CN113434837A - Method and device for equipment identity authentication and smart home system - Google Patents

Method and device for equipment identity authentication and smart home system Download PDF

Info

Publication number
CN113434837A
CN113434837A CN202110656314.7A CN202110656314A CN113434837A CN 113434837 A CN113434837 A CN 113434837A CN 202110656314 A CN202110656314 A CN 202110656314A CN 113434837 A CN113434837 A CN 113434837A
Authority
CN
China
Prior art keywords
authentication information
encryption
edge computing
computing node
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110656314.7A
Other languages
Chinese (zh)
Other versions
CN113434837B (en
Inventor
王淼
刘建国
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qingdao Haier Technology Co Ltd
Haier Smart Home Co Ltd
Original Assignee
Qingdao Haier Technology Co Ltd
Haier Smart Home Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qingdao Haier Technology Co Ltd, Haier Smart Home Co Ltd filed Critical Qingdao Haier Technology Co Ltd
Priority to CN202110656314.7A priority Critical patent/CN113434837B/en
Publication of CN113434837A publication Critical patent/CN113434837A/en
Application granted granted Critical
Publication of CN113434837B publication Critical patent/CN113434837B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application relates to the technical field of smart families and discloses a method for equipment identity authentication. The method comprises the following steps: the cloud platform encrypts a second address and first encryption authentication information of the edge computing node through a first key, encrypts the first address and second authentication information of the terminal equipment through the second key, acquires the first encryption address and second encryption authentication information, sends the second encryption address and second encryption authentication information to the terminal equipment, and sends the first encryption address and first encryption authentication information to the edge computing node; the terminal equipment authenticates the edge computing node according to the first encryption authentication information sent by the edge computing node and the first authentication information sent by the cloud platform; and the edge computing node authenticates the terminal equipment according to the second encryption authentication information sent by the terminal equipment and the second authentication information sent by the cloud platform. This enables the end device and the edge computing node to perform mutual authentication.

Description

Method and device for equipment identity authentication and smart home system
Technical Field
The present application relates to the field of smart home technologies, and for example, to a method and an apparatus for device identity authentication, and a smart home system.
Background
At present, an edge computing node of a smart home needs to be registered on a cloud platform of the smart home, while a terminal device needs to be registered on the edge computing node, and the edge computing node bears the computing and storing capabilities of part of the cloud platform. The existing registration scheme is as follows: the smart home cloud platform is provided with a public key of an edge computing node, a private key is arranged in the edge computing node, and bidirectional authentication between the smart home cloud platform and the edge computing node is completed through a key pair; the edge computing node is provided with a public key of the terminal equipment, a private key is arranged in the terminal equipment, and the bidirectional authentication between the edge computing node and the terminal equipment is completed through a key pair.
In the process of implementing the embodiments of the present disclosure, it is found that at least the following problems exist in the related art:
with the development of intelligent devices in smart homes, the intelligent devices have certain storage capacity and computing capacity, such as smart televisions, smart refrigerators and the like, and such intelligent devices can serve as not only terminal devices but also edge computing nodes. The smart devices in the smart home often belong to different manufacturers, and the smart device manufacturer serving as the terminal device often competes with the smart device manufacturer serving as the edge computing node, so that the terminal device and the edge computing node cannot smoothly complete the mutual authentication.
Disclosure of Invention
The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosed embodiments. This summary is not an extensive overview nor is intended to identify key/critical elements or to delineate the scope of such embodiments but rather as a prelude to the more detailed description that is presented later.
The embodiment of the disclosure provides a method and a device for identity authentication and an intelligent home system, so as to solve the technical problem that mutual authentication cannot be successfully completed between intelligent devices provided by different manufacturers.
In some embodiments, a method for device identity authentication is applied to a cloud platform, the method comprising:
encrypting the second address of the edge computing node and the first authentication information through the first key to obtain a second encryption address and first encryption authentication information; encrypting the first address and the second authentication information of the terminal equipment through a second key to obtain a first encrypted address and second encrypted authentication information;
sending the second encryption address and the second encryption authentication information to the terminal equipment so that the terminal equipment sends the second encryption authentication information to the edge computing node according to the second encryption address, and the edge computing node obtains the second authentication information sent by the cloud platform and authenticates the terminal equipment according to the second encryption authentication information and the second authentication information;
sending the second encryption address and the second encryption authentication information to the terminal equipment so that the terminal equipment sends the second encryption authentication information to the edge computing node according to the second encryption address, and the edge computing node obtains the second authentication information sent by the cloud platform and authenticates the terminal equipment according to the second encryption authentication information and the second authentication information;
and sending the first encryption address and the first encryption authentication information to the edge computing node, so that the edge computing node sends the first encryption authentication information to the terminal equipment according to the first encryption address, the terminal equipment obtains the first authentication information sent by the cloud platform, and authenticates the edge computing node according to the first encryption authentication information and the first authentication information.
Optionally, the method for device identity authentication further includes: and receiving first request information which is sent by the terminal equipment and requests the first authentication information, encrypting the first authentication information according to the first public key of the cloud platform to obtain third encryption authentication information, and feeding back the third encryption authentication information to the terminal equipment.
Optionally, the method for device identity authentication further includes: and receiving second request information which is sent by the edge computing node and requests the second authentication information, encrypting the second authentication information according to a second public key of the cloud platform to obtain fourth encryption authentication information, and feeding back the fourth encryption authentication information to the edge computing node.
In some embodiments, the method for device identity authentication is applied to a terminal device, and the method includes:
when a second encryption address and second encryption authentication information sent by a cloud platform are received, sending the second encryption authentication information to an edge computing node according to the second encryption address, so that the edge computing node authenticates the terminal equipment according to the second encryption authentication information and the second authentication information sent by the cloud platform;
when first encryption authentication information sent by the edge computing node and first authentication information sent by the cloud platform are received, authenticating the edge computing node according to the first encryption authentication information and the first authentication information;
the second encrypted address is obtained by the cloud platform through encrypting a second address of the edge computing node by a first key of the terminal device, the second encrypted authentication information is obtained by the cloud platform through encrypting second authentication information by a second key of the edge computing node, and the first encrypted authentication information is obtained by the cloud platform through encrypting the first authentication information by the first key of the terminal device.
Optionally, authenticating the edge computing node according to the first encryption authentication information and the first authentication information includes: decrypting the first encrypted authentication information according to the first key to obtain first information to be authenticated; and if the first authentication information is matched with the first information to be authenticated, the edge computing node passes authentication.
Optionally, sending the second encryption authentication information to the edge computing node according to the second encryption address includes: decrypting the second encrypted address according to the first key to obtain the second address; and sending the second encryption authentication information to the edge computing node according to the second address.
Optionally, before authenticating the edge computing node according to the first encrypted authentication information and the first authentication information, the method for device identity authentication further includes: sending first request information requesting the first authentication information to the cloud platform; receiving third encryption authentication information which is sent by the cloud platform and corresponds to the first request information; and decrypting the third encrypted authentication information according to the first public key of the cloud platform to obtain first authentication information.
Optionally, after the edge computing node is authenticated and the terminal device is authenticated, the method for device identity authentication further includes: sending a registration request to the edge computing node; and receiving a registration success message fed back by the edge computing node.
In some embodiments, a method for device identity authentication is applied to an edge compute node, the method comprising:
when a first encryption address and first encryption authentication information sent by a cloud platform are received, sending the first encryption authentication information to terminal equipment according to the first encryption address, so that the terminal equipment authenticates the edge computing node according to the first encryption authentication information and the first authentication information sent by the cloud platform;
when second encryption authentication information sent by the terminal equipment and second authentication information sent by the cloud platform are received, authenticating the terminal equipment according to the second encryption authentication information and the second authentication information;
the first encrypted address is obtained by encrypting the first address of the terminal device by the cloud platform through the second key of the edge computing node, the first encrypted authentication information is obtained by encrypting the first authentication information by the cloud platform through the first key of the terminal device, and the second encrypted authentication information is obtained by encrypting the second authentication information by the cloud platform through the second key of the edge computing node.
Optionally, authenticating the terminal device according to the second encrypted authentication information and the second authentication information includes: decrypting the second encrypted authentication information according to the second key to obtain second information to be authenticated; and if the second authentication information is matched with the second information to be authenticated, the terminal equipment passes the authentication.
Optionally, before authenticating the terminal device according to the second encrypted authentication information and the second authentication information, the method for device identity authentication further includes: sending second request information requesting the second authentication information to the cloud platform; receiving fourth encryption authentication information which is sent by the cloud platform and corresponds to the second request information; and decrypting the fourth encrypted authentication information according to the second public key of the cloud platform to obtain second authentication information.
Optionally, sending the first encryption authentication information to the terminal device according to the first encryption address includes: decrypting the first encrypted address according to the second key to obtain the first address; and sending the first encryption authentication information to the terminal equipment according to the first address.
Optionally, after determining that the terminal device is authenticated and the edge computing node is authenticated, the method for device identity authentication further includes: receiving a registration request sent by the terminal equipment; and feeding back a registration success message to the terminal equipment.
In some embodiments, an apparatus for device identity authentication includes a processor and a memory storing program instructions, the processor being configured to, when executing the program instructions, perform the method for device identity authentication provided by the foregoing embodiments.
In some embodiments, a smart home system includes a cloud platform, a terminal device, and an edge computing node, wherein,
the cloud platform encrypts a second address of the edge computing node and first authentication information through a first key to obtain a second encrypted address and first encrypted authentication information; encrypting the first address of the terminal equipment and the second authentication information through a second key to obtain a first encrypted address and second encrypted authentication information;
the cloud platform sends the second encryption address and the second encryption authentication information to the terminal equipment;
the cloud platform sends the first encryption address and the first encryption authentication information to the edge computing node;
the terminal equipment sends the second encryption authentication information to the edge computing node according to the second encryption address;
the edge computing node sends the first encryption authentication information to the terminal equipment according to the first encryption address;
the terminal equipment authenticates the edge computing node according to the first encryption authentication information and the first authentication information sent by the cloud platform;
and the edge computing node authenticates the terminal equipment according to the second encryption authentication information and the second authentication information sent by the cloud platform.
The method, the device and the smart home system for equipment identity authentication provided by the embodiment of the disclosure can achieve the following technical effects:
the cloud platform can communicate authentication information between the intelligent equipment serving as the terminal equipment and the intelligent equipment serving as the edge computing node belonging to different manufacturers, and can still complete bidirectional authentication between the terminal equipment and the edge computing node under the condition that the terminal equipment and the edge computing node do not leak keys to each other.
The foregoing general description and the following description are exemplary and explanatory only and are not restrictive of the application.
Drawings
One or more embodiments are illustrated in drawings corresponding to, and not limiting to, embodiments in which elements having the same reference number designation are identified as similar elements, and in which:
fig. 1 is a schematic diagram of an implementation scenario of a smart home system according to an embodiment of the present disclosure;
fig. 2 is a schematic diagram of a method for device identity authentication provided by an embodiment of the present disclosure;
fig. 3 is a schematic diagram of a method for device identity authentication provided by an embodiment of the present disclosure;
fig. 4 is a schematic diagram of a method for device identity authentication provided by an embodiment of the present disclosure;
fig. 5 is a schematic diagram of an intelligent home system provided in an embodiment of the present disclosure;
fig. 6 is a schematic diagram of an apparatus for device identity authentication according to an embodiment of the present disclosure.
Detailed Description
So that the manner in which the features and elements of the disclosed embodiments can be understood in detail, a more particular description of the disclosed embodiments, briefly summarized above, may be had by reference to the embodiments, some of which are illustrated in the appended drawings. In the following description of the technology, for purposes of explanation, numerous details are set forth in order to provide a thorough understanding of the disclosed embodiments. However, one or more embodiments may be practiced without these details. In other instances, well-known structures and devices may be shown in simplified form in order to simplify the drawing.
The terms "first," "second," and the like in the description and in the claims, and the above-described drawings of embodiments of the present disclosure, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the present disclosure described herein may be made. Furthermore, the terms "comprising" and "having," as well as any variations thereof, are intended to cover non-exclusive inclusions.
The term "plurality" means two or more unless otherwise specified.
In the embodiment of the present disclosure, the character "/" indicates that the preceding and following objects are in an or relationship. For example, A/B represents: a or B.
The term "and/or" is an associative relationship that describes objects, meaning that three relationships may exist. For example, a and/or B, represents: a or B, or A and B.
Fig. 1 is a schematic view of an implementation scenario of an intelligent home system according to an embodiment of the present disclosure. As shown in fig. 1, the smart home system includes a home cloud platform 11, a terminal device 13, and an edge computing node 12.
The home cloud platform 11 refers to a server that can provide computing and storage, and may be one server or a server cluster formed by a plurality of servers.
Terminal device 13 refers to a smart device in a smart home application scenario, for example, terminal device 13 includes but is not limited to: intelligent refrigerator, intelligent TV, intelligent washing machine, intelligent air conditioner, intelligent audio amplifier, intelligent lamp and intelligent (window) curtain etc..
The edge computing node 12 refers to a device having a strong computing power and a storage power in the smart home network, such as a gateway. With the development of smart devices, some smart devices can also serve as the edge computing node 12, for example, a smart refrigerator, a smart television, a smart washing machine, etc. can all serve as the edge computing node 12 in the smart home network.
Fig. 2 is a schematic diagram of a method for device identity authentication provided by an embodiment of the present disclosure, which is exemplarily illustrated by applying the method to a cloud. As shown in fig. 2, the method for authenticating the device identity includes:
s201, encrypting a second address of the edge computing node and first authentication information through a first key to obtain a second encryption address and first encryption authentication information; and the first address and the second authentication information of the terminal equipment are encrypted through the second key to obtain the first encryption address and the second encryption authentication information.
The first key may be a key of the terminal device, and the second key may be a key of the edge computing node.
In some application scenarios, when a new terminal device is accessed to the smart home network, the cloud platform executes the steps; or, when the new edge computing node is accessed to the smart home network, the cloud platform executes the steps.
In some practical applications, when the cloud platform receives an authentication request which is sent by a terminal device or an edge computing node and needs bidirectional authentication, the steps are executed; or, when the cloud platform judges that a new terminal device or a new edge computing node is accessed, the steps are executed.
The first authentication information and the second authentication information may be the same or different; different first authentication information can be generated aiming at different terminal equipment, and different second authentication information can be generated aiming at different edge computing nodes; the first authentication information can be shared by a plurality of terminal devices, and the second authentication information can be shared by a plurality of edge computing nodes.
The first authentication information may be a character string and the second authentication information may be a character string.
S202, sending the second encryption address and the second encryption authentication information to the terminal equipment, so that the terminal equipment sends the second encryption authentication information to the edge computing node according to the second encryption address, the edge computing node obtains the second authentication information sent by the cloud platform, and the terminal equipment is authenticated according to the second encryption authentication information and the second authentication information.
After the terminal equipment receives the second encrypted address, the second encrypted address can be decrypted according to the first secret key to obtain the second address, and then second encryption authentication information is sent to the edge computing node according to the second address; after receiving the second encrypted authentication information, the edge computing node decrypts the second character string according to the second key to obtain a second character string to be verified, then the edge computing node obtains the second authentication information sent by the cloud platform, the second character string to be verified and the second authentication information are compared, and if the second character string to be verified and the second authentication information are matched, the terminal equipment passes the authentication.
Optionally, after sending the second encrypted address and the second encrypted authentication information to the terminal device, the method for authenticating the device identity further includes: and receiving second request information which is sent by the edge computing node and requests second authentication information, encrypting the second authentication information according to a second public key of the cloud platform to obtain fourth encryption authentication information, and feeding the fourth encryption authentication information back to the edge computing node. So that the edge computing node obtains the second authentication information according to the fourth encrypted authentication information.
S203, the first encryption address and the first encryption authentication information are sent to the edge computing node, so that the edge computing node sends the first encryption authentication information to the terminal device according to the first encryption address, the terminal device obtains the first authentication information sent by the cloud platform, and the edge computing node is authenticated according to the first encryption authentication information and the first authentication information.
After the edge computing node receives the first encrypted address, the first encrypted address can be decrypted according to the second key to obtain the first address, and then first encryption authentication information is sent to the terminal equipment according to the first address; after receiving the first encrypted authentication information, the terminal equipment decrypts the first encrypted authentication information according to the first key to obtain a first character string to be verified, then the terminal equipment obtains the first authentication information sent by the cloud platform, the first character string to be verified and the first authentication information are compared, and if the first character string to be verified and the first authentication information are matched, the edge computing node passes authentication.
Optionally, after sending the first encrypted address and the first encrypted authentication information to the edge computing node, the method for authenticating the identity of the device further includes: the method comprises the steps of receiving first request information which is sent by terminal equipment and requests first authentication information, encrypting the first authentication information according to a first public key of a cloud platform to obtain third encryption authentication information, and feeding back the third encryption authentication information to the terminal equipment. So that the terminal device obtains the first authentication information according to the third encrypted authentication information. The first public key and the second public key of the cloud platform may be the same public key or different public keys.
In the foregoing steps, the cloud platform may communicate authentication information between the smart device serving as the terminal device and the smart device serving as the edge computing node belonging to different manufacturers, and may still complete bidirectional authentication between the terminal device and the edge computing node under the condition that neither the terminal device nor the edge computing node leaks a key to the other.
Fig. 3 is a schematic diagram of a method for device identity authentication provided by an embodiment of the present disclosure, which is exemplarily illustrated by applying the method to a terminal device. As shown in fig. 3, the method for authenticating the device identity includes:
and S301, when a second encryption address and second encryption authentication information sent by the cloud platform are received, sending the second encryption authentication information to the edge computing node according to the second encryption address, so that the edge computing node authenticates the terminal device according to the second encryption authentication information and the second authentication information sent by the cloud platform.
The second encryption address is obtained by the cloud platform through encrypting the second address of the edge computing node by the first key of the terminal device, and the second encryption authentication information is obtained by the cloud platform through encrypting the second authentication information by the second key of the edge computing node.
And after receiving the second encryption authentication information, the edge computing node decrypts the second encryption authentication information according to the second key to obtain a second character string to be verified, and if the second authentication information is matched with the second character string to be verified, the terminal equipment passes the authentication.
Optionally, sending second encryption authentication information to the edge computing node according to the second encryption address, including: decrypting the second encrypted address according to the first key to obtain a second address; and sending second encryption authentication information to the edge computing node according to the second address.
S302, when first encryption authentication information sent by the edge computing node and first authentication information sent by the cloud platform are received, the edge computing node is authenticated according to the first encryption authentication information and the first authentication information.
The first encryption authentication information is obtained by the cloud platform through encrypting the first authentication information through a first key of the terminal device.
Optionally, authenticating the edge computing node according to the first encryption authentication information and the first authentication information includes: decrypting the first encrypted authentication information according to the second key to obtain first information to be authenticated; and if the first authentication information is matched with the first information to be authenticated, the edge computing node passes the authentication.
In some practical applications, the terminal device may request the cloud platform for the first authentication information before obtaining the first encryption authentication information, or may request the cloud platform for the first authentication information after obtaining the first encryption authentication information.
The terminal device requests the cloud platform for the first authentication information, which may include: sending first request information requesting first authentication information to a cloud platform; receiving third encryption authentication information which is sent by the cloud platform and corresponds to the first request information; and decrypting the third encrypted authentication information according to the first public key of the cloud platform to obtain the first authentication information. After receiving the first request information, the cloud platform encrypts the first authentication information according to a first public key of the cloud platform to obtain third encryption authentication information, and then feeds the third encryption authentication information back to the terminal equipment; the cloud platform can also encrypt the first authentication information according to the first public key of the cloud platform in advance to obtain third encryption authentication information, and after receiving the first request information, the third encryption authentication information is fed back to the edge computing node.
The cloud platform can communicate authentication information between the intelligent equipment serving as the terminal equipment and the intelligent equipment serving as the edge computing node belonging to different manufacturers, and can still complete bidirectional authentication between the terminal equipment and the edge computing node under the condition that the terminal equipment and the edge computing node do not leak keys to each other.
Through the foregoing steps, the edge computing node and the terminal device may complete bidirectional authentication, and after completing the bidirectional authentication, that is, after determining that the edge computing node passes the authentication and the terminal device passes the authentication, the terminal device may be registered on the edge computing node, where the registration process may include: and sending a registration request to the edge computing node, and receiving a registration success message fed back by the edge computing node.
Fig. 4 is a schematic diagram of a method for device identity authentication provided by an embodiment of the present disclosure, which is exemplarily illustrated by applying the method to an edge computing node. As shown in fig. 4, the method for authenticating the device identity includes:
s401, when a first encryption address and first encryption authentication information sent by a cloud platform are received, sending the first encryption authentication information to the terminal equipment according to the first encryption address, so that the terminal equipment authenticates the edge computing node according to the first encryption authentication information and the first authentication information sent by the cloud platform.
The first encryption address is obtained by the cloud platform through encrypting the first address of the terminal device through the second key of the edge computing node, and the first encryption authentication information is obtained by the cloud platform through encrypting the first authentication information through the first key of the terminal device.
And after receiving the first encrypted authentication information, the terminal equipment decrypts the first encrypted authentication information according to the first key to obtain a first character string to be verified, and if the first authentication information is matched with the first character string to be decrypted, the edge computing node passes authentication.
Optionally, sending the first encryption authentication information to the terminal device according to the first encryption address includes: decrypting the first encrypted address according to the first key to obtain a first address; and sending the first encryption authentication information to the terminal equipment according to the first address.
S402, when second encryption authentication information sent by the terminal equipment and second authentication information sent by the cloud platform are received, authenticating the terminal equipment according to the second encryption authentication information and the second authentication information.
And the second encryption authentication information is obtained by the cloud platform through encrypting the second authentication information by using a second key of the edge computing node.
Optionally, authenticating the terminal device according to the second encrypted authentication information and the second authentication information includes: decrypting the second encrypted authentication information according to the second key to obtain second information to be authenticated; and if the second authentication information is matched with the second information to be authenticated, the terminal equipment passes the authentication.
In some practical applications, the edge computing node may request the second authentication information from the cloud platform before obtaining the second encryption authentication information, or may request the second authentication information from the cloud platform after obtaining the second encryption authentication information.
The requesting, by the edge computing node, the second authentication information may include: sending second request information requesting second authentication information to the cloud platform; receiving fourth encryption authentication information which is sent by the cloud platform and corresponds to the second request information; and decrypting the fourth encrypted authentication information according to the second public key of the cloud platform to obtain second authentication information. After receiving the second request information, the cloud platform encrypts second authentication information according to a second public key of the cloud platform to obtain fourth encryption authentication information, and then feeds the fourth encryption authentication information back to the edge computing node; the cloud platform can also encrypt the second authentication information according to a second public key of the cloud platform in advance to obtain fourth encryption authentication information, and after receiving the second request information, the fourth encryption authentication information is fed back to the edge computing node.
The cloud platform can communicate authentication information between the intelligent equipment serving as the terminal equipment and the intelligent equipment serving as the edge computing node belonging to different manufacturers, and can still complete bidirectional authentication between the terminal equipment and the edge computing node under the condition that the terminal equipment and the edge computing node do not leak keys to each other.
Through the foregoing steps, the edge computing node and the terminal device may complete bidirectional authentication, and after completing the bidirectional authentication, that is, after determining that the terminal device passes the authentication and the edge computing node passes the authentication, the terminal device may be registered on the edge computing node, where the registration process may include: receiving a registration request sent by terminal equipment; and feeding back a registration success message to the terminal equipment.
Fig. 5 is a schematic diagram of an intelligent home system according to an embodiment of the disclosure. The smart home system comprises a cloud platform, a terminal device and an edge computing node, and the embodiment of the present disclosure exemplifies the aforementioned method for device identity authentication in terms of the interaction of the cloud platform, the terminal device and the edge computing node, as shown in fig. 5,
s501, the cloud platform encrypts a second address of the edge computing node and first authentication information through a first key to obtain a second encrypted address and first encrypted authentication information; and the first address and the second authentication information of the terminal equipment are encrypted through the second key to obtain the first encryption address and the second encryption authentication information.
The step 4 comprises the following small steps: encrypting the second address by the first key, encrypting the first character string by the first key, encrypting the first address by the second key, and encrypting the second character string by the second key; any combination of the 4 small steps in sequence falls within the scope of the embodiments of the present disclosure.
S502, the cloud platform sends the second encryption address and the second encryption authentication information to the terminal equipment.
S503, the cloud platform sends the first encryption address and the first encryption authentication information to the edge computing node.
Wherein, S502 and S503 have no predetermined sequence, or S503 may be executed first and then S502 is executed.
And S504, the terminal equipment sends second encryption authentication information to the edge computing node according to the second encryption address.
And S505, the edge computing node sends first encryption authentication information to the terminal equipment according to the first encryption address.
Wherein, S504 and S505 have no predetermined sequence, and S505 may be executed first and then S504.
S506, the terminal equipment authenticates the edge computing node according to the first encryption authentication information and the first authentication information sent by the cloud platform.
And S507, the edge computing node authenticates the terminal equipment according to the second encryption authentication information and the second authentication information sent by the cloud platform.
Wherein, S506 and S507 have no predetermined sequence, and S507 may be executed first, and then S506 is executed.
Fig. 6 is a schematic diagram of an apparatus for device identity authentication according to an embodiment of the present disclosure.
As shown in fig. 6, the apparatus for authenticating device identity includes:
a processor (processor)61 and a memory (memory)62, and may further include a Communication Interface (Communication Interface)63 and a bus 64. The processor 61, the communication interface 63 and the memory 62 may communicate with each other through a bus 64. Communication interface 63 may be used for information transfer. The processor 61 may invoke logic instructions in the memory 62 to perform the method for device identity authentication provided by the previous embodiments.
Furthermore, the logic instructions in the memory 62 may be implemented in software functional units and stored in a computer readable storage medium when sold or used as a stand-alone product.
The memory 62 is a computer-readable storage medium and can be used for storing software programs, computer-executable programs, such as program instructions/modules corresponding to the methods in the embodiments of the present disclosure. The processor 61 executes the functional application and data processing by executing the software program, instructions and modules stored in the memory 62, that is, implements the method in the above-described method embodiment.
The memory 62 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal device, and the like. Further, the memory 62 may include high speed random access memory and may also include non-volatile memory.
The embodiment of the present disclosure provides a computer-readable storage medium, which stores computer-executable instructions configured to execute the method for device identity authentication provided in the foregoing embodiment.
The disclosed embodiments provide a computer program product comprising a computer program stored on a computer-readable storage medium, the computer program comprising program instructions that, when executed by a computer, cause the computer to perform the method for device identity authentication provided by the aforementioned embodiments.
The computer-readable storage medium described above may be a transitory computer-readable storage medium or a non-transitory computer-readable storage medium.
The technical solution of the embodiments of the present disclosure may be embodied in the form of a software product, where the computer software product is stored in a storage medium and includes one or more instructions to enable a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method in the embodiments of the present disclosure. And the aforementioned storage medium may be a non-transitory storage medium comprising: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes, and may also be a transient storage medium.
The above description and drawings sufficiently illustrate embodiments of the disclosure to enable those skilled in the art to practice them. Other embodiments may incorporate structural, logical, electrical, process, and other changes. The examples merely typify possible variations. Individual components and functions are optional unless explicitly required, and the sequence of operations may vary. Portions and features of some embodiments may be included in or substituted for those of others. Furthermore, the words used in the specification are words of description only and are not intended to limit the claims. As used in the description of the embodiments and the claims, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. Furthermore, the terms "comprises" and/or "comprising," when used in this application, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method or device comprising the element. In this document, each embodiment may be described with emphasis on differences from other embodiments, and the same and similar parts between the respective embodiments may be referred to each other. For methods, products, etc. of the embodiment disclosures, reference may be made to the description of the method section for relevance if it corresponds to the method section of the embodiment disclosure.
Those of skill in the art would appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software may depend upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the disclosed embodiments. It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the apparatus and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments disclosed herein, the disclosed methods, products (including but not limited to devices, apparatuses, etc.) may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit may be merely a division of a logical function, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form. Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to implement the present embodiment. In addition, functional units in the embodiments of the present disclosure may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. Each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Claims (14)

