CN113904848B - Certificate and key downloading method and system of terminal of Internet of things - Google Patents

Certificate and key downloading method and system of terminal of Internet of things Download PDF

Info

Publication number
CN113904848B
CN113904848B CN202111174932.4A CN202111174932A CN113904848B CN 113904848 B CN113904848 B CN 113904848B CN 202111174932 A CN202111174932 A CN 202111174932A CN 113904848 B CN113904848 B CN 113904848B
Authority
CN
China
Prior art keywords
certificate
key
internet
things
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111174932.4A
Other languages
Chinese (zh)
Other versions
CN113904848A (en
Inventor
陆玉兰
叶青
彭昭
刘鹏飞
王芸
姜杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianyi IoT Technology Co Ltd
Original Assignee
Tianyi IoT Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianyi IoT Technology Co Ltd filed Critical Tianyi IoT Technology Co Ltd
Priority to CN202111174932.4A priority Critical patent/CN113904848B/en
Publication of CN113904848A publication Critical patent/CN113904848A/en
Application granted granted Critical
Publication of CN113904848B publication Critical patent/CN113904848B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

The embodiment of the invention discloses a certificate and key downloading method and system of an internet of things terminal, and relates to the technical field of internet of things information security. The method comprises the following steps: generating a key pair through a security module and generating a first token according to preconfigured first security SDK authorization information and first certificate authorization control information, wherein the first security SDK authorization information comprises a device ID and a random number; the method comprises the steps that an internet of things terminal sends a certificate and a key downloading request to an internet of things platform through a security module; the internet of things platform generates a second token and judges whether the first token is consistent with the second token or not; and if the first token is consistent with the second token, the internet of things platform generates a certificate key and encrypts the certificate key by using the public key to generate a certificate ciphertext. According to the invention, the random number is set in the first security SDK authorization information and represents the identity of the equipment together with the equipment ID, so that the equipment is not easy to guess, the risk of the equipment being falsified is reduced, and the security of certificate and key downloading is improved.

Description

Certificate and key downloading method and system of terminal of Internet of things
Technical Field
The invention relates to the technical field of information security of the Internet of things, in particular to a certificate and key downloading method and system of a terminal of the Internet of things.
Background
The security problem of the terminal of the internet of things is increasingly remarkable, and risks such as identity impossibility, data interception and the like exist when the terminal of the internet of things is accessed to a platform or an application through a network. In order to ensure the identity validity and the data security of the terminal of the Internet of things, a cryptographic algorithm technology is adopted to issue an identity certificate for the terminal and distribute a signature/encryption key so as to realize the identity signature authentication and the data encryption transmission in the terminal access process. The realization of the method requires that a security module (security SDK, security chip, etc.) is deployed at the terminal side of the Internet of things to realize the functions of storing certificates and secret keys, calling cryptographic algorithms, etc., and the offline preset certificates and secret keys involve a plurality of links, thereby being not beneficial to the circulation and test of terminal equipment, and the management, updating and maintenance of the certificates and the secret keys; the above problems can be solved by adopting the mode of online application after the terminal is powered on to download the certificate and the secret key, but the safety of the online downloading process cannot be ensured.
The main problems are: the validity verification of the terminal identity is to identify and verify the device identity through the device ID, and the device ID is usually not too complex, and the guessed and rule-cracked security risk is caused.
Disclosure of Invention
The embodiment of the invention provides a method and a system for downloading certificates and keys of an internet of things terminal, aiming at solving the problem that the safety of the existing method for downloading the certificates and keys of the internet of things terminal cannot be guaranteed.
In a first aspect, an embodiment of the present invention provides a method for downloading a certificate and a key of an internet of things terminal, where the system for downloading the certificate and the key of the internet of things terminal includes the internet of things terminal and an internet of things platform, and the internet of things terminal includes a security module, and the method includes: if the terminal of the Internet of things receives a preset trigger instruction, generating a key pair through the security module and generating a first token according to preset first security SDK authorization information and first certificate authorization control information, wherein the first security SDK authorization information comprises an equipment ID and a random number, and the first certificate authorization control information comprises certificate information; the internet of things terminal sends a certificate and key downloading request to the internet of things platform through the security module, wherein the certificate and key downloading request comprises a preconfigured equipment ID, the first token and a public key in the key pair; the internet of things platform generates a second token according to preset second security SDK authorization information and second certificate authorization control information corresponding to the equipment ID, and judges whether the first token is consistent with the second token or not; if the first token is consistent with the second token, the internet of things platform generates a certificate key according to the certificate and key downloading request, encrypts the certificate key by using the public key to generate a certificate ciphertext, and simultaneously updates the second secure SDK authorization information and the second certificate authorization control information; the internet of things platform packages the certificate ciphertext, the updated second secure SDK authorization information and the updated second certificate authorization control information into a certificate ciphertext package, and sends the certificate ciphertext package to the security module of the internet of things terminal; the security module decrypts and stores the certificate ciphertext by adopting a private key in the key pair, and updates the first security SDK authorization information and the first certificate authorization control information based on the updated second security SDK authorization information and the second certificate authorization control information.
In a second aspect, an embodiment of the present invention further provides a certificate and key downloading system of an internet of things terminal, where the system includes: the Internet of things terminal comprises a safety module, and the Internet of things terminal and the Internet of things platform are communicated with each other to jointly realize the method.
The embodiment of the invention provides a certificate and key downloading method and a system of an internet of things terminal, wherein the method comprises the following steps: if the terminal of the Internet of things receives a preset trigger instruction, generating a key pair through the security module and generating a first token according to preset first security SDK authorization information and first certificate authorization control information, wherein the first security SDK authorization information comprises an equipment ID and a random number, and the first certificate authorization control information comprises certificate information; the internet of things terminal sends a certificate and key downloading request to the internet of things platform through the security module, wherein the certificate and key downloading request comprises a preconfigured equipment ID, the first token and a public key in the key pair; the internet of things platform generates a second token according to preset second security SDK authorization information and second certificate authorization control information corresponding to the equipment ID, and judges whether the first token is consistent with the second token or not; if the first token is consistent with the second token, the internet of things platform generates a certificate key according to the certificate and key downloading request, encrypts the certificate key by using the public key to generate a certificate ciphertext, and simultaneously updates the second secure SDK authorization information and the second certificate authorization control information; the internet of things platform packages the certificate ciphertext, the updated second secure SDK authorization information and the updated second certificate authorization control information into a certificate ciphertext package, and sends the certificate ciphertext package to the security module of the internet of things terminal; the security module decrypts and stores the certificate ciphertext by adopting a private key in the key pair, and updates the first security SDK authorization information and the first certificate authorization control information based on the updated second security SDK authorization information and the second certificate authorization control information. According to the invention, the random number is set in the first security SDK authorization information and represents the identity of the equipment together with the equipment ID, so that the equipment is not easy to guess, the risk of the equipment being falsified is reduced, and the security of certificate and key downloading is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic architecture diagram of a certificate and key downloading system of an internet of things terminal according to an embodiment of the present invention;
fig. 2 is a flow chart of a method for downloading a certificate and a key of an internet of things terminal according to an embodiment of the present invention;
fig. 3 is a schematic sub-flowchart of a certificate and key downloading method of an internet of things terminal according to an embodiment of the present invention;
fig. 4 is a schematic sub-flowchart of a certificate and key downloading method of an internet of things terminal according to an embodiment of the present invention;
fig. 5 is a schematic sub-flowchart of a certificate and key downloading method of an internet of things terminal according to an embodiment of the present invention;
fig. 6 is a schematic diagram of an interaction process of first download in a method for downloading a certificate and a key of an internet of things terminal according to an embodiment of the present invention;
Fig. 7 is a schematic diagram of an interaction process of subsequent updating in a method for downloading a certificate and a key of an internet of things terminal according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be understood that the terms "comprising" and "including" when used in this specification and the appended claims, are also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
As used in this specification and the appended claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is detected" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon detection of a [ described condition or event ]" or "in response to detection of a [ described condition or event ]".
The embodiment of the invention provides a certificate and key downloading method of an internet of things terminal, which is applied to a certificate and key downloading system of the internet of things terminal. Referring to fig. 1, fig. 1 is a schematic architecture diagram of a certificate and key downloading system of an internet of things terminal according to an embodiment of the present invention. The certificate and key downloading system of the internet of things terminal comprises the internet of things terminal and an internet of things platform, wherein the internet of things terminal comprises a security module and a terminal application, the security module comprises a security SDK and a security chip, and the internet of things platform comprises a device management module and a certificate key management module.
The security SDK is used for realizing the storage of certificates and keys and the invocation of cryptographic operation by interacting with the security chip, and realizing the security business logic of the terminal side. The security chip is used for storing certificates, secret keys, related security data, cryptographic operation services and the like. The device management module in the internet of things platform is used for managing the internet of things devices, distributing device IDs for the devices, configuring device security policies and the like. The certificate key management module provides generation, online downloading and updating management of certificates and keys for equipment which adopts a certificate key scheme for secure access.
Referring to fig. 6, a schematic diagram of an interaction process of first downloading in a method for downloading a certificate and a key of an internet of things terminal according to an embodiment of the present invention is shown, in the figure, SDKSN1 is first secure SDK authorization information, SDKSN2 is second secure SDK authorization information, CONINF1 is first certificate authorization control information, CONINF2 is second certificate authorization control information, TOKEN1 is a first TOKEN, and TOKEN2 is a second TOKEN.
In the embodiment of the invention, the SDKSN at least comprises a device ID and a random number, and in the embodiment, a service validity period is added in the SDKSN, that is, the sdksn=device id+random number+service validity period, based on which, the security module sends a certificate and key download request to the internet of things platform to download or update the certificate and key within the service validity period, and if the service validity period is exceeded, the certificate and key cannot be downloaded, so as to further improve the security and flexibility of downloading the certificate and key.
In the embodiment of the present invention, the CONINF at least includes certificate information, and in the embodiment, the CONINF further includes a certificate download parameter, where the certificate download parameter includes a successful number of times of downloading the certificate, a maximum number of times of allowing updating, and a certificate download status, where the certificate download status includes downloaded and not downloaded; that is, coninf=count+limit+cflag+ CNo, count is the number of successful downloads of the certificate, limit is the maximum number of times allowed to be updated, cflag is the state of downloading the certificate, a value of 0 indicates no download, a value of 1 indicates downloaded, CNo is certificate information, and CNo is empty at the time of initialization. Based on the setting of the certificate download parameters, the security and flexibility of the certificate and the key download can be further improved by judging the CONINF validity.
Before downloading the certificate and the secret key for the first time, the user needs to register the terminal of the Internet of things on the platform of the Internet of things through the user side. As shown in fig. 2, the registration process may specifically include the following steps S1A-S1C:
S1A, if the Internet of things platform receives a registration request sent by a user terminal, generating the equipment ID and the second security SDK authorization information according to the equipment information in the registration request, and initializing the second certificate authorization control information. In an embodiment, the initialized second certificate authority control information is CONINF=count+limit+Cflag+ CNo, where the number of successful certificate downloads Count is 0, the maximum number of permitted updates Limit is 3, the certificate download status Cflag is 0, and the certificate information CNo is null; the service validity period in the second secure SDK authorization information after initialization is 2021-12-30.
And S1B, returning the equipment ID and the second secure SDK authorization information to the user side as configuration information so that a user configures the terminal of the Internet of things according to the configuration information.
S1C, if the secure SDK of the terminal of the Internet of things receives the configuration information, second secure SDK authorization information in the configuration information is used as the first secure SDK authorization information to be sent to the secure chip for secure storage. Specifically, the second secure SDK authorization information and the first secure SDK authorization information remain consistent after first registration and after completion of certificate and key updating.
After registration is completed, the certificate and key may be downloaded. The specific implementation process of the certificate and key downloading method of the internet of things terminal according to the embodiment of the invention will be described in detail with reference to fig. 6 and 7. As shown in FIG. 3, the method of the present invention includes the following steps S1-S6.
S1, if the Internet of things terminal receives a preset trigger instruction, a key pair is generated through the security module, and a first token is generated according to preset first security SDK authorization information and first certificate authorization control information.
In a specific implementation, if the internet of things terminal receives a preset trigger instruction, a key pair is generated through the security module, and a first token is generated according to preset first security SDK authorization information and first certificate authorization control information, wherein the first security SDK authorization information comprises a device ID and a random number, and the first certificate authorization control information comprises certificate information. Specifically, in one embodiment, the first secure SDK authorization information may represent a device identity, which includes a device ID and a random number, and is not easily guessed, so as to ensure the security of the certificate in the downloading and updating processes. The random number may be updated in time after the download and update are completed.
In an embodiment, the first token=hash (Hash (first secure SDK authorization information) takes the first 16 bytes as a symmetric key to encrypt the first certificate authorization control information), and by encrypting the first secure SDK authorization information and the first certificate authorization control information, it is ensured that the certificate and the key download request composed of the first token are not easily cracked, the validity of the download request is ensured, and replay attack is prevented.
It should be noted that, the preset trigger instruction is a power-on signal or update download request of the terminal of the internet of things. When the internet of things terminal is registered on the internet of things platform, a preset trigger instruction can be set on the internet of things terminal side to be a power-on signal or update download request of the internet of things terminal, wherein when the internet of things terminal is powered on, the first time of downloading the certificate and the key is performed, and after the first time of downloading, please refer to fig. 7 for a schematic diagram of an interaction process of updating the certificate and the key, wherein step S110 is a preset request for starting update download to request to update the certificate and the key to the internet of things platform again.
In an embodiment, referring to fig. 4, the step S1 includes: steps S11 to S13.
S11, if the terminal of the Internet of things receives a preset trigger instruction through the terminal application, a starting request is sent to the secure SDK to start downloading of the certificate and the secret key.
In the implementation, if the terminal of the internet of things receives a preset trigger instruction through the terminal application, a start request is sent to the secure SDK to start downloading of the certificate and the key. Specifically, in an embodiment, the terminal application sends a start request to the secure SDK to trigger the secure module to perform a preparation for downloading the certificate and the key, i.e. generate the key pair and the first token.
S12, the secure SDK sends a key pair generation request to the secure chip according to the starting request.
In specific implementation, the secure SDK sends a key pair generation request to the secure chip according to the starting request. Specifically, in an embodiment, the key pair is used for encrypting and protecting the certificate and the key which are downloaded or updated later, so as to improve the security of the downloading or updating of the certificate and the key.
S13, the security chip generates a temporary asymmetric key pair according to the key pair generation request, and sends a public key of the temporary asymmetric key pair to the security SDK.
In specific implementation, the security chip generates a temporary asymmetric key pair according to the key pair generation request, and sends a public key of the temporary asymmetric key pair to the security SDK. Specifically, the temporary asymmetric key pair includes a public key and a private key, and data encrypted by any one of the keys can only be decrypted by the other key. That is, data encrypted by the private key can only be decrypted by the public key, and data encrypted by the public key can only be decrypted by the private key. In an embodiment, the public key is used for encrypting the certificate and the key generated by the internet of things platform, the private key is used for decrypting the encrypted certificate and the encrypted key, and the certificate and the encrypted key are encrypted and decrypted through the asymmetric key pair, so that the security of the transmission of the certificate and the encrypted key is improved.
After step S13, as shown in fig. 5, step S13 further includes steps S131 to S133.
S131, the secure SDK sends a first token acquisition request to the secure chip.
S132, the security chip judges whether the first security SDK authorization information and the first certificate authorization control information meet preset conditions according to the first token acquisition request.
In a specific implementation, the security chip determines, according to the first token acquisition request, whether the first security SDK authorization information and the first certificate authorization control information satisfy a preset condition. Specifically, in an embodiment, the first secure SDK authorization information further includes a service validity period, and the first certificate authorization control information further includes a certificate download parameter.
In an embodiment, the determining whether the first security SDK authorization information and the first certificate authorization control information satisfy a preset condition is: judging whether the first secure SDK authorization information belongs to the validity period or not according to the service validity period; and judging whether the first certificate authority control information is valid or not according to the certificate downloading parameters.
Specifically, in an embodiment, according to the number of successful times of downloading the certificate and the state of downloading the certificate, whether the first time of downloading is judged; if the certificate is not downloaded for the first time, judging whether the successful times of the certificate download do not exceed the maximum times of the update permission according to the successful times of the certificate download, the maximum times of the update permission and the certificate download state; and if the number of times of first downloading or successful downloading of the certificate does not exceed the maximum number of times of allowable updating, judging that the first certificate authorization control information is valid. And if the first secure SDK authorization information belongs to the validity period and the first certificate authorization control information is valid, judging that the first secure SDK authorization information and the first certificate authorization control information meet the preset condition.
Specifically, in an embodiment, each parameter assignment of the certificate download parameters in the first certificate authority control information is valid if it satisfies count=0 and cflag=0, where count=0 and cflag=0 represent that the internet of things terminal downloads the certificate and the key for the first time.
S133, if the first security SDK authorization information and the first certificate authorization control information meet preset conditions, generating a first token according to the first security SDK authorization information and the first certificate authorization control information and returning the first token to the security SDK.
In the implementation, if the first secure SDK authorization information and the first certificate authorization control information meet a preset condition, a first token is generated according to the first secure SDK authorization information and the first certificate authorization control information, and the first token is returned to the secure SDK. Specifically, in one embodiment, the first secure SDK authorization information and the first certificate authorization control information are encrypted by a hash algorithm to produce the first token. Specifically, the following manner may be adopted: first token=hash (Hash (first secure SDK authorization information) takes the first 16 bytes as a symmetric key to encrypt the first certificate authorization control information), and by encrypting the first secure SDK authorization information and the first certificate authorization control information, the certificate and key download request composed of the first token are ensured to be not easy to crack, the validity of the download request is ensured, and replay attack is prevented.
S2, the internet of things terminal sends a certificate and a key downloading request to the internet of things platform through the security module.
In a specific implementation, the internet of things terminal sends a certificate and a key downloading request to the internet of things platform through the security module, and in particular, in an embodiment, the certificate and key downloading request includes a preconfigured device ID, the first token, and a public key in the key pair.
And S3, the Internet of things platform generates a second token according to preset second security SDK authorization information corresponding to the equipment ID and second certificate authorization control information, and judges whether the first token is consistent with the second token or not.
In a specific implementation, the internet of things platform generates a second token according to preset second security SDK authorization information corresponding to the device ID and second certificate authorization control information, and determines whether the first token is consistent with the second token. Specifically, in an embodiment, after the internet of things platform is registered and after the certificate and the key are updated, parameters and assignments of first secure SDK authorization information in the security module are consistent with parameters and assignments of second secure SDK authorization information in the internet of things platform, and parameters and assignments of first certificate authorization control information in the security module are consistent with parameters and assignments of second certificate authorization control information in the internet of things platform. To ensure validity of the download and update requests. The manner of generating the second token is identical to the manner of generating the first token and will not be described in detail herein.
S4, if the first token is consistent with the second token, the Internet of things platform generates a certificate key according to the certificate and key downloading request, encrypts the certificate key by using the public key to generate a certificate ciphertext, and updates the second secure SDK authorization information and the second certificate authorization control information.
In the implementation, if the first token is consistent with the second token, the internet of things platform generates a certificate key according to the certificate and key downloading request, encrypts the certificate key by using the public key to generate a certificate ciphertext, and updates the second secure SDK authorization information and the second certificate authorization control information. Specifically, in an embodiment, if the first token is consistent with the second token, the certificate key is generated and the next step is performed if the certificate and the key download request are legal requests; if the first token is inconsistent with the second token, the certificate and the key downloading request are illegal requests, and the certificate key is not generated. Thereby improving the security of the certificate-forming key download.
In an embodiment, updating the second secure SDK authorization information and the second certificate authorization control information, that is, updating a service validity period preset by a user in the internet of things platform into the second secure SDK authorization information, and regenerating a random number in the second secure SDK authorization information; wherein count=count+1, limit=maximum number of updates permitted, cflag=1, CNo =certificate information in the second certificate authority control information.
In an embodiment, the internet of things platform includes a device management module and a certificate key management module, and sends a certificate and key generation request to the certificate key management module through the device management module; and the certificate key management module generates a certificate key according to the certificate and key generation request, encrypts the certificate key by using the public key to generate a certificate ciphertext, and sends the certificate ciphertext to the equipment management module.
S5, the internet of things platform packages the certificate ciphertext, the updated second security SDK authorization information and the updated second certificate authorization control information into a certificate ciphertext package, and sends the certificate ciphertext package to the security module of the internet of things terminal.
In a specific implementation, the internet of things platform packages the certificate ciphertext, the updated second secure SDK authorization information and the updated second certificate authorization control information into a certificate ciphertext package, and sends the certificate ciphertext package to the security module of the internet of things terminal. Specifically, in an embodiment, the internet of things platform packages the certificate ciphertext, the updated second secure SDK authorization information and the updated second certificate authorization control information into a certificate ciphertext package through the device management module, and sends the certificate ciphertext package to the secure SDK; and the secure SDK sends the certificate cryptograph packet to the secure chip for secure storage.
And S6, the security module adopts a private key in the key pair to decrypt and store the certificate ciphertext, and updates the first security SDK authorization information and the first certificate authorization control information based on the updated second security SDK authorization information and the second certificate authorization control information.
In a specific implementation, the security module decrypts and stores the certificate ciphertext by adopting the private key in the key pair, and updates the first security SDK authorization information and the first certificate authorization control information based on the updated second security SDK authorization information and the second certificate authorization control information. Specifically, in an embodiment, the service validity period and the random number in the updated second secure SDK authorization information are updated to the first secure SDK authorization information; and updating the certificate downloading parameters and the certificate information in the updated second certificate authority control information to the first certificate authority control information so as to ensure that the first token and the second token are consistent when the certificate and the secret key are updated. The invention realizes flexible updating of the certificate and the secret key by timely updating the first certificate authorization control information and the certificate authorization control information and setting the maximum number of times of updating permission.
Fig. 7 is an illustration of an interaction process of a subsequent update in a method for downloading a certificate and a key of an internet of things terminal according to an embodiment of the present invention. As shown in fig. 7, steps S10-S60 of the interaction procedure of certificate and key update are similar to steps S1-S6 of the first download procedure, and will not be repeated here. Wherein the difference is in the determination of the validity of the first certificate authority control information when the first token is generated. In the process of updating the certificate and the key, if the assignment of each parameter of the certificate download parameters in the first certificate authorization control information meets the following conditions: the last time the certificate and key were successfully downloaded, and within the number of allowed downloads, i.e. 1< count < limit and cflag=1 is valid: wherein cflag=1 indicates that the terminal of the internet of things downloads the certificate and the key for the first time, 1< count < limit, and indicates that the number of times of successfully downloading the certificate and the key is less than the maximum number of times of allowing updating.
The embodiment of the invention provides a certificate and key downloading method of an internet of things terminal, which comprises the following steps: if the terminal of the Internet of things receives a preset trigger instruction, generating a key pair through the security module and generating a first token according to preset first security SDK authorization information and first certificate authorization control information, wherein the first security SDK authorization information comprises an equipment ID and a random number, and the first certificate authorization control information comprises certificate information; the internet of things terminal sends a certificate and key downloading request to the internet of things platform through the security module, wherein the certificate and key downloading request comprises a preconfigured equipment ID, the first token and a public key in the key pair; the internet of things platform generates a second token according to preset second security SDK authorization information and second certificate authorization control information corresponding to the equipment ID, and judges whether the first token is consistent with the second token or not; if the first token is consistent with the second token, the internet of things platform generates a certificate key according to the certificate and key downloading request, encrypts the certificate key by using the public key to generate a certificate ciphertext, and simultaneously updates the second secure SDK authorization information and the second certificate authorization control information; the internet of things platform packages the certificate ciphertext, the updated second secure SDK authorization information and the updated second certificate authorization control information into a certificate ciphertext package, and sends the certificate ciphertext package to the security module of the internet of things terminal; the security module decrypts and stores the certificate ciphertext by adopting a private key in the key pair, and updates the first security SDK authorization information and the first certificate authorization control information based on the updated second security SDK authorization information and the second certificate authorization control information. According to the invention, the random number is set in the first security SDK authorization information and represents the identity of the equipment together with the equipment ID, so that the equipment is not easy to guess, the risk of the equipment being falsified is reduced, and the security of certificate and key downloading is improved. And based on the setting of the certificate downloading parameters, the security and flexibility of the downloading of the certificate and the secret key are further improved by judging the validity of the CONINF.
Fig. 1 is a schematic architecture diagram of a certificate and key downloading system of an internet of things terminal according to an embodiment of the present invention. As shown in fig. 1, the invention also provides a certificate and key downloading system of the internet of things terminal, which corresponds to the certificate and key downloading method of the internet of things terminal. Specifically, referring to fig. 1, the system includes: the internet of things terminal 10 and the internet of things platform 20, wherein the internet of things terminal 10 comprises a security module 12, and the internet of things terminal 10 and the internet of things platform 20 communicate with each other to jointly realize the certificate and key downloading method of the internet of things terminal.
The internet of things terminal 10 is configured to generate a key pair through the security module 12 and generate a first token according to preconfigured first security SDK authorization information and first certificate authorization control information if the internet of things terminal 10 receives a preset trigger instruction, where the first security SDK authorization information includes a device ID and a random number, and the first certificate authorization control information includes certificate information; sending, by the security module 12, a certificate and key download request to the internet of things platform 20, the certificate and key download request including a preconfigured device ID, the first token, and a public key of the key pair;
The internet of things platform 20 is configured to generate a second token according to preset second secure SDK authorization information corresponding to the device ID and second certificate authorization control information, and determine whether the first token is consistent with the second token; if the first token is consistent with the second token, the internet of things platform 20 generates a certificate key according to the certificate and key download request, encrypts the certificate key by using the public key to generate a certificate ciphertext, and updates the second secure SDK authorization information and the second certificate authorization control information; packaging the certificate ciphertext, the updated second secure SDK authorization information and the updated second certificate authorization control information into a certificate ciphertext package, and sending the certificate ciphertext package to the security module 12 of the Internet of things terminal 10;
the security module 12 is configured to decrypt and store the certificate ciphertext with a private key in the key pair, and update the first secure SDK authorization information and the first certificate authorization control information based on the updated second secure SDK authorization information and the second certificate authorization control information.
In an embodiment, the security module 12 includes a security SDK121 and a security chip 122, and the internet of things terminal 10 further includes a terminal application 11; the internet of things platform 20 is configured to generate, if the internet of things terminal 10 receives a preset trigger instruction, a key pair through the security module 12 and generate a first token according to the preconfigured first security SDK authorization information and the first certificate authorization control information, where the generating includes:
If the internet of things terminal 10 receives a preset trigger instruction through the terminal application 11, the internet of things terminal is configured to send a start request to the secure SDK121 to start downloading of a certificate and a key;
the secure SDK121 is configured to send a key pair generation request to the secure chip 122 according to the start request;
the secure chip 122 is configured to generate a temporary asymmetric key pair according to the key pair generation request, and send a public key of the temporary asymmetric key pair to the secure SDK121.
In an embodiment, after the secure chip 122 is configured to generate a temporary asymmetric key pair according to the key pair generation request and send a public key of the temporary asymmetric key pair to the secure SDK121, the method further includes:
the secure SDK121 is configured to send a first token acquisition request to the secure chip 122;
the security chip 122 is configured to determine, according to the first token acquisition request, whether the first security SDK authorization information and the first certificate authorization control information satisfy a preset condition; and if the first secure SDK authorization information and the first certificate authorization control information meet the preset conditions, generating a first token according to the first secure SDK authorization information and the first certificate authorization control information and returning the first token to the secure SDK121.
In an embodiment, the first secure SDK authorization information further includes a service expiration date, and the first certificate authorization control information further includes a certificate download parameter; the security chip 122 is further configured to:
judging whether the first secure SDK authorization information belongs to the validity period or not according to the service validity period; judging whether the first certificate authority control information is valid or not according to the certificate downloading parameters; and if the first secure SDK authorization information belongs to the validity period and the first certificate authorization control information is valid, judging that the first secure SDK authorization information and the first certificate authorization control information meet the preset condition.
In one embodiment, the certificate download parameters include a number of successful certificate downloads, a maximum number of updates allowed, and a certificate download status, wherein the certificate download status includes downloaded and not downloaded; the security chip 122 is also used to:
judging whether the first download is carried out according to the successful times of the certificate download and the certificate download state; if the certificate is not downloaded for the first time, judging whether the successful times of the certificate download do not exceed the maximum times of the update permission according to the successful times of the certificate download, the maximum times of the update permission and the certificate download state; and if the number of times of first downloading or successful downloading of the certificate does not exceed the maximum number of times of allowable updating, judging that the first certificate authorization control information is valid.
In an embodiment, the internet of things platform 20 includes a device management module 21 and a certificate key management module 22, and the internet of things platform 20 is configured to generate a certificate key according to the certificate and a key download request and encrypt the certificate key with the public key to generate a certificate ciphertext, including:
the internet of things platform 20 is configured to send a certificate and key generation request to the certificate key management module 22 through the device management module 21;
the certificate key management module 22 is configured to generate a certificate key according to the certificate and key generation request, encrypt the certificate key with the public key to generate a certificate ciphertext, and send the certificate ciphertext to the device management module 21.
In an embodiment, the internet of things platform 20 is configured to package the certificate ciphertext and the updated second secure SDK authorization information and the second certificate authorization control information into a certificate ciphertext package, and send the certificate ciphertext package to the security module 12 of the internet of things terminal 10, and includes:
the internet of things platform 20 is configured to package the certificate ciphertext and the updated second secure SDK authorization information and the updated second certificate authorization control information into a certificate ciphertext package through the device management module 21, and send the certificate ciphertext package to the secure SDK121;
The secure SDK121 is configured to send the certificate cryptogram packet to the secure chip 122 for secure storage.
In an embodiment, the system further comprises:
if the internet of things platform 20 receives a registration request sent by a user terminal, the internet of things platform is configured to generate the device ID and the second secure SDK authorization information according to the device information in the registration request, and initialize the second certificate authorization control information; returning the device ID and the second secure SDK authorization information to the user side as configuration information so that a user configures the Internet of things terminal 10 according to the configuration information; if the secure SDK121 of the internet of things terminal 10 receives the configuration information, the second secure SDK authorization information in the configuration information is sent to the secure chip 122 as the first secure SDK authorization information to be securely stored.
In an embodiment, the preset trigger instruction is a power-on signal or an update download request of the internet of things terminal 10.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs. The units in the device of the embodiment of the invention can be combined, divided and deleted according to actual needs. In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The integrated unit may be stored in a storage medium if implemented in the form of a software functional unit and sold or used as a stand-alone product. Based on such understanding, the technical solution of the present invention is essentially or a part contributing to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a terminal, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention.
In the foregoing embodiments, the descriptions of the embodiments are focused on, and for those portions of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.

Claims (10)

1. The utility model provides a certificate and key download method of thing networking terminal, its characterized in that is applied to certificate and key download system of thing networking terminal, certificate and key download system of thing networking terminal includes thing networking terminal and thing networking platform, thing networking terminal includes the security module, the method includes:
If the terminal of the Internet of things receives a preset trigger instruction, generating a key pair through the security module and generating a first token according to preset first security SDK authorization information and first certificate authorization control information, wherein the first security SDK authorization information comprises an equipment ID and a random number, and the first certificate authorization control information comprises certificate information;
the internet of things terminal sends a certificate and key downloading request to the internet of things platform through the security module, wherein the certificate and key downloading request comprises a preconfigured equipment ID, the first token and a public key in the key pair;
the internet of things platform generates a second token according to preset second security SDK authorization information and second certificate authorization control information corresponding to the equipment ID, and judges whether the first token is consistent with the second token or not;
if the first token is consistent with the second token, the internet of things platform generates a certificate key according to the certificate and key downloading request, encrypts the certificate key by using the public key to generate a certificate ciphertext, and simultaneously updates the second secure SDK authorization information and the second certificate authorization control information;
The internet of things platform packages the certificate ciphertext, the updated second secure SDK authorization information and the updated second certificate authorization control information into a certificate ciphertext package, and sends the certificate ciphertext package to the security module of the internet of things terminal;
the security module decrypts and stores the certificate ciphertext by adopting a private key in the key pair, and updates the first security SDK authorization information and the first certificate authorization control information based on the updated second security SDK authorization information and the second certificate authorization control information.
2. The method for downloading the certificate and the key of the terminal of the internet of things according to claim 1, wherein the security module comprises a security SDK and a security chip, and the terminal of the internet of things further comprises a terminal application; if the internet of things terminal receives a preset trigger instruction, generating a key pair through the security module and generating a first token according to preset first security SDK authorization information and first certificate authorization control information, wherein the method comprises the following steps:
if the terminal of the Internet of things receives a preset trigger instruction through the terminal application, a starting request is sent to the secure SDK to start downloading of a certificate and a secret key;
The secure SDK sends a key pair generation request to the secure chip according to the starting request;
and the security chip generates a temporary asymmetric key pair according to the key pair generation request and sends a public key in the temporary asymmetric key pair to the security SDK.
3. The method for downloading the certificate and the key of the terminal of the internet of things according to claim 2, wherein after the security chip generates the temporary asymmetric key pair according to the key pair generation request and sends the public key of the temporary asymmetric key pair to the security SDK, the method further comprises:
the secure SDK sends a first token acquisition request to the secure chip;
the security chip judges whether the first security SDK authorization information and the first certificate authorization control information meet preset conditions according to the first token acquisition request;
and if the first security SDK authorization information and the first certificate authorization control information meet preset conditions, generating a first token according to the first security SDK authorization information and the first certificate authorization control information and returning the first token to the security SDK.
4. The method for downloading the certificate and the key of the terminal of the internet of things according to claim 3, wherein the first secure SDK authorization information further includes a service expiration date, and the first certificate authorization control information further includes a certificate download parameter; the judging whether the first security SDK authorization information and the first certificate authorization control information meet a preset condition includes:
Judging whether the first secure SDK authorization information belongs to the validity period or not according to the service validity period;
judging whether the first certificate authority control information is valid or not according to the certificate downloading parameters;
and if the first secure SDK authorization information belongs to the validity period and the first certificate authorization control information is valid, judging that the first secure SDK authorization information and the first certificate authorization control information meet the preset condition.
5. The method for downloading the certificate and the key of the terminal of the internet of things according to claim 4, wherein the certificate downloading parameters comprise a successful number of times of downloading the certificate, a maximum number of times of allowing updating, and a certificate downloading state, wherein the certificate downloading state comprises downloaded and un-downloaded; the determining whether the first certificate authority control information is valid according to the certificate download parameter includes:
judging whether the first download is carried out according to the successful times of the certificate download and the certificate download state;
if the certificate is not downloaded for the first time, judging whether the successful times of the certificate download do not exceed the maximum times of the update permission according to the successful times of the certificate download, the maximum times of the update permission and the certificate download state;
And if the number of times of first downloading or successful downloading of the certificate does not exceed the maximum number of times of allowable updating, judging that the first certificate authorization control information is valid.
6. The method for downloading the certificate and the key of the terminal of the internet of things according to claim 5, wherein the platform of the internet of things comprises a device management module and a certificate key management module, the platform of the internet of things generates a certificate key according to the certificate and key downloading request and encrypts the certificate key by using the public key to generate a certificate ciphertext, and the method comprises the steps of:
the internet of things platform sends a certificate and a key generation request to the certificate key management module through the equipment management module;
and the certificate key management module generates a certificate key according to the certificate and key generation request, encrypts the certificate key by using the public key to generate a certificate ciphertext, and sends the certificate ciphertext to the equipment management module.
7. The method for downloading the certificate and the key of the internet of things terminal according to claim 6, wherein the internet of things platform packages the certificate ciphertext and the updated second secure SDK authorization information and the second certificate authorization control information into a certificate ciphertext package, and sends the certificate ciphertext package to the security module of the internet of things terminal, comprising:
The internet of things platform packages the certificate ciphertext, the updated second secure SDK authorization information and the updated second certificate authorization control information into a certificate ciphertext package through the equipment management module, and sends the certificate ciphertext package to the secure SDK;
and the secure SDK sends the certificate cryptograph packet to the secure chip for secure storage.
8. The method for downloading the certificate and the key of the terminal of the internet of things according to any one of claims 2 to 7, wherein the method further comprises:
if the internet of things platform receives a registration request sent by a user terminal, generating the equipment ID and the second security SDK authorization information according to the equipment information in the registration request, and initializing the second certificate authorization control information;
returning the equipment ID and the second secure SDK authorization information to the user side as configuration information so that a user configures the Internet of things terminal according to the configuration information;
and if the secure SDK of the terminal of the Internet of things receives the configuration information, sending second secure SDK authorization information in the configuration information to the secure chip as the first secure SDK authorization information for secure storage.
9. The method for downloading the certificate and the key of the terminal of the internet of things according to any one of claims 1 to 7, wherein the preset trigger instruction is a power-on signal or an update download request of the terminal of the internet of things.
10. The certificate and key downloading system of the terminal of the Internet of things is characterized by comprising the following components: the internet of things terminal and the internet of things platform, the internet of things terminal comprising a security module, the internet of things terminal and the internet of things platform communicating with each other to jointly implement the method of any one of claims 1-9.
CN202111174932.4A 2021-10-09 2021-10-09 Certificate and key downloading method and system of terminal of Internet of things Active CN113904848B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111174932.4A CN113904848B (en) 2021-10-09 2021-10-09 Certificate and key downloading method and system of terminal of Internet of things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111174932.4A CN113904848B (en) 2021-10-09 2021-10-09 Certificate and key downloading method and system of terminal of Internet of things

Publications (2)

Publication Number Publication Date
CN113904848A CN113904848A (en) 2022-01-07
CN113904848B true CN113904848B (en) 2023-08-04

Family

ID=79190564

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111174932.4A Active CN113904848B (en) 2021-10-09 2021-10-09 Certificate and key downloading method and system of terminal of Internet of things

Country Status (1)

Country Link
CN (1) CN113904848B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020079349A (en) * 2001-04-09 2002-10-19 피닉스 테크놀로지 리미티드 Systems and methods for computer device authentication
CN103812871A (en) * 2014-02-24 2014-05-21 北京明朝万达科技有限公司 Development method and system based on mobile terminal application program security application
CN111212429A (en) * 2019-12-11 2020-05-29 全球能源互联网研究院有限公司 Safety access system and method for mobile terminal
CN111431922A (en) * 2020-03-31 2020-07-17 中国建设银行股份有限公司 Internet of things data encryption transmission method and system
CN112039918A (en) * 2020-09-10 2020-12-04 四川长虹电器股份有限公司 Internet of things credible authentication method based on identification cryptographic algorithm
CN112332975A (en) * 2020-11-03 2021-02-05 郑州信大捷安信息技术股份有限公司 Internet of things equipment secure communication method and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015112753A1 (en) * 2014-01-24 2015-07-30 Footmarks, Inc. Multi-broadcast beacon signals
WO2015161699A1 (en) * 2014-04-25 2015-10-29 天地融科技股份有限公司 Secure data interaction method and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020079349A (en) * 2001-04-09 2002-10-19 피닉스 테크놀로지 리미티드 Systems and methods for computer device authentication
CN103812871A (en) * 2014-02-24 2014-05-21 北京明朝万达科技有限公司 Development method and system based on mobile terminal application program security application
CN111212429A (en) * 2019-12-11 2020-05-29 全球能源互联网研究院有限公司 Safety access system and method for mobile terminal
CN111431922A (en) * 2020-03-31 2020-07-17 中国建设银行股份有限公司 Internet of things data encryption transmission method and system
CN112039918A (en) * 2020-09-10 2020-12-04 四川长虹电器股份有限公司 Internet of things credible authentication method based on identification cryptographic algorithm
CN112332975A (en) * 2020-11-03 2021-02-05 郑州信大捷安信息技术股份有限公司 Internet of things equipment secure communication method and system

Also Published As

Publication number Publication date
CN113904848A (en) 2022-01-07

Similar Documents

Publication Publication Date Title
US11849029B2 (en) Method of data transfer, a method of controlling use of data and cryptographic device
US10454674B1 (en) System, method, and device of authenticated encryption of messages
EP3522580B1 (en) Credential provisioning
US10348706B2 (en) Assuring external accessibility for devices on a network
US20020107804A1 (en) System and method for managing trust between clients and servers
CN105743638B (en) Method based on B/S architecture system client authorization certifications
CN106027251B (en) A kind of identity card card-reading terminal and cloud authentication platform data transmission method and system
CN101251883B (en) Method for performing safety controllable remote upgrade for software protecting device
WO2006078650A1 (en) Using hardware to secure areas of long term storage in ce devices
US20080005034A1 (en) Method and Apparatus for Efficient Use of Trusted Third Parties for Additional Content-Sharing Security
TW201229932A (en) Physically secured authorization for utility applications
WO2002073861A9 (en) Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys
US20190327235A1 (en) External accessibility for network devices
CN101241528A (en) Terminal access trusted PDA method and access system
CN106027473A (en) Identity card reading terminal and cloud authentication platform data transmission method and system
CN106599697A (en) Method and system for safe upgrade of programs in PCI password card
KR102576894B1 (en) Method for managing encryption keys inside the vehicle
CN113904848B (en) Certificate and key downloading method and system of terminal of Internet of things
CN111740995A (en) Authorization authentication method and related device
CN116633530A (en) Quantum key transmission method, device and system
CN114143777B (en) Certificate key downloading method and system of internet of things terminal based on SIM card
EP2641208B1 (en) Method to detect cloned software
CN110532741B (en) Personal information authorization method, authentication center and service provider
AU2020204174B2 (en) Assuring external accessibility for devices on a network
CN116545751A (en) Intelligent equipment safety authentication method and device based on zero trust

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant