CN109510798A - Method for authenticating and control equipment, middle control service equipment - Google Patents

Method for authenticating and control equipment, middle control service equipment Download PDF

Info

Publication number
CN109510798A
CN109510798A CN201710828196.7A CN201710828196A CN109510798A CN 109510798 A CN109510798 A CN 109510798A CN 201710828196 A CN201710828196 A CN 201710828196A CN 109510798 A CN109510798 A CN 109510798A
Authority
CN
China
Prior art keywords
equipment
key
current time
service equipment
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710828196.7A
Other languages
Chinese (zh)
Inventor
宋起涛
兰海宇
李屹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Appotronics Technology Co Ltd
Original Assignee
Shenzhen Appotronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Appotronics Technology Co Ltd filed Critical Shenzhen Appotronics Technology Co Ltd
Priority to CN201710828196.7A priority Critical patent/CN109510798A/en
Priority to PCT/CN2017/114743 priority patent/WO2019052027A1/en
Publication of CN109510798A publication Critical patent/CN109510798A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Abstract

The present invention relates to a kind of method for authenticating, which comprises controls service equipment in foundation and controls the network connection between equipment;Equipment is controlled according to current time stamp and corresponding to the control password of the middle control service equipment, first key is generated using Encryption Algorithm, and the first key is sent to the middle control service equipment;The middle control service equipment receives the first key, and according to current time stamp and it is stored in the middle control password for controlling service equipment, second key is generated using the Encryption Algorithm as control equipment, received first key is compared with the second key generated to judge whether authentication succeeds.The present invention also provides control service equipment in one kind.The method for authenticating, middle control service equipment, control equipment, key is based on current time stamp and control password generates, and has higher safety.

Description

Method for authenticating and control equipment, middle control service equipment
Technical field
The present invention relates to middle control field more particularly to a kind of control equipment, middle control service equipment and its network connection authentication Method.
Background technique
Current most middle control service equipment (for example, projector) is all with network module, such as LAN or Wi-Fi module, in Control service equipment may be coupled to local area network or internet;In order to easy to control, the middle control service equipment of networking supports network control Agreement processed that is, can be with the equipment (such as computer, plate or cell phone apparatus) of local area network or internet such as the PJLINK agreement of standard Corresponding middle control service equipment is connected and controlled by network protocol TCP/UPD etc..
In order to guarantee network security, the safety of service equipment is controlled in protection, can generally be increased in Network Control Protocol Authentication mechanism could be connected and be controlled by the equipment of middle control service equipment authorization and control service equipment in this.Existing authentication machine System generallys use control password and is authenticated, but this authentication mechanism is easy to be stolen there are password leads to authentication security not It is high.
Summary of the invention
The present invention provides a kind of control equipment, middle control service equipment and its network connection method for authenticating.
A kind of method for authenticating is applied to middle control service equipment, the middle control service equipment and control equipment communication connection, institute The method of stating includes:
Establish the network connection with the control equipment;
The authentication order from the control equipment is received, the authentication order includes first key;
The second key is generated according to current time stamp and control password;And
Compare it is described authentication order in first key and generate the second key it is whether consistent, if unanimously, authenticate at Function, if inconsistent, failed authentication.
In one embodiment, the first key and the second key are generated using a kind of following Encryption Algorithm: mark Quasi- MD5, crc32, SHA.
In one embodiment, the method also includes: if failed authentication, disconnect with it is described control equipment network connect It connects.
In one embodiment, before receiving the authentication order, the method also includes: generate current time Stamp saves the current time stamp in the middle control service equipment, and sends the current time stamp to the control equipment.
In one embodiment, the authentication order includes the current time stamp generated in the control equipment, institute State method further include: if the middle control service equipment can obtain its current time, compare the current time stamp in authentication order With it is described it is middle control service equipment current time, if the current time stamp be more than preset duration range, failed authentication;If institute Its current time cannot be obtained by stating middle control service equipment, then compare current time stamp in authentication order and last authentication when Between stab, if the two is consistent, failed authentication.
Service equipment is controlled in one kind, the middle control service equipment includes the first authenticating unit and first network module, wherein First authenticating unit includes the first receiving module, the first sending module, authentication execution module, and first receiving module is used In receiving authentication order from control equipment by the first network module, the authentication order includes first key, the mirror It weighs execution module to be used to generate the second key according to control password and current time stamp, and according to the first key and described the Whether two keys are unanimously authenticated, and first sending module is for sending authenticating result to controlling equipment.
In one embodiment, the middle control service equipment is projector.
In one embodiment, the authentication order includes the current time stamp generated in the control equipment, institute It states authentication execution module to be also used to further be authenticated according to the current time stamp in the authentication order: if the middle control clothes Business equipment can obtain its current time, compare current time stamp in authentication order and the middle control service equipment it is current when Between, if the current time stamp is more than preset duration range, failed authentication;If the middle control service equipment cannot obtain it and work as The preceding time compares the timestamp of the current time stamp and last authentication in authentication order, if the two is consistent, failed authentication.
A kind of method for authenticating is applied to control equipment, and the control equipment and middle control service equipment communicate to connect, the side Method includes:
Establish the network connection with the middle control service equipment;
First key is generated according to current time stamp and the control password corresponding to the middle control service equipment, and sends packet Authentication order containing the first key is to the middle control service equipment;
Authenticating result is received from the middle control service equipment, if the first key and middle second for controlling service equipment and generating Key agreement, then authenticating result is to authenticate successfully;If the first key and the second key that middle control service equipment generates are different It causes, then authenticating result is failed authentication.
In one embodiment, the current time stamp is to be generated by the control equipment or taken from the middle control Equipment of being engaged in is received.
A kind of method for authenticating, comprising:
Service equipment is controlled in foundation and controls the network connection between equipment;
Equipment is controlled according to current time stamp and corresponding to the control password of the middle control service equipment, using Encryption Algorithm First key is generated, and the first key is sent to the middle control service equipment;
The control equipment receives the first key, and according to current time stamp and is stored in the middle control service equipment Control password, using with control equipment as Encryption Algorithm generate the second key, by received first key and generate Second key is compared to judge whether authentication succeeds.
In one embodiment, the current time stamp is generated by control equipment or is generated by middle control service equipment.
In one embodiment, if current time stamp generates in the control equipment, the method also includes:
The middle control service equipment compares current time stamp and the middle control service equipment from the control equipment Current time, if the current time stamp is more than preset duration range, failed authentication.