1. A method for device identity authentication is applied to a cloud platform, and comprises the following steps:
encrypting the second address of the edge computing node and the first authentication information through the first key to obtain a second encryption address and first encryption authentication information; encrypting the first address and the second authentication information of the terminal equipment through a second key to obtain a first encrypted address and second encrypted authentication information;
sending the second encryption address and the second encryption authentication information to the terminal equipment so that the terminal equipment sends the second encryption authentication information to the edge computing node according to the second encryption address, and the edge computing node obtains the second authentication information sent by the cloud platform and authenticates the terminal equipment according to the second encryption authentication information and the second authentication information;
and sending the first encryption address and the first encryption authentication information to the edge computing node, so that the edge computing node sends the first encryption authentication information to the terminal equipment according to the first encryption address, the terminal equipment obtains the first authentication information sent by the cloud platform, and authenticates the edge computing node according to the first encryption authentication information and the first authentication information.
2. The method of claim 1,
the method further comprises the following steps: receiving first request information which is sent by the terminal equipment and requests the first authentication information, encrypting the first authentication information according to a first public key of the cloud platform to obtain third encryption authentication information, and feeding back the third encryption authentication information to the terminal equipment;
the method further comprises the following steps: and receiving second request information which is sent by the edge computing node and requests the second authentication information, encrypting the second authentication information according to a second public key of the cloud platform to obtain fourth encryption authentication information, and feeding back the fourth encryption authentication information to the edge computing node.
3. A method for equipment identity authentication is applied to a terminal device, and comprises the following steps:
when a second encryption address and second encryption authentication information sent by a cloud platform are received, sending the second encryption authentication information to an edge computing node according to the second encryption address, so that the edge computing node authenticates the terminal equipment according to the second encryption authentication information and the second authentication information sent by the cloud platform;
when first encryption authentication information sent by the edge computing node and first authentication information sent by the cloud platform are received, authenticating the edge computing node according to the first encryption authentication information and the first authentication information;
the second encrypted address is obtained by the cloud platform through encrypting a second address of the edge computing node by a first key of the terminal device, the second encrypted authentication information is obtained by the cloud platform through encrypting second authentication information by a second key of the edge computing node, and the first encrypted authentication information is obtained by the cloud platform through encrypting the first authentication information by the first key of the terminal device.
4. The method of claim 3, wherein authenticating the edge computing node based on the first encrypted authentication information and the first authentication information comprises:
decrypting the first encrypted authentication information according to the first key to obtain first information to be authenticated;
and if the first authentication information is matched with the first information to be authenticated, the edge computing node passes authentication.
5. The method of claim 3, wherein sending the second cryptographic authentication information to the edge computing node based on the second cryptographic address comprises:
decrypting the second encrypted address according to the first key to obtain the second address;
and sending the second encryption authentication information to the edge computing node according to the second address.
6. The method of claim 3, further comprising, prior to authenticating the edge computing node based on the first encrypted authentication information and the first authentication information:
sending first request information requesting the first authentication information to the cloud platform;
receiving third encryption authentication information which is sent by the cloud platform and corresponds to the first request information;
and decrypting the third encrypted authentication information according to the first public key of the cloud platform to obtain first authentication information.
7. The method according to any one of claims 3 to 6, wherein after the edge computing node is authenticated and the terminal device is authenticated, the method further comprises:
sending a registration request to the edge computing node;
and receiving a registration success message fed back by the edge computing node.
8. A method for device identity authentication, applied to an edge computing node, the method comprising:
when a first encryption address and first encryption authentication information sent by a cloud platform are received, sending the first encryption authentication information to terminal equipment according to the first encryption address, so that the terminal equipment authenticates the edge computing node according to the first encryption authentication information and the first authentication information sent by the cloud platform;
when second encryption authentication information sent by the terminal equipment and second authentication information sent by the cloud platform are received, authenticating the terminal equipment according to the second encryption authentication information and the second authentication information;
the first encrypted address is obtained by encrypting the first address of the terminal device by the cloud platform through the second key of the edge computing node, the first encrypted authentication information is obtained by encrypting the first authentication information by the cloud platform through the first key of the terminal device, and the second encrypted authentication information is obtained by encrypting the second authentication information by the cloud platform through the second key of the edge computing node.
9. The method according to claim 8, wherein authenticating the terminal device according to the second encrypted authentication information and the second authentication information comprises:
decrypting the second encrypted authentication information according to the second key to obtain second information to be authenticated;
and if the second authentication information is matched with the second information to be authenticated, the terminal equipment passes the authentication.
10. The method according to claim 8, wherein sending the first encrypted authentication information to the terminal device according to the first encrypted address comprises:
decrypting the first encrypted address according to the second key to obtain the first address;
and sending the first encryption authentication information to the terminal equipment according to the first address.
11. The method according to claim 8, before authenticating the terminal device according to the second encrypted authentication information and the second authentication information, further comprising:
sending second request information requesting the second authentication information to the cloud platform;
receiving fourth encryption authentication information which is sent by the cloud platform and corresponds to the second request information;
and decrypting the fourth encrypted authentication information according to the second public key of the cloud platform to obtain second authentication information.
12. The method according to any one of claims 8 to 11, wherein after determining that the terminal device is authenticated and that the edge computing node is authenticated, the method further comprises:
receiving a registration request sent by the terminal equipment;
and feeding back a registration success message to the terminal equipment.
13. An apparatus for device identity authentication, comprising a processor and a memory having stored thereon program instructions, wherein the processor is configured to perform the method for device identity authentication of any one of claims 1 to 12 when executing the program instructions.
14. The smart home system is characterized by comprising a cloud platform, terminal equipment and edge computing nodes, wherein,
the cloud platform encrypts a second address of the edge computing node and first authentication information through a first key to obtain a second encrypted address and first encrypted authentication information; encrypting the first address and the second authentication information of the terminal equipment through a second key to obtain a first encrypted address and second encrypted authentication information;
the cloud platform sends the second encryption address and the second encryption authentication information to the terminal equipment;
the cloud platform sends the first encryption address and the first encryption authentication information to the edge computing node;
the terminal equipment sends the second encryption authentication information to the edge computing node according to the second encryption address;
the edge computing node sends the first encryption authentication information to the terminal equipment according to the first encryption address;
the terminal equipment authenticates the edge computing node according to the first encryption authentication information and the first authentication information sent by the cloud platform;
and the edge computing node authenticates the terminal equipment according to the second encryption authentication information and the second authentication information sent by the cloud platform.
CN202110656314.7A 2021-06-11 2021-06-11 Method and device for equipment identity authentication and smart home system Active CN113434837B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110656314.7A CN113434837B (en) 2021-06-11 2021-06-11 Method and device for equipment identity authentication and smart home system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110656314.7A CN113434837B (en) 2021-06-11 2021-06-11 Method and device for equipment identity authentication and smart home system

Publications (2)

Publication Number Publication Date
CN113434837A true CN113434837A (en) 2021-09-24
CN113434837B CN113434837B (en) 2022-06-14

Family

ID=77755830

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110656314.7A Active CN113434837B (en) 2021-06-11 2021-06-11 Method and device for equipment identity authentication and smart home system

Country Status (1)

Country Link
CN (1) CN113434837B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114172742A (en) * 2021-12-23 2022-03-11 国网浙江省电力有限公司信息通信分公司 Layered authentication method for power internet of things terminal equipment based on node map and edge authentication

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130263231A1 (en) * 2012-03-30 2013-10-03 Bojan Stopic Authentication system and method for operating an authenitication system
CN109361669A (en) * 2018-10-19 2019-02-19 铂有限公司 Identity identifying method, device and the equipment of communication equipment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130263231A1 (en) * 2012-03-30 2013-10-03 Bojan Stopic Authentication system and method for operating an authenitication system
CN109361669A (en) * 2018-10-19 2019-02-19 铂有限公司 Identity identifying method, device and the equipment of communication equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114172742A (en) * 2021-12-23 2022-03-11 国网浙江省电力有限公司信息通信分公司 Layered authentication method for power internet of things terminal equipment based on node map and edge authentication
CN114172742B (en) * 2021-12-23 2024-02-20 国网浙江省电力有限公司信息通信分公司 Hierarchical authentication method for electric power Internet of things terminal equipment based on node map and edge authentication

Also Published As

Publication number Publication date
CN113434837B (en) 2022-06-14

Similar Documents

Publication Publication Date Title
CN109347835B (en) Information transmission method, client, server, and computer-readable storage medium
US11363010B2 (en) Method and device for managing digital certificate
CN108134789B (en) Method for synchronizing data between devices through cloud and cloud server
CN106790223B (en) Data transmission method, equipment and system
CN110392014B (en) Communication method and device between Internet of things devices
CN108111497B (en) Mutual authentication method and device for camera and server
US11323433B2 (en) Digital credential management method and device
CN108927808B (en) ROS node communication method, authentication method and device
CN110690956B (en) Bidirectional authentication method and system, server and terminal
US11159329B2 (en) Collaborative operating system
CN110912920A (en) Data processing method, apparatus and medium
CN111132148B (en) Method and device for intelligent household appliance configuration network access and storage medium
CN105262773A (en) A verification method and apparatus for an IOT system
CN114793184B (en) Security chip communication method and device based on third-party key management node
CN114143108A (en) Session encryption method, device, equipment and storage medium
CN106789963B (en) Asymmetric white-box password encryption method, device and equipment
KR101479290B1 (en) Agent for providing security cloud service, security token device for security cloud service
CN106789008B (en) Method, device and system for decrypting sharable encrypted data
CN113434837B (en) Method and device for equipment identity authentication and smart home system
CN117118763B (en) Method, device and system for data transmission
CN113141333B (en) Communication method, device, server, system and storage medium of network access device
CN106972928B (en) Bastion machine private key management method, device and system
CN111431846B (en) Data transmission method, device and system
CN112242976B (en) Identity authentication method and device
CN112437436A (en) Identity authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant