CN110460567A - A kind of identification authentication method and device - Google Patents

Abstract

A kind of identification authentication method and device, applied to the communication system including device cluster and authentication server, device cluster includes at least two equipment, and at least one of the first equipment at least two equipment and other equipment are connect；This method solve the lower problems of the safety of authentication low efficiency, data.After the generic token and key for getting device cluster, first equipment is according to the mark of key and first equipment, generate the device token of the first equipment, later, generate the authentication-tokens including generic token and device token, it is communicated in this way, the authentication-tokens can be used in the first equipment with authentication server, to obtain authenticating result.Generic token is that authentication server is generated according to the mark of device cluster and the first predetermined encryption algorithm, and key is that authentication server is determining according to the mark of device cluster.

Description

A kind of identification authentication method and device

Technical field

The invention relates to field of communication technology more particularly to a kind of identification authentication method and devices.

Background technique

In order to guarantee the safety of system and data, when a certain service of terminal access, the server for providing the service can be to this Terminal carries out identification authentication (also known as " authentication ", " verifying ").

In the prior art, Authentication Center is used to provide universal retrieval for multiple terminals.Specifically, Authentication Center reception is each The authentication request that terminal is sent, and the authentication request received is routed to corresponding authenticating unit, by corresponding authenticating unit Complete authentication.But the program authenticates all have to pass through Authentication Center every time, increases the complexity of authentication communication process, mirror Weigh low efficiency；In addition, all authenticating units also can be all severely impacted if Authentication Center is attacked, it can not effective guarantee number According to safety.

Summary of the invention

The application provides a kind of identification authentication method and device, is able to solve existing authentication low efficiency, the safety of data The lower problem of property.

In order to achieve the above objectives, the application adopts the following technical scheme that

In a first aspect, providing a kind of identification authentication side applied to the communication system for including device cluster and authentication server Method, wherein device cluster includes at least two equipment, at least one in the first equipment and other equipment at least two equipment A connection.Specifically, in the generic token for getting device cluster, (for ease of description, the subsequent generic token that is all made of is retouched State) and key after, the first equipment generates the device token of first equipment according to the mark of key and first equipment, it Afterwards, the first equipment generates the authentication-tokens of the device token including generic token and first equipment, the authentication-tokens and first Equipment uniquely corresponds to, and communicates in this way, the authentication-tokens can be used in the first equipment with authentication server, to obtain authenticating result. Generic token in the application is that authentication server is generated according to the mark of device cluster and the first predetermined encryption algorithm, key Determining according to the mark of device cluster for authentication server.

As can be seen that the first equipment in device cluster after getting generic token and key, can voluntarily generate this first The authentication-tokens of equipment, and directly communicated with authentication server, it no longer needs to effectively improve authentication by other equipment Efficiency.

In addition, authentication-tokens include generic token and with equipment uniquely corresponding device token, and generic token and equipment Token is that distinct device generates, and only in the correct situation of generic token and device token, could authenticate successfully, have Improve to effect the safety of data and system.

Optionally, in a kind of possible implementation of the application, the first equipment of the application is the master in device cluster Equipment, each equipment in above-mentioned other equipment is from equipment, and main equipment is connect with each from equipment.In this scene, First equipment also sends generic token and key from equipment to each, in order to it is each from equipment according to generic token and key Generate the authentication-tokens of itself.

Main equipment is communicated with authentication server, obtains generic token and key, and the generic token and key that will acquire Be sent to it is each from equipment, in this way, each equipment in device cluster can get generic token and key.It is general obtaining During token and key, only main equipment is communicated with authentication server, effectively reduces the access pressure of authentication server Power.

It optionally, is the main equipment in device cluster in the first equipment in the alternatively possible implementation of the application Scene in, the method for above-mentioned generic token and key of device cluster " the first equipment acquisition " includes: that the first equipment obtains equipment The mark of each equipment in the mark and device cluster of race, and mark and device cluster including device cluster are sent to authentication server In each equipment mark authentication request；Correspondingly, the first equipment receives the generic token and close that authentication server is sent Key.

It optionally, is the main equipment in device cluster in the first equipment in the alternatively possible implementation of the application Scene in, the first equipment also to authentication server send include the second equipment mark first message, be used to indicate second Equipment is newly to be added to the equipment of device cluster, or for notifying the second equipment to have logged out device cluster；Correspondingly, first sets The standby second message for receiving authentication server and sending；If the second equipment is newly to be added to the equipment of device cluster, second message is used for It is designated as the second equipment and provides token；If the second equipment is the equipment for having logged out device cluster, second message is used to indicate removal The token of second equipment.If second message, which is used to indicate, provides token for the second equipment, the first equipment sends logical to the second equipment With token and key, in order to which the second equipment generates according to generic token and key the authentication-tokens of the second equipment.

First equipment is the main equipment in device cluster, therefore, should when newly adding equipment in device cluster or exiting equipment Main equipment can get the mark of the equipment, that is, get the mark of the second equipment.If the second equipment is new addition equipment, In order to improve the authentication efficiency of second equipment, the first equipment notifies newly to be added in the authentication server device cluster in time Two equipment mean that second equipment provides token in order to which authentication server is same.If the second equipment is the equipment having dropped out, it is Guaranteeing the safety of data and system, the first equipment notifies the second equipment of authentication server to have logged out the device cluster in time, In order to which authentication server timely updates the relevant information of the second equipment, the unauthorized access of the second equipment is prevented.

It optionally, include main equipment and at least one in device cluster in the alternatively possible implementation of the application From equipment, the first equipment is at least one scene of any one from the device, and above-mentioned " the first equipment obtains general order The method of board and key " includes: the generic token and key that the first equipment receives that main equipment is sent.

Second aspect provides a kind of electronic equipment.Applied to the communication system including device cluster and authentication server, equipment Race includes at least two equipment, and at least one of the first equipment at least two equipment and other equipment are connect, and electronics is set Standby is the first equipment.Electronic equipment provided by the present application includes acquiring unit, generation unit and communication unit.

Specifically, above-mentioned acquiring unit, for obtaining the generic token and key of device cluster, generic token is authentication service Device is generated according to the mark of device cluster and the first predetermined encryption algorithm, and key is mark of the authentication server according to device cluster Determining.Above-mentioned generation unit, the mark of key and the first equipment for being got according to above-mentioned acquiring unit generate the The device token of one equipment, and generate the first equipment authentication-tokens, the authentication-tokens of the first equipment include generic token and The device token of first equipment.Above-mentioned communication unit, the authentication-tokens of the first equipment for being generated using above-mentioned generation unit It is communicated with authentication server, to obtain authenticating result.

Optionally, in a kind of possible implementation of the application, above-mentioned first equipment is the main equipment in device cluster, Each equipment in other equipment is from equipment, and main equipment is connect with each from equipment.Correspondingly, above-mentioned communication unit, is used In sending generic token and key from equipment to each, in order to which the mirror from equipment is generated according to generic token and key from equipment Weigh token.

Optionally, above-mentioned to state acquiring unit in the alternatively possible implementation of the application, it is set specifically for obtaining The mark of each equipment in the mark and device cluster of standby race.Above-mentioned communication unit is also used to send authentication to authentication server and ask It asks, authentication request includes the mark of each equipment in the mark and device cluster of device cluster, and for receiving authentication server hair The generic token and key sent.