A kind of control equipment, the control equipment includes the second authenticating unit and the second network module, wherein described second Authenticating unit includes the second sending module and key production module, and the key production module is used for according to current time stamp and control Password processed generates first key, then generates authentication order further according to first key, second sending module is for sending mirror Power order is to the middle control service equipment, and the authentication order includes the first key, and the current time stamp is by the control Control equipment is generated or is received from the middle control service equipment.
Compared with prior art, the method for authenticating and middle control service equipment, key are based on current time stamp and control Password generates, and has higher safety.
Detailed description of the invention
Fig. 1 is the frame structure schematic diagram of the network connection right discriminating system of the embodiment of the present invention.
Fig. 2 is the module diagram of the first authenticating unit of the embodiment of the present invention.
Fig. 3 is the module diagram of the second authenticating unit of the embodiment of the present invention.
Fig. 4 is the network connection method for authenticating flow chart of first embodiment of the invention.
Fig. 5 is the network connection method for authenticating flow chart of second embodiment of the invention.
Main element symbol description
Middle control service equipment 1
First processor 10
First memory 12
First authenticating unit 13
First receiving module 130
First sending module 132
Authenticate execution module 134
First network module 14
Control equipment 2
Second processor 20
Second memory 22
Second authenticating unit 23
Second receiving module 230
Second sending module 232
Key production module 234
Second network module 24
The present invention that the following detailed description will be further explained with reference to the above drawings.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
It should be noted that it can be directly on another component when component is referred to as " being fixed on " another component Or there may also be components placed in the middle.When a component is considered as " connection " another component, it, which can be, is directly connected to To another component or it may be simultaneously present component placed in the middle.When a component is considered as " being set to " another component, it It can be and be set up directly on another component or may be simultaneously present component placed in the middle.Term as used herein is " vertical ", " horizontal ", "left", "right" and similar statement for illustrative purposes only.
System embodiment discussed below is only schematical, the division of the module or circuit, only one Kind logical function partition, there may be another division manner in actual implementation.Furthermore, it is to be understood that one word of " comprising " is not excluded for other lists Member or step, odd number are not excluded for plural number.The multiple units or device stated in system claims can also be by the same units Or device is implemented through software or hardware.The first, the second equal words are used to indicate names, and are not offered as any specific Sequentially.
Unless otherwise defined, all technical and scientific terms used herein and belong to technical field of the invention The normally understood meaning of technical staff is identical.Term as used herein in the specification of the present invention is intended merely to description tool The purpose of the embodiment of body, it is not intended that in the limitation present invention.Term " and or " used herein includes one or more phases Any and all combinations of the listed item of pass.
Referring to Fig. 1, Fig. 1 is the frame structure schematic diagram of inventive network connection right discriminating system.The network connection mirror Power system 1000 includes that service equipment 1 and at least one control equipment 2 are controlled at least one.
Middle control service equipment 1 described in the embodiment of the present invention can be any electronic device with network-connectivity, example Such as projector, printer, household electrical appliance.
Control equipment 2 described in the embodiment of the present invention can be any electricity with data-handling capacity and network-connectivity Sub-device, such as computer, mobile phone, plate, personal digital assistant (Personal Digital Assistant, PDA) etc..One Middle control service equipment 1 can be controlled by one or more control equipment 2, to execute under the control of one or more control equipment 2 Specific task;It is one or more of to control that one control equipment 2 also can control control service equipment 1 in one or more Middle control service equipment 1 executes predetermined operation.
In an example of the present invention, the middle control service equipment 1 be projector, user can by computer, mobile phone, The control equipment 2 such as plate issues control instruction to control the projector work, to realize remote control or replacement remote It is operated.
The middle control service equipment 1 includes first processor 10, first memory 12, the first authenticating unit 13 and the first net Network module 14.
The first memory 12 can be used for storing computer program and/or module, and the first processor 10 passes through fortune Row executes the computer program and/or module being stored in the first memory 12, and calls and be stored in the first storage Data in device 12 realize the various functions (such as projection of projector) of the middle control service equipment 1.The first memory 12 can mainly include storing program area and storage data area, wherein storing program area can storage program area, at least one function Required application program (such as projecting function, printing function of printer of projector etc.) etc.;Storage data area can store root Created data (such as data for projection, print data etc.) etc. are used according to middle control service equipment 1.In addition, first memory 12 may include high-speed random access memory, can also be hard including nonvolatile memory, such as hard disk, memory, plug-in type Disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card), at least one disk memory, flush memory device or other volatile solid-state parts.
The first processor 10 can be central processing unit (Central Processing Unit, CPU), may be used also To be other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor The control centre of the middle control service equipment 1 Deng, the first processor 10, using various interfaces and connection it is entire in Control the various pieces of service equipment 1.
The middle control service equipment 1 further includes the first authenticating unit 13 and at least one first network module 14.
Wherein, first authenticating unit 13 by the first network module 14 with the control equipment 2 for being communicated To be authenticated to the network connection between the middle control service equipment 1 and the control equipment 2.In some embodiments, institute It states the first authenticating unit 13 and generates current time stamp, the control equipment 2 is raw according to the current time stamp, control password encryption Authentication order is generated at first key, and according to the first key, first authenticating unit 13 is according to from the control The authentication command analysis of equipment 2 goes out first key, generates further according to the current time stamp and control password for being stored in local Second key compares the second key of generation to determine whether with the first key from the control equipment 2 received It authenticates successfully.In some embodiments, the control equipment 2 generates current time stamp, then according to the current time stamp, control Password encryption processed generates first key, and generates authentication order according to the first key.First authenticating unit, 13 basis From it is described control equipment 2 and according to the first key generate authentication command analysis go out first key and current time stamp, Generate the second key further according to the current time stamp and control password, by the second key of generation with receive from described The first key for controlling equipment 2 is compared to determine whether to authenticate successfully.
The first network module 14 can be wire communication device and be also possible to wireless communication device.It is wherein described wired Communication device includes communication port, such as universal serial bus (universal serial bus, USB), controller LAN (Inter- between (Controller area network, CAN), the network connection of serial and/or other standards, integrated circuit Integrated Circuit, I2C) bus etc..The wireless communication system of any classification, example can be used in the wireless communication device Such as, bluetooth, infrared ray, Wireless Fidelity (Wireless Fidelity, WiFi), cellular technology, satellite, and broadcast.It is wherein described Cellular technology may include the mobile communication technologies such as the second generation (2G), the third generation (3G), forth generation (4G) or the 5th generation (5G).
The control equipment 2 includes second processor 20, second memory 22, the second authenticating unit 23 and the second network mould Block 24.
The second memory 22 can be used for storing computer program and/or module, and the second processor 20 passes through fortune Row executes the computer program and/or module being stored in the second memory 22, and calls and be stored in the second storage Data in device 22 realize the various functions (such as projection of projector) of the control equipment 2.The second memory 22 can It mainly include storing program area and storage data area, wherein storing program area can be needed for storage program area, at least one function Application program (such as projecting function, printing function of printer of projector etc.) etc.;Storage data area can be stored according to control Control equipment 2 uses created data (such as data for projection, print data etc.) etc..In addition, second memory 22 can wrap High-speed random access memory is included, can also include nonvolatile memory, such as hard disk, memory, plug-in type hard disk, intelligently deposit Card storage (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card), At least one disk memory, flush memory device or other volatile solid-state parts.
The second processor 20 can be central processing unit (Central Processing Unit, CPU), may be used also To be other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor It is the control centre of the control equipment 2 Deng, the second processor 20, is entirely controlled and set using various interfaces and connection Standby 2 various pieces.
The control equipment 2 further includes the second authenticating unit 23 and at least one second network module 24.
Wherein, second authenticating unit 23 is used for through second network module 24 and first authenticating unit 13 Communication is to generate the required first key of authentication.Second authenticating unit 23 is used for raw according to current time stamp and control password At first key.In some embodiments, the current time stamp is generated by second authenticating unit 23.In other implementations In example, the current time stamp is generated by first authenticating unit 13 and is then sent to institute by the first network module 14 State the second authenticating unit 23.
Second network module 24 is corresponding with the first network module 14, is the network of same type.In some realities Apply in example, the middle control service equipment 1 includes one or more first network modules 14, the control equipment 2 including one or Multiple second network modules 24, one of them second network of at least one first network module 14 and the control equipment 2 24 same type of module.
It will be understood by those skilled in the art that the schematic diagram is only the network connection right discriminating system 1000, middle control Service equipment 1, the example for controlling equipment 2 are not constituted and are set to network connection right discriminating system 1000, middle control service equipment 1, control Standby 2 restriction may include components more more or fewer than diagram, perhaps combine certain components or different components, such as It can also include input-output equipment, display device etc. that the middle control service equipment 1/ controls equipment 2 according to actual needs.It is described Input-output equipment may include the input equipment of any suitable, including but not limited to, mouse, keyboard, touch screen or contactless Input, for example, gesture input, voice input etc..The display device can be touching liquid crystal display (Liquid Crystal Display, LCD), light emitting diode (Light Emitting Diode, LED) display screen, Organic Electricity laser display screen (Organic Light-Emitting Diode, OLED) or other suitable display screens.
Wherein first authenticating unit 13 and second authenticating unit 23 can respectively include that one can be divided into Or the computer program of multiple modules, the computer program can be stored in the first memory 12 and second memory 22 In, and can be executed by the first processor 10 and second processor 20.In some embodiments, first authenticating unit 13 and second authenticating unit 23 also may include controller independently of the first processor 10, second processor 20, Above-mentioned computer program is executed by the controller.
It please refers to shown in Fig. 2, is the module diagram of first authenticating unit 13 of one embodiment of the invention.First mirror Weighing unit 13 includes the first receiving module 130, the first sending module 132, authentication execution module 134.First receiving module 130 for receiving authentication order, the authentication order packet from second authenticating unit 23 by the first network module 14 Include the first key.The authentication execution module 134 is used to be authenticated according to authentication order.Described first sends mould Block 132 is for sending authenticating result to second authenticating unit 23.
It in one embodiment, further include current time stamp from the order of second authenticating unit 23 received authentication, it is described It authenticates execution module 134 and second key is generated according to the current time stamp and control password, then by the second key of generation It is compared with the first key in the authentication order, if unanimously, authenticating success, if inconsistent, failed authentication.If mirror Power failure, the authentication execution module 134 control the net of first network module 14 disconnection and second network module 24 Network connection.If authenticating successfully, first receiving module 130 is allowed to receive control command, the control from the control equipment 2 System order can control the middle control service equipment 1 and execute scheduled operation.
In one embodiment, the authentication execution module 134 generates current time stamp and saves, and the current time stamp can Be stored in the first memory 12, also can be reserved for independently of the first memory 12 and with first authentication it is single In the memory of 13 connection of member.The current time stamp of generation is sent to second authenticating unit 23 by the first sending module 132, Second authenticating unit 23 generates first key according to the current time stamp and control password and is sent to first reception Module 130.The authentication execution module 134 generates the second key according to the current time stamp and control password of preservation, so The second key of generation is compared with the first key in the authentication order afterwards, if unanimously, authenticating success, if different It causes, then failed authentication.If failed authentication, the authentication execution module 134 control the first network module 14 disconnect with it is described The network connection of second network module 24.If authenticating successfully, allow first receiving module 130 from the control equipment 2 Control command is received, the control command can control the middle control service equipment 1 and execute scheduled operation.
It please refers to shown in Fig. 3, is the module diagram of second authenticating unit 23 of one embodiment of the invention.Second mirror Weighing unit 23 includes the second receiving module 230, the second sending module 232, key production module 234.Second receiving module 230 for receiving current time stamp from first authenticating unit 13 by second network module 24.The key generates Module 234 is used to generate first key according to the current time stamp and control password that receive, then close further according to described first Key generates authentication order.Second sending module 232 is for sending the authentication order to first authenticating unit 13, institute Stating authentication order includes the first key.
In one embodiment, the current time stamp is generated by the key production module 234, the key production module 234 generate first key according to the current time stamp and control password of generation, then generate and authenticate further according to the first key Order.Second sending module 232 is for sending the authentication order to first authenticating unit 13, the authentication order Including the first key and the current time stamp.
In above-described embodiment, the generation of the key is generated using Encryption Algorithm, such as Encryption Algorithm can disappearing for standard It ceases digest algorithm the 5th edition (Message Digest Algorithm, MD5), cyclic redundancy check (Cyclic Redundancy Check, crc32), secure hash algorithm SHA (Secure Hash Algorithm, SHA) etc..
Second receiving module 230 is also used to receive authenticating result from first authenticating unit 13, if authenticating result To authenticate successfully, second sending module 232 is also used to send control command to first authenticating unit 13.It is wherein described Control command is generated by the second processor 20, and the second processor 20 can be instructed based on the input of user and generate the control System order.
Fig. 4 is the method for authenticating flow chart of first embodiment of the invention.
It should be noted that internetwork connection mode of the invention for example it is above-mentioned it is as described in the examples can be multiple network class Type, as follows for ease of description, being illustrated by taking the network connection based on ICP/IP protocol as an example.
Step 401, the port IP, TCP/UDP is arranged in the middle control service equipment 1, controls password.The IP is the middle control The IP address of service equipment 1.The control password is the control password of the middle control service equipment 1, controls service equipment 1 in every With a control password, only know that the control equipment 2 of the control password just can control the middle control service equipment 1.It sets The port IP, TCP/UDP, control password be stored in it is described it is middle control service equipment memory in.
Step 402, TCP service is opened, whether listening port receives information.
Step 420 and step 403, the control equipment 2 are established with the middle control service equipment 1 and are connected to the network.It is real one The step of applying in example, establishing network connection are as follows: the control equipment sends TCP connection request, institute to the middle control service equipment 1 The port of middle control service equipment 1 is stated when receiving the connection request, returns to the response message for agreeing to connection, the control equipment receipts Send the response message of connection after to the response message to the middle control service equipment 1 again, the middle control service equipment 1 receives The network connection with the control equipment 2 is established after controlling the response message of equipment 2.
Step 421, the control equipment 2 generates first key and authentication order.Specifically, described 2 Mr. of control equipment At current time stamp, then according to current time stamp and the control password of the middle control service equipment, it is based on a preset encryption Algorithm generates the first key.The Encryption Algorithm includes, but are not limited to the md5 of standard, crc32, SHA etc..The authentication Order is the data packet generated on the basis of the first key and the current time stamp, and general TCP number can be used According to the form of packet.
Step 404, the middle control service equipment 1, which receives the authentication order and parses the authentication order, obtains described work as Preceding timestamp and the first key.
Step 405, the current time stamp and save in memory that the middle control service equipment 1 is obtained using parsing Control password, using as control terminal Encryption Algorithm generate the second key.
Step 406, the middle control service equipment 1 compares the obtained first key of parsing and the second key generated and right Whether updated than current time stamp, returns to authenticating result.The authenticating result includes authenticating successfully and failed authentication.If when current Between the current time of stamp and the middle control service equipment 1 be separated by duration more than preset range (such as 20 seconds, 30 seconds, 1 minute, 5 points Clock etc.), then failed authentication.If current time stamp and it is described it is middle control service equipment 1 current time be separated by duration be less than it is default The first key and the second key agreement generated that range and parsing obtain, then authenticate success, otherwise, failed authentication.Some In embodiment, when the middle control service equipment 1 can not obtain its current time, the middle control service equipment 1 can obtain to be deposited in advance Time when carrying out upper primary authentication with the control equipment on the middle control service equipment 1 is stored up, when then comparing current Between stamp and last authentication time, if the two is consistent, failed authentication.Net can be further prevented by comparing current time stamp The false authentication behavior that network steals the current time stamp of the control equipment to carry out.
Step 422, the control equipment 2 receives authenticating result, carries out next step operation according to authenticating result.Specifically, If the authenticating result is to authenticate successfully, the next step operation may be to send control command to control the middle control service Equipment executes predetermined operation.If the authenticating result is failed authentication, the next step operation may be detection failed authentication The reason of and re-initiate authorizing procedure.
Step 407, the middle control service equipment 1 executes corresponding operation according to authenticating result.Specifically, if authentication is lost It loses, then closes TCP connection.Continue listening port successfully if authenticating to receive the control command from the control equipment 2.
Fig. 5 is the method for authenticating flow chart of second embodiment of the invention.
It should be noted that internetwork connection mode of the invention for example it is above-mentioned it is as described in the examples can be multiple network class Type, as follows for ease of description, being illustrated by taking the network connection based on ICP/IP protocol as an example.
Step 501, the port IP, TCP/UDP is arranged in the middle control service equipment 1, controls password.The IP is the middle control The IP address of service equipment 1.The control password is the control password of the middle control service equipment 1, controls service equipment 1 in every With a control password, only know that the control equipment 2 of the control password just can control the middle control service equipment 1.It sets The port IP, TCP/UDP, control password be stored in it is described it is middle control service equipment memory in.
Step 502, TCP service is opened, whether listening port receives information.
Step 520 and step 503, the control equipment 2 are established with the middle control service equipment 1 and are connected to the network.It is real one The step of applying in example, establishing network connection are as follows: the control equipment sends TCP connection request, institute to the middle control service equipment 1 The port of middle control service equipment 1 is stated when receiving the connection request, returns to the response message for agreeing to connection, the control equipment receipts Send the response message of connection after to the response message to the middle control service equipment 1 again, the middle control service equipment 1 receives The network connection with the control equipment 2 is established after controlling the response message of equipment 2.
Step 504, the middle control service equipment 1 generates current time stamp, and current time stamp is stored in the middle control In the memory of service equipment 1 and it is sent to the control equipment 2.
Step 521, the control equipment 2 generates first key and authentication order.Specifically, 2 basis of control equipment The control password of the current time stamp that receives and the middle control service equipment generates described the based on a preset Encryption Algorithm One key.The Encryption Algorithm includes but is not limited to the md5 of standard, crc32, SHA etc..Authentication order is described the The form of general TCP data packet can be used in the data packet generated on the basis of one key and current time stamp.
Step 505, the middle control service equipment 1, which receives the authentication and orders and parse the authentication and order, obtains described the One key.
Step 506, the middle control service equipment 1 using the current time stamp saved in memory and is stored in memory In control password, using as control terminal Encryption Algorithm generate the second key.
Step 507, the middle control service equipment 1 compares the first key and the second key generated that parsing obtains, and returns Authenticating result.The authenticating result includes authenticating successfully and failed authentication.If parse obtained first key and generate second Key agreement then authenticates success, if inconsistent, failed authentication.
Step 522, the control equipment 2 receives authenticating result, carries out next step operation according to authenticating result.Specifically, If the authenticating result is to authenticate successfully, the next step operation may be to send control command to control the middle control service Equipment executes predetermined operation.If the authenticating result is failed authentication, the next step operation may be detection failed authentication The reason of and re-initiate authorizing procedure.
Step 508, the middle control service equipment 1 executes corresponding operation according to authenticating result.Specifically, if authentication is lost It loses, then closes TCP connection.Continue listening port successfully if authenticating to receive the control command from the control equipment 2.
If module/unit that middle control service equipment 1 described in above-described embodiment and the control equipment 2 integrate is with soft The form of part functional unit realizes and when sold or used as an independent product, can store and computer-readable deposits at one In storage media.Based on this understanding, the present invention realizes all or part of the process in method for authenticating described in above-described embodiment, Relevant hardware can also be instructed to complete by computer program, the computer program can be stored in a computer can It reads in storage medium, the computer program is when being executed by processor, it can be achieved that step described in embodiment of the method above.Its In, the computer program includes computer program code, and the computer program code can be source code form, object generation Code form, executable file or certain intermediate forms etc..The computer-readable medium may include: that can carry the calculating It is any entity or device of machine program code, recording medium, USB flash disk, mobile hard disk, magnetic disk, CD, computer storage, read-only Memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier wave Signal, telecommunication signal and software distribution medium etc..It should be noted that the content that the computer-readable medium includes can be with According to making laws in jurisdiction and the requirement of patent practice carries out increase and decrease appropriate, such as in certain jurisdictions, according to Legislation and patent practice, computer-readable medium do not include electric carrier signal and telecommunication signal.
Mode the above is only the implementation of the present invention is not intended to limit the scope of the invention, all to utilize this Equivalent structure or equivalent flow shift made by description of the invention and accompanying drawing content, it is relevant to be applied directly or indirectly in other Technical field is included within the scope of the present invention.

Claims (10)

1. a kind of method for authenticating is applied to middle control service equipment, the middle control service equipment and control equipment communication connection, special Sign is, which comprises
Establish the network connection with the control equipment;
The authentication order from the control equipment is received, the authentication order includes first key;
The second key is generated according to current time stamp and control password;And
Whether the first key compared in the authentication order is consistent with the second key of generation, if unanimously, authenticating success, if It is inconsistent, then failed authentication.
2. the method as described in claim 1, which is characterized in that the first key and the second key are added using following one kind Close algorithm generates: the MD5 of standard, crc32, SHA.
3. the method as described in claim 1, which is characterized in that before receiving the authentication order from the control equipment, The method also includes: current time stamp is generated, saves the current time stamp in the middle control service equipment, and described in transmission Current time stamp is to the control equipment.
4. the method as described in claim 1, which is characterized in that the authentication order includes generating in the control equipment Current time stamp, the method also includes: if the middle control service equipment can obtain its current time, compare in authentication order Current time stamp and it is described it is middle control service equipment current time, if the current time stamp be more than preset duration range, Failed authentication;If the middle control service equipment cannot obtain its current time, compare authentication order in current time stamp with The timestamp of last time authentication, if the two is consistent, failed authentication.
5. controlling service equipment in one kind, which is characterized in that the middle control service equipment includes the first authenticating unit and first network Module, wherein first authenticating unit include the first receiving module, the first sending module, authentication execution module, described first Receiving module is used to receive authentication order from control equipment by the first network module, and the authentication order includes first close Key, the authentication execution module are used to generate the second key according to control password and current time stamp, and close according to described first Whether key is unanimously authenticated with second key, and first sending module is for sending authenticating result to controlling equipment.
6. controlling service equipment in as claimed in claim 5, which is characterized in that the middle control service equipment is projector.
7. controlling service equipment in as claimed in claim 5, which is characterized in that the authentication order is included in the control equipment The current time stamp of middle generation, it is described authentication execution module be also used to according to it is described authentication order in current time stamp carry out into One step authentication: if the middle control service equipment can obtain its current time, compare authentication order in current time stamp with it is described The current time of middle control service equipment, if the current time stamp is more than preset duration range, failed authentication;If the middle control Service equipment cannot obtain its current time, compare the timestamp of the current time stamp and last authentication in authentication order, if The two is consistent, then failed authentication.
8. a kind of method for authenticating is applied to control equipment, the control equipment and middle control service equipment are communicated to connect, and feature exists In, which comprises
Establish the network connection with the middle control service equipment;
First key is generated according to current time stamp and the control password corresponding to the middle control service equipment, and sending includes institute The authentication order of first key is stated to the middle control service equipment;
Authenticating result is received from the middle control service equipment, if the second key that the first key and middle control service equipment generate Unanimously, then authenticating result is to authenticate successfully;If the first key and the second key that middle control service equipment generates are inconsistent, Authenticating result is failed authentication.
9. method according to claim 8, which is characterized in that the current time stamp be by the control equipment generate or It is received from the middle control service equipment.
10. a kind of control equipment, which is characterized in that the control equipment includes the second authenticating unit and the second network module, Described in the second authenticating unit include the second sending module and key production module, the key production module is used for according to current Timestamp and control password generate first key, then generate authentication order, second sending module further according to first key For sending authentication order to the middle control service equipment, the authentication order includes the first key, the current time Stamp is generated by the control equipment or is received from the middle control service equipment.
CN201710828196.7A 2017-09-14 2017-09-14 Method for authenticating and control equipment, middle control service equipment Pending CN109510798A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201710828196.7A CN109510798A (en) 2017-09-14 2017-09-14 Method for authenticating and control equipment, middle control service equipment
PCT/CN2017/114743 WO2019052027A1 (en) 2017-09-14 2017-12-06 Authentication method, control device, and central control service device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710828196.7A CN109510798A (en) 2017-09-14 2017-09-14 Method for authenticating and control equipment, middle control service equipment

Publications (1)

Publication Number Publication Date
CN109510798A true CN109510798A (en) 2019-03-22

Family

ID=65723470

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710828196.7A Pending CN109510798A (en) 2017-09-14 2017-09-14 Method for authenticating and control equipment, middle control service equipment

Country Status (2)

Country Link
CN (1) CN109510798A (en)
WO (1) WO2019052027A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110519764A (en) * 2019-09-19 2019-11-29 京东方科技集团股份有限公司 A kind of safe verification method of communication equipment, system, computer equipment and medium
CN113301537A (en) * 2021-05-19 2021-08-24 闪耀现实(无锡)科技有限公司 Method, apparatus, electronic device and storage medium for establishing communication connection

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1889434A (en) * 2006-07-21 2007-01-03 胡祥义 Method for safety efficient network user identity discrimination
CN101094056A (en) * 2007-05-30 2007-12-26 重庆邮电大学 Security system of wireless industrial control network, and method for implementing security policy
CN105227516A (en) * 2014-05-28 2016-01-06 中兴通讯股份有限公司 The access method of Smart Home, control centre's equipment and dress terminal
CN106790064A (en) * 2016-12-20 2017-05-31 北京工业大学 The method that both sides are communicated in credible root server cloud computing server model

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9106426B2 (en) * 2008-11-26 2015-08-11 Red Hat, Inc. Username based authentication and key generation
US20110191161A1 (en) * 2010-02-02 2011-08-04 Xia Dai Secured Mobile Transaction Device
CN105072132B (en) * 2015-08-27 2019-05-14 宇龙计算机通信科技(深圳)有限公司 Verification method, verifying system and communication equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1889434A (en) * 2006-07-21 2007-01-03 胡祥义 Method for safety efficient network user identity discrimination
CN101094056A (en) * 2007-05-30 2007-12-26 重庆邮电大学 Security system of wireless industrial control network, and method for implementing security policy
CN105227516A (en) * 2014-05-28 2016-01-06 中兴通讯股份有限公司 The access method of Smart Home, control centre's equipment and dress terminal
CN106790064A (en) * 2016-12-20 2017-05-31 北京工业大学 The method that both sides are communicated in credible root server cloud computing server model

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘剑鸣: "基于DES算法远程控制口令鉴别系统的JAVA实现", 《微计算机信息》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110519764A (en) * 2019-09-19 2019-11-29 京东方科技集团股份有限公司 A kind of safe verification method of communication equipment, system, computer equipment and medium
WO2021052145A1 (en) * 2019-09-19 2021-03-25 京东方科技集团股份有限公司 Security verification method and system, computer device and medium
CN113301537A (en) * 2021-05-19 2021-08-24 闪耀现实(无锡)科技有限公司 Method, apparatus, electronic device and storage medium for establishing communication connection
CN113301537B (en) * 2021-05-19 2023-09-15 闪耀现实(无锡)科技有限公司 Method, device, electronic equipment and storage medium for establishing communication connection

Also Published As

Publication number Publication date
WO2019052027A1 (en) 2019-03-21

Similar Documents

Publication Publication Date Title
US11509485B2 (en) Identity authentication method and system, and computing device
US20230071847A1 (en) Information verification method and related apparatus, device, and storage medium
US10579790B2 (en) Authentication of a device
CN108462710B (en) Authentication and authorization method, device, authentication server and machine-readable storage medium
US9635018B2 (en) User identity verification method and system, password protection apparatus and storage medium
CN113711211A (en) First-factor contactless card authentication system and method
CN104410967B (en) A kind of method, apparatus and system being attached
WO2014108005A1 (en) Co-verification method, two-dimensional code generation method, and device and system therefor
US9344896B2 (en) Method and system for delivering a command to a mobile device
US20080148052A1 (en) Method and system for authentication bonding two devices and sending authenticated events
CN112789618A (en) Method and system for ensuring interaction of internet of things (IOT) devices
CN101414909A (en) System, method and mobile communication terminal for verifying network application user identification
US20160262196A1 (en) Mobile Terminal Control Method, Apparatus And System
CN104917807A (en) Resource transfer method, apparatus and system
CN101102194A (en) A method for OTP device and identity authentication with this device
CN103220148A (en) Method and system for electronic signature token to respond operation request, and electronic signature token
CN105554013A (en) Separate identity authentication apparatus based on USB device, system and method
CN103036681A (en) Password safety keyboard device and system
CN103684797A (en) Subscriber and subscriber terminal equipment correlation authentication method and system
KR20100099625A (en) Method and apparatus for storing subscriber information at machine-to-machine module
CN111405016B (en) User information acquisition method and related equipment
KR20130031435A (en) Method and apparatus for generating and managing of encryption key portable terminal
CN104506481A (en) Authentication method of mobile communication network
CN109510798A (en) Method for authenticating and control equipment, middle control service equipment
CN110278092A (en) Router long-range control method and system based on MQTT agreement

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190322