase The second corresponding authorisation device mark Pre_auth_divice_id.
Further, based on described judged result, described first terminal can determine whether that setting terminal to described second authorizes. If described judged result is for having, described second terminal is authorized by the most described first terminal.Such as smart mobile phone judges to obtain The second device identification of Intelligent bracelet when opening with authorization identifying the second authorisation device mark of the Intelligent bracelet of storage identical, then Described Intelligent bracelet can be authorized by described smart mobile phone in the second device identification based on described Intelligent bracelet, completes described The authorization identifying of Intelligent bracelet.The most described first terminal can perform the corresponding Authorized operation to the second terminal.Certainly, as The most described judged result is that the second authorisation device of the second Terminal Equipment Identifier and the storage that obtain identifies and do not corresponds, then to described the Two authorization terminal failures.
The application provide a kind of terminal device authentication method, can first carry out before terminal device authentication device authorization open please The certification asked, opens want the terminal unit of equipment to foreclose by not meeting device authorization, can avoid illegal terminal the most in advance Device authorization is opened in requirement.During device authorization certification, the especially client of wearable device and the clothes of intelligent terminal The authorization identifying of business device end have employed based on preset key and the first key of generation, the two-way authentication of the second key, compared to biography The wearable device of system only unilateral authentication to server end is greatly improved the safety and reliability of authentication between devices, can To be prevented effectively from wearable device by malice fishing, terminal deception etc..
The checking condition code that prior art generally uses during authorization identifying is changeless condition code, once condition code quilt Stealing, assailant can be caused to utilize the condition code of acquisition to obtain the authority of terminal unit, security reliability is poor.Herein described A kind of terminal device authentication method also provide for a kind of preferred embodiment, in this preferred embodiment, carry out two-way authorization and recognize The terminal unit of card can convert authentication secret during authorization identifying each time, and so, the authentication secret dynamically updated is permissible Increase substantially the safety of the authorization identifying of terminal unit.Fig. 3 is that the application one terminal device authentication method another kind is implemented The schematic flow sheet of example, as it is shown on figure 3, described a kind of terminal device authentication method can also include:
S5 ': have and described first the first corresponding for device identification app_divice_id mandate in described second terminal judges storage During device identification Pre_app_divice_id, described second key key2 is replaced described first key key1;
Judge that storage has corresponding for the second device identification auth_divice_id the obtained with described deciphering at described first terminal During two authorisation device mark Pre_auth_divice_id, described second key key2 is replaced described first key key1.
Described preferred embodiment in, the newest authorization identifying, described first terminal can generate new second and test Card key, after one-time authentication, the second new authentication secret can described second terminal can be replaced current by described first terminal The first authentication secret as update after described first key.Terminal device authentication side described in the application preferred embodiment Method uses authentication secret dynamically to update, it is provided that the safety of terminal unit authorization identifying.
In conventional terminal unit checking, especially set with wearable such as intelligent terminal (smart mobile phone, panel computer etc.) Checking between standby (Intelligent bracelet, intelligent watch etc.) uses WIFI more, or Bluetooth communication etc., such short distance is believed Breath transmission belongs to the mode that channel safety rank is relatively low in modern communication technology, is not easily hacked person and blocks in message transmitting procedure Cutting, the information of transmission is easily stolen or forges.Herein described a kind of terminal device authentication method is another kind of preferably to be implemented In example, it is also possible to further add additional identification information in the information content of terminal unit transmission, it is ensured that what information received can By property, improve the safety and reliability of information transmission further.
Fig. 4 is the method flow schematic diagram of herein described a kind of terminal device authentication method another kind embodiment, as shown in Figure 4, Described a kind of terminal device authentication method can also include:
S6 ': the authorization request message sent at described first terminal adds described first double secret key according to adding that pre-defined rule generates The information that information is encrypted;
Add, in the Authorization result message that described second terminal returns, the letter utilizing described second key to encrypt described additional information Breath;
Accordingly, described first terminal also judges the additional information that described deciphering obtains when deciphering described Authorization result message success The most identical with additional information when sending authorization request message, and determine whether described second terminal according to described judged result Authorize.
The additional information of described interpolation generally can include but not limited to that (a string random number may be used for adding challenge code challenge Close message, it is to avoid the defeated cleartext information of communication links), summary digest (accounts information that user logs in, session id etc.) Deng.The present embodiment can add in the information of transmission the checking information of the adnexa such as challenge code, summary, can be to transmission Message be encrypted, it is possible to effectively stop assailant to send the packet that terminal unit had received, reach fraud system Purpose, the authorization identifying of wearable device can be effectively improved the correctness of authorization identifying.
Based on a kind of terminal device authentication method described herein, the application provides a kind of terminal device authentication device.Fig. 5 is The modular structure schematic diagram of herein described a kind of terminal device authentication device, as it is shown in figure 5, described device may include that
First memory element 101, may be used for the second authorisation device mark of the second terminal of the first key of storage generation, acquisition Know;
First ciphering unit 102, may be used for generating the second key, and utilizes the second key described in described first double secret key and obtain The first device identification taken is encrypted, and generates authorization request message;
First communication module 103, may be used for sending described authorization request message, it is also possible to for receiving what the second terminal sent Authorization result message.In concrete implementation process, described communication module can include WIFI communication module, or based on short The bluetooth of distance communication, infrared communication module etc., naturally it is also possible to include 2G/3G/4G and the shifting of more highest version communication protocol Dynamic communication network module and wire communication module.
First deciphering judging unit 104, may be used for utilizing Authorization result message described in described second double secret key to be decrypted, and When successful decryption, it is judged that the second device identification that whether described first memory element 101 stores with described deciphering obtains is relative The the second authorisation device mark answered;
First authorization module 105, may be used for judged result based on described first deciphering judging unit 104 and determines whether institute State the second terminal to authorize.
A kind of terminal device authentication device described in the present embodiment may be used for the such as intelligence can being authenticated with wearable device The terminal units such as mobile phone, panel computer or special server, can be effective, safe wearable device carried out equipment award Power certification, improves the safety of device authorization certification.
In herein described a kind of terminal device authentication device another kind preferred embodiment, the of described memory element 101 storage One key can also dynamically update, and all carries out key updating in device authorization certification each time, and the equipment that can increase substantially is awarded The safety and reliability of power certification.Fig. 6 is the module knot of herein described a kind of terminal device authentication device another kind embodiment Structure schematic diagram, as shown in Figure 6, terminal device authentication device described in preferred embodiment can also include:
First key updating module 106, may be used for deciphering the judged result of judging unit 104 for sometimes by institute described first State the first key of described first memory element 101 storage of the second key replacement that the first ciphering unit 102 generates.
For ensureing the synchronized update of the termination authentication secret of authorization identifying, the first key updating module described in the present embodiment At described first deciphering judging unit 104,106 can judge whether described first memory element 101 has stored obtains with described deciphering During corresponding the second authorisation device mark of the second device identification of taking, the second key that described first ciphering unit 102 generates is replaced Change the first key of described first memory element 101 storage.If described judged result is for having, then can receive authorization requests and disappear Second terminal of breath has passed through authorization identifying, and it is close that the authentication secret prestored in the second terminal the such as first key is also updated to second Key, then the concordance of key when can ensure the bidirectional terminal equipment encrypting and decrypting of authorization identifying when authorization identifying next time.
In the another kind of embodiment of the application, for strengthening the peace of the terminal equipment in communication channel information transmission of authorization identifying further Quan Xing, Fig. 7 are the modular structure schematic diagrams of herein described a kind of terminal device authentication device another kind embodiment, such as Fig. 7 institute Showing, described a kind of terminal device authentication device can also include:
Additional information module 107, may be used for adding described first double secret key in described authorization request message raw according to pre-defined rule The information that the additional information become is encrypted;
Accordingly, when deciphering described Authorization result message success, described first deciphering judging unit 104 also judges that described deciphering obtains The additional information taken is the most identical with the additional information of described interpolation to authorization request message, described first authorization module 105 basis The judged result of described additional information determines whether to authorize described second terminal.
In a kind of embodiment of terminal device authentication device described herein, the second described terminal can be wearable setting Standby, concrete the second described terminal can include but not limited to be loaded with the watch of Intelligent treatment chip, glasses, footwear, cap, Clothing, jewelry, bracelet, the wearable device of suspension member.
Terminal unit resistive thermal device described above may be used for the such as smart mobile phone, flat board can being authenticated with wearable device The terminal units such as computer or special server, accordingly, the application also provides for one and may be used for such as intelligent watch, intelligence The device being authenticated in the terminal unit of the wearable devices such as energy bracelet, for setting the such as terminal such as smart mobile phone, server For carrying out authorization identifying.Fig. 8 is the modular structure schematic diagram of herein described a kind of a kind of embodiment of terminal device authentication device, As shown in Figure 8, described device may include that
Second communication module 201, may be used for receiving authorization request message and the transmission Authorization result message that first terminal sends;
Second memory element 202, may be used for the first authorisation device mark and the first key of the first terminal that storage obtains;
Second deciphering judging unit 203, may be used for utilizing authorization request message described in the first double secret key stored to be decrypted, And when successful decryption, it is judged that whether described second memory element 202 stores first corresponding with described first device identification Authorisation device identifies;
Second authorization module 204, can determine whether described the based on the judged result of described second deciphering judging unit 203 Corresponding to one device identification, described first terminal authorizes.
Second ciphering unit 205, may be used for deciphering the judged result of judging unit 203 for sometimes, utilizing institute described second The second device identification stating the second terminal described in the second double secret key is encrypted generation Authorization result message.
The device of the terminal device authentication that the present embodiment provides, can award requests such as smart mobile phones in the terminal of wearable device The terminal unit of power is authenticated, and completes the two-way authorization certification of terminal unit.Can utilize in the present embodiment to open to authorize and ask The the first secret key decryption authorization request message obtained when asking obtains the first device identification, and by itself and the first authorisation device mark stored Knowledge compares, and then judges that the first terminal that request authorizes is the most legal, and determines whether first terminal according to judged result Authorize.So can with the terminal unit of wearable device in can effectively to request the intelligent terminal of authorization identifying, server Etc. carrying out reverse certification, improve the safety of terminal unit authorization identifying.
In preferred embodiment, the device of the terminal device authentication that may be used for wearable device described above can also be verified The dynamic renewal of key, improves the safety and reliability of terminal unit authorization identifying.Fig. 9 is that herein described a kind of terminal sets The modular structure schematic diagram of standby certification device another kind embodiment, as it is shown in figure 9, described device can also include:
Second key updating module 206, may be used for deciphering judging unit 203 described second and judges described second memory element Described deciphering is obtained when having the first authorisation device mark corresponding with the first device identification of described deciphering acquisition by 202 storages Second key replaces the first key of described second memory element 201 storage.
As described in aforementioned, after the second terminal deciphering success, when the first key of storage can be replaced by deciphering authorization request message The second key obtained, it is achieved the dynamic renewal of authentication secret in terminal unit authorization identifying, it is provided that the safety of proof procedure and Reliability.
Figure 10 is the modular structure schematic diagram of herein described a kind of terminal device authentication device another kind embodiment, such as Figure 10 institute Show that in another kind of preferred embodiment, described device can also include:
Additional information processing module 207, may be used for adding utilize described deciphering to obtain second in described Authorization result message The information of the additional information that the described deciphering of key encryption obtains.
In the transmission message of terminal unit authorization identifying, add the transmission message that additional information is possible to prevent to forge, strengthen further The safety of the terminal equipment in communication channel information transmission of authorization identifying.
Based on the first terminal equipment that may be used for wearable device described herein and smart mobile phone, panel computer, server The terminal device authentication device of the second terminal unit, the application provides a kind of terminal device authentication system, and described system is concrete May include that
First terminal, may be used for the second key and the first equipment mark of first terminal of the first double secret key generation of transmission storage Know the authorization request message being encrypted generation;Can be also used for obtaining the Authorization result message that the second terminal sends, and with described Second key is decrypted;Can be also used for when successful decryption, it may be judged whether storage has the second equipment obtained with described deciphering Identify the second corresponding authorisation device mark, and determine whether described second terminal is authorized based on described judged result;
Second terminal, may be used for first terminal and sends acquisition authorization request message, and be decrypted with the first key of storage; Can be also used for when described successful decryption, it may be judged whether described first device identification that storage has with described deciphering obtains is corresponding First authorisation device mark;Can be also used in described judged result as sometimes, based on described first device identification to described the One terminal authorizes, and sends the second device identification of the second terminal described in the second double secret key obtained with described deciphering and add The Authorization result message of close generation.
In above-mentioned a kind of terminal device authentication system preferred embodiment, it is also possible to including:
Judging that storage has second mandate corresponding with the second device identification of described deciphering acquisition to set for described first terminal By the device of described second key described first key of replacement during standby mark:
For described second terminal when judging to have corresponding with described first device identification the first authorisation device mark by described Second key replaces the device of described first key.
Terminal device authentication system described in above-described embodiment, it is possible to achieve two-way authorization certification between terminal unit, it is provided that set The safety of standby authorization identifying, the authentication secret used in preferred embodiment dynamically updates, and can improve device authorization further The safety and reliability of certification.
The application also provides for one can carry out opening device authorization certification terminal device authentication system before authorization identifying, permissible Ensure that the terminal unit asking to carry out authorization identifying therewith has permission and carry out authorization identifying.Therefore, a kind of terminal that the application provides Concrete may include that of device authentication system
First terminal, may be used for transmission storage preset key to generate the first key and the first equipment mark of first terminal Knowledge is encrypted the mandate of generation and opens request message;Can be additionally used in acquisition the second terminal transmission mandate and open results messages, and use Authorize described in described first double secret key and open results messages;If successful decryption, then open device authorization;
Second terminal, the mandate that may be used for obtaining first terminal transmission is opened request message, is solved by the preset key of storage Close, and judge whether to open device authorization according to the result of described deciphering;Can be also used for the result of described deciphering be successfully time, Send the mandate utilizing the second device identification of the second terminal described in described the first double secret key deciphered and obtain to be encrypted generation to open Logical results messages.
In preferred embodiment, can also include in described terminal device authentication system following at least one.
For described second device identification based on described deciphering acquisition when described first terminal is at described successful decryption to described Second terminal opens the device of device authorization;
For the first device identification pair obtained based on described deciphering when the result of described deciphering is successfully in described second terminal Described first terminal opens the device of device authorization.
In terminal device authentication system described above second terminal can include but not limited to be loaded with Intelligent treatment chip watch, Glasses, footwear, cap, clothing, jewelry, bracelet, the wearable device of suspension member.
The application provide terminal device authentication method, Apparatus and system, it is possible to achieve open between multiple terminals device authorization and The two-way authentication of device authorization, substantially increases compared to the unilateral authentication of the especially wearable device of terminal unit in prior art The safety of terminal device authentication.
Although it is mutual to mention information based on the message transmission such as mobile communications network, WIFI, bluetooth etc in teachings herein, but It is that the application is not limited to must be the situation of the Data Transport Protocol of complete standard.Revise slightly on the basis of some agreement After transmission mechanism can also carry out the scheme of each embodiment of above-mentioned the application.Certainly, even if not using above-mentioned general or standard Agreement, but use proprietary protocol, as long as the information meeting the application the various embodiments described above is mutual and information judges feedback system, Still can realize identical application, not repeat them here.
Unit that above-described embodiment illustrates or module, specifically can be realized by computer chip or entity, or by having certain merit The product of energy realizes.For convenience of description, it is divided into various module to be respectively described with function when describing apparatus above.Certainly, The function of each module can be realized in same or multiple softwares and/or hardware when implementing the application, it is also possible to will realize same The module of one function is realized by the combination of multiple submodules or subelement.
It is also known in the art that in addition to realizing controller in pure computer readable program code mode, the most permissible Make controller with gate, switch, special IC, FPGA control by method step carries out programming in logic The form of device processed and embedding microcontroller etc. realizes identical function.The most this controller is considered a kind of Hardware Subdivision Part, and its inside is included can also be considered as the structure in hardware component for the device realizing various function.Or even, In can being considered as the device being used for realizing various function not only can being the software module of implementation method but also can being hardware component Structure.
The application can be described in the general context of computer executable instructions, such as program module. Usually, program module include perform particular task or realize the routine of particular abstract data type, program, object, assembly, Data structure, class etc..The application can also be put into practice in a distributed computing environment, in these distributed computing environment, by The remote processing devices connected by communication network performs task.In a distributed computing environment, program module can position In the local and remote computer-readable storage medium including storage device.
As seen through the above description of the embodiments, those skilled in the art it can be understood that to the application can be by soft Part adds the mode of required general hardware platform and realizes.Based on such understanding, the technical scheme of the application is the most in other words The part contributing prior art can embody with the form of software product, and this computer software product can be stored in In storage medium, such as ROM/RAM, magnetic disc, CD, intelligent chip etc., including some instructions with so that a computer Equipment (can be personal computer, mobile terminal, server, wearable device, or the network equipment etc.) performs the application The method described in some part of each embodiment or embodiment.
Each embodiment in this specification uses the mode gone forward one by one to describe, and between each embodiment, same or analogous part is mutual Seeing, what each embodiment stressed is the difference with other embodiments.The application can be used for numerous general or Special computer system or include Intelligent treatment chip terminal environment or configuration in.Such as: personal computer, server Computer, handheld device or portable set, laptop device, multicomputer system, system based on microprocessor, can compile The electronic equipment of journey, network PC, minicomputer, mainframe computer, wearable device etc. and include any of the above system or Distributed computing environment of equipment etc..
Although depicting the application by embodiment, it will be appreciated by the skilled addressee that the application have many deformation and a change and Without departing from spirit herein, it is desirable to appended claim includes that these deformation and change are without deviating from spirit herein.

Claims (22)

1. a terminal device authentication method, it is characterised in that described method includes:
First key of generation and the first device identification of first terminal are added by the preset key of first terminal transmission storage Request message is opened in the mandate of close generation;
Second terminal obtains mandate and opens request message, is decrypted by the preset key of storage, and according to the result of described deciphering Judge whether to open device authorization;
Result in described deciphering be successfully time, send utilize described deciphering obtain the first double secret key described in the second terminal second Device identification is encrypted the mandate of generation and opens results messages;
First terminal obtains mandate and opens results messages, and opens results messages solve with authorizing described in described first double secret key Close;If successful decryption, then open device authorization.
2. a kind of terminal device authentication method as claimed in claim 1, it is characterised in that the second described terminal includes dress Carry the wearable device of the watch of Intelligent treatment chip, glasses, footwear, cap, clothing, jewelry, bracelet, suspension member.
3. a kind of terminal device authentication method as claimed in claim 1 or 2, it is characterised in that in the result of described deciphering For time successful, described second terminal is opened device authorization and is included:
Result in described deciphering be successfully time, the first device identification that described second terminal obtains based on described deciphering is to described the One terminal opens device authorization.
4. a kind of terminal device authentication method as claimed in claim 1 or 2, it is characterised in that described in described first terminal Successful decryption, opens device authorization and includes:
When described first terminal successful decryption, described second terminal is opened by described second device identification obtained based on described deciphering Logical device authorization.
5. a terminal device authentication method, it is characterised in that described method includes:
The second key and the first device identification of first terminal that first double secret key of first terminal transmission storage generates add The authorization request message of close generation;
Second terminal obtains authorization request message, is decrypted with the first key of storage;When described successful decryption, it is judged that be No storage has the first authorisation device mark corresponding with the first device identification of described deciphering acquisition;
Being sometimes in described judged result, described first terminal is awarded by described second terminal based on described first device identification Power, and send the mandate being encrypted generation with the second device identification of the second terminal described in described the second double secret key deciphered and obtain Results messages;
First terminal obtains Authorization result message, is decrypted with described second key;When successful decryption, it may be judged whether storage There is the second authorisation device mark corresponding with the second device identification that described deciphering obtains, and determine based on described judged result and be No described second terminal is authorized.
6. a terminal device authentication method, it is characterised in that described method includes:
The second key and the first device identification of first terminal that first double secret key of first terminal transmission storage generates add The authorization request message of close generation;
First terminal obtains the Authorization result message that the second terminal sends, and is decrypted with described second key;
Described first terminal is when described successful decryption, it may be judged whether the second device identification that storage has with described deciphering obtains is relative The the second authorisation device mark answered, and determine whether described second terminal is authorized based on described judged result.
7. a kind of terminal device authentication method as claimed in claim 6, it is characterised in that described method also includes:
Judge that storage has the second authorisation device mark corresponding with the second device identification of described deciphering acquisition at described first terminal During knowledge, described second key is replaced described first key.
8. a kind of terminal device authentication method as claimed in claim 6, it is characterised in that described method also includes:
The authorization request message sent at described first terminal adds the additional letter that described first double secret key generates according to pre-defined rule The information that breath is encrypted;
Accordingly, described first terminal also judges the additional information that described deciphering obtains when deciphering described Authorization result message success The most identical with the additional information of described interpolation to authorization request message, and determine whether described second according to described judged result Terminal authorizes.
9. a terminal device authentication method, it is characterised in that described method includes:
Second terminal obtains the authorization request message that first terminal sends, and is decrypted with the first key of storage;
Described second terminal is when described successful decryption, it may be judged whether the first device identification that storage has with described deciphering obtains is relative The the first authorisation device mark answered;
Described second terminal is sometimes in described judged result, awards described first terminal based on described first device identification Power, and send the mandate being encrypted generation with the second device identification of the second terminal described in described the second double secret key deciphered and obtain Results messages.
10. a kind of terminal device authentication method as claimed in claim 9, it is characterised in that described method also includes:
When described second terminal judges storage has the first authorisation device mark corresponding with described first device identification, by described Second key replaces described first key.
11. a kind of terminal device authentication methods as claimed in claim 9, it is characterised in that described method also includes:
Add, in the Authorization result message that described second terminal sends, the letter utilizing described second key to encrypt described additional information Breath.
12. a kind of terminal device authentication methods as claimed in claim 9, it is characterised in that
The second described terminal include being loaded with the watch of Intelligent treatment chip, glasses, footwear, cap, clothing, jewelry, bracelet, The wearable device of suspension member.
13. 1 kinds of terminal device authentication devices, it is characterised in that described device includes:
First memory element, for storing the second authorisation device mark of the second terminal of the first key of generation, acquisition;
First ciphering unit, for generating the second key, and utilizes the second key and the first of acquisition described in described first double secret key Device identification is encrypted, and generates authorization request message;
First communication module, is used for sending described authorization request message, is additionally operable to receive the Authorization result message that the second terminal sends;
First deciphering judging unit, is used for utilizing Authorization result message described in described second double secret key to be decrypted, and is being decrypted into During merit, it is judged that whether described first memory element stores second mandate corresponding with the second device identification of described deciphering acquisition Device identification;
First authorization module, determines whether to enter described second terminal for judged result based on described first deciphering judging unit Row authorizes.
14. a kind of terminal device authentication devices as claimed in claim 13, it is characterised in that described device also includes:
First key updating module, is sometimes by single for described first encryption for deciphering the judged result of judging unit described first The second key that unit generates replaces the first key of described first memory element storage.
The 15. a kind of terminal device authentication devices as described in claim 13 or 14, it is characterised in that described device also includes:
Additional information module, for adding described first double secret key according to adding that pre-defined rule generates in described authorization request message The information that information is encrypted;
Accordingly, described first deciphering judging unit also judges what described deciphering obtained when deciphering described Authorization result message success Additional information is the most identical with the additional information of described interpolation to authorization request message, and described first authorization module is according to described additional The judged result of information determines whether to authorize described second terminal.
16. 1 kinds of terminal device authentication devices, it is characterised in that described device includes:
Second communication module, for receiving authorization request message and the transmission Authorization result message that first terminal sends;
Second memory element, for storing the first authorisation device mark and the first key of the first terminal of acquisition;
Second deciphering judging unit, for utilizing authorization request message described in the first double secret key of storage to be decrypted, and in deciphering During success, it is judged that whether described second memory element stores the first authorisation device mark corresponding with described first device identification Know;
Second authorization module, judged result based on described second deciphering judging unit determines whether described first device identification institute Corresponding described first terminal authorizes.
Second ciphering unit, is sometimes for deciphering the judged result of judging unit described second, utilizes described second double secret key Second device identification of described second terminal is encrypted generation Authorization result message.
17. a kind of terminal device authentication devices as claimed in claim 16, it is characterised in that described device also includes:
For deciphering judging unit described second, second key updating module, judges that described second memory element storage has with described Deciphering obtain the first device identification corresponding first authorisation device mark time by described deciphering obtain second key replace institute State the first key of the second memory element storage.
The 18. a kind of terminal device authentication devices as described in claim 16 or 17, it is characterised in that described device also includes:
Additional information processing module, for adding the second key encryption utilizing described deciphering to obtain in described Authorization result message The information of the additional information that described deciphering obtains.
19. 1 kinds of terminal device authentication systems, it is characterised in that described system includes:
First terminal, enters for sending the first device identification of the second key and the first terminal generated with the first double secret key of storage The authorization request message that row encryption generates;It is additionally operable to obtain the Authorization result message that the second terminal sends, and with described second key It is decrypted;It is additionally operable to when successful decryption, it may be judged whether the second device identification that storage has with described deciphering obtains is corresponding Second authorisation device mark, and determine whether described second terminal is authorized based on described judged result;
Second terminal, sends for first terminal and obtains authorization request message, and be decrypted with the first key of storage;Also use When at described successful decryption, it may be judged whether storage has first corresponding with described first device identification of described deciphering acquisition to award Power device identification;It is additionally operable in described judged result as sometimes, based on described first device identification, described first terminal is awarded Power, and send the mandate being encrypted generation with the second device identification of the second terminal described in described the second double secret key deciphered and obtain Results messages.
20. a kind of terminal device authentication systems as claimed in claim 19, it is characterised in that described system also includes:
Judging that storage has second mandate corresponding with the second device identification of described deciphering acquisition to set for described first terminal By the device of described second key described first key of replacement during standby mark:
For described second terminal when judging to have the first authorisation device mark corresponding with described first device identification, by described Second key replaces the device of described first key.
21. 1 kinds of terminal device authentication systems, it is characterised in that described system includes:
First terminal, enters for sending the first device identification of the second key and the first terminal generated with the first double secret key of storage The authorization request message that row encryption generates;It is additionally operable to obtain the Authorization result message that the second terminal sends, and with described second key It is decrypted;It is additionally operable to when successful decryption, it may be judged whether the second device identification that storage has with described deciphering obtains is corresponding Second authorisation device mark, and determine whether described second terminal is authorized based on described judged result;
Second terminal, sends for first terminal and obtains authorization request message, and be decrypted with the first key of storage;Also use When at described successful decryption, it may be judged whether storage has first corresponding with described first device identification of described deciphering acquisition to award Power device identification;It is additionally operable in described judged result as sometimes, based on described first device identification, described first terminal is awarded Power, and send the mandate being encrypted generation with the second device identification of the second terminal described in described the second double secret key deciphered and obtain Results messages.
22. a kind of terminal device authentication systems as claimed in claim 21, it is characterised in that described system also includes following In at least one:
For described second device identification based on described deciphering acquisition when described first terminal is at described successful decryption to described Second terminal opens the device of device authorization;
For the first device identification pair obtained based on described deciphering when the result of described deciphering is successfully in described second terminal Described first terminal opens the device of device authorization.
CN201510115367.2A 2015-03-17 2015-03-17 A kind of terminal device authentication method, apparatus and system Active CN106034028B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910501817.XA CN110365484B (en) 2015-03-17 2015-03-17 Data processing method, device and system for equipment authentication
CN201510115367.2A CN106034028B (en) 2015-03-17 2015-03-17 A kind of terminal device authentication method, apparatus and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510115367.2A CN106034028B (en) 2015-03-17 2015-03-17 A kind of terminal device authentication method, apparatus and system

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN201910501817.XA Division CN110365484B (en) 2015-03-17 2015-03-17 Data processing method, device and system for equipment authentication

Publications (2)

Publication Number Publication Date
CN106034028A true CN106034028A (en) 2016-10-19
CN106034028B CN106034028B (en) 2019-06-28

Family

ID=57151061

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201910501817.XA Active CN110365484B (en) 2015-03-17 2015-03-17 Data processing method, device and system for equipment authentication
CN201510115367.2A Active CN106034028B (en) 2015-03-17 2015-03-17 A kind of terminal device authentication method, apparatus and system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN201910501817.XA Active CN110365484B (en) 2015-03-17 2015-03-17 Data processing method, device and system for equipment authentication

Country Status (1)

Country Link
CN (2) CN110365484B (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106792700A (en) * 2016-12-23 2017-05-31 北京握奇数据系统有限公司 The method for building up and system of a kind of secure communication environment of wearable device
CN106850209A (en) * 2017-02-28 2017-06-13 苏州福瑞思信息科技有限公司 A kind of identity identifying method and device
WO2018076291A1 (en) * 2016-10-28 2018-05-03 美的智慧家居科技有限公司 Method and system for generating permission token, and device
CN108256309A (en) * 2018-01-10 2018-07-06 飞天诚信科技股份有限公司 Hardware logs in the implementation method and device of windows10 system above
CN109271777A (en) * 2018-07-03 2019-01-25 华东师范大学 A kind of wearable device authentication method based on eye movement characteristics
CN109802827A (en) * 2018-12-19 2019-05-24 中国长城科技集团股份有限公司 Key updating method and key updating system
CN109936547A (en) * 2017-12-18 2019-06-25 阿里巴巴集团控股有限公司 Identity identifying method, system and calculating equipment
CN110278080A (en) * 2019-07-11 2019-09-24 珠海格力电器股份有限公司 Method, system and the computer readable storage medium of data transmission
CN111163468A (en) * 2018-11-08 2020-05-15 北京华为数字技术有限公司 Communication connection method and device
CN111585939A (en) * 2019-02-18 2020-08-25 深圳市致趣科技有限公司 Method and system for end-to-end identity authentication and communication encryption between Internet of things devices
CN112532629A (en) * 2020-11-30 2021-03-19 航天信息股份有限公司 Data transmission method, device, equipment and medium
CN112565260A (en) * 2020-12-06 2021-03-26 武汉卓尔信息科技有限公司 Uplink and downlink data security isolation system and method based on edge computing gateway
CN113099446A (en) * 2021-04-02 2021-07-09 广东海聊科技有限公司 Safety verification method and system for Beidou short message terminal
CN113206817A (en) * 2020-02-03 2021-08-03 中移物联网有限公司 Equipment connection confirmation method and block chain network
CN114389813A (en) * 2021-11-26 2022-04-22 北京升明科技有限公司 Method, device, equipment and storage medium for access authorization of browser
CN115107701A (en) * 2022-07-26 2022-09-27 合众新能源汽车有限公司 Automobile anti-theft authentication method and system
WO2023029723A1 (en) * 2021-09-02 2023-03-09 中国电力科学研究院有限公司 Broadband cognitive radio communication method and system, device, and storage medium

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114640491A (en) * 2020-12-16 2022-06-17 深圳优地科技有限公司 Communication method and system
CN112632522A (en) * 2020-12-31 2021-04-09 深信服科技股份有限公司 Authorization method, authorization request method and related device
CN114301925B (en) * 2021-12-31 2023-12-08 展讯通信(天津)有限公司 Data transmission method and related equipment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1298229A (en) * 1999-11-25 2001-06-06 三星电子株式会社 Identification method for establishing connection between equipments
WO2003036867A1 (en) * 2001-10-26 2003-05-01 Ktfreetel Co., Ltd. System and method for performing mutual authentication between mobile terminal and server
CN101001143A (en) * 2006-01-12 2007-07-18 中兴通讯股份有限公司 Method for authenticating system equipment by terminal equipment
CN101784045A (en) * 2009-01-20 2010-07-21 英华达(上海)电子有限公司 Method and device for generating secrete key and method and device for loading secrete key
CN102752269A (en) * 2011-04-21 2012-10-24 中国移动通信集团广东有限公司 Cloud computing-based method and system for identity authentication and cloud server
JP2013179701A (en) * 2013-06-12 2013-09-09 Sony Corp Encryption device and method
CN103457915A (en) * 2012-06-01 2013-12-18 李俊霖 Military Internet of Things security protocol capable of being proved in formalized mode
CN104217230A (en) * 2014-08-29 2014-12-17 公安部交通管理科学研究所 Safety authentication method for hiding ultrahigh-frequency electronic tag identifier (TID)

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8065235B2 (en) * 2003-05-05 2011-11-22 International Business Machines Corporation Portable intelligent shopping device
CN100561916C (en) * 2006-12-28 2009-11-18 北京飞天诚信科技有限公司 A kind of method and system that upgrades authenticate key
CN101150397B (en) * 2007-10-25 2011-12-28 宇龙计算机通信科技(深圳)有限公司 Method and mobile terminal for secure communication between mobile terminal and computer
US8713661B2 (en) * 2009-02-05 2014-04-29 Wwpass Corporation Authentication service
CN101583124B (en) * 2009-06-10 2011-06-15 大唐微电子技术有限公司 Authentication method and system of subscriber identity module and terminal
CN103916840B (en) * 2012-12-30 2018-08-07 北京握奇数据系统有限公司 A kind of method that mobile device and external equipment are bound and verified
CN104158666A (en) * 2014-08-28 2014-11-19 电子科技大学 Method of implementing binding and authentication of intelligent bracelet and intelligent mobile terminal
CN104301886A (en) * 2014-10-21 2015-01-21 中国联合网络通信集团有限公司 Short message reading method and system, terminal and wearable device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1298229A (en) * 1999-11-25 2001-06-06 三星电子株式会社 Identification method for establishing connection between equipments
WO2003036867A1 (en) * 2001-10-26 2003-05-01 Ktfreetel Co., Ltd. System and method for performing mutual authentication between mobile terminal and server
CN101001143A (en) * 2006-01-12 2007-07-18 中兴通讯股份有限公司 Method for authenticating system equipment by terminal equipment
CN101784045A (en) * 2009-01-20 2010-07-21 英华达(上海)电子有限公司 Method and device for generating secrete key and method and device for loading secrete key
CN102752269A (en) * 2011-04-21 2012-10-24 中国移动通信集团广东有限公司 Cloud computing-based method and system for identity authentication and cloud server
CN103457915A (en) * 2012-06-01 2013-12-18 李俊霖 Military Internet of Things security protocol capable of being proved in formalized mode
JP2013179701A (en) * 2013-06-12 2013-09-09 Sony Corp Encryption device and method
CN104217230A (en) * 2014-08-29 2014-12-17 公安部交通管理科学研究所 Safety authentication method for hiding ultrahigh-frequency electronic tag identifier (TID)

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018076291A1 (en) * 2016-10-28 2018-05-03 美的智慧家居科技有限公司 Method and system for generating permission token, and device
WO2018113337A1 (en) * 2016-12-23 2018-06-28 北京握奇数据股份有限公司 Method and system for establishing secure communication environment for wearable device
CN106792700A (en) * 2016-12-23 2017-05-31 北京握奇数据系统有限公司 The method for building up and system of a kind of secure communication environment of wearable device
CN106850209A (en) * 2017-02-28 2017-06-13 苏州福瑞思信息科技有限公司 A kind of identity identifying method and device
CN109936547A (en) * 2017-12-18 2019-06-25 阿里巴巴集团控股有限公司 Identity identifying method, system and calculating equipment
US11509485B2 (en) 2017-12-18 2022-11-22 Alibaba Group Holding Limited Identity authentication method and system, and computing device
US11314853B2 (en) 2018-01-10 2022-04-26 Feitian Technologies Co., Ltd. Method and apparatus for implementing logging-on of hardware to windows system with version 10 or higher
CN108256309A (en) * 2018-01-10 2018-07-06 飞天诚信科技股份有限公司 Hardware logs in the implementation method and device of windows10 system above
WO2019137193A1 (en) * 2018-01-10 2019-07-18 飞天诚信科技股份有限公司 Implementation method and apparatus for windows10-or-higher system hardware login
CN108256309B (en) * 2018-01-10 2020-01-03 飞天诚信科技股份有限公司 Method and device for realizing system logging in windows10 or above
CN109271777A (en) * 2018-07-03 2019-01-25 华东师范大学 A kind of wearable device authentication method based on eye movement characteristics
CN111163468A (en) * 2018-11-08 2020-05-15 北京华为数字技术有限公司 Communication connection method and device
CN109802827A (en) * 2018-12-19 2019-05-24 中国长城科技集团股份有限公司 Key updating method and key updating system
CN111585939A (en) * 2019-02-18 2020-08-25 深圳市致趣科技有限公司 Method and system for end-to-end identity authentication and communication encryption between Internet of things devices
CN111585939B (en) * 2019-02-18 2023-04-14 深圳市致趣科技有限公司 End-to-end identity authentication and communication encryption method and system between Internet of things devices
CN110278080A (en) * 2019-07-11 2019-09-24 珠海格力电器股份有限公司 Method, system and the computer readable storage medium of data transmission
CN113206817A (en) * 2020-02-03 2021-08-03 中移物联网有限公司 Equipment connection confirmation method and block chain network
CN112532629A (en) * 2020-11-30 2021-03-19 航天信息股份有限公司 Data transmission method, device, equipment and medium
CN112565260A (en) * 2020-12-06 2021-03-26 武汉卓尔信息科技有限公司 Uplink and downlink data security isolation system and method based on edge computing gateway
CN113099446A (en) * 2021-04-02 2021-07-09 广东海聊科技有限公司 Safety verification method and system for Beidou short message terminal
CN113099446B (en) * 2021-04-02 2023-02-21 广东海聊科技有限公司 Safety verification method and system for Beidou short message terminal
WO2023029723A1 (en) * 2021-09-02 2023-03-09 中国电力科学研究院有限公司 Broadband cognitive radio communication method and system, device, and storage medium
CN114389813A (en) * 2021-11-26 2022-04-22 北京升明科技有限公司 Method, device, equipment and storage medium for access authorization of browser
CN115107701A (en) * 2022-07-26 2022-09-27 合众新能源汽车有限公司 Automobile anti-theft authentication method and system
CN115107701B (en) * 2022-07-26 2024-02-23 合众新能源汽车股份有限公司 Automobile anti-theft authentication method and system

Also Published As

Publication number Publication date
CN110365484A (en) 2019-10-22
CN106034028B (en) 2019-06-28
CN110365484B (en) 2023-01-20

Similar Documents

Publication Publication Date Title
CN106034028A (en) Terminal equipment authentication method, apparatus and system thereof
CN110177354A (en) A kind of wireless control method and system of vehicle
CN106101147B (en) A kind of method and system for realizing smart machine and the communication of remote terminal dynamic encryption
US11501294B2 (en) Method and device for providing and obtaining graphic code information, and terminal
CN109862040A (en) A kind of safety certifying method and Verification System
CN110290525A (en) A kind of sharing method and system, mobile terminal of vehicle number key
CN106603485A (en) Secret key negotiation method and device
CN111783068B (en) Device authentication method, system, electronic device and storage medium
WO2018127081A1 (en) Method and system for obtaining encryption key
CN105871920A (en) Communication system and method of terminal and cloud server as well as terminal and cloud server
CN110995710B (en) Smart home authentication method based on eUICC
CN105471974A (en) Intelligent equipment capable of realizing remote control, terminal equipment and method
CN106850664B (en) Internet of things terminal security control method and system based on intelligent mobile terminal
CN111918284B (en) Safe communication method and system based on safe communication module
CN111512608A (en) Trusted execution environment based authentication protocol
CN105100102A (en) Authority configuration method and device as well as information configuration method and device
CN106792700A (en) The method for building up and system of a kind of secure communication environment of wearable device
CN110278083A (en) ID authentication request treating method and apparatus, equipment replacement method and apparatus
CN109922022A (en) Internet of Things communication means, platform, terminal and system
CN103152326A (en) Distributed authentication method and authentication system
CN107786978B (en) NFC authentication system based on quantum encryption
CN117082501A (en) Mobile terminal data encryption method
CN104506509A (en) Multifunctional security authentication terminal and authentication method based on terminal
KR102053993B1 (en) Method for Authenticating by using Certificate
CN111274570A (en) Encryption authentication method and device, server, readable storage medium and air conditioner

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1229972

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200924

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200924

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee after: Advanced innovation technology Co.,Ltd.

Address before: Greater Cayman, British Cayman Islands

Patentee before: Alibaba Group Holding Ltd.