Optionally, in the alternatively possible implementation of the application, above-mentioned communication unit is also used to: to authentication service Device sends first message, and first message includes the mark of the second equipment, and it is newly to be added to that first message, which is used to indicate the second equipment, The equipment of device cluster, or for notifying the second equipment to have logged out device cluster；Authentication server is sent second is received to disappear Breath；If the second equipment is newly to be added to the equipment of device cluster, second message, which is used to indicate, provides token for the second equipment；If the Two equipment are the equipment for having logged out device cluster, and second message is used to indicate the token for removing the second equipment；If second message is used Token is provided in being designated as the second equipment, generic token and key are sent to the second equipment, in order to which the second equipment is according to general Token and key generate the authentication-tokens of the second equipment.

Optionally, in the alternatively possible implementation of the application, device cluster include main equipment and at least one from Equipment, the first equipment are at least one from the device any one.Correspondingly, above-mentioned communication unit, is also used to receive master and sets The generic token and key that preparation is sent.

The third aspect provides a kind of electronic equipment, which includes: one or more processors and memory.It deposits Reservoir is connect with said one or multiple processors.Memory is for storing computer instruction, when one or more processors are held When the row computer instruction, electronic equipment is executed as any in above-mentioned first aspect and its any one possible implementation One of described in identification authentication method.

Fourth aspect provides a kind of computer program product, which includes instruction, as above-mentioned third party When the processor of electronic equipment described in face executes instruction, so that the electronic equipment executes such as above-mentioned first aspect and its appoints Anticipate it is one of any in a kind of possible implementation described in identification authentication method.

5th aspect, provides a kind of computer readable storage medium, the computer readable storage medium includes computer Instruction, when the processor computer instructions of the electronic equipment described in the above-mentioned third aspect, so that the electronic equipment is held Identification authentication method of the row as described in one of any in above-mentioned first aspect and its any one possible implementation.

Second aspect can refer to first aspect to the 5th aspect and its specific descriptions of various implementations in the application And its detailed description in various implementations；Also, second aspect to the 5th aspect and its various implementations beneficial effect Fruit, can be with reference to the beneficial effect analysis in first aspect and its various implementations, and details are not described herein again.

In this application, the name of above-mentioned electronic equipment does not constitute restriction to equipment or functional module itself, in practical reality In existing, these equipment or functional module can occur with other titles.As long as the function of each equipment or functional module and this Shen Please be similar, belong within the scope of the claim of this application and its equivalent technologies.

6th aspect provides a kind of identification authentication side applied to the communication system for including device cluster and authentication server Method, wherein device cluster includes at least two equipment, at least one in the first equipment and other equipment at least two equipment A connection.Specifically, authentication server receives the authentication-tokens for the first equipment that the first equipment is sent, and to the first equipment Authentication-tokens are authenticated, and later, send authenticating result to the first equipment.Wherein, the authentication-tokens of the first equipment include general The device token of token and the first equipment, generic token are that authentication server is generated according to the race of device cluster mark, and first sets Standby device token is mark generation of first equipment according to the authentication server key determined and the first equipment.

As can be seen that the first equipment in device cluster after getting generic token and key, can voluntarily generate this first The authentication-tokens of equipment, and directly communicated with authentication server, it no longer needs to effectively improve authentication by other equipment Efficiency.

In addition, authentication-tokens include generic token and with equipment uniquely corresponding device token, and generic token and equipment Token is that distinct device generates, and only in the correct situation of generic token and device token, could authenticate successfully, have Improve to effect the safety of data and system.

Optionally, in a kind of possible implementation of the application, the master in authentication server also receiving device race is set The authentication request that preparation is sent, the authentication request include the mark of each equipment in the mark and device cluster of device cluster；In determination In the case that main equipment is legal, authentication server generates general order according to the mark and the first predetermined encryption algorithm of device cluster Board, and according to the mark of device cluster, determine key；Later, authentication server sends generic token and key to main equipment.

The generic token and key of the application is for device cluster, after generating generic token and key, authentication service Device sends generic token and key to main equipment.In order to which main equipment is each from equipment transmission generic token into device cluster And key.In this way, obtaining generic token and during key, authentication server does not need to set with each in device cluster Standby communication, significantly reduces the access pressure of authentication server.

Optionally, in the alternatively possible implementation of the application, authentication server also stores each in device cluster The mark of equipment and the mark of device cluster, the authentication operations for subsequent authentication server provide foundation.

Optionally, in the alternatively possible implementation of the application, authentication server also receives main equipment transmission The first message of mark including the second equipment, it is newly to be added to setting for device cluster which, which is used to indicate the second equipment, It is standby, or for notifying the second equipment to have logged out device cluster；Authentication server updates every in device cluster according to first message The mark of one equipment, and second message is sent to main equipment；If the second equipment is newly to be added to the equipment of device cluster, second disappears Breath, which is used to indicate, provides token for the second equipment；If the second equipment is the equipment for having logged out device cluster, second message is for referring to Show the token for removing the second equipment.

7th aspect, provides a kind of server, applied to the communication system including device cluster and authentication server, the equipment Race include main equipment and at least one from equipment, at least one connect with main equipment from equipment each of from the device.This Shen Server please is authentication server.The server includes receiving unit, authenticating unit and transmission unit.

Specifically, above-mentioned receiving unit, the authentication-tokens of the first equipment for receiving the transmission of the first equipment, the first equipment Authentication-tokens include generic token and the first equipment device token, generic token be authentication server according to device cluster Race's mark generates, and the device token of the first equipment is the first equipment according to the determining key of authentication server and the first equipment Mark generate.The authentication-tokens of above-mentioned authenticating unit, the first equipment for receiving to receiving unit authenticate. Above-mentioned transmission unit, for sending the authenticating result that authenticating unit determines to the first equipment.

Optionally, in a kind of possible implementation of the application, above-mentioned receiving unit is also used in receiving device race Main equipment send authentication request, which includes the mark of each equipment in the mark and device cluster of device cluster.This The server that application provides further includes determination unit and generation unit, and the determination unit is for determining that main equipment is legal；The generation Unit, for being calculated according to the mark of device cluster and the first predetermined encryption in the case where determination unit determines that main equipment is legal Method, the generic token of generating device race；Determination unit is also used to the mark according to device cluster, determines key.In addition, above-mentioned hair Unit is sent, for sending the generic token that generation unit generates and the key that determination unit is determined to main equipment.

Optionally, in the alternatively possible implementation of the application, above-mentioned server further includes storage unit, this is deposited Storage unit is used to store the mark of the mark of each equipment and device cluster in device cluster.

Optionally, in the alternatively possible implementation of the application, above-mentioned receiving unit is also used to receive main equipment The first message of transmission, first message include the mark of the second equipment, and it is newly to be added to that first message, which is used to indicate the second equipment, The equipment of device cluster, or for notifying the second equipment to have logged out device cluster.Server provided by the present application further includes updating Unit, the updating unit are used for the first message received according to above-mentioned receiving unit, update the mark of each equipment in device cluster Know.Above-mentioned transmission unit is also used to send second message to main equipment；If the second equipment is newly to be added to the equipment of device cluster, Second message, which is used to indicate, provides token for the second equipment；If the second equipment is the equipment for having logged out device cluster, second message It is used to indicate the token for removing the second equipment.

Eighth aspect provides a kind of server, which includes: one or more processors and memory.Memory It is connect with said one or multiple processors.Memory is somebody's turn to do for storing computer instruction when one or more processors execute When computer instruction, server is executed such as one of any institute in terms of the above-mentioned 6th and its in any one possible implementation The identification authentication method stated.

9th aspect, provides a kind of computer program product, which includes computer instruction, when above-mentioned When the processor computer instructions of server described in eighth aspect, so that the server executes such as above-mentioned 6th side In face and its any one possible implementation it is one of any described in identification authentication method.

Tenth aspect, provides a kind of computer readable storage medium, the computer readable storage medium includes computer Instruction, when the processor computer instructions of the server described in the above-mentioned eighth aspect, so that the server executes such as In above-mentioned 6th aspect and its any one possible implementation it is one of any described in identification authentication method.

In this application, the name of above-mentioned server does not constitute restriction to equipment or functional module itself, in practical realization In, these equipment or functional module can occur with other titles.As long as the function and the application of each equipment or functional module It is similar, belong within the scope of the claim of this application and its equivalent technologies.

These aspects or other aspects of the application in the following description can more straightforward.

Detailed description of the invention

Fig. 1 is the structural schematic diagram of communication system provided by the embodiments of the present application；

Fig. 2 is a kind of hardware structural diagram of communication device in the embodiment of the present application；

Fig. 3 is another hardware structural diagram of communication device in the embodiment of the present application；

Fig. 4 is the flow diagram one of identification authentication method in the embodiment of the present application；

Fig. 5 is the flow diagram two of identification authentication method in the embodiment of the present application；

Fig. 6 is the flow diagram three of identification authentication method in the embodiment of the present application；

Fig. 7 is the flow diagram four of identification authentication method in the embodiment of the present application；

Fig. 8 is a kind of structural schematic diagram of electronic equipment in the embodiment of the present application；

Fig. 9 is another hardware structural diagram of server in the embodiment of the present application.

Specific embodiment

The specification and claims of the embodiment of the present application and the term " first " in above-mentioned attached drawing, " second ", " Three " and " the 4th " etc. are for distinguishing different objects, rather than for limiting particular order.

In the embodiment of the present application, " illustrative " or " such as " etc. words for indicate make example, illustration or explanation.This Application embodiment in be described as " illustrative " or " such as " any embodiment or design scheme be not necessarily to be construed as comparing Other embodiments or design scheme more preferably or more advantage.Specifically, use " illustrative " or " such as " etc. words purport Related notion is being presented in specific ways.

The embodiment of the present application provides a kind of identification authentication method and device, be suitable for include device cluster (including main equipment and At least one is from equipment) and authentication server communication system.In the communication system, main equipment passes through logical with authentication server Letter, the generic token for obtaining the device cluster of authentication server distribution (indicate to set behind for ease of description, with generic token The generic token of standby race) and key, and generic token and key are sent from equipment to each.Each equipment in device cluster exists After getting generic token and key, in conjunction with the mark of itself, the authentication-tokens of the equipment, the authentication-tokens of the equipment are generated Including including generic token and device token, later, the authentication-tokens and authentication of each equipment utilization equipment in device cluster Server communication.

After getting generic token and key, the authentication that can voluntarily generate the equipment enables each equipment in device cluster Board, and directly communicated with authentication server, no longer need to the efficiency that authentication is effectively improved by other equipment.

Since the authentication-tokens that each equipment generates include the device token of generic token He the equipment, only In the correct situation of generic token and device token, the safety for successfully effectively improving data and system could be authenticated Property.

From the description above it is found that identification authentication method provided by the embodiments of the present application is suitable for including device cluster and authentication clothes The communication system of business device.Fig. 1 shows a kind of structure of the communication system.

As shown in Figure 1, the communication system includes device cluster 10 and authentication server 11, device cluster 10 includes main equipment 101 With at least one from equipment (such as from equipment a, from equipment b).Main equipment 101 be each all connected with from equipment.For from equipment For, should from equipment other than being connect with main equipment 101, can also at least one of device cluster 10 other from equipment Connection.Authentication server 11 is all connected with each equipment in device cluster 10.

Main equipment 101 in device cluster 10 can by near-field communication (near field communication, NFC) with It connects, can also be connect with from equipment by bluetooth (bluetooth) from equipment, it can also be by other means and from equipment Connection, the embodiment of the present application are not construed as limiting this.

Certainly, a certain for equipment for being connect with other from equipment, should from equipment can by NFC and other from Equipment connection, can also by bluetooth (bluetooth) and other from equipment connect, can also by other means with other It is connected from equipment, the embodiment of the present application is not construed as limiting this.

Main equipment 101 gets generic token from authentication server 11 for safeguarding the connection status list from equipment And key, and the generic token and key that will acquire be sent to it is each from equipment.

Specifically, main equipment 101 manage it is all be stored with each mark from equipment from equipment, by with authentication service Device 11 communicates, and obtains generic token and key, and send the generic token and key from equipment to each.When in device cluster 10 Newly-increased or when exiting a certain (or certain) from equipment, main equipment 101 communicate with authentication server 11, can in time be to increase newly Generic token and key are sent from equipment, the interaction time of authentication is effectively shortened, can also notify authentication server 11 in time The authentication-tokens for having dropped out the equipment of device cluster 10 are removed, improving authentication efficiency ensure that the safety of data and system.

In addition, main equipment 101 generates the equipment including generic token and the main equipment 101 according to generic token and key The authentication-tokens of token, the authentication-tokens are unique corresponding with main equipment 101；Main equipment 101 is taken using the authentication-tokens and authentication Business device communication, in order to which authentication server identifies whether main equipment 101 is safety legal user terminal and its operation.

It is mainly used for keeping the interconnection with main equipment from equipment, receives the generic token and key that main equipment 101 is sent, In After getting generic token and the key of the transmission of main equipment 101, generate with this from the unique corresponding authentication-tokens of equipment, the mirror Weighing token includes generic token and the device token from equipment；It is communicated from the equipment utilization authentication-tokens with authentication server, with It identifies convenient for authentication server from whether equipment is safety legal user terminal and its operation.

Above-mentioned main equipment 101 and be electronic equipment from equipment, which can be user equipment (user Equipment, UE), terminal, mobile device, the handheld device with wireless communication function, calculate equipment or be connected to wireless Other processing equipments of modem, mobile unit, wearable device (being referred to as wearable intelligent equipment) etc..

In device cluster 10, main equipment 101 is the equipment that other all devices can be controlled in the device cluster 10, such as intelligence It can mobile phone.

Authentication server 11 is mainly used for generating generic token, and in maintain equipment race 10 for 10 authentication of device cluster The authentication status of each equipment (such as whether needing to authenticate, if authenticate successfully).

Specifically, authentication server 11 is used to receive the authentication request of the transmission of main equipment 101, which includes equipment The mark of each equipment in the mark of race and the device cluster, in the case where determining that main equipment 101 is legal, authentication server 11 generate generic token according to the mark of device cluster and the first predetermined encryption algorithm, and according to the mark of device cluster, determine close Key, later, authentication server 11 send generic token and key to main equipment 101.

Authentication server 11 is also used to the authentication-tokens that a certain equipment is sent in receiving device race 10, and according to the authentication Token identifies whether the equipment is safety legal user terminal and its operation.

Communication system shown in FIG. 1 is only exemplary.In practical applications, the applicable communication system of the embodiment of the present application System can also be other structures, will not enumerate herein.

In one example, the main equipment that is related in Fig. 1 and from equipment all can be communication device 20 shown in Fig. 2, Or including communication device 20 shown in Fig. 2 equipment (such as: communication device is main equipment/from the chip system of equipment System).Fig. 2 is a kind of composition schematic diagram of communication device 20 provided by the embodiments of the present application, which can be used for reality Main equipment in existing identification authentication method provided by the embodiments of the present application/from the operation of equipment.

As shown in Fig. 2, the communication device 20 includes memory 21, storage control 22, one or more (is only shown in figure One out) processor 23, Peripheral Interface 24, radio-frequency module 25 and near-field communication module 26.Optionally, the communication device is also It may include the components such as Touch Screen 27 and key module 28.These components pass through one or more communication bus/signal wire 29 Mutually communication.

Memory 21 can be used for storing software program and module, such as executing identification authentication side in the embodiment of the present application Corresponding program instruction/the module of method, the software program and module that processor 23 is stored in memory 21 by operation, from And perform various functions application and data processing, that is, realize identification authentication method provided by the embodiments of the present application.

Memory 21 may include high speed random access memory, may also include nonvolatile memory, such as one or more magnetic Property storage device, flash memory or other non-volatile solid state memories.In some instances, memory 21 can further comprise The memory remotely located relative to processor 22, these remote memories can pass through network connection to communication device 20.On The example for stating network includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.Processor 23 And other possible components can carry out the access of memory 21 under the control of storage control 22.

Various input/output devices are couple central processing unit (central processing by Peripheral Interface 24 Unit, CPU) and memory 21.Various softwares, instruction in 23 run memory 21 of processor are to execute communication device 20 Various functions and carry out data processing.

In some embodiments, Peripheral Interface 24, processor 23 and storage control 22 can be real in one single chip It is existing.In some other example, they can be realized by independent chip respectively.

Radio-frequency module 25 is used to receive and transmit electromagnetic wave, realizes the mutual conversion of electromagnetic wave and electric signal, thus with Communication network or other equipment are communicated.Radio-frequency module 25 may include various existing for executing the electricity of these functions Circuit component, for example, antenna, RF transceiver, digital signal processor, encryption/deciphering chip, subscriber identity module (SIM) Card, memory etc..Radio-frequency module 25 can be carried out with various networks such as internet, intranet, wireless network communication or It is communicated by wireless network and other equipment.Above-mentioned wireless network may include cellular telephone networks, WLAN or Person's Metropolitan Area Network (MAN).Various communication standards, agreement and technology can be used in above-mentioned wireless network, and including but not limited to the whole world is moved Dynamic communication system (global system for mobile communication, GSM), enhanced mobile communication technology (enhanced data GSM environment, EDGE), Wideband CDMA Technology (wide band code division Multipleaccess, W-CDMA), Code Division Multiple Access (code division access, CDMA), time division multiple access technology (time division multiple access, TDMA), bluetooth, WiFi, the networking telephone (voice over internet Protocal, VoIP), worldwide interoperability for microwave accesses (world wide inter operability for microwave Access, Wi-Max), other are for mail, the agreement of instant messaging and short message and any other suitable communication association View, or even may include the agreement that those are not developed currently yet.

Near-field communication module 26 is used to provide the interface for realizing near-field communication, and communication device 20 can pass through near-field communication mould Block 26 and other equipment carry out short-range near-field communication to realize data exchange.

Touch Screen 27 provides an output and input interface simultaneously between communication device 20 and user.Specifically, it touches It controls screen 27 and shows video output to user, the content of these videos output may include text, figure, video and its any group It closes.Some outputs are the result is that correspond to some user interface objects.Touch Screen 27 also receives the input of user, such as user The gesture operations such as click, sliding, so that user interface object responds the input of these users.Detect user's input Technology can be based on resistance-type, condenser type or any other possible touch control detection technology.Touch Screen 27 shows list The specific example of member includes but is not limited to liquid crystal display or light emitting polymer displays.

Key module 28 equally provides user's interface inputted to communication device 20, and user can be by pressing difference Key so that communication device 20 executes different functions.

It should be noted that structure shown in Fig. 2 is only to illustrate, communication device 20 may also include more than shown in Fig. 2 Perhaps less component or with the configuration different from shown in Fig. 2.Each component shown in Fig. 2 can be using hardware, soft Part or combinations thereof is realized.

In one example, the authentication server 11 being related in Fig. 1 can be communication device 30 shown in Fig. 3, can also Think including communication device 30 shown in Fig. 3 equipment (such as: communication device be authentication server chip system).Fig. 3 For a kind of composition schematic diagram of communication device 30 provided by the embodiments of the present application, which can be used to implement this Shen Please embodiment provide identification authentication method in authentication server operation.

As shown in figure 3, the communication device 30 may include processor 31, memory 32, communication interface 33, communication bus 34.Processor 31 can be connected by communication bus 34 between 33 three of memory 32 and communication interface.Below with reference to Fig. 3 Each component parts of communication device 30 is introduced:

In the embodiment of the present application, processor 31 is the control centre of communication device 30, can be a processor, can also To be the general designation of multiple processing elements.For example, processor 31 is a CPU, it is also possible to specific integrated circuit (application-specific integrated circuit, ASIC), or be arranged to implement the embodiment of the present application One or more integrated circuits, such as: one or more digital signal processors (digital signal processor, DSP), or, one or more field programmable gate array (field-programmable gate array, FPGA).

Wherein, processor 31 can be by running or execute the software program being stored in memory 32, and calls and deposit The data in memory 32 are stored up, the various functions of communication device 30 are executed.

As one embodiment, processor 31 may include one or more CPU, such as 0 He of CPU shown in Fig. 3 CPU 1。

As one embodiment, communication device 30 can also include other processors, such as processor shown in Fig. 3 35, processor 35 includes ASIC 0.Each of multiple processors in communication device 30 can be a single core processor (single-CPU), it is also possible to a multi-core processor (multi-CPU).Here processor can refer to one or more Equipment, circuit, and/or the processing core for handling data (such as computer program instructions).

In the embodiment of the present application, memory 32 can be read-only memory (read-only memory, ROM) or can deposit The other kinds of static storage device of storage static information and instruction, random access memory (random access memory, RAM) or the other kinds of dynamic memory of information and instruction can be stored, is also possible to that electric erazable programmable is read-only to be deposited Reservoir (electrically erasable programmable read-only memory, EEPROM), magnetic disk storage medium Or other magnetic storage apparatus or can be used in carry or store have instruction or data structure form desired program Code and can by any other medium of computer access, but not limited to this.

In a kind of possible implementation, memory 32 can exist independently of processor 31, i.e., memory 32 can be Memory outside processor 31, at this point, memory 32 can be connected by communication bus 34 with processor 31, for depositing Storage instruction or program code.When processor 31 calls and executes the instruction stored in memory 32 or program code, Neng Goushi The identification authentication method that the existing following embodiments of the application provide.

In alternatively possible implementation, memory 32 can also be integrated with processor 31, i.e. memory 32 Can be processor 31 internal storage, for example, the memory 32 be cache, can be used for keeping in some data and/ Or command information etc..

In the embodiment of the present application, communication interface 33, for using the device of any transceiver one kind, with other equipment or Communication, such as Ethernet, wireless access network (radio access network, RAN), WLAN (wireless local area networks, WLAN) etc..Communication interface 33 may include that receiving unit realizes receive capabilities, And transmission unit realizes sending function.

In the embodiment of the present application, communication bus 34 can be industry standard architecture (Industry Standard Architecture, ISA) bus, external equipment interconnection (Peripheral Component Interconnect, PCI) bus Or extended industry-standard architecture (Extended Industry Standard Architecture, EISA) bus etc.. The bus can be divided into address bus, data/address bus, control bus etc..Only to be indicated with a thick line in Fig. 3 convenient for indicating, It is not intended that only a bus or a type of bus.

It should be pointed out that device structure shown in Fig. 3 does not constitute the restriction to the communication device 30, Fig. 3 institute is removed Show except component, the communication device 30 may include than illustrating more or fewer components, perhaps combine certain components or Different component layouts.

Identification authentication method provided by the embodiments of the present application is described with reference to the accompanying drawing.

As shown in figure 4, identification authentication method provided by the embodiments of the present application includes:

Equipment in S400, device cluster completes connection certification.

After equipment in device cluster completes connection certification, establishing can be with mutual data transmission between two equipment of connection.

Such as: smartwatch sends connection certification request to smart phone, it is desirable that smart phone carries out authentication operation；If intelligence Energy mobile phone and Intelligent bracelet authenticate successfully, then the two is established bluetooth and is continuously connected with, and pass through bluetooth data transmission, otherwise bluetooth Disconnecting.

Optionally, the connection certification between the equipment in device cluster can operate for Bluetooth connection authentication, or its He operates conventional wireless connection authentication, and the embodiment of the present application is not construed as limiting this.

S401, the first equipment obtain generic token and key.

Wherein, generic token is that authentication server is generated according to the mark of device cluster and the first predetermined encryption algorithm, close Key is that authentication server is determining according to the mark of device cluster.

As can be seen that generic token and key are for device cluster, in this case, each of device cluster is set It is standby that generic token and key can be used.

In practical applications, distinct device race may communicate with same authentication server, and authentication server needs basis to set The mark of standby race distinguishes distinct device race.

Here the first equipment can be the main equipment in device cluster, or any one in device cluster is from setting It is standby.

If the first equipment is the main equipment in device cluster, which is stored with the mark of each equipment in device cluster Know, which directly communicates with authentication server, obtains generic token (token) and key.Specifically, the first equipment The authentication request of the mark of each equipment in mark and device cluster including device cluster is sent to authentication server, correspondingly, should First equipment receives the generic token and key that authentication server is sent.

In addition, the first equipment be device cluster in main equipment in the case where, the first equipment get generic token and It, can also be each from equipment transmission generic token and key into device cluster after key.

If the first equipment is any one in device cluster from equipment, which obtains general order from main equipment Board and key.Specifically, the first equipment receives the generic token and key that main equipment is sent.

To sum up, the main equipment in the embodiment of the present application is directly communicated with authentication server, obtains generic token and key, it Afterwards, slave equipment of the main equipment into device cluster sends generic token and key, individually takes again with authentication without each from equipment Business device communication, effectively simplifies authentication operations, improves communication efficiency.

S402, the first equipment generate the device token of first equipment according to the mark of key and the first equipment.

First equipment is encrypted using the mark of key pair first equipment, is enabled with the equipment for generating first equipment Board.

It is easily understood that the mark due to each equipment is different, device token that the first equipment generates and this One equipment uniquely corresponds to.

Here key is exemplary the public key (such case weighed in a certain asymmetrical encryption algorithm that server is determined Under, authentication server is stored with also private key corresponding with the public key), or the key in a certain symmetric encipherment algorithm, this Application embodiment is not construed as limiting this.

S403, the first equipment generate the authentication order of the first equipment according to the device token of generic token and first equipment Board.

The device token of generic token and first equipment can be combined by the first equipment, with the generation of the first equipment Authentication-tokens.The mode that the embodiment of the present application combines generic token and the device token of first equipment to the first equipment is not made It limits.

S404, the first equipment send the authentication-tokens of the first equipment to authentication server.

After the authentication-tokens for generating the first equipment, the first equipment sends the authentication-tokens of first equipment, request authentication The authentication of server.

S405, authentication server authenticate the authentication-tokens received, and send authenticating result to the first equipment.

Authentication server according to the authentication-tokens of the first equipment, identify the first equipment whether be the legal user terminal of safety and It is operated.

In one implementation, if key is the key in a certain symmetric encipherment algorithm determined of authentication server, Then authentication server can determine each set according to the mark of each equipment in the device cluster that the key and main equipment are sent Standby device token, later, authentication server combination generic token determines and stores the authentication-tokens of each equipment.In this way, After receiving the authentication-tokens of the first equipment of the first equipment transmission, authentication server may determine that the first of itself storage Whether the authentication-tokens of equipment and the authentication-tokens received are identical.If they are the same, then illustrate that the first equipment is the legal use of safety Family end.If not identical, illustrate that the first equipment is illegal user end, authentication server prevents the access of first equipment.

In another embodiment, if key is the public key that authentication server is determined, authentication server be can store In the corresponding private key of the public key, in this way, authentication server after the authentication-tokens for receiving the first equipment, can be set to first Device token in standby authentication-tokens is decrypted using private key, to obtain device identification, further, authentication server Judge obtained device identification and the first equipment identify whether it is identical.If they are the same, then illustrate that the first equipment is legal for safety User terminal.If not identical, illustrate that the first equipment is illegal user end, authentication server prevents the access of first equipment.

In addition to those described above, if the first equipment is the main equipment in device cluster, which can also be got The mark of newly added equipment in device cluster, in this way, the first equipment needs notice authentication server in time, in order to authentication server Generic token and key are distributed for the newly added equipment in device cluster in time, improves the authentication efficiency and communication efficiency of newly added equipment.

Certainly, if the first equipment is the main equipment in device cluster, which, which also can determine that out, has logged out equipment The mark of the equipment of race, in this way, the first equipment needs notice authentication server in time, in order to authentication server more new equipment The mark of each equipment in race, is effectively prevented the access of illegal user, ensure that the safety of data.

To sum up, each equipment in device cluster can voluntarily generate the mirror of the equipment after getting generic token and key Token is weighed, and is directly communicated with authentication server, the efficiency for effectively improving authentication by other equipment is no longer needed to.

In addition, authentication-tokens include generic token and with equipment uniquely corresponding device token, and generic token and equipment Token is that distinct device generates, and only in the correct situation of generic token and device token, could authenticate successfully, have Improve to effect the safety of data and system.

In order to make it easy to understand, now by device cluster main equipment, from equipment (for one) and authentication server Communication process is illustrated identification authentication method provided by the embodiments of the present application.

As shown in figure 5, identification authentication method provided by the embodiments of the present application includes:

It includes the mark of each equipment in the mark and device cluster of device cluster that S500, main equipment are sent to authentication server Authentication request.

Main equipment is stored with the race of the mark of each equipment and the device cluster in device cluster and identifies.In device cluster After equipment establishes connection, main equipment sends authentication request to authentication server, is used for request generic token and key.

S501, authentication server authenticate main equipment.

S502, in the case where determining that main equipment is legal, authentication server according to the mark of device cluster and first it is default plus Close algorithm generates generic token.

Optionally, the first predetermined encryption algorithm is any one symmetric encipherment algorithm in the prior art, or existing There is any one asymmetrical encryption algorithm in technology, the embodiment of the present application is not construed as limiting this.

S503, authentication server determine key according to the mark of device cluster.

Wherein, key is exemplary the public key (such case weighed in a certain asymmetrical encryption algorithm that server is determined Under, authentication server is stored with also private key corresponding with the public key), or the key in a certain symmetric encipherment algorithm, this Application embodiment is not construed as limiting this.

As can be seen that authentication server is determined in the embodiment of the present application generic token and key are for whole equipment In race, the generic token and key is can be used in each equipment in device cluster.

Authentication server can store the generic token and key after determining generic token and key.

S504, authentication server send generic token and key to main equipment.

The mark of S505, main equipment according to key and main equipment, generating device token 1.

Device token 1 is uniquely corresponding with main equipment, i.e., device token 1 be main equipment device token.

S506, main equipment generate the authentication-tokens 1 including generic token and device token 1.

Authentication-tokens 1 are uniquely corresponding with main equipment, i.e., authentication-tokens 1 be main equipment authentication-tokens.

S507, main equipment send authentication-tokens 1 to authentication server.

S508, authentication server authenticate authentication-tokens 1, and send authenticating result to main equipment.

S508 can refer to the description of above-mentioned S405, no longer be described in detail here.

S509, main equipment send generic token and key to from equipment.

Main equipment sends the generic token and key from equipment after getting generic token and key, to each, so as to In from equipment generate with this from the unique corresponding authentication-tokens of equipment.

The embodiment of the present application can first carry out S505, execute S509 afterwards after S504；S507 can also be first carried out, after Execute S504；It may also be performed simultaneously S504 and S507, the embodiment of the present application is not construed as limiting this.

S510, from equipment according to key and from the mark of equipment, generating device token 2.

Standby token 2 is uniquely corresponding with from equipment, i.e., device token 2 is the device token from equipment.

S511, the authentication-tokens 2 including generic token and device token 2 are generated from equipment.

Authentication-tokens 2 are uniquely corresponding with from equipment, i.e., authentication-tokens 2 are the authentication-tokens from equipment.

S512, authentication-tokens 2 are sent from equipment to authentication server.

S513, authentication server authenticate authentication-tokens 2, and send authenticating result to from equipment.

S513 can refer to the description of above-mentioned S405, no longer be described in detail here.

After the process shown in Fig. 5, if newly being added in device cluster a certain from equipment, the timely notice mirror of main equipment needs Server is weighed, means that this distributes generic token and key from equipment in order to which the authentication server is same.Fig. 6 shows this mistake Journey.

As shown in fig. 6, identification authentication method provided by the embodiments of the present application includes:

S600, main equipment are determined in device cluster and are newly added with from equipment 1.

It includes first message from the mark of equipment 1 that S601, main equipment are sent to authentication server.

It is the equipment being newly added in device cluster that the first message, which is used to indicate from equipment 1,.

S602, authentication server update the mark of equipment in device cluster, and are used to indicate to main equipment transmission as from equipment 1 Provide the second message of token.

S603, main equipment send generic token and key to from equipment 1.

After S603, above-mentioned S510~S513 is executed from equipment 1 and authentication server.

Main equipment notifies newly to be added in authentication server device cluster from equipment 1, in order to which authentication server is timely in time To distribute generic token and key from equipment 1, authentication efficiency and communication efficiency from equipment 1 are improved.

After the process shown in Fig. 5, if being exited in device cluster a certain from equipment, the timely notice authentication of main equipment needs Server removes the token from equipment in order to which the authentication server determines.Fig. 7 shows this process.

As shown in fig. 7, identification authentication method provided by the embodiments of the present application includes:

S700, main equipment determine that the slave equipment 2 in device cluster has logged out.

That is, being disconnected from equipment 2 and the equipment in device cluster.

It includes first message from the mark of equipment 2 that S701, main equipment are sent to authentication server.

The first message is used to indicate from equipment 2 and has logged out device cluster.

S702, authentication server update the mark of equipment in device cluster, and are used to indicate removal from setting to main equipment transmission The second message of standby 2 token.

In this way, subsequent recycle the authentication-tokens generated before to communicate with authentication server from equipment 2, authentication server can The access from equipment 2 is prevented, the safety of data is effectively guaranteed.

To sum up, compared with the prior art, identification authentication method provided by the embodiments of the present application effectively simplifies authentication behaviour Make, shortens the interaction time of authentication, improve authentication efficiency.

It is above-mentioned that mainly scheme provided by the embodiments of the present application is described from the angle of method.In order to realize above-mentioned function Can, it comprises execute the corresponding hardware configuration of each function and/or software module.Those skilled in the art should be easy to , it is realized that unit described in conjunction with the examples disclosed in the embodiments of the present disclosure and algorithm steps, the application can be with hardware Or the combining form of hardware and computer software is realized.Some function drives hardware actually with hardware or computer software Mode execute, specific application and design constraint depending on technical solution.Professional technician can be to each spy Fixed application uses different methods to achieve the described function, but this realizes it is not considered that exceeding the model of the application It encloses.

The embodiment of the present application can be according to above method example to the equipment and authentication server progress function in device cluster The division of module, for example, each functional module of each function division can be corresponded to, it can also be by two or more function It can be integrated in a processing module.Above-mentioned integrated module both can take the form of hardware realization, can also use software The form of functional module is realized.It optionally, is schematically that only one kind is patrolled to the division of module in the embodiment of the present application Function division is collected, there may be another division manner in actual implementation.

The composition schematic diagram for a kind of electronic equipment 80 that Fig. 8 is shown, the electronic equipment 80 can be used for executing above-mentioned reality Apply the first equipment, main equipment involved in example or the function from equipment.As a kind of achievable mode, electronic equipment shown in Fig. 8 80 include: acquiring unit 81, generation unit 82 and communication unit 83.

Acquiring unit 81 is for supporting the electronic equipment 80 to execute acquisition etc. shown in either figure in above-mentioned Fig. 4~Fig. 7 Operation, such as: S400, and/or other processes for techniques described herein.

Generation unit 82 is for supporting the electronic equipment 80 to execute generation etc. shown in either figure in above-mentioned Fig. 4~Fig. 7 Operation, such as: S402, S403, S505, S506, S510, S511, and/or other processes for techniques described herein.

Communication unit 83 sends shown in either figure, connects for supporting the electronic equipment 80 to execute in above-mentioned Fig. 4~Fig. 7 Receive etc. operation, such as: S404, S500, S504, S509, S512, S601, S603, S701, S702 and/or for this paper retouched The other processes for the technology stated.

Wherein, all related contents for each step that above method embodiment is related to can quote corresponding function module Function description, details are not described herein.

Certainly, electronic equipment 80 provided by the embodiments of the present application includes but is not limited to above-mentioned module, such as electronic equipment 80 It can also include storage unit 84.

Storage unit 84 can be used for storing the program code etc. of the electronic equipment 80.

Optionally, all related contents for each step that above method embodiment is related to can quote corresponding function mould The function of block describes, and details are not described herein.Electronic equipment provided by the embodiments of the present application, for executing above-mentioned data flow control The function of the network equipment in method, therefore can achieve effect identical with above-mentioned method of data flow control.

The entity block diagram of electronic equipment 80 provided by the present application can refer to above-mentioned Fig. 2.Above-mentioned acquiring unit 81 and communication Unit 83 can be the equipment interface 24 in Fig. 2, and generation unit 82 can be the processor 23 in Fig. 2, and storage unit 84 can be with It is the memory 21 in Fig. 2.

A kind of composition schematic diagram for server 90 that Fig. 9 is shown, the server 90 can be used for executing above-described embodiment Involved in authentication server function.As a kind of achievable mode, server 90 shown in Fig. 9 includes: receiving unit 91, Authenticating unit 92 and transmission unit 93.

Receiving unit 91 is for supporting the server 90 to execute the behaviour such as reception shown in either figure in above-mentioned Fig. 5~Fig. 7 Make, such as: S500, S601, and/or other processes for techniques described herein.

Authenticating unit 92 is for supporting the server 90 to execute the behaviour such as authentication shown in either figure in above-mentioned Fig. 5~Fig. 7 Make, such as: S501, S508, S513, and/or other processes for techniques described herein.

Transmission unit 93 is for supporting the server 90 to execute the behaviour such as generation shown in either figure in above-mentioned Fig. 5~Fig. 7 Make, such as: S504, and/or other processes for techniques described herein.

Wherein, all related contents for each step that above method embodiment is related to can quote corresponding function module Function description, details are not described herein.

Certainly, server 90 provided by the embodiments of the present application includes but is not limited to above-mentioned module, such as server 90 may be used also To include storage unit 94, determination unit 95, generation unit 96 and updating unit 97.

Storage unit 94 can be used for storing the program code etc. of the server 90.

Determination unit 95 can be used for supporting the server 90 executes in above-mentioned Fig. 5~Fig. 7 to determine shown in either figure Deng operation, such as: S503, and/or other processes for techniques described herein.

Generation unit 96 can be used for that the server 90 is supported to execute generation shown in either figure in above-mentioned Fig. 5~Fig. 7 Deng operation, such as: S502, and/or other processes for techniques described herein.

Updating unit 97 can be used for that the server 90 is supported to execute update shown in either figure in above-mentioned Fig. 5~Fig. 7 Deng operation, such as: S602, S702, and/or other processes for techniques described herein.

Optionally, all related contents for each step that above method embodiment is related to can quote corresponding function mould The function of block describes, and details are not described herein.Server provided by the embodiments of the present application, for executing above-mentioned data flow control side The function of the network equipment in method, therefore can achieve effect identical with above-mentioned method of data flow control.

The entity block diagram of server 90 provided by the present application can refer to above-mentioned Fig. 3.Above-mentioned receiving unit 91 and transmission are single Member 93 can be the communication interface 33 in Fig. 3, and authenticating unit 92, determination unit 95, generation unit 96 and updating unit 97 can To be the processor 31 in Fig. 3, storage unit 94 can be the memory 32 in Fig. 3.

In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real It is existing.When being realized using software program, can entirely or partly realize in the form of a computer program product.The calculating Machine program product includes one or more computer instructions.When loading on computers and executing computer program instructions, all Or it partly generates according to process or function described in the embodiment of the present application.The computer can be general purpose computer, dedicated Computer, computer network or other programmable devices.The computer instruction can store in computer-readable storage In medium, or from a computer readable storage medium to the transmission of another computer readable storage medium, for example, described Computer instruction can from a web-site, computer, server or data center by it is wired (such as coaxial cable, Optical fiber, Digital Subscriber Line (digital subscriber line, DSL)) or wireless (such as infrared, wireless, microwave etc.) side Formula is transmitted to another web-site, computer, server or data center.The computer readable storage medium can Be any usable medium that can access of computer or include it is one or more can with the server that medium integrates, The data storage devices such as data center.The usable medium can be magnetic medium (for example, floppy disk, hard disk, tape), and light is situated between Matter (for example, DVD) or semiconductor medium (such as solid state hard disk (solid state disk, SSD)) etc..

Although the application is described in conjunction with each embodiment herein, however, implementing the application claimed In the process, those skilled in the art are by checking the attached drawing, disclosure and the appended claims, it will be appreciated that and it is real Other variations of the existing open embodiment.In the claims, " comprising " (comprising) word is not excluded for other compositions Part or step, "a" or "an" are not excluded for multiple situations.Claim may be implemented in single processor or other units In several functions enumerating.Mutually different has been recited in mutually different dependent certain measures, it is not intended that these are arranged It applies to combine and generates good effect.

Although the application is described in conjunction with specific features and embodiment, it is clear that, do not departing from this Shen In the case where spirit and scope please, it can be carry out various modifications and is combined.Correspondingly, the specification and drawings are only The exemplary illustration for the application that appended claims are defined, and be considered as covered it is any and all within the scope of the application Modification, variation, combination or equivalent.Obviously, those skilled in the art can carry out various modification and variations to the application and Spirit and scope is not departed from.If in this way, these modifications and variations of the application belong to the claim of this application and Within the scope of its equivalent technologies, then the application is also intended to including these modification and variations.

Claims (22)

1. a kind of identification authentication method, which is characterized in that described applied to the communication system including device cluster and authentication server Device cluster includes at least two equipment, and at least one of first equipment and other equipment at least two equipment are even It connects, the identification authentication method includes:

First equipment obtains the generic token and key of the device cluster, and the generic token is the authentication server root It is generated according to the mark of the device cluster and the first predetermined encryption algorithm, the key is that the authentication server is set according to The mark determination of standby race；

First equipment generates the device token of first equipment according to the mark of the key and first equipment；

First equipment generates the authentication-tokens of first equipment, and the authentication-tokens of first equipment include described general The device token of token and first equipment；

First equipment is communicated using the authentication-tokens of first equipment with the authentication server, to obtain authentication knot Fruit.

2. identification authentication method according to claim 1, which is characterized in that first equipment is in the device cluster Main equipment, each equipment in the other equipment is from equipment, and the main equipment is connect with each from equipment, the identity Method for authenticating further include:

First equipment to it is described it is each send the generic token and the key from equipment, in order to described from equipment root The authentication-tokens from equipment are generated according to the generic token and the key.

3. identification authentication method according to claim 2, which is characterized in that first equipment obtains the device cluster Generic token and key, comprising:

First equipment obtains the mark of each equipment in the mark and the device cluster of the device cluster；

First equipment sends authentication request to the authentication server, and the authentication request includes the mark of the device cluster With the mark of equipment each in the device cluster；

First equipment receives the generic token and the key that the authentication server is sent.

4. identification authentication method according to claim 2 or 3, which is characterized in that the identification authentication method further include:

First equipment sends first message to the authentication server, and the first message includes the mark of the second equipment, It is newly to be added to the equipment of the device cluster that the first message, which is used to indicate second equipment, or for notifying described Two equipment have logged out the device cluster；

First equipment receives the second message that the authentication server is sent；If second equipment is newly added to be described The equipment of the device cluster, the second message, which is used to indicate, provides token for second equipment；If second equipment is The equipment for having logged out the device cluster, the second message are used to indicate the token for removing second equipment；

If the second message, which is used to indicate, provides token for second equipment, first equipment is sent out to second equipment The generic token and the key are sent, in order to which second equipment is according to the generic token and key generation The authentication-tokens of second equipment.

5. identification authentication method according to claim 1, which is characterized in that the device cluster includes main equipment and at least one It is a from equipment, first equipment is at least one described from the device any one, and first equipment obtains general order Board and key, comprising:

First equipment receives the generic token and the key that the main equipment is sent.

6. a kind of identification authentication method, which is characterized in that described applied to the communication system including device cluster and authentication server Device cluster includes at least two equipment, and at least one of first equipment and other equipment at least two equipment are even It connects, the identification authentication method includes:

The authentication server receives the authentication-tokens for first equipment that first equipment is sent, first equipment Authentication-tokens include the generic token of the device cluster and the device token of first equipment, and the generic token is the mirror Weigh what server was generated according to the race of device cluster mark, the device token of first equipment be first equipment according to What the mark of key and first equipment that the authentication server determines generated；

The authentication server authenticates the authentication-tokens of first equipment, and sends authentication knot to first equipment Fruit.

7. identification authentication method according to claim 6, which is characterized in that the identification authentication method further include:

The authentication server receives the authentication request of the transmission of the main equipment in the device cluster, and the authentication request includes described The mark of each equipment in the mark of device cluster and the device cluster；

The authentication server is default according to the mark of the device cluster and first in the case where determining that the main equipment is legal Encryption Algorithm generates the generic token；

The authentication server determines key according to the mark of the device cluster；

The authentication server sends the generic token and the key to the main equipment.

8. identification authentication method according to claim 6 or 7, which is characterized in that the identification authentication method further include:

The authentication server stores the mark of each equipment and the mark of the device cluster in the device cluster.

9. identification authentication method according to claim 8, which is characterized in that the identification authentication method further include:

The authentication server receives the first message of the transmission of the main equipment in the device cluster, and the first message includes second The mark of equipment, it is newly to be added to the equipment of the device cluster, Huo Zheyong that the first message, which is used to indicate second equipment, In notifying second equipment to have logged out the device cluster；

The authentication server updates the mark of each equipment in the device cluster according to the first message；

The authentication server sends second message to the main equipment；If second equipment is newly added to described set to be described The equipment of standby race, the second message, which is used to indicate, provides token for second equipment；If second equipment is to have moved back The equipment of the device cluster out, the second message are used to indicate the token for removing second equipment.

10. a kind of electronic equipment, which is characterized in that described to set applied to the communication system including device cluster and authentication server Standby race includes at least two equipment, and at least one of the first equipment at least two equipment and other equipment are connect, The electronic equipment is first equipment, and the electronic equipment includes:

Acquiring unit, for obtaining the generic token and key of the device cluster, the generic token is the authentication server It is generated according to the mark of the device cluster and the first predetermined encryption algorithm, the key is the authentication server according to The mark determination of device cluster；

Generation unit generates the device token of first equipment for the mark according to the key and first equipment, And the authentication-tokens of first equipment are generated, the authentication-tokens of first equipment include the generic token and described the The device token of one equipment；

Communication unit, the authentication-tokens and the authentication server of first equipment for being generated using the generation unit Communication, to obtain authenticating result.

11. electronic equipment according to claim 10, which is characterized in that first equipment is the master in the device cluster Equipment, each equipment in the other equipment is from equipment, and the main equipment is connect with each from equipment；

The communication unit, for it is described it is each send the generic token and the key from equipment, in order to it is described from Equipment generates the authentication-tokens from equipment according to the generic token and the key.

12. electronic equipment according to claim 11, which is characterized in that

The acquiring unit, the mark of mark and each equipment in the device cluster specifically for obtaining the device cluster；

The communication unit is also used to send authentication request to the authentication server, and the authentication request includes the equipment The mark of each equipment in the mark of race and the device cluster, and for receiving the described general of the authentication server transmission Token and the key.

13. electronic equipment according to claim 11 or 12, which is characterized in that the communication unit is also used to:

First message is sent to the authentication server, the first message includes the mark of the second equipment, the first message Being used to indicate second equipment is newly to be added to the equipment of the device cluster, or for notifying second equipment to move back The device cluster out；

Receive the second message that the authentication server is sent；If second equipment is described to be newly added to the device cluster Equipment, the second message, which is used to indicate, provides token for second equipment；If second equipment is described to have logged out The equipment of device cluster, the second message are used to indicate the token for removing second equipment；

If the second message, which is used to indicate, provides token for second equipment, the second equipment of Xiang Suoshu sends the general order Board and the key, in order to which second equipment generates according to the generic token and the key mirror of second equipment Weigh token.

14. electronic equipment according to claim 10, which is characterized in that the device cluster includes main equipment and at least one From equipment, first equipment is at least one described from the device any one；

The communication unit is also used to receive the generic token and the key that the main equipment is sent.

15. a kind of server, which is characterized in that applied to the communication system including device cluster and authentication server, the equipment Race includes at least two equipment, and at least one of the first equipment at least two equipment and other equipment are connect, institute Stating server is the authentication server, and the server includes:

Receiving unit, for receiving the authentication-tokens for first equipment that first equipment is sent, first equipment Authentication-tokens include the device token of generic token and first equipment, the generic token be the authentication server according to What race's mark of the device cluster generated, the device token of first equipment is first equipment according to the authentication service What the mark of key and first equipment that device determines generated；

The authentication-tokens of authenticating unit, first equipment for receiving to the receiving unit authenticate；

Transmission unit, for sending the authenticating result that the authenticating unit determines to first equipment.

16. server according to claim 15, which is characterized in that

The receiving unit is also used to receive the authentication request that the main equipment in the device cluster is sent, the authentication request packet Include the mark of each equipment in the mark and the device cluster of the device cluster；

The server further includes determination unit and generation unit；

The determination unit, for determining that the main equipment is legal；

The generation unit, in the case where the determination unit determines that the main equipment is legal, according to the device cluster Mark and the first predetermined encryption algorithm, generate the generic token of the device cluster；

The determination unit is also used to determine key according to the mark of the device cluster；

The transmission unit, for sending the generic token and the determination that the generation unit generates to the main equipment The key that unit is determined.

17. server according to claim 15 or 16, which is characterized in that the server further includes storage unit；

The storage unit, for storing the mark of each equipment and the mark of the device cluster in the device cluster.

18. server according to claim 17, which is characterized in that

The receiving unit is also used to receive the first message that the main equipment in the device cluster is sent, the first message packet The mark of the second equipment is included, it is newly to be added to the equipment of the device cluster that the first message, which is used to indicate second equipment, Or for notifying second equipment to have logged out the device cluster；

The server further includes updating unit；

The updating unit, the first message for being received according to the receiving unit update every in the device cluster The mark of one equipment；

The transmission unit is also used to send second message to the main equipment；If second equipment is newly added to be described The equipment of the device cluster, the second message, which is used to indicate, provides token for second equipment；If second equipment is The equipment for having logged out the device cluster, the second message are used to indicate the token for removing second equipment.

19. a kind of electronic equipment characterized by comprising one or more processors and memory；The memory with One or more of processor couplings, the memory are stored with computer instruction；

When one or more of processors execute the computer instruction, so that the electronic equipment realizes such as claim Identification authentication method described in any one of 1-5.

20. a kind of computer readable storage medium, which is characterized in that including instruction, when described instruction is run on an electronic device When, so that the electronic equipment realizes the identification authentication method as described in any one of claim 1-5.

21. a kind of server characterized by comprising one or more processors and memory；It is one or more of Memory is coupled with one or more of processors, and the memory is stored with computer instruction；

When one or more of processors execute the computer instruction, so that the server realizes such as claim 6- Identification authentication method described in any one of 9.

22. a kind of computer readable storage medium, which is characterized in that including instruction, when described instruction is run on the server, So that the server realizes the identification authentication method as described in any one of claim 6-9.