CN110365484B - Data processing method, device and system for equipment authentication - Google Patents
Data processing method, device and system for equipment authentication Download PDFInfo
- Publication number
- CN110365484B CN110365484B CN201910501817.XA CN201910501817A CN110365484B CN 110365484 B CN110365484 B CN 110365484B CN 201910501817 A CN201910501817 A CN 201910501817A CN 110365484 B CN110365484 B CN 110365484B
- Authority
- CN
- China
- Prior art keywords
- terminal
- authorization
- key
- request message
- stored
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
The application provides a terminal equipment authentication method, device and system. The method may include: the first terminal sends an authorization request message generated by encrypting the second key and the first equipment identification by using the stored first key; the second terminal acquires the authorization request message and decrypts the authorization request message by using the stored first secret key; judging whether a first authorized device identification corresponding to the first device identification obtained by decryption is stored or not when the decryption is successful; if yes, authorizing the first terminal and sending an authorization result message generated by encrypting a second equipment identifier by using the second key; the first terminal acquires the authorization result message and decrypts the authorization result message by using the second key; and when the decryption is successful, judging whether a second authorized device identification corresponding to the decrypted second device identification is stored, and determining whether to authorize the second terminal based on the judgment result. By utilizing the embodiments in the application, the safety and the reliability of the terminal equipment authentication can be improved.
Description
The present application is a divisional application of an invention patent application having an application number of 201510115367.2, an application date of 2015, 03 and 17, and an invention name of "a terminal device authentication method, apparatus and system".
Technical Field
The present application relates to the field of communication information processing, and in particular, to a method, an apparatus, and a system for authenticating a terminal device.
Background
With the development of the mobile internet and the internet of things, terminal devices including wearable devices (such as smart bands and smart watches) are increasingly popularized and become a development trend of application of future smart mobile products.
Wearable equipment often includes a plurality of sensitive information such as user's account, identity, communication, property, if wearable equipment obtains the authority by attacks such as malicious fishing, terminal spoofing, information interception, will cause immeasurable loss to the user. Therefore, security authorization authentication of wearable devices is increasingly valued. At present, security application products based on wearable devices are also beginning to appear, and the solutions mainly include that the wearable devices perform authorization and authentication on intelligent terminals (such as mobile smartphones, smart appliances and the like) based on feature codes of third-party applications or the intelligent terminals.
However, the feature code used in the existing wearable device authorization and authentication solution is generally a single unchangeable feature code, and a one-way authentication with a lower channel security level, such as WIFI or bluetooth, is generally adopted in the authentication process. The authorization authentication method in the prior art can easily cause the feature code to be intercepted, leaked or cheated by using a fake intelligent terminal to acquire the authority of the wearable device. The authorization authentication method of the wearable device in the prior art still has great potential safety hazard.
Disclosure of Invention
The application aims to provide a terminal equipment authentication method, device and system, which can provide bidirectional authentication in an authorization process for intelligent terminal equipment comprising wearable equipment, and improve the security of terminal equipment authorization authentication.
The application provides a terminal equipment authentication method, a device and a system, which are realized as follows:
a method of terminal device authentication, the method comprising:
the first terminal sends an authorization opening request message generated by encrypting the generated first key and the first equipment identifier of the first terminal by using the stored preset key;
the second terminal acquires the authorization opening request message, decrypts the authorization opening request message by using a stored preset key, and judges whether to open equipment authorization according to the decryption result;
when the decryption result is successful, sending an authorization opening result message generated by encrypting a second equipment identifier of the second terminal by using the first key obtained by decryption;
the first terminal acquires the authorization opening result message and decrypts the authorization opening result message by using the first key; if the decryption is successful, the equipment authorization is opened.
A method of terminal device authentication, the method comprising:
the first terminal sends an authorization request message generated by encrypting the generated second key and the first equipment identification of the first terminal by using the stored first key;
the second terminal acquires the authorization request message and decrypts the authorization request message by using the stored first secret key; when the decryption is successful, judging whether a first authorized device identification corresponding to the first device identification obtained by the decryption is stored;
when the judgment result is yes, the second terminal authorizes the first terminal based on the first equipment identifier, and sends an authorization result message generated by encrypting a second equipment identifier of the second terminal by using a second key obtained by decryption;
the first terminal acquires the authorization result message and decrypts the authorization result message by using the second secret key; and when the decryption is successful, judging whether a second authorized device identification corresponding to the decrypted second device identification is stored, and determining whether to authorize the second terminal based on the judgment result.
A method of terminal device authentication, the method comprising:
the first terminal sends an authorization request message generated by encrypting the generated second key and the first equipment identification of the first terminal by using the stored first key;
the first terminal acquires an authorization result message sent by the second terminal and decrypts the authorization result message by using the second key;
and when the decryption is successful, the first terminal judges whether a second authorized device identifier corresponding to the decrypted second device identifier is stored or not, and determines whether to authorize the second terminal or not based on the judgment result.
A method of terminal device authentication, the method comprising:
the second terminal acquires the authorization request message sent by the first terminal and decrypts the authorization request message by using the stored first secret key;
when the decryption is successful, the second terminal judges whether a first authorized device identifier corresponding to the first device identifier obtained by the decryption is stored;
and when the judgment result is that the first terminal is authorized, the second terminal authorizes the first terminal based on the first equipment identifier and sends an authorization result message generated by encrypting the second equipment identifier of the second terminal by using the second key obtained by decryption.
An apparatus for authenticating a terminal device, the apparatus comprising:
the first storage unit is used for storing the generated first key and the acquired second authorized equipment identifier of the second terminal;
the first encryption unit is used for generating a second key, encrypting the second key and the acquired first equipment identifier by using the first key and generating an authorization request message;
the first communication module is used for sending the authorization request message and receiving an authorization result message sent by the second terminal;
a first decryption judgment unit, configured to decrypt the authorization result message by using the second key, and when decryption is successful, judge whether the first storage unit stores a second authorization device identifier corresponding to the decrypted second device identifier;
and the first authorization module is used for determining whether to authorize the second terminal based on the judgment result of the first decryption judgment unit.
An apparatus for authenticating a terminal device, the apparatus comprising:
the second communication module is used for receiving an authorization request message sent by the first terminal and sending an authorization result message;
the second storage unit is used for storing the acquired first authorized equipment identifier and the first secret key of the first terminal;
a second decryption judgment unit, configured to decrypt the authorization request message using the stored first key, and when decryption is successful, judge whether the second storage unit stores a first authorization device identifier corresponding to the first device identifier;
and the second authorization module determines whether to authorize the first terminal corresponding to the first equipment identifier based on a judgment result of the second decryption judgment unit.
And a second encryption unit, configured to encrypt the second device identifier of the second terminal by using the second key to generate an authorization result message when the determination result of the second decryption determination unit is positive.
A terminal device authentication system, the system comprising:
the first terminal is used for sending an authorization request message generated by encrypting the generated second key and the first equipment identifier of the first terminal by using the stored first key; the second terminal is also used for obtaining an authorization result message sent by the second terminal and decrypting the authorization result message by using the second key; the terminal is further used for judging whether a second authorization device identifier corresponding to the second device identifier obtained by decryption is stored or not when the decryption is successful, and determining whether the second terminal is authorized or not based on the judgment result;
the second terminal is used for sending the authorization acquisition request message by the first terminal and decrypting the authorization acquisition request message by using the stored first secret key; the device is further used for judging whether a first authorized device identifier corresponding to the first device identifier obtained by decryption is stored or not when the decryption is successful; and the authorization module is further configured to, when the determination result is yes, authorize the first terminal based on the first device identifier, and send an authorization result message generated by encrypting the second device identifier of the second terminal with the second key obtained by the decryption.
A terminal device authentication system, the system comprising:
the first terminal is used for sending an authorization request message generated by encrypting the generated second key and the first equipment identifier of the first terminal by using the stored first key; the second terminal is also used for obtaining an authorization result message sent by the second terminal and decrypting the authorization result message by using the second key; the terminal is further used for judging whether a second authorization device identifier corresponding to the second device identifier obtained by decryption is stored or not when the decryption is successful, and determining whether the second terminal is authorized or not based on the judgment result;
the second terminal is used for sending the authorization acquisition request message by the first terminal and decrypting the authorization acquisition request message by using the stored first secret key; the device is further used for judging whether a first authorized device identifier corresponding to the first device identifier obtained by decryption is stored or not when the decryption is successful; and the second terminal is further configured to authorize the first terminal based on the first device identifier when the determination result is yes, and send an authorization result message generated by encrypting a second device identifier of the second terminal with the second key obtained by the decryption.
The method, the device and the system for authenticating the terminal equipment can ensure that the equipment authorization opening and the equipment authorization authentication are carried out among multiple terminals. The first terminal can utilize the pre-stored preset secret key to encrypt the verification secret key and the equipment identification to form an authorization opening request message, so that only the second terminal which also stores the preset secret key can decrypt the message, and the authentication of one party authorization opening is completed. And then, the device identification of the second terminal can be encrypted by using the verification key obtained by decryption, the first terminal decrypts the encrypted device identification, and authorization authentication can be opened to the first terminal only after decryption is successful, so that bidirectional authentication of the terminal device for opening the authorization request is completed. Further, after the authorization is opened and the device identifier of the authorization device is obtained, the authorization authentication of the terminal device or the authority of the application on the device can be performed by using the terminal device authentication method provided by the application. In the process of equipment authorization, multi-terminal bidirectional authentication is still adopted, equipment identification and a verification key are added in bidirectional authentication message interaction, the verification key used in the preferred embodiment can be dynamically updated, the authorization and the authentication of terminal equipment such as wearable equipment can be greatly improved, and the security of the authorization and the authentication of the terminal equipment is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
Fig. 1 is a schematic flowchart of a method according to an embodiment of a method for authenticating a terminal device of the present application;
fig. 2 is a flowchart illustrating a method according to an embodiment of a method for authenticating a terminal device according to the present application;
fig. 3 is a schematic flowchart of another embodiment of a terminal device authentication method according to the present application;
fig. 4 is a schematic flowchart of another embodiment of a terminal device authentication method according to the present application;
fig. 5 is a schematic block diagram of an embodiment of an authentication apparatus for a terminal device according to the present application;
fig. 6 is a schematic block diagram of another embodiment of an authentication apparatus for a terminal device according to the present application;
fig. 7 is a schematic block diagram of an authentication apparatus of a terminal device according to another embodiment of the present application;
fig. 8 is a schematic block diagram of an embodiment of an authentication apparatus for a terminal device according to the present application;
fig. 9 is a schematic block diagram of an authentication apparatus of a terminal device according to another embodiment of the present application;
fig. 10 is a schematic block diagram of an authentication apparatus of a terminal device according to another embodiment of the present application.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making creative efforts shall fall within the protection scope of the present application.
The terminal described herein may include, but is not limited to, a terminal device of a wearable device. The authorization authentication of the terminal device can be connected to the internet and the terminal device at the server side for authorization authentication through connection modes including but not limited to a Wi-Fi (wireless fidelity) or a cellular mobile network and the like, and can also be connected to other intelligent terminal devices for authorization authentication through connection modes including but not limited to a Bluetooth transmission protocol, NFC (near field communication) and the like, wired connection and the like. The following describes the method and apparatus in detail by taking authorization authentication between a terminal device of a wearable device and a smart mobile phone as an example. Wearable devices described herein include, but are not limited to, wristwatches, glasses, shoes, hats, apparel, jewelry, etc. wearable devices that carry smart processing chips.
Before performing authorization authentication between terminal devices, it may be verified whether the terminal device requiring authorization authentication is trusted, after the verification is passed, authorization authentication may be opened to the terminal device requiring authorization, and then further authorization is performed. By adopting the antecedent authentication method for judging whether the authorization authentication of the terminal equipment is opened or not, the authorization authentication of illegal terminal equipment can be effectively reduced, and the authorization authentication communication between wearable equipment or other terminal equipment and illegal terminals can be blocked as soon as possible. Fig. 1 is a schematic flowchart of a method of an embodiment of a terminal device authentication method according to the present application, where as shown in fig. 1, the method may include:
s1: the first terminal sends an authorization opening request message generated by encrypting the generated first key and the first equipment identification of the first terminal by using the stored preset key.
The first terminal encrypts the generated first key1 and the first device identifier of the first terminal by using the stored preset key0 to form an authorization opening request message MSG _ A1, and sends the authorization opening request message MSG _ A1.
The first terminal may be the smart phone, and may also be another mobile smart terminal in another application scenario. In this embodiment, a terminal device that sends the authorization opening request message MSG _ A1 may be used as a first terminal, a terminal device that receives the authorization opening request message MSG _ A1 may be used as a second terminal, and in a specific implementation manner, for example, in this embodiment, a smart phone may be used as the first terminal, and a wearable device may be used as the second terminal. Of course, the first terminal performing authorization authentication on the second terminal, for example, the wearable device in the above embodiments, may also be a specially configured server, or an intelligent terminal device management apparatus, and the like.
The preset key0 may be stored in the first terminal in advance, where the preset key may include an initialization key set in factory, or a key that is set in advance with the second terminal and may be used to enable device authorization or device authorization authentication. The first terminal may generate a first key1, and the first key1 may be used for authorization authentication with a second terminal including the wearable device. The first terminal may generate the first key1 through an application on the terminal or a preset key generation algorithm, where the first key1 may include a key in a data format of a conventional number, a conventional character, a conventional symbol, or the like.
Then, the generated first key1 and the first device identifier app _ device _ id of the first terminal may be encrypted by using the preset key0 to form an authorized turn-on request message MSG _ A1 of the first terminal. The first device identifier app _ device _ id of the first terminal may be identification information for uniquely identifying the first terminal device, and may specifically include an IMEI, a MAC, or other device identifier string of a smartphone, for example.
After the authorization opening request message MSG _ A1 is formed, the first terminal may send the authorization opening request message MSG _ A1. The specific sending manner may include broadcasting the authorization opening request message MSG _ A1 through WIFI or bluetooth, or may also include other communication manners using a dedicated channel or a network.
The first terminal may encrypt the generated first key and the first device identifier of the first terminal by using the stored preset key to form an authorization opening request message MSG _ A1, and may send the authorization opening request message MSG _ A1 in a broadcast message or a point-to-point manner, or the like.
S2: the second terminal obtains the authorization opening request message, decrypts the authorization opening request message by using the stored preset key, and can judge whether to open the equipment authorization according to the decryption result.
The second terminal may obtain the authorization opening request message MSG _ A1 sent by the first terminal, and may decrypt the obtained authorization opening request message MSG _ A1 by using the stored preset key 0; and the second terminal judges whether to open equipment authorization according to the decryption result.
The second terminal may receive and acquire the authorization opening message sent by the first terminal in a broadcast or point-to-point manner. The second terminal also prestores preset key0, for example, prestores preset key0 set in factory in wearable devices such as smart band and smart watch, and the preset key in the second terminal may be the same as the preset key stored in the first terminal such as smart phone, and can complete corresponding information encryption or decryption. Of course, in other embodiments, the keys may be matched with each other. In practical applications, the preset key of the wearable device of the second terminal may generally include an authentication key of a factory device, and the preset key of the first terminal may include a key downloaded by the first terminal from a dedicated server or a service provider through a certain application, or may also include a preset factory set key.
The second terminal described in this application may include, but is not limited to, wearable devices such as wristwatches, glasses, shoes, caps, clothes, jewelry, bracelets, pendants, etc. that are loaded with smart processing chips.
And the second terminal can decrypt the authorization request message MSG _ A1 by using the stored preset key 0. If the authorization request message MSG _ A1 acquired by the second terminal is a message that is also encrypted by using the preset key0, the second terminal may correspondingly successfully decrypt by using its own preset key 0. If the authorization request message sent by the second terminal, which is obtained by the illegal terminal equipment through counterfeiting, terminal equipment deception and the like, is encrypted by the non-preset key0, and the second terminal cannot decrypt successfully, the equipment authorization authentication cannot be activated. The second terminal equipment can judge whether the terminal equipment corresponding to the obtained authorization request message is legal or not according to the decryption of the obtained authorization solicited message, and opens equipment authorization to the second terminal equipment according to a rule to allow the second terminal equipment to carry out authorization authentication with the second terminal equipment; otherwise, the terminal device can be regarded as an illegal terminal device, and the terminal device can be subjected to processing such as authorization request rejection and shielding.
The second terminal can acquire the authorization opening request message MSG _ A1, decrypt the authorization opening request message MSG _ A1, and can judge whether to open the device authorization or not according to the decryption result, and whether to allow the authorization authentication with the acquired device of the authorization opening request message MSG _ A1.
S3: and when the decryption result is successful, sending an authorization opening result message generated by encrypting the second equipment identifier of the second terminal by using the first key obtained by decryption.
When the decryption result is successful, the second terminal can open equipment authorization; and the second terminal encrypts a second device identifier auth _ service _ id of the second terminal by using the first key0 obtained by decryption to form an authorization opening result message MSG _ B1, and sends the authorization opening result message MSG _ B1. If the second terminal successfully decrypts the acquired authorization opening request message MSG _ A1 by using the preset key0 stored in the second terminal, the second terminal device can open the service authorized by the device and allow information interaction of authorization authentication with other terminal devices.
In a preferred embodiment of the present application, in a scenario facing one-to-many or many-to-many application of a terminal device, the preferred embodiment of the present application provides an authentication method for distinguishing different terminal devices based on device identifiers. Specifically, when the decryption result is successful, the turning on the device authorization by the second terminal may include:
and when the decryption result is successful, the second terminal opens equipment authorization for the first terminal based on the first equipment identifier obtained by decryption.
For example, when the second terminal successfully decrypts the authorization activation request message MSG _ A1 of the first terminal, the first device identifier of the first terminal device may be obtained and stored in the local application file, and then when the second terminal activates device authorization, the second terminal may be set to activate a device authorization authentication service for the terminal device corresponding to the first device identifier according to the successfully decrypted first device identifier, and allow the second terminal to perform message interaction of authorization authentication with the first terminal. The second terminal may still obtain the authorization opening request message MSG _ A1 of the other terminal device when authorizing the first terminal opening device, but may not open device authorization for the terminal device corresponding to the authorization request message that is not decrypted successfully, or may not open device authorization for the terminal device such as the device identifier that is not decrypted or recorded by the second terminal device.
After the decryption is successful, the second terminal may complete authentication of the authorization request for opening of the first terminal, and then the second terminal may further perform registration authentication with the first terminal, which may be used for the first terminal to perform registration, identification and authorization authentication for opening of the second terminal, and complete registration, authorization authentication for opening of equipment, and the like of the second terminal by the first terminal. In this embodiment, the second terminal may encrypt the second device identifier auth _ device _ id of the second terminal by using the first key1 obtained by decrypting the authorization opening request message MSG _ A1, so as to form an authorization opening result message MSG _ B1. The second terminal may also broadcast a message in a WIFI or bluetooth manner, or send the authorization opening result message MSG _ B1 in another point-to-point communication manner. The second terminals of most wearable devices such as smart bands can be provided with modules of a short-distance or mobile communication network or a proprietary data communication network, so that information communication between the first terminal and the second terminal can be realized, and information interaction is completed.
And the second terminal can encrypt the second equipment identifier by using the acquired first key when the decryption is successful, and feeds back a message of receiving the opening result to the first terminal.
S4: the first terminal acquires the authorization opening result message and decrypts by using the first secret key; if the decryption is successful, the equipment authorization is opened.
The first terminal may receive and acquire the authorization opening message sent by the second terminal, for example, the smart phone acquires an authorization result message broadcasted by the wearable device through bluetooth scanning. The second terminal may decrypt the received and obtained authorization opening result message MSG _ B1 by using the generated first key1. If the decryption is successful, it may indicate that the second terminal device that sends the authorization result message is reliable, may register related information of the second terminal, such as a second device identifier auth _ device _ id of the second terminal device, and may open device authorization, where the message interaction for performing authorization authentication with the wearable device is performed, to complete authentication for opening device authorization of the second terminal.
In a preferred embodiment, when the decryption is successful, the opening of the device authorization may include: and when the first terminal equipment is successfully decrypted, opening equipment authorization for the second terminal based on the second equipment identifier auth _ device _ id obtained by decryption.
If the first terminal of the smart phone decrypts the authorization decryption message MSG _ B1 successfully, the device identifier of the wearable device may be obtained, the device identifier of the wearable device may be registered and stored at one side of the smart phone, or the first key1 may be stored at the same time. Therefore, the smart phone can acquire and store the equipment identifier of the wearable equipment, can only open the equipment authorization for the stored equipment identifier, and enhances the open type open equipment authorization into point-to-point type open equipment authorization, so that the illegal wearable equipment can be effectively prevented from opening the equipment authorization authentication service, and the safety of the bidirectional authentication of the terminal equipment is improved.
After the message interaction process of activating the authorization authentication is performed, the first terminal, such as a smart phone, may obtain and store a second device identifier auth _ service _ id of a second terminal, such as a smart band, and may store the generated first key1; the second terminal may also store the device identifier app _ device _ id of the first terminal, such as a smart phone, and the first key1, and complete bidirectional authentication for activating device authorization between the first terminal and the second terminal. Compared with the traditional one-way authorization authentication of only wearable equipment to a smart phone or a server and the like, the two-way authentication of opening the equipment authorization is performed before the authorization authentication, so that the security of the terminal equipment authorization can be greatly improved.
After the device authorization service/function is opened in both directions by the first terminal and the second terminal, device authorization authentication can be performed. Fig. 2 is a schematic method flow diagram of an embodiment of a method for authenticating a terminal device according to the present application, and as shown in fig. 2, the method for performing authorization authentication after the first terminal and the second terminal device activate an authorization authentication function may include:
s1': the first terminal sends an authorization request message generated by encrypting the generated second key and the first equipment identification of the first terminal by using the stored first key.
The first terminal may encrypt the generated second key2 and the first device identifier app _ device _ id of the first terminal with the stored first key1 to form an authorization request message MSG _ A2, and send the authorization request message MSG _ A2.
The first terminal may generate the second key2 by using the application on the first terminal, where the generated second key2 may include a verification key generated randomly or according to a predetermined algorithm, and specifically, reference may be made to the first key1 generated in the process of opening the device authorization by the first terminal, which is not described herein again. In the foregoing, the first terminal generates and stores the first key1 when the device authorization is activated, where the first terminal may encrypt the generated second key2 and the first device identifier app _ device _ id of the first terminal by using the first secret key to form an authorization request message MSG _ A2 for a second terminal such as a wearable device, and may send the authorization request message MSG _ A2 in a short-distance communication manner such as WIFI, bluetooth, infrared, or in a point-to-point or other dedicated communication manner, so as to be received and processed by the second terminal.
S2': the second terminal acquires the authorization request message and decrypts the authorization request message by using the stored first secret key; and when the decryption is successful, judging whether a first authorized device identification corresponding to the first device identification obtained by the decryption is stored.
The second terminal may acquire the authorization request message MSG _ A2 and decrypt the acquired authorization request message MSG _ A2 with the stored first key1. And when the decryption is successful, comparing the first device identifier app _ divice _ id obtained by the decryption with a stored first authorized device identifier Pre _ app _ divice _ id, and judging whether a first authorized device identifier Pre _ app _ divice _ id corresponding to the first device identifier app _ divice _ id exists. The second terminal may be a wearable device, and specifically may include, but is not limited to, a wearable device equipped with a wristwatch, glasses, shoes, a hat, a garment, jewelry, a bracelet, a pendant, and the like, which are equipped with an intelligent processing chip.
In this embodiment, the second terminal of the wearable device may authenticate the first terminal of the smartphone. In the foregoing, the second terminal may obtain the first key1 sent by the first terminal in the process of opening the device authorization request, and the second terminal may receive the authorization request message MSG _ A2 sent by the first terminal, and then may decrypt the authorization request message MSG _ A2 by using the first key1. And if the decryption fails, the second terminal fails to authorize the equipment of the first terminal.
If the decryption is successful, the first device identifier app _ device _ id obtained by decrypting the authorization request message MSG _ A2 may be compared with the device identifier obtained and stored when the device authorization service is opened, and it may be determined whether the device identifier matches the device identifier when the device authorization service is opened. The foregoing second terminal device may obtain a first device identifier storing the first terminal when activating the device authorization, where the first device identifier stored in the second terminal may be used as a first authorization device identifier Pre _ app _ device _ id, and is marked as a reliable identifier of the terminal device. Certainly, in a scenario where the terminal device faces one-to-many or many-to-many applications, the second terminal may store a plurality of first authorization device identifiers, and each first authorization device identifier may correspond to one first terminal device. The second terminal may compare the first device identifier app _ device _ id with the first authorization device identifier Pre _ app _ device _ id, and determine whether the first authorization device identifier Pre _ app _ device _ id corresponding to the first device identifier app _ device _ id is stored.
If the result of the judgment is no, even if the authorization message MSG _ A2 is decrypted successfully, it may be set that the first terminal corresponding to the first device identifier app _ dice _ id in the authorization message is not authorized, or that the second terminal fails to authorize and authenticate the first terminal.
S3': and when the judgment result is that the first terminal is authorized, the second terminal authorizes the first terminal based on the first equipment identification and sends an authorization result message generated by encrypting the second equipment identification of the second terminal by using the second key obtained by decryption.
Certainly, when the determination result is that the first terminal is authorized, the second terminal authorizes the first terminal based on the first device identifier app _ device _ id; and the second terminal encrypts the second device identifier auth _ device _ id of the second terminal by using the second key2 obtained by decryption to form an authorization result message MSG _ B2, and sends the authorization result message MSG _ B2.
Specifically, the second terminal may authorize the first terminal based on obtaining the first device identifier app _ device _ id to mark the first terminal. In the embodiment of the application, after the second terminal performs authorization authentication on the first terminal, the first terminal also needs to perform reverse authentication on the second terminal, so that the security and reliability of the authorization authentication between the smart phone and the wearable device are improved. Therefore, the second terminal may encrypt the second device identifier auth _ device _ id of the second terminal by using the decrypted second key2, so as to form an authorization result message MSG _ B2 fed back to the first terminal. Of course, the second terminal may send the authorization result message MSG _ B2, and the specific message interaction transmission manner may refer to a message interaction manner between the first terminal and the second terminal in other embodiments of the present application, which is not described herein again.
S4': the first terminal acquires the authorization result message and decrypts the authorization result message by using the second secret key; and when the decryption is successful, judging whether a second authorization device identifier corresponding to the second device identifier obtained by the decryption is stored, and determining whether to authorize the second terminal based on the judgment result.
The first terminal may obtain the authorization result message MSG _ B2, and decrypt the authorization result message MSG _ B2 with the second key 2; and when the decryption is successful, comparing the decrypted second equipment identifier auth _ provision _ id with a stored second authorization equipment identifier Pre _ auth _ provision _ id, judging whether a second authorization equipment identifier Pre _ auth _ provision _ id corresponding to the second equipment identifier auth _ provision _ id exists or not, and determining whether to authorize the second terminal or not based on the judgment result.
The first terminal may obtain the authorization result message MSG _ B2 through WIFI or bluetooth, and decrypt the authorization result message MSG _ B2 by using the generated second key 2. If the decryption is successful, the second device identifier auth _ device _ id obtained by decrypting the authorization result message MSG _ B2 may be compared with the device identifier obtained and stored when the device authorization service is opened, and it may be determined whether the second device identifier matches the device identifier when the authorization service is opened. The second device identifier of the second terminal may be obtained and stored when the first terminal device opens the device authorization, and here, the second device identifier stored in the first terminal may be used as the second authorization device identifier Pre _ auth _ device _ id, which is marked as a reliable identifier of the terminal device. Certainly, in a scenario where the terminal device faces one-to-many or many-to-many applications, the first terminal may store a plurality of second authorization device identifiers, and each of the second authorization device identifiers may correspond to one second terminal device, for example, the second authorization device identifiers stored with a smart band and a smart watch. The first terminal may compare the second device identifier auth _ provision _ id with the second authorization device identifier Pre _ auth _ provision _ id, and determine whether a second authorization device identifier Pre _ auth _ provision _ id corresponding to the second device identifier auth _ provision _ id is stored.
Further, the first terminal may determine whether to authorize the second terminal based on the determination result. And if the judgment result is yes, the first terminal authorizes the second terminal. For example, the second device identifier of the smart band obtained by the smart phone is determined to be the same as the second authorization device identifier of the smart band stored when the authorization authentication is opened, and then the smart phone can authorize the smart band based on the second device identifier of the smart band, and complete the authorization authentication of the smart band. The first terminal may then perform a corresponding authorization operation for the second terminal. Of course, if the obtained second terminal device identifier is not consistent with the stored second authorization device identifier, the authorization for the second terminal is failed.
According to the terminal equipment authentication method, the authentication of the equipment authorization opening request can be carried out before the terminal equipment authentication, the terminal equipment which does not accord with the equipment authorization opening request is excluded, and the condition that the illegal terminal requires to open the equipment authorization can be effectively avoided in advance. In the process of equipment authorization authentication, especially, bidirectional authentication based on a preset key and generated first and second keys is adopted for authorization authentication of a client side of the wearable equipment and a server side of the intelligent terminal, compared with the traditional wearable equipment which only performs unidirectional authentication on the server side, the safety and reliability of authentication between the equipment are greatly improved, and the wearable equipment can be effectively prevented from being maliciously phishing, terminal cheating and the like.
In the prior art, the verification feature code used in the authorization authentication process is a fixed and unchangeable feature code, once the feature code is stolen, an attacker can acquire the authority of the terminal device by using the acquired feature code, and the safety and reliability are poor. The terminal device authentication method described in the present application also provides a preferred embodiment, in which the terminal device performing bidirectional authorization authentication may change the verification key in each authorization authentication process, so that the dynamically updated verification key may greatly improve the security of the authorization authentication of the terminal device. Fig. 3 is a schematic flowchart of another embodiment of a terminal device authentication method according to the present application, and as shown in fig. 3, the terminal device authentication method may further include:
and S5': when the second terminal judges that a first authorized device identifier Pre _ app _ device _ id corresponding to the first device identifier app _ device _ id is stored, replacing the first key1 with the second key 2;
and when the first terminal judges that a second authorized device identifier Pre _ auth _ service _ id corresponding to the decrypted second device identifier auth _ service _ id is stored, replacing the first key1 with the second key 2.
In the preferred embodiment, each time a new authorization authentication is performed, the first terminal may generate a new second verification key, and after a verification, the first terminal may replace the current first verification key with the new second verification key as the updated first key by the second terminal. The authentication method of the terminal equipment in the preferred embodiment of the application adopts dynamic update of the verification key, and can provide the security of the authorization authentication of the terminal equipment.
In conventional terminal equipment verification, especially, WIFI or Bluetooth communication is mostly adopted for verification between an intelligent terminal (a smart phone, a tablet personal computer and the like) and wearable equipment (a smart bracelet, a smart watch and the like), short-distance information transmission belongs to a mode with a low channel security level in the modern communication technology, and is easy to be intercepted by an attacker in the information transmission process, and transmitted information is easy to be stolen or forged. In another preferred embodiment of the terminal device authentication method according to the present application, additional verification information may be further added to the information content transmitted by the terminal device, so as to ensure the reliability of information reception and further improve the security and reliability of information transmission.
Fig. 4 is a schematic method flow diagram of another embodiment of a terminal device authentication method according to the present application, and as shown in fig. 4, the terminal device authentication method may further include:
s6': adding the first key to the authorization request message sent by the first terminal to encrypt the additional information generated according to the preset rule;
adding information for encrypting the additional information by using the second key to an authorization result message returned by the second terminal;
correspondingly, when the authorization result message is successfully decrypted, the first terminal also judges whether the additional information obtained by decryption is the same as the additional information obtained when the authorization request message is sent, and determines whether to authorize the second terminal according to the judgment result.
The added additional information may generally include, but is not limited to, a challenge code challenge (a series of random numbers that may be used to encrypt messages, avoid transmission of plaintext information over a communication link), a digest (account information for a user to log in, a session ID, etc.), and the like. In this embodiment, verification information of accessories such as challenge codes and abstracts can be added to the transmitted information, the information transmitted by the channel can be encrypted, an attacker can be effectively prevented from sending a data packet which is already received by the terminal device, so that the purpose of deceiving the system is achieved, and the correctness of authorization authentication can be effectively improved in the authorization authentication of the wearable device.
The application provides a terminal equipment authentication device based on the terminal equipment authentication method. Fig. 5 is a schematic block diagram of a terminal device authentication apparatus according to the present application, and as shown in fig. 5, the apparatus may include:
a first storage unit 101, configured to store the generated first key and the obtained second authorized device identifier of the second terminal;
a first encryption unit 102, configured to generate a second key, and encrypt, by using the first key, the second key and the obtained first device identifier to generate an authorization request message;
the first communication module 103 may be configured to send the authorization request message, and may also be configured to receive an authorization result message sent by the second terminal. In a specific implementation process, the communication module may include a WIFI communication module, or a bluetooth and infrared communication module based on short-range communication, and certainly may also include a mobile communication network module and a wired communication module of 2G/3G/4G and higher versions of communication protocols.
A first decryption determining unit 104, configured to decrypt the authorization result message with the second key, and when decryption is successful, determine whether the first storage unit 101 stores a second authorized device identifier corresponding to the decrypted second device identifier;
the first authorization module 105 may be configured to determine whether to authorize the second terminal based on the determination result of the first decryption determination unit 104.
The terminal equipment authentication device can be used for authenticating wearable equipment, such as a smart phone, a tablet personal computer or a special server, and can effectively and safely authenticate wearable equipment, and the security of the equipment authentication is improved.
In another preferred embodiment of the terminal device authentication apparatus according to the present application, the first key stored in the storage unit 101 may be further updated dynamically, and the key is updated in each device authorization authentication, so that the security and reliability of the device authorization authentication may be greatly improved. Fig. 6 is a schematic block structure diagram of another embodiment of the terminal device authentication apparatus according to the present application, and as shown in fig. 6, in a preferred embodiment, the terminal device authentication apparatus may further include:
the first key updating module 106 may be configured to replace the first key stored in the first storage unit 101 with the second key generated by the first encryption unit 102 in some cases as a result of the judgment by the first decryption judgment unit 104.
In order to guarantee the synchronous update of the terminal device verification key for authorization authentication, the first key update module 106 in this embodiment may replace the first key stored in the first storage unit 101 with the second key generated by the first encryption unit 102 when the first decryption determination unit 104 determines whether the first storage unit 101 stores the second authorized device identifier corresponding to the decrypted second device identifier. If the result of the judgment is yes, the second terminal which can receive the authorization request message passes the authorization authentication, and the verification key which is stored in advance in the second terminal, such as the first key, is updated to the second key, so that the consistency of the keys during encryption and decryption of the two-way terminal equipment of the authorization authentication can be ensured during the next authorization authentication.
In another embodiment of the present application, to further enhance the security of information transmission of a communication channel of a terminal device authorized for authentication, fig. 7 is a schematic block structure diagram of another embodiment of an authentication apparatus of a terminal device according to the present application, and as shown in fig. 7, the authentication apparatus of a terminal device may further include:
an additional information module 107, configured to add, to the authorization request message, information that the first key encrypts additional information generated according to a predetermined rule;
correspondingly, the first decryption determining unit 104 further determines whether the additional information obtained by decryption is the same as the additional information added to the authorization request message when the authorization result message is decrypted successfully, and the first authorization module 105 determines whether to authorize the second terminal according to the determination result of the additional information.
In an embodiment of the terminal device authentication apparatus described herein, the second terminal may be a wearable device, and specifically, the second terminal may include, but is not limited to, a wearable device equipped with a wristwatch, glasses, shoes, a hat, a garment, jewelry, a bracelet, and a pendant having an intelligent processing chip.
The terminal equipment heat resistance device can be used for authenticating terminal equipment such as a smart phone, a tablet personal computer or a special server and the like which can be worn, correspondingly, the application also provides a device which can be used for authenticating terminal equipment of wearable equipment such as a smart watch and a smart bracelet and is used for authorizing and authenticating the terminal equipment such as the smart phone and the server. Fig. 8 is a schematic block structure diagram of an embodiment of an authentication apparatus for a terminal device according to the present application, and as shown in fig. 8, the apparatus may include:
a second communication module 201, configured to receive an authorization request message sent by a first terminal and send an authorization result message;
a second storage unit 202, configured to store the obtained first authorized device identifier of the first terminal and the first key;
a second decryption determining unit 203, configured to decrypt the authorization request message by using the stored first key, and when decryption is successful, determine whether the second storing unit 202 stores a first authorized device identifier corresponding to the first device identifier;
the second authorization module 204 may determine whether to authorize the first terminal corresponding to the first device identifier based on the determination result of the second decryption determination unit 203.
The second encrypting unit 205 may be configured to encrypt the second device identifier of the second terminal with the second key to generate an authorization result message when the determination result of the second decryption determining unit 203 is positive.
The device for authenticating the terminal device provided by the embodiment can authenticate the terminal device such as a smart phone requesting authorization in the terminal of the wearable device, and complete the bidirectional authorization authentication of the terminal device. In this embodiment, the authorization request message may be decrypted by using the first key obtained when the authorization request is opened to obtain the first device identifier, and the first device identifier is compared with the stored first authorization device identifier, so as to determine whether the first terminal requesting authorization is legal, and determine whether to authorize the first terminal according to the determination result. Therefore, reverse authentication can be effectively carried out on the intelligent terminal, the server and the like which request the authorization authentication in the terminal equipment which can wear the equipment, and the security of the authorization authentication of the terminal equipment is improved.
In a preferred embodiment, the apparatus for authenticating a terminal device of a wearable device may also perform dynamic update of a verification key, so as to improve security and reliability of authorization authentication of the terminal device. Fig. 9 is a schematic block structure diagram of another embodiment of an authentication apparatus for terminal equipment according to the present application, and as shown in fig. 9, the apparatus may further include:
the second key updating module 206 may be configured to replace the first key stored in the second storage unit 201 with the second key obtained by decryption when the second decryption determining unit 203 determines that the second storage unit 202 stores the first authorized device identifier corresponding to the first device identifier obtained by decryption.
As described above, after the second terminal successfully decrypts, the stored first key may be replaced with the second key obtained when the authorization request message is decrypted, so as to implement dynamic update of the verification key in the authorization authentication of the terminal device, and provide security and reliability of the verification process.
Fig. 10 is a schematic block structure diagram of another embodiment of an authentication apparatus for terminal equipment according to the present application, and as shown in fig. 10, in another preferred embodiment, the apparatus may further include:
the additional information processing module 207 may be configured to add, to the authorization result message, information for encrypting the additional information obtained by decryption using the second key obtained by decryption.
The additional information is added into the transmission message authorized and authenticated by the terminal equipment, so that the forged transmission message can be prevented, and the safety of the transmission of the communication channel information of the terminal equipment authorized and authenticated is further enhanced.
Based on this application can be used for wearable equipment's first terminal equipment and smart mobile phone, panel computer, server's second terminal equipment's terminal equipment authentication device, this application provides a terminal equipment authentication system, the system specifically can include:
the first terminal may be configured to send an authorization request message generated by encrypting the generated second key and the first device identifier of the first terminal with the stored first key; the second terminal can also be used for obtaining an authorization result message sent by the second terminal and decrypting the authorization result message by using the second key; the terminal further comprises a second authorization device identifier corresponding to the second device identifier obtained by decryption, and is used for judging whether the second authorization device identifier is stored or not when the decryption is successful, and determining whether the second terminal is authorized or not based on the judgment result;
the second terminal, can be used for the first terminal to send and obtain the solicited message of authorization, and decipher with the first cipher key stored; the method can also be used for judging whether a first authorized device identifier corresponding to the first device identifier obtained by decryption is stored or not when the decryption is successful; and the second terminal may be further configured to authorize the first terminal based on the first device identifier when the determination result is yes, and send an authorization result message generated by encrypting the second device identifier of the second terminal with the second key obtained by the decryption.
In an embodiment of the terminal device authentication system, the method may further include:
means for replacing, by the first terminal, the first key with the second key when it is determined that a second authorized device identifier corresponding to the decrypted second device identifier is stored:
and the second terminal replaces the first key with the second key when judging that a first authorized device identifier corresponding to the first device identifier exists.
The terminal device authentication system described in the above embodiment can implement bidirectional authorization authentication between terminal devices, and provide security of device authorization authentication, and the verification key employed in the preferred embodiment is dynamically updated, so that security and reliability of device authorization authentication can be further improved.
The application also provides an equipment authorization authentication terminal equipment authentication system which can be opened before authorization authentication, and can ensure that the terminal equipment requesting authorization authentication with the terminal equipment has the authority to carry out authorization authentication. Therefore, the terminal device authentication system provided by the present application may specifically include:
the first terminal may be configured to send an authorization opening request message generated by encrypting the generated first key and the first device identifier of the first terminal with the stored preset key; the first key is used for obtaining the authorization opening result message sent by the second terminal and using the first key to carry out the authorization opening result message; if the decryption is successful, the equipment authorization is opened;
the second terminal can be used for acquiring the authorization opening request message sent by the first terminal, decrypting the authorization opening request message by using the stored preset key and judging whether to open equipment authorization or not according to the decrypted result; the method and the device can also be used for sending an authorization opening result message generated by encrypting the second equipment identifier of the second terminal by using the first key obtained by decryption when the decryption result is successful.
In a preferred embodiment, the terminal device authentication system may further include at least one of the following.
Means for opening device authorization for the second terminal based on the second device identifier obtained by the decryption when the decryption is successful by the first terminal;
and when the second terminal succeeds in the decryption result, opening equipment authorization for the first terminal based on the first equipment identifier obtained by the decryption.
The second terminal in the terminal device authentication system may include, but is not limited to, a wearable device of a wristwatch, glasses, shoes, a hat, clothing, jewelry, a bracelet, and a pendant, which are equipped with an intelligent processing chip.
The terminal equipment authentication method, the device and the system can achieve two-way authentication of opening equipment authorization and equipment authorization among multiple terminals, and greatly improve the security of terminal equipment authentication compared with one-way authentication of terminal equipment, particularly wearable equipment in the prior art.
Although the content of the application refers to information interaction based on message transmission such as mobile communication network, WIFI, bluetooth, etc., the application is not limited to the case of data transmission protocol which must be completely standard. The above-described scheme of the embodiments of the present application can also be implemented by a slightly modified transmission mechanism based on some protocols. Of course, even if the general or standard protocol is not adopted, but a private protocol is adopted, the same application can be still realized as long as the information interaction and information judgment feedback mode of each embodiment described in the present application is met, and details are not described herein.
The units or modules illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, in implementing the present application, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of multiple sub-modules or sub-units.
Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, classes, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
From the above description of the embodiments, it is clear to those skilled in the art that the present application can be implemented by software plus a necessary general hardware platform. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, a smart chip, or the like, and includes several instructions for enabling a computer device (which may be a personal computer, a mobile terminal, a server, a wearable device, or a network device) to execute the method according to the embodiments or some parts of the embodiments of the present application.
The embodiments in the present specification are described in a progressive manner, and the same or similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. The application can be used in numerous general purpose or special purpose computer systems or environments or configurations including intelligent processing chip terminals. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, programmable electronic devices, network PCs, minicomputers, mainframe computers, wearable devices, the like, as well as distributed computing environments that include any of the above systems or devices, and the like.
While the present application has been described with examples, those of ordinary skill in the art will appreciate that there are numerous variations and permutations of the present application without departing from the spirit of the application, and it is intended that the appended claims encompass such variations and permutations without departing from the spirit of the application.
Claims (37)
1. A data processing method of device authentication, the method comprising:
the first terminal and the second terminal respectively store preset keys; the preset key comprises a key which is dynamically updated in each authorization and authentication process;
the first terminal and the second terminal utilize the stored preset key to carry out the authentication of opening the authorization of the equipment, wherein the authentication comprises the following steps: the first terminal generates an authorization opening request message by using a stored preset key; the first terminal sends the authorization opening request message to a second terminal; the second terminal decrypts the authorization opening request message by using the stored preset key; and when the decryption result is successful, the second terminal authorizes the first terminal opening equipment based on the first equipment identifier of the first terminal in the authorization opening request message.
2. The method of claim 1, when the result of the decryption is successful, the method further comprising:
the second terminal sends an authorization opening result message generated by encryption to the first terminal;
the first terminal decrypts the authorization opening result message;
and the first terminal confirms whether to open the equipment authorization or not based on the decryption result of the authorization opening result message.
3. The method of claim 1, further comprising:
the first terminal generates a first key;
correspondingly, the authorizing and opening request message comprises the information content comprising the first key which is generated by encrypting by using a preset key.
4. The method of claim 2, further comprising:
the first terminal generates a first key;
correspondingly, the authorization opening request message comprises that information content comprising the first key is encrypted and generated by using a preset key; and/or the first terminal decrypts the authorization opening result message by using the first key.
5. The method of claim 1, the first terminal comprising a smartphone and the second terminal comprising a wearable device.
6. The method of claim 1, wherein the first terminal and the second terminal perform information interaction by means of near field communication.
7. The method of claim 1, the preset key comprising:
a secret key which is preset by the first terminal and the second terminal and used for opening the equipment authorization is set;
alternatively, the first and second electrodes may be,
the first terminal is downloaded and obtained from a special server or a service provider side through an application.
8. The method of claim 1, further comprising:
and if the second terminal fails to decrypt the authorization opening request message, refusing to open the equipment authorization of the first terminal.
9. A data processing method of device authentication, the method comprising:
a first terminal sends an authorization opening request message, wherein the authorization opening request message is generated by encrypting a stored preset key; the preset key comprises a key which is dynamically updated in each authorization and authentication process;
the first terminal acquires an authorization opening result message sent by the second terminal;
the first terminal confirms whether to open the equipment authorization or not based on the decryption result of the authorization opening result message, wherein the authorization opening result message comprises: and the second terminal encrypts the authorization opening request message to generate an authorization opening result message when the stored preset key is used for successfully decrypting the authorization opening request message.
10. The method of claim 9, wherein the first terminal performs information interaction with the second terminal by means of near field communication.
11. The method of claim 9, the preset key comprising:
a key stored in advance in the terminal device;
alternatively, the first and second liquid crystal display panels may be,
obtained by downloading the application from a special server or a service provider side.
12. A data processing method of device authentication, the method comprising:
the second terminal acquires an authorization opening request message sent by the first terminal, wherein the authorization opening request message comprises: the first terminal encrypts and generates by using a stored preset key; the preset key comprises a key which is dynamically updated in each authorization and authentication process;
the second terminal decrypts the authorization opening request message by using the stored preset key;
and when the decryption result is successful, the second terminal authorizes the first terminal opening equipment based on the first equipment identification of the first terminal in the authorization opening request message.
13. The method as recited in claim 12, further comprising:
the second terminal sends an authorization opening result message to the first terminal so that the first terminal determines whether to open equipment authorization for the second terminal based on a decryption result of the authorization opening result message; the authorization opening result message comprises an authorization opening result message generated by encrypting a second equipment identifier of the second terminal.
14. The method of claim 12, wherein the first terminal performs information interaction with the second terminal by means of near field communication.
15. The method of claim 12, the preset key comprising:
a key stored in advance in the terminal device;
alternatively, the first and second electrodes may be,
obtained by downloading the application from a special server or a service provider side.
16. A data processing method of device authentication, the method comprising:
the first terminal and the second terminal respectively store a first key;
the first terminal and the second terminal utilize the stored first key to authenticate the equipment authorization, wherein the authentication comprises the following steps: the first terminal generates an authorization request message by using the stored first key; the first terminal sends the authorization request message to the second terminal; the first secret key stored by the second terminal decrypts the authorization request message; when the decryption is successful, the second terminal judges whether a first authorized device identifier corresponding to the first device identifier of the first terminal is stored; when the judgment result is yes, the second terminal authorizes the first terminal based on the first equipment identifier;
the terminal equipment transforms the verification key in each authorization authentication process, and the method comprises the following steps: each time of new authorization authentication, the first terminal generates a new second key; and after one authentication, the first terminal and the second terminal replace the current first key with the new second key to be used as the updated first key.
17. The method according to claim 16, wherein when the determination result is yes, the method further comprises:
the second terminal sends an authorization result message generated by encryption to the first terminal;
the first terminal decrypts the authorization result message;
when the first terminal successfully decrypts the authorization result message, judging whether a second authorization equipment identifier corresponding to the second terminal identifier is stored;
and if the first terminal stores a second authorization equipment identifier corresponding to the equipment identifier of the second terminal, the first terminal authorizes the second terminal.
18. The method of claim 16, the first terminal comprising a smartphone and the second terminal comprising a wearable device.
19. The method of claim 16, wherein the first terminal and the second terminal perform information interaction by means of near field communication.
20. The method of claim 16, the method further comprising:
the first terminal generates a second key, wherein the second key comprises an authentication key generated randomly or according to a preset algorithm;
correspondingly, the authorization request message includes the encrypted generation of the information content including the second key by using the stored first key.
21. The method of claim 17, the method further comprising:
the first terminal generates a second key, wherein the second key comprises an authentication key generated randomly or according to a preset algorithm;
correspondingly, the authorization request message comprises the encrypted generation of the information content comprising the second key by utilizing the stored first key; and/or the first terminal decrypts the authorization result message by using the second key.
22. The method of claim 20 or 21, further comprising:
and adding information for encrypting additional information by using the second key to the authorization result message sent by the second terminal.
23. The method of claim 22, wherein the additional information comprises a string of random numbers.
24. A data processing method of device authentication, the method comprising:
the first terminal sends an authorization request message, wherein the authorization request message comprises encrypted generation by using a stored first secret key;
the first terminal acquires an authorization result message sent by the second terminal and decrypts the authorization result message;
when the authorization result message is decrypted successfully, judging whether a second authorization equipment identifier corresponding to the second terminal is stored;
if the first terminal stores a second authorization equipment identifier corresponding to the second terminal, the first terminal authorizes the second terminal;
the first terminal transforms the verification key in each authorization authentication process, and the method comprises the following steps: each time of new authorization authentication, the first terminal generates a new second key; and after one-time verification, the first terminal replaces the current first key with the new second key to serve as the updated first key.
25. The method of claim 24, the authorization result message comprising:
decrypting the authorization request message at the second terminal using the stored first key;
when the decryption is successful, judging whether a second terminal stores a first authorized device identifier corresponding to the device identifier of the first terminal;
and when the judgment result is yes, encrypting the second equipment identifier of the second terminal to generate an authorization result message.
26. The method of claim 24, wherein the first terminal interacts with the second terminal by way of near field communication.
27. The method of claim 24, the method further comprising:
the first terminal generates a second key, wherein the second key comprises a verification key generated randomly or according to a predetermined algorithm;
correspondingly, the authorization request message includes the encrypted generation of the information content including the second key by using the stored first key.
28. A data processing method of device authentication, the method comprising:
the second terminal acquires an authorization request message sent by the first terminal, wherein the authorization request message comprises a first key which is encrypted and generated by the first terminal by using the stored first key;
the second terminal decrypts the authorization request message by using the stored first key;
when the decryption is successful, the second terminal judges whether a first authorized device identification corresponding to the device identification of the first terminal is stored;
when the judgment result is yes, the second terminal authorizes the first terminal based on the first equipment identifier of the first terminal;
receiving a new second key generated by the first terminal, and after one-time verification, replacing the current first key with the new second key by the second terminal to serve as the updated first key; the second key comprises the generation of a transformation verification key in each authorization authentication process of the first terminal.
29. The method of claim 28, the method further comprising:
and the second terminal sends an authorization result message to the first terminal so that the first terminal authorizes the second terminal when successfully decrypting the authorization result message and judging that a second authorization equipment identifier corresponding to the second equipment identifier is stored, wherein the authorization result message comprises an authorization result message generated by encrypting the second equipment identifier of the second terminal.
30. The method of claim 28, wherein the first terminal interacts with the second terminal by means of near field communication.
31. A terminal device comprising a controller and a storage medium storing computer-executable instructions, the controller executing the executable instructions to implement comprising:
sending an authorization opening request message, wherein the authorization opening request message is generated by encrypting by using a preset key; the preset key comprises a key which is dynamically updated in each authorization and authentication process;
confirming whether to open equipment authorization or not based on a decryption result of an authorization opening result message, wherein the authorization opening result message comprises: and the second terminal encrypts the authorization opening request message to generate an authorization opening result message when the stored preset key is used for successfully decrypting the authorization opening request message.
32. A wearable device comprising a smart processing chip that at least implements:
obtaining an authorization opening request message sent by a first terminal, wherein the authorization opening request message comprises: the first terminal encrypts and generates by using a stored preset key; the preset key comprises a key which is dynamically updated in each authorization and authentication process;
decrypting the authorization opening request message by using a stored preset key;
and when the decryption result is successful, authorizing the first terminal to open equipment based on the first equipment identifier of the first terminal in the authorization opening request message.
33. The wearable device of claim 32, the smart processing chip further implementing:
sending an authorization opening result message to the first terminal so that the first terminal determines whether to open equipment authorization for the wearable equipment based on a decryption result of the authorization opening result message; wherein the authorization fulfillment result message comprises an authorization fulfillment result message generated by encrypting a second device identification of the wearable device.
34. A terminal device comprising a controller and a storage medium storing computer-executable instructions, the controller executing the executable instructions to implement comprising:
sending an authorization request message, wherein the authorization request message comprises encrypted generation by utilizing a stored first secret key;
obtaining an authorization result message sent by a second terminal, and decrypting the authorization result message;
when the authorization result message is decrypted successfully, judging whether a second authorization equipment identifier corresponding to the second terminal is stored;
if a second authorization equipment identifier corresponding to the second terminal is stored, authorizing the second terminal;
generating a new second key for each new authorization authentication; and replacing the current first key with the new second key to serve as the updated first key.
35. A wearable device comprising a smart processing chip that at least implements:
obtaining an authorization request message sent by a first terminal, wherein the authorization request message comprises a first key which is encrypted and generated by the first terminal by using a stored first key;
decrypting the authorization request message using the stored first key;
when the decryption is successful, judging whether a first authorized device identification corresponding to the device identification of the first terminal is stored;
when the judgment result is yes, authorizing the first terminal based on the first equipment identification of the first terminal;
generating a new second key for each new authorization authentication; and replacing the current first key with the new second key to serve as the updated first key.
36. An authentication system for opening device authorization, comprising a mobile intelligent terminal and a wearable device, wherein the mobile intelligent terminal comprises a controller and a storage medium for storing computer executable instructions, the wearable device comprises an intelligent processing chip, wherein,
the controller executing the executable instructions implements the method steps of any of claims 9-11;
alternatively, the smart processing chip implements the method steps of any one of claims 12-15.
37. An authentication system for device authorization, comprising a mobile smart terminal comprising a controller and a storage medium storing computer-executable instructions, and a wearable device comprising a smart processing chip, wherein,
the controller executing the executable instructions performs the method steps of any one of claims 24-27;
alternatively, the smart processing chip implements the method steps of any one of claims 28-30.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910501817.XA CN110365484B (en) | 2015-03-17 | 2015-03-17 | Data processing method, device and system for equipment authentication |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510115367.2A CN106034028B (en) | 2015-03-17 | 2015-03-17 | A kind of terminal device authentication method, apparatus and system |
| CN201910501817.XA CN110365484B (en) | 2015-03-17 | 2015-03-17 | Data processing method, device and system for equipment authentication |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510115367.2A Division CN106034028B (en) | 2015-03-17 | 2015-03-17 | A kind of terminal device authentication method, apparatus and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110365484A CN110365484A (en) | 2019-10-22 |
| CN110365484B true CN110365484B (en) | 2023-01-20 |
Family
ID=57151061
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510115367.2A Active CN106034028B (en) | 2015-03-17 | 2015-03-17 | A kind of terminal device authentication method, apparatus and system |
| CN201910501817.XA Active CN110365484B (en) | 2015-03-17 | 2015-03-17 | Data processing method, device and system for equipment authentication |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510115367.2A Active CN106034028B (en) | 2015-03-17 | 2015-03-17 | A kind of terminal device authentication method, apparatus and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN106034028B (en) |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018076291A1 (en) * | 2016-10-28 | 2018-05-03 | 美的智慧家居科技有限公司 | Method and system for generating permission token, and device |
| CN106792700A (en) * | 2016-12-23 | 2017-05-31 | 北京握奇数据系统有限公司 | The method for building up and system of a kind of secure communication environment of wearable device |
| CN106850209A (en) * | 2017-02-28 | 2017-06-13 | 苏州福瑞思信息科技有限公司 | A kind of identity identifying method and device |
| CN109936547A (en) | 2017-12-18 | 2019-06-25 | 阿里巴巴集团控股有限公司 | Identity identifying method, system and calculating equipment |
| CN108256309B (en) * | 2018-01-10 | 2020-01-03 | 飞天诚信科技股份有限公司 | Method and device for realizing system logging in windows10 or above |
| CN109271777B (en) * | 2018-07-03 | 2022-04-05 | 华东师范大学 | Wearable device authentication method based on eye movement characteristics |
| CN111163468A (en) * | 2018-11-08 | 2020-05-15 | 北京华为数字技术有限公司 | Communication connection method and device |
| CN109802827B (en) * | 2018-12-19 | 2022-02-01 | 中国长城科技集团股份有限公司 | Key updating method and key updating system |
| CN111585939B (en) * | 2019-02-18 | 2023-04-14 | 深圳市致趣科技有限公司 | End-to-end identity authentication and communication encryption method and system between Internet of things devices |
| CN110278080B (en) * | 2019-07-11 | 2020-10-02 | 珠海格力电器股份有限公司 | Method, system and computer readable storage medium for data transmission |
| CN113206817B (en) * | 2020-02-03 | 2022-07-12 | 中移物联网有限公司 | Equipment connection confirmation method and block chain network |
| CN112532629B (en) * | 2020-11-30 | 2023-01-24 | 航天信息股份有限公司 | Data transmission method, device, equipment and medium |
| CN112565260B (en) * | 2020-12-06 | 2022-08-16 | 武汉卓尔信息科技有限公司 | Uplink and downlink data security isolation system and method based on edge computing gateway |
| CN114640491A (en) * | 2020-12-16 | 2022-06-17 | 深圳优地科技有限公司 | Communication method and system |
| CN112632522A (en) * | 2020-12-31 | 2021-04-09 | 深信服科技股份有限公司 | Authorization method, authorization request method and related device |
| CN113099446B (en) * | 2021-04-02 | 2023-02-21 | 广东海聊科技有限公司 | Safety verification method and system for Beidou short message terminal |
| CN113473468B (en) * | 2021-09-02 | 2021-11-23 | 中国电力科学研究院有限公司 | Broadband cognitive wireless communication method and system |
| CN114389813A (en) * | 2021-11-26 | 2022-04-22 | 北京升明科技有限公司 | Method, device, equipment and storage medium for access authorization of browser |
| CN114301925B (en) * | 2021-12-31 | 2023-12-08 | 展讯通信(天津)有限公司 | Data transmission method and related equipment |
| CN115107701B (en) * | 2022-07-26 | 2024-02-23 | 合众新能源汽车股份有限公司 | Automobile anti-theft authentication method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
| CN101150397A (en) * | 2007-10-25 | 2008-03-26 | 宇龙计算机通信科技(深圳)有限公司 | Method and mobile terminal for secure communication between mobile terminal and computer |
| CN101583124A (en) * | 2009-06-10 | 2009-11-18 | 大唐微电子技术有限公司 | Authentication method and system of subscriber identity module and terminal |
| CN103916840A (en) * | 2012-12-30 | 2014-07-09 | 北京握奇数据系统有限公司 | Method for binding and verification of mobile device and external device |
| CN104158666A (en) * | 2014-08-28 | 2014-11-19 | 电子科技大学 | Method of implementing binding and authentication of intelligent bracelet and intelligent mobile terminal |
| CN104301886A (en) * | 2014-10-21 | 2015-01-21 | 中国联合网络通信集团有限公司 | Short message reading method and system, terminal and wearable device |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100619005B1 (en) * | 1999-11-25 | 2006-08-31 | 삼성전자주식회사 | Authentication method for establishing connection between devices |
| WO2003036867A1 (en) * | 2001-10-26 | 2003-05-01 | Ktfreetel Co., Ltd. | System and method for performing mutual authentication between mobile terminal and server |
| US8065235B2 (en) * | 2003-05-05 | 2011-11-22 | International Business Machines Corporation | Portable intelligent shopping device |
| CN101001143A (en) * | 2006-01-12 | 2007-07-18 | 中兴通讯股份有限公司 | Method for authenticating system equipment by terminal equipment |
| CN101784045A (en) * | 2009-01-20 | 2010-07-21 | 英华达(上海)电子有限公司 | Method and device for generating secrete key and method and device for loading secrete key |
| US8713661B2 (en) * | 2009-02-05 | 2014-04-29 | Wwpass Corporation | Authentication service |
| CN102752269B (en) * | 2011-04-21 | 2015-10-07 | 中国移动通信集团广东有限公司 | Based on the method for the authentication of cloud computing, system and cloud server |
| CN103457915A (en) * | 2012-06-01 | 2013-12-18 | 李俊霖 | Military Internet of Things security protocol capable of being proved in formalized mode |
| JP2013179701A (en) * | 2013-06-12 | 2013-09-09 | Sony Corp | Encryption device and method |
| CN104217230B (en) * | 2014-08-29 | 2017-03-15 | 公安部交通管理科学研究所 | The safety certifying method of hiding ultrahigh frequency electronic tag identifier |
-
2015
- 2015-03-17 CN CN201510115367.2A patent/CN106034028B/en active Active
- 2015-03-17 CN CN201910501817.XA patent/CN110365484B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
| CN101150397A (en) * | 2007-10-25 | 2008-03-26 | 宇龙计算机通信科技(深圳)有限公司 | Method and mobile terminal for secure communication between mobile terminal and computer |
| CN101583124A (en) * | 2009-06-10 | 2009-11-18 | 大唐微电子技术有限公司 | Authentication method and system of subscriber identity module and terminal |
| CN103916840A (en) * | 2012-12-30 | 2014-07-09 | 北京握奇数据系统有限公司 | Method for binding and verification of mobile device and external device |
| CN104158666A (en) * | 2014-08-28 | 2014-11-19 | 电子科技大学 | Method of implementing binding and authentication of intelligent bracelet and intelligent mobile terminal |
| CN104301886A (en) * | 2014-10-21 | 2015-01-21 | 中国联合网络通信集团有限公司 | Short message reading method and system, terminal and wearable device |
Non-Patent Citations (3)
| Title |
|---|
| Nested mechanism for mutual authentication;S Sridhar ET AL;《2011 3rd International Conference on Electronics Computer Technology》;20110410;正文第1-3节 * |
| S Sridhar.Nested mechanism for mutual authentication.《2011 3rd International Conference on Electronics Computer Technology》.2011, * |
| 基于对称加密算法的双向认证方法及系统;庞辽军等;《西安西电捷通无线网络通信股份有限公司》;20110807;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110365484A (en) | 2019-10-22 |
| CN106034028B (en) | 2019-06-28 |
| CN106034028A (en) | 2016-10-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110365484B (en) | Data processing method, device and system for equipment authentication | |
| US11501294B2 (en) | Method and device for providing and obtaining graphic code information, and terminal | |
| US9659160B2 (en) | System and methods for authentication using multiple devices | |
| JP2020109671A (en) | Method and device for personal authentication | |
| CN106656510B (en) | A kind of encryption key acquisition methods and system | |
| CN110192381B (en) | Key transmission method and device | |
| JP2017514421A (en) | Authentication apparatus and method | |
| CN110545252B (en) | Authentication and information protection method, terminal, control function entity and application server | |
| CN101621794A (en) | Method for realizing safe authentication of wireless application service system | |
| AU2020415282B2 (en) | Multi-factor authentication providing a credential via a contactless card for secure messaging | |
| CN111131300B (en) | Communication method, terminal and server | |
| US20090044007A1 (en) | Secure Communication Between a Data Processing Device and a Security Module | |
| CN114765534A (en) | Private key distribution system based on national password identification cryptographic algorithm | |
| KR101358375B1 (en) | Prevention security system and method for smishing | |
| CN113612852A (en) | Communication method, device, equipment and storage medium based on vehicle-mounted terminal | |
| CN109451504B (en) | Internet of things module authentication method and system | |
| US9917694B1 (en) | Key provisioning method and apparatus for authentication tokens | |
| US20240106633A1 (en) | Account opening methods, systems, and apparatuses | |
| Diallo et al. | A secure authentication scheme for bluetooth connection | |
| US9876774B2 (en) | Communication security system and method | |
| US9648495B2 (en) | Method and device for transmitting a verification request to an identification module | |
| CN105610770A (en) | Access method, access device, terminal, encryption method, encryption device and terminal | |
| TWM569453U (en) | Digital data processing system | |
| TWI705347B (en) | Identity authentication method and equipment | |
| KR20170120898A (en) | Apparatus for confirming data and method for confirming data using the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20201009 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20201009 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after: Advanced innovation technology Co.,Ltd. Address before: Greater Cayman, British Cayman Islands Applicant before: Alibaba Group Holding Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |