CN115277240A - Authentication method and device for Internet of things equipment - Google Patents

Authentication method and device for Internet of things equipment Download PDF

Info

Publication number
CN115277240A
CN115277240A CN202210926720.5A CN202210926720A CN115277240A CN 115277240 A CN115277240 A CN 115277240A CN 202210926720 A CN202210926720 A CN 202210926720A CN 115277240 A CN115277240 A CN 115277240A
Authority
CN
China
Prior art keywords
server
equipment
authentication
mask data
parameter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210926720.5A
Other languages
Chinese (zh)
Inventor
曹元�
张凯钊
刘皖熠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hohai University HHU
Original Assignee
Hohai University HHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hohai University HHU filed Critical Hohai University HHU
Priority to CN202210926720.5A priority Critical patent/CN115277240A/en
Publication of CN115277240A publication Critical patent/CN115277240A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to the technical field of information security, in particular to an authentication method of Internet of things equipment, which is applied to an equipment end and comprises the following steps: under the condition of establishing connection with a server, after receiving an authentication request of a user, acquiring an equipment key parameter and an equipment number of an equipment end, and sending the equipment key parameter and the equipment number to the server so that the server checks the equipment number, and generates mask data of the server according to the equipment key parameter; acquiring server mask data and server key parameters sent by a server, and generating server verification parameters of the server according to the server mask data; determining that the server passes the authentication according to the server key parameter and the server verification parameter; and after the server passes the authentication, acquiring equipment authentication passing information sent by the server, and starting an application function corresponding to the authentication request. The method improves the authentication efficiency of the equipment, ensures the safety of the equipment, reduces the resource waste and realizes the function of 'one-time pad'.

Description

Authentication method and device for Internet of things equipment
Technical Field
The invention relates to the technical field of information security, in particular to an authentication method and device for Internet of things equipment.
Background
In recent years, the demand and the application range of the internet of things equipment are increased. Meanwhile, the safety problem of the internet of things equipment is also paid more and more attention. At present, a series of invasive attacks and non-invasive attacks threaten the safety of the internet of things equipment, and the safety of the internet of things equipment and an ecosystem is seriously damaged due to the rapid increase of equipment connected with certain internet of things equipment and the continuous development of attack software, illegal software or malicious software.
At present, the equipment of the internet of things is usually authenticated by using an asymmetric key and a symmetric key so as to ensure the security of the equipment of the internet of things. However, the encryption operation and the decryption operation of the software of the internet of things device consume a large amount of resources, and simultaneously, the network performance is also reduced, which causes a problem of low authentication efficiency of the internet of things device.
Disclosure of Invention
The authentication method and the authentication device for the Internet of things equipment solve the technical problem of low authentication efficiency of the Internet of things equipment in the prior art, realize the mutual authentication function between the Internet of things equipment and the server, improve the authentication efficiency of the Internet of things equipment, guarantee the safety of the equipment, have the characteristics of less resource consumption, high response speed and one-time pad in the mutual authentication process between the Internet of things equipment and the server, and effectively prevent physical invasive attack and other technical effects.
In a first aspect, an embodiment of the present invention provides an authentication method for an internet of things device, where the method is applied to a device side, and the method includes:
under the condition of establishing connection with a server, after receiving an authentication request of a user, acquiring an equipment key parameter and an equipment number of the equipment, and sending the equipment key parameter and the equipment number to the server, so that the server checks the equipment number, and generates server mask data according to the equipment key parameter;
acquiring the server mask data and the server key parameter sent by the server, and generating a server verification parameter of the server according to the server mask data;
according to the server key parameter and the server verification parameter, determining that the server passes authentication;
and after the server is determined to pass the authentication, acquiring equipment authentication passing information sent by the server, and starting an application function corresponding to the authentication request.
Preferably, after determining that the server is authenticated, the method further includes:
obtaining device mask data according to the server side key parameters, and sending the device mask data to the server side so that the server side authenticates the device side according to the device mask data;
and after the equipment mask data is sent to the server, acquiring equipment authentication passing information sent by the server, and starting the corresponding application function.
Preferably, the obtaining the device key parameter of the device includes:
acquiring an equipment excitation parameter, inputting the equipment excitation parameter into a physical unclonable function of the equipment end to obtain an equipment response parameter, and inputting the equipment excitation parameter into a hash function of the equipment end to obtain a hash result of the equipment excitation parameter;
and obtaining the equipment key parameter according to the hash result of the equipment response parameter and the equipment excitation parameter.
Preferably, after obtaining the device key parameter, the method further includes:
obtaining an equipment verification key according to the equipment key parameter;
the generating a server verification parameter of the server according to the server mask data includes:
and obtaining the server side verification parameters according to the server side mask data and the equipment verification key.
Preferably, the determining that the server passes the authentication according to the server key parameter and the server verification parameter includes:
obtaining a first fuzzy Hamming distance according to the server key parameter and the server verification parameter;
and if the first fuzzy Hamming distance is not smaller than a first set distance threshold, determining that the server passes the authentication, and outputting the information that the equipment end passes the authentication of the server.
Preferably, before receiving the authentication request of the user, the method further includes:
sending a registration signal to the server;
after the registration signal is sent, acquiring an excitation value set sent by the server and an equipment code number of the equipment, and storing the excitation value set and the equipment code number, wherein the equipment code number is consistent with the equipment number;
obtaining a response value corresponding to each excitation value and a plurality of excitation response pairs according to each excitation value in the excitation value set, wherein one excitation response pair comprises one excitation value and a response value corresponding to the excitation value;
and sending the plurality of excitation response pairs to the server so that the server stores the plurality of excitation response pairs.
Based on the same inventive concept, in a second aspect, the present invention further provides an authentication apparatus for an internet of things device, which is applied to a device side, and the apparatus includes:
the system comprises an acquisition sending module, a receiving sending module and a processing module, wherein the acquisition sending module is used for acquiring the equipment key parameter and the equipment number of the equipment terminal after receiving an authentication request of a user under the condition of establishing connection with the server terminal, sending the equipment key parameter and the equipment number to the server terminal so as to enable the server terminal to check the equipment number, and generating mask data of the server terminal according to the equipment key parameter;
the acquisition generating module is used for acquiring the server mask data and the server key parameters sent by the server and generating the server verification parameters of the server according to the server mask data;
the authentication module is used for determining that the server passes the authentication according to the server key parameter and the server verification parameter;
and the control module is used for acquiring the equipment authentication passing information sent by the server after the server is determined to pass the authentication, and starting the application function corresponding to the authentication request.
Based on the same inventive concept, in a third aspect, an embodiment of the present invention provides an authentication method for an internet of things device, which is applied to a server, and the method includes:
after establishing connection with an equipment end, acquiring a server end key parameter of the server end, an equipment key parameter and an equipment number sent by the equipment end;
if the equipment number is consistent with the equipment code number of the equipment end in the server database, generating server mask data according to the equipment key parameter, and sending the server mask data and the server key parameter to the equipment end;
after the mask data of the server and the key parameter of the server are sent to the equipment end, the mask data of the equipment sent by the equipment end is obtained;
and determining that the equipment end passes the authentication according to the equipment mask data, and sending equipment end authentication passing information of the equipment end to the equipment end.
Preferably, the determining that the device side passes the authentication according to the device mask data includes:
generating a device verification parameter of the device end according to the device mask data;
obtaining a second fuzzy Hamming distance according to the equipment verification parameter and the equipment key parameter;
and if the second fuzzy Hamming distance is not smaller than a second set distance threshold, determining that the equipment end passes the authentication, and sending equipment end authentication passing information of the equipment end to the equipment end.
Based on the same inventive concept, in a fourth aspect, the present invention further provides an authentication apparatus for an internet of things device, where the authentication apparatus is applied to a server, and the apparatus includes:
the first acquisition module is used for acquiring the server side key parameter of the server side, the equipment key parameter sent by the equipment side and the equipment number after establishing connection with the equipment side;
the judging module is used for generating server mask data according to the equipment key parameter if the equipment number is consistent with the equipment code number of the equipment end in the server database, and sending the server mask data and the server key parameter to the equipment end;
the second obtaining module is used for obtaining the device mask data sent by the device side after the server side mask data and the server side key parameters are sent to the device side;
and the determining module is used for determining that the equipment end passes the authentication according to the equipment mask data and sending the equipment end authentication passing information of the equipment end to the equipment end.
One or more technical solutions in the embodiments of the present invention have at least the following technical effects or advantages:
in the embodiment of the invention, when the user uses a certain application function at the equipment end, the authentication request of the user is triggered. The method comprises the steps that after an equipment terminal receives an authentication request of a user, the equipment key parameter and the equipment number of the equipment terminal are obtained, the equipment key parameter and the equipment number are sent to a server terminal, so that the server terminal checks the equipment number, and mask data of the server terminal are generated according to the equipment key parameter. The server not only checks the device number and confirms that the device is the device registered in the server, but also generates the mask data of the server, thereby effectively preventing relevant attacks such as machine learning attack, replay attack or man-in-the-middle attack and the like, improving the authentication efficiency of the device and ensuring the safety of the device.
And then, the equipment side acquires the mask data of the service side and the key parameter of the service side, which are sent by the service side, and generates a verification parameter of the service side according to the mask data of the service side. And then, according to the server key parameter and the server verification parameter, the server is determined to pass the authentication, the authentication of the equipment end to the server is realized, the authentication efficiency of the equipment is further improved, and the safety of the equipment is ensured.
Then, after the server is determined to pass the authentication, the device authentication passing information sent by the server is obtained, which means that the device passes the authentication of the server by the device and passes the authentication of the device by the server, i.e. the device and the server pass the mutual authentication, thereby ensuring the security of the device. After the mutual authentication between the two is passed, the equipment end starts the application function corresponding to the authentication request so that the user can safely use the application function of the equipment end.
By the authentication method of the Internet of things equipment, the original direct mapping relation between response and excitation of the server side and the equipment side is broken. In the whole authentication process, the relevant parameters or mask data used each time depend on the data generated by the true random number generator, and the relevant mask data is also set, so that the authentication efficiency of the equipment end is greatly improved, and the safety of the equipment is ensured. In addition, the server can also realize one-time pad, and effectively prevent machine learning attack, replay attack and man-in-the-middle attack. In the whole authentication process of the two, a physical unclonable function is also utilized, so that physical invasion attack can be prevented.
Drawings
Various additional advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic flowchart illustrating steps of an authentication method applied to an internet of things device on a device side in an embodiment of the present invention;
fig. 2 is a schematic flowchart illustrating an authentication method of an internet of things device between a device side and a server side in an embodiment of the present invention;
fig. 3 is a schematic block diagram illustrating an authentication apparatus applied to an internet of things device on a device side in an embodiment of the present invention;
fig. 4 is a schematic flowchart illustrating steps of an authentication method applied to an internet of things device of a server in an embodiment of the present invention;
fig. 5 shows a schematic block diagram of an authentication apparatus applied to an internet of things device of a server in an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Example one
A first embodiment of the present invention provides an authentication method for an internet of things device, which is applied to a device side, and as shown in fig. 1, the authentication method includes:
s101, under the condition of establishing connection with a server, after receiving an authentication request of a user, acquiring an equipment key parameter and an equipment number of an equipment end, and sending the equipment key parameter and the equipment number to the server so that the server checks the equipment number, and generates server mask data according to the equipment key parameter;
s102, acquiring server mask data and server key parameters sent by a server, and generating server verification parameters of the server according to the server mask data;
s103, determining that the server passes the authentication according to the server key parameter and the server verification parameter;
and S104, after the server passes the authentication, acquiring equipment authentication passing information sent by the server, and starting an application function corresponding to the authentication request.
The authentication method of the internet of things equipment is applied to an equipment end, and the equipment end is the internet of things equipment such as a mobile phone, a tablet computer, an electronic lock or other electronic products. The authentication method of the internet of things equipment is particularly suitable for mobile payment authentication scenes, access control management scenes, anti-counterfeiting Identification authentication scenes, radio Frequency Identification (Radio Frequency Identification, RFID), near Field Communication (NFC) technology, or other Communication technologies.
Specific implementation steps of the authentication method for the internet of things device provided by the embodiment are described in detail below with reference to fig. 1:
before step S101 is executed, after the device side establishes a connection with the server side, the device side needs to register with the server side. And the equipment end sends a registration signal to the server end so as to enable the equipment end to enter a registration stage. In the registration phase, after receiving a registration signal sent by the device, the server randomly generates a plurality of excitation values (i.e., excitation value sets) and a device code Number of the device through its True Random Number Generator (TRNG), and sends the excitation value sets and the device Number to the device. After the server obtains the equipment code of the equipment, the equipment code is stored in a database of the server so as to index the equipment through the equipment code.
It should also be noted that, the server side, through its own physical unclonable function circuit, generating N excitation modules, each excitation module comprising N C An excitation value. Wherein N and N C Are all integers greater than 1. In the registration phase, after the server receives the registration signal sent by the device, the server obtains the Random numbers u and k through its True Random Number Generator (TRNG). u is the device code number of the device side, and k is the excitation value of the kth excitation module, i.e. the excitation value set.
And after the equipment terminal sends the registration signal, acquiring the excitation value set sent by the server terminal and the equipment code number of the equipment terminal, and storing the excitation value set and the equipment code number. After receiving the device code, the device terminal takes the device code as the device number of the device terminal, that is, the device code is consistent with the device number.
And after the device end receives the excitation value set sent by the server end, the device end carries out excitation value processing according to each excitation value C in the excitation value set C i Obtaining each excitation value C i Corresponding response value R i And a plurality of excitation response pairs CRP (C) i ,R i ). Wherein an excitation response pair comprises an excitation value and a response value corresponding to the excitation value, and i represents the ith excitation value or response value. The equipment end is obtainingAnd after the plurality of excitation response pairs, transmitting the plurality of excitation response pairs to the server. After the server receives the plurality of excitation response pairs, the server stores the plurality of excitation response pairs.
As shown in fig. 2, in the process of authenticating the device side and the server side, step S101 is first executed, and under the condition that a connection is established with the server side, after receiving an authentication request of a user, an equipment key parameter and an equipment number of the device side are obtained, and the equipment key parameter and the equipment number are sent to the server side, so that the server side checks the equipment number, and generates mask data of the server side according to the equipment key parameter.
Specifically, when the device side establishes a connection with the server side, and a user uses an application function of the device side that requires identity authentication, the user clicks an application on the device, and the device side receives an authentication request from the user. After receiving the authentication request of the user, the equipment terminal acquires the equipment key parameter and the equipment number of the equipment terminal, and sends the equipment key parameter and the equipment number of the equipment terminal to the server terminal. The authentication request of the user is a request that the user needs to authenticate the identity when using a certain application function at the equipment end. For example, when the user uses the mobile payment function of the mobile phone terminal, the identity is authenticated. Or on a highway, when the vehicle passes through the Toll station, the ETC (Electronic Toll Collection) of the Toll station is identified through the vehicle-mounted Electronic tag arranged on the vehicle, and the request of verifying the identity of the vehicle through the ETC is realized.
The process of obtaining the device key parameter a of the device end is that the device excitation parameter is obtained first, the device excitation parameter is input into the physical unclonable function of the device end to obtain the device response parameter, and the device excitation parameter is input into the hash function of the device end to obtain the hash result of the device excitation parameter. And obtaining the equipment key parameter according to the hash result of the equipment response parameter and the equipment excitation parameter.
Specifically, the equipment side passes through a true random number generator TRNG of the equipment side d Obtaining the device excitation index I d . Due to TRNG d Output device excitation index I d The corresponding stimulus value may correspond to a prestored C i If there is no match, I is required d A Linear Feedback Shift Register (LFSR) fed into the device side, where all output values of the LFSR function are limited between 0 and Nr. Nr is the number of CRPs obtained by the device side in the registration phase. I is d The actual index LFSR (I) of the equipment is output and obtained through a linear feedback shift register at the equipment end d ). Database DB at the device side according to the actual index of the device d Finds out the device excitation parameter C d
Then, adding C d Physical unclonable function PUF (k, C) input to device side d ) In (1), obtaining a device response parameter R d . And, the device excitation parameter C d Inputting the Hash function Hash into the equipment end to obtain a Hash result Hash (C) of the equipment excitation parameter d ). Then the equipment response parameter R d And Hash (C) d ) And performing exclusive OR operation to obtain the device key parameter a.
After obtaining the device key parameter a, feeding the device key parameter a into a Linear Feedback Shift Register (LFSR) of the device end, and outputting a device target index I by the LFSR (a) of the device end a . According to the device object index I a Database DB on the device side d Finding verified excitation parameters at the device side
Figure BDA0003779808530000091
Will be provided with
Figure BDA0003779808530000092
By means of a physical unclonable function PUF (k,
Figure BDA0003779808530000093
) Obtaining a device authentication key K s
After receiving the device key parameter and the device number sent by the device end, the server end firstly judges whether the device number is consistent with the device code number of the device end stored in the server end database. If the equipment number sent by the equipment end and the setting stored in the server end databaseThe equipment codes of the standby terminals are consistent, which indicates that the equipment terminals are equipment terminals registered with the service terminal, and the service terminal has stored the excitation response pairs of the equipment terminals to CRP (C) i ,R i ) And the server generates server mask data according to the equipment key parameter and sends the server mask data and the server key parameter of the server to the equipment.
And if the equipment number sent by the equipment end is not consistent with the equipment code number of the equipment end stored in the server database, the equipment end is not registered with the server, and the equipment end cannot be authenticated with the server, the server sends the relevant information that the equipment end is unregistered equipment to the equipment end.
The process of the server side for obtaining the key parameter b of the server side is that the server side passes through a true random number generator TRNG of the server side s Obtaining a server excitation response index I s . Will I s The LFSR of the server is fed into the LFSR of the server, and the output of the LFSR of the server obtains the actual index LFSR (I) of the server s ). Database DB at the server side according to the actual index of the server side s Finding out CRP (C) parameter of server side excitation response pair s ,R s )。
Then, the server side excitation response is responded to CRP (C) s ,R s ) Server side excitation parameter C s Inputting the data into Hash function Hash of the server to obtain a server excitation parameter C s Hash result of (C) s ). The server side responds to the parameter R s And Hash (C) s ) And performing XOR operation to obtain a server side key parameter b.
After the server side obtains the server side key parameter b, the server side verification key is obtained according to the server side key parameter b, and the specific process is as follows: the key parameter b of the server is fed into a Linear Feedback Shift Register (LFSR) of the server, and the LFSR (b) of the server outputs a target index I of the server b . Indexing according to the server target I b Database DB at the server s Finds out the server authentication key K d
The server generates the mask data e of the server according to the key parameter a of the deviceThe specific process is that the server side makes the device key parameter a sent by the device side pass through the linear feedback shift register LFSR of the server side, and the LFSR (a) of the server side outputs to obtain a first index
Figure BDA0003779808530000101
According to the first index
Figure BDA0003779808530000102
Database DB at the server s Finds the first authentication key K s . The first authentication key K s And a server side stimulus response index I s And performing exclusive OR operation to obtain the mask data e of the server. And the server side sends the mask data e of the server side and the key parameter b of the server side to the equipment side.
Then, step S102 is executed to obtain the server mask data and the server key parameter sent by the server, and generate the server verification parameter of the server according to the server mask data.
Specifically, after receiving the server mask data e and the server key parameter b sent by the server, the device verifies the key K according to the server mask data e and the device s Obtaining the verification parameters of the server
Figure BDA0003779808530000103
Obtaining server verification parameters
Figure BDA0003779808530000104
The specific process is that the mask data e of the server side and the equipment verification key K are combined s Performing XOR operation to obtain a second index
Figure BDA0003779808530000105
Indexing the second
Figure BDA0003779808530000106
Obtaining a third index LFSR through the LFSR of the device end
Figure BDA0003779808530000107
According to a third index LFSR
Figure BDA0003779808530000108
Database DB on the device side d Finds the first excitation parameter C s . The first excitation parameter C s Physical unclonable function PUF (k, C) input to device side s ) In (3), obtaining a first response parameter R s . The first response parameter R s And a first excitation parameter C s Hash result of (C) s ) Performing XOR operation to obtain the verification parameter of the server
Figure BDA0003779808530000111
The equipment side obtains the verification parameters of the server side
Figure BDA0003779808530000112
And then, executing step S103, and determining that the server passes the authentication according to the server key parameter and the server verification parameter.
Specifically, the device side obtains the server side verification parameters
Figure BDA0003779808530000113
Then, the device side sends the server side key parameter b and the server side verification parameter
Figure BDA0003779808530000114
Performing Fuzzy Hamming Distance algorithm (PHD) calculation to obtain a first Fuzzy Hamming Distance PHD (b,
Figure BDA0003779808530000115
). Then, for the first fuzzy hamming distance PHD (b,
Figure BDA0003779808530000116
) And (6) judging. And if the first fuzzy Hamming distance is not smaller than a first set distance threshold tau 1, determining that the server passes the authentication, and outputting information that the equipment side passes the authentication of the server. Wherein the first set distance threshold is set according to actual requirements. And if the first fuzzy Hamming distance is smaller than a first set distance threshold, determining that the server fails to be authenticated, outputting information that the server fails to be authenticated by the equipment terminal to screens of the server and the equipment terminal, and closing an application function corresponding to the authentication request.
In this embodiment, the device side sends the device key parameter and the device number to the server side in the process of being used by the user, so that the server checks the device number and generates the server side mask data and the server side key parameter. The equipment side authenticates the server side according to the received server side mask data and the server side key parameters sent by the server side, and judges whether the server side passes the authentication or not so as to improve the authentication efficiency of the equipment and ensure the safety of the equipment. In addition, machine learning attack, replay attack, man-in-the-middle attack and the like can be effectively prevented through the setting of the mask data of the server side.
After the device side determines that the server side passes the authentication, the device side executes step S104 to obtain device side authentication passing information sent by the server side, and starts an application function corresponding to the authentication request.
Specifically, after the server is determined to pass the authentication, the device obtains device mask data f according to the server key parameter b, and sends the device mask data to the server, so that the server authenticates the device according to the device mask data.
The specific process of obtaining the device mask data f is to obtain a fourth index by passing the service-side key parameter b through the LFSR of the device side
Figure BDA0003779808530000117
According to the fourth index
Figure BDA0003779808530000118
Database DB on the device side d Finds the second excitation parameter C Kd . C is to be Kd Physical unclonable function PUF (k, C) input to device side Kd ) In the step (2), a second response parameter K is obtained d . Will K d And device excitation index I d And performing exclusive OR operation to obtain equipment mask data f.
After receiving the device mask data f sent by the device side, the server side generates a device verification parameter of the device side according to the device mask data f, and the specific process is as follows: the server side verifies the secret key K with the equipment mask data f and the server side d Performing XOR operation to obtain a fifth index
Figure BDA0003779808530000121
Will be provided with
Figure BDA0003779808530000122
Obtaining a sixth index LFSR through the LFSR of the server
Figure BDA0003779808530000123
According to a sixth index LFSR
Figure BDA0003779808530000124
Database DB at the server s Finds the third excitation parameter C d And a third response parameter R d . The third response parameter R d And a third excitation parameter C d Hash result of (C) d ) Performing XOR operation to obtain equipment verification parameters
Figure BDA0003779808530000125
The server side obtains the equipment verification parameters
Figure BDA0003779808530000126
Then, the device is verified with the parameters
Figure BDA0003779808530000127
And the device key parameter a are subjected to fuzzy Hamming distance algorithm PHD calculation to obtain a second fuzzy Hamming distance PHD (a,
Figure BDA0003779808530000128
). Then, for the second fuzzy hamming distance PHD (a,
Figure BDA0003779808530000129
) And (6) judging. If the second moldAnd if the fuzzy Hamming distance is not less than the second set distance threshold tau 2, determining that the equipment end passes the authentication, and sending the equipment end authentication passing information of the equipment end to the equipment end. Wherein the second set distance threshold is set according to actual requirements. And if the second fuzzy Hamming distance is smaller than a second set distance threshold, the server side fails the authentication of the equipment side, and information that the equipment side fails the authentication is sent to the equipment side.
After the server side sends the equipment side authentication passing information to the equipment side, the server side deletes the server side excitation response pair parameter CRP (C) used in the process that the equipment side and the server side pass mutual authentication from the own database s ,R s ) The mutual authentication of the equipment end and the service end is realized once in the mutual authentication process of the equipment end and the service end, and the parameter CRP (C) is stimulated to respond by using the service end once s ,R s ) The method and the device have the advantages that the authentication efficiency of the device side and the server side is improved, the safety of the device is guaranteed, the resource waste is reduced, and the response speed is increased even if the one-time secret key is used.
And after the equipment mask data is sent to the server side by the equipment side, the equipment side authentication passing information sent by the server side is obtained, and the corresponding application function is started so that the user can use the corresponding application function.
In this embodiment, after the device side passes the authentication of the server side, the server side needs to authenticate the device side. The server side obtains equipment verification parameters according to the equipment mask data f sent by the equipment side
Figure BDA00037798085300001210
Then according to the equipment verification parameter
Figure BDA00037798085300001211
And the equipment key parameter a is used for determining the authentication result of the equipment terminal so as to improve the authentication efficiency of the equipment and ensure the safety of the equipment. And, through the setting of the device mask data, machine learning attack, replay attack, man-in-the-middle attack, etc. can be effectively prevented.
In the whole authentication process of the equipment side and the service side, the equipment side and the service side both use physical unclonable functions PUF, and physical invasive attack can be effectively prevented.
It should be further noted that, in the present embodiment, the device and/or the server may employ a circuit in which a process circuit corresponding to the true random number generator TRNG and a process circuit corresponding to the physical unclonable function PUF are connected in parallel, so as to further reduce waste of software resources and improve response speed.
One or more technical solutions in the embodiments of the present invention have at least the following technical effects or advantages:
in this embodiment, when the user uses a certain application function on the device side, the authentication request of the user is triggered. The method comprises the steps that after an equipment terminal receives an authentication request of a user, the equipment key parameter and the equipment number of the equipment terminal are obtained, the equipment key parameter and the equipment number are sent to a server terminal, so that the server terminal checks the equipment number, and mask data of the server terminal are generated according to the equipment key parameter. The server not only checks the device number and confirms that the device is the device registered in the server, but also generates the mask data of the server, thereby effectively preventing relevant attacks such as machine learning attack, replay attack or man-in-the-middle attack, improving the authentication efficiency of the device and ensuring the safety of the device.
And then, the equipment side acquires the mask data of the service side and the key parameter of the service side, which are sent by the service side, and generates a verification parameter of the service side according to the mask data of the service side. And then, according to the server key parameter and the server verification parameter, the server is determined to pass the authentication, the authentication of the equipment end to the server is realized, the authentication efficiency of the equipment is further improved, and the safety of the equipment is ensured.
Then, after the server is determined to pass the authentication, the device authentication passing information sent by the server is obtained, which means that the device passes the authentication of the server by the device and passes the authentication of the device by the server, i.e. the device and the server pass the mutual authentication, thereby ensuring the security of the device. After the two devices pass the mutual authentication, the device side starts the application function corresponding to the authentication request so that the user can safely use the application function of the device side.
The authentication method for the Internet of things equipment breaks through the original direct mapping relation between response and excitation of the server and the equipment. In the whole authentication process, the relevant parameters or mask data used each time depend on the data generated by the true random number generator, and the relevant mask data is also set, so that the authentication efficiency of the equipment end is greatly improved, and the safety of the equipment is ensured. In addition, the server can also realize one-time pad, and effectively prevent machine learning attack, replay attack and man-in-the-middle attack. In the whole authentication process of the two, a physical unclonable function is also utilized, so that physical invasive attack can be prevented.
Example two
Based on the same inventive concept, a second embodiment of the present invention further provides an authentication apparatus for internet of things devices, as shown in fig. 3, applied to a device side, where the apparatus includes:
an obtaining and sending module 201, configured to, after receiving an authentication request of a user under a condition of establishing a connection with a server, obtain an equipment key parameter and an equipment number of the equipment, and send the equipment key parameter and the equipment number to the server, so that the server checks the equipment number, and generates server mask data according to the equipment key parameter;
an obtaining and generating module 202, configured to obtain the server mask data and the server key parameter sent by the server, and generate a server verification parameter of the server according to the server mask data;
the authentication module 203 is configured to determine that the server passes authentication according to the server key parameter and the server verification parameter;
and the control module 204 is configured to, after it is determined that the server passes the authentication, acquire device authentication passing information sent by the server, and start an application function corresponding to the authentication request.
As an alternative embodiment, the control module 204 is configured to: after the server is confirmed to pass the authentication, obtaining device mask data according to the server key parameters, and sending the device mask data to the server, so that the server authenticates the device according to the device mask data;
and after the equipment mask data is sent to the server, acquiring equipment authentication passing information sent by the server, and starting the corresponding application function.
As an optional embodiment, the obtaining sending module 201 is configured to obtain the device key parameter of the device, and includes:
acquiring equipment excitation parameters, inputting the equipment excitation parameters into a physical unclonable function of the equipment end to obtain equipment response parameters, and inputting the equipment excitation parameters into a hash function of the equipment end to obtain a hash result of the equipment excitation parameters;
and obtaining the equipment key parameter according to the hash result of the equipment response parameter and the equipment excitation parameter.
As an optional embodiment, the obtaining and sending module 201 is configured to, after obtaining the device key parameter, further include:
obtaining an equipment verification key according to the equipment key parameter;
the obtaining and generating module 202 is configured to generate a server verification parameter of the server according to the server mask data, and includes:
and obtaining the server side verification parameters according to the server side mask data and the equipment verification key.
As an optional embodiment, the determining that the server passes the authentication according to the server key parameter and the server verification parameter includes:
obtaining a first fuzzy Hamming distance according to the server side key parameter and the server side verification parameter;
and if the first fuzzy Hamming distance is not smaller than a first set distance threshold, determining that the server passes the authentication, and outputting the information that the equipment end passes the authentication of the server.
As an alternative embodiment, the obtaining and sending module 201 is configured to: before receiving an authentication request of a user, sending a registration signal to the server;
after the registration signal is sent, acquiring an excitation value set sent by the server and an equipment code number of the equipment, and storing the excitation value set and the equipment code number, wherein the equipment code number is consistent with the equipment number;
obtaining a response value corresponding to each excitation value and a plurality of excitation response pairs according to each excitation value in the excitation value set, wherein one excitation response pair comprises one excitation value and a response value corresponding to the excitation value;
and sending the plurality of excitation response pairs to the server so that the server stores the plurality of excitation response pairs.
Since the authentication device of the internet of things device described in this embodiment is a device used for implementing the authentication method of the internet of things device in the first embodiment of the present application, based on the authentication method of the internet of things device described in the first embodiment of the present application, a person skilled in the art can understand a specific implementation manner and various variations of the authentication device of the internet of things device in this embodiment, so how to implement the method in the first embodiment of the present application by the authentication device of the internet of things device is not described in detail here. As long as a person skilled in the art implements the apparatus used in the method for authenticating an internet of things device in the first embodiment of the present application, the apparatus all belongs to the scope of protection intended by the present application.
EXAMPLE III
Based on the same inventive concept, a third embodiment of the present invention provides an authentication method for internet of things devices, as shown in fig. 4, applied to a server, where the method includes:
s301, after establishing connection with an equipment end, acquiring a server end key parameter of the server end, an equipment key parameter and an equipment number sent by the equipment end;
s302, if the equipment number is consistent with the equipment code number of the equipment end in the server database, generating server mask data according to the equipment key parameter, and sending the server mask data and the server key parameter to the equipment end;
s303, after the mask data of the server and the key parameter of the server are sent to the equipment end, the mask data of the equipment sent by the equipment end is obtained;
s304, according to the equipment mask data, determining that the equipment end passes the authentication, and sending the equipment end authentication passing information of the equipment end to the equipment end.
As an optional embodiment, obtaining the server-side key parameter includes:
acquiring a server side excitation parameter and a server side response parameter of the server side, wherein the server side excitation parameter corresponds to the server side response parameter;
inputting the server side excitation parameters into a hash function of the server side to obtain a hash result of the server side excitation parameters;
and obtaining the server side key parameter according to the hash result of the server side excitation parameter and the server side response parameter.
As an optional embodiment, the determining that the device side passes the authentication according to the device mask data includes:
generating a device verification parameter of the device end according to the device mask data;
obtaining a second fuzzy Hamming distance according to the equipment verification parameter and the equipment key parameter;
and if the second fuzzy Hamming distance is not smaller than a second set distance threshold, determining that the equipment end passes the authentication, and sending equipment end authentication passing information of the equipment end to the equipment end.
As an optional embodiment, after sending the device side authentication pass information of the device side to the device side, deleting the server side excitation parameter and the server side response parameter from the database of the server side.
As an optional embodiment, after obtaining the server-side key parameter, the method further includes:
and obtaining a server verification key according to the server key parameter.
As an optional embodiment, the generating, according to the device mask data, a device verification parameter of the device side includes:
and obtaining the equipment verification parameters according to the equipment mask data and the server verification key.
As an optional embodiment, before obtaining the server-side key parameter of the server side, the device-side key parameter and the device number sent by the device side, the method further includes:
acquiring a registration signal sent by the equipment end;
after the registration signal is obtained, sending an excitation value set and an equipment code number of the equipment end to the equipment end so that the equipment end obtains a plurality of excitation response pairs according to the excitation value set, and storing the equipment code number into a database of the server end;
after a plurality of excitation parameters are sent to the equipment end, the plurality of excitation response pairs sent by the equipment end are obtained, and the plurality of excitation response pairs are stored.
Example four
Based on the same inventive concept, a fourth embodiment of the present invention further provides an authentication apparatus for an internet of things device, as shown in fig. 5, which is applied to a server, and the apparatus includes:
a first obtaining module 401, configured to obtain a server key parameter of a server, an equipment key parameter sent by an equipment, and an equipment number after establishing a connection with the equipment;
a determining module 402, configured to generate server mask data according to the device key parameter if the device number is consistent with the device code number of the device in the server database, and send the server mask data and the server key parameter to the device;
a second obtaining module 403, configured to obtain device mask data sent by the device side after sending the server mask data and the server key parameter to the device side;
a determining module 404, configured to determine that the device side passes the authentication according to the device mask data, and send device side authentication passing information of the device side to the device side.
As an optional embodiment, the first obtaining module 401 is configured to obtain the server-side key parameter, and includes:
acquiring a server excitation parameter and a server response parameter of the server, wherein the server excitation parameter corresponds to the server response parameter;
inputting the server side excitation parameters into a hash function of the server side to obtain a hash result of the server side excitation parameters;
and obtaining the server side key parameter according to the hash result of the server side excitation parameter and the server side response parameter.
As an optional embodiment, the determining that the device side passes the authentication according to the device mask data includes:
generating a device verification parameter of the device end according to the device mask data;
obtaining a second fuzzy Hamming distance according to the equipment verification parameter and the equipment key parameter;
and if the second fuzzy Hamming distance is not smaller than a second set distance threshold, determining that the equipment end passes the authentication, and sending equipment end authentication passing information of the equipment end to the equipment end.
As an alternative embodiment, the determining module 404 is configured to: and after the equipment end authentication passing information of the equipment end is sent to the equipment end, deleting the server end excitation parameter and the server end response parameter from the database of the server end.
As an optional embodiment, the first obtaining module 401 is configured to obtain the server-side verification key according to the server-side key parameter after obtaining the server-side key parameter.
As an optional embodiment, the determining module 402 is configured to generate the device verification parameter of the device end according to the device mask data, and includes:
and obtaining the equipment verification parameters according to the equipment mask data and the server verification key.
As an alternative embodiment, the first obtaining module 401 is configured to: before acquiring a server key parameter of the server, an equipment key parameter and an equipment number sent by the equipment, acquiring a registration signal sent by the equipment;
after the registration signal is obtained, sending an excitation value set and an equipment code number of the equipment end to the equipment end so that the equipment end obtains a plurality of excitation response pairs according to the excitation value set, and storing the equipment code number into a database of the server end;
after a plurality of excitation parameters are sent to the equipment end, the plurality of excitation response pairs sent by the equipment end are obtained, and the plurality of excitation response pairs are stored.
Since the authentication device of the internet of things device described in this embodiment is a device used for implementing the authentication method of the internet of things device described in the third embodiment of the present application, based on the authentication method of the internet of things device described in the third embodiment of the present application, a person skilled in the art can understand the specific implementation manner and various variations of the authentication device of the internet of things device described in this embodiment of the present application, and therefore, how to implement the method described in the third embodiment of the present application by the authentication device of the internet of things device is not described in detail here. As long as a person skilled in the art implements the apparatus used in the authentication method for the internet of things device in the third embodiment of the present application, the apparatus is within the scope of the present application.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. An authentication method for Internet of things equipment is applied to an equipment side, and the method comprises the following steps:
under the condition of establishing connection with a server, after receiving an authentication request of a user, acquiring an equipment key parameter and an equipment number of the equipment, and sending the equipment key parameter and the equipment number to the server, so that the server checks the equipment number, and generates server mask data according to the equipment key parameter;
acquiring the server mask data and the server key parameter sent by the server, and generating a server verification parameter of the server according to the server mask data;
determining that the server passes authentication according to the server key parameter and the server verification parameter;
and after the server is determined to pass the authentication, acquiring equipment authentication passing information sent by the server, and starting an application function corresponding to the authentication request.
2. The method of claim 1, wherein after determining that the server is authenticated, further comprising:
obtaining device mask data according to the server side key parameters, and sending the device mask data to the server side so that the server side authenticates the device side according to the device mask data;
and after the equipment mask data is sent to the server, acquiring equipment authentication passing information sent by the server, and starting the corresponding application function.
3. The method of claim 1, wherein the obtaining device key parameters for a device comprises:
acquiring equipment excitation parameters, inputting the equipment excitation parameters into a physical unclonable function of the equipment end to obtain equipment response parameters, and inputting the equipment excitation parameters into a hash function of the equipment end to obtain a hash result of the equipment excitation parameters;
and obtaining the equipment key parameter according to the hash result of the equipment response parameter and the equipment excitation parameter.
4. The method of claim 3, after obtaining the device key parameters, further comprising:
obtaining an equipment verification key according to the equipment key parameter;
the generating a server verification parameter of the server according to the server mask data includes:
and obtaining the server side verification parameters according to the server side mask data and the equipment verification key.
5. The method of claim 1, wherein the determining that the server is authenticated according to the server key parameter and the server verification parameter comprises:
obtaining a first fuzzy Hamming distance according to the server side key parameter and the server side verification parameter;
and if the first fuzzy Hamming distance is not smaller than a first set distance threshold, determining that the server passes the authentication, and outputting the information that the equipment end passes the authentication of the server.
6. The method of claim 1, prior to receiving the authentication request of the user, further comprising:
sending a registration signal to the server;
after the registration signal is sent, acquiring an excitation value set sent by the server and an equipment code number of the equipment, and storing the excitation value set and the equipment code number, wherein the equipment code number is consistent with the equipment number;
obtaining a response value corresponding to each excitation value and a plurality of excitation response pairs according to each excitation value in the excitation value set, wherein one excitation response pair comprises one excitation value and a response value corresponding to the excitation value;
and sending the plurality of excitation response pairs to the server so that the server stores the plurality of excitation response pairs.
7. The utility model provides an authentication device of thing networking equipment which characterized in that is applied to the equipment end, the device includes:
the system comprises an acquisition sending module, a receiving sending module and a processing module, wherein the acquisition sending module is used for acquiring the equipment key parameter and the equipment number of the equipment terminal after receiving an authentication request of a user under the condition of establishing connection with the server terminal, sending the equipment key parameter and the equipment number to the server terminal so as to enable the server terminal to check the equipment number, and generating mask data of the server terminal according to the equipment key parameter;
the acquisition generating module is used for acquiring the server mask data and the server key parameters sent by the server and generating the server verification parameters of the server according to the server mask data;
the authentication module is used for determining that the server passes the authentication according to the server key parameter and the server verification parameter;
and the control module is used for acquiring the equipment terminal authentication passing information sent by the server terminal after the server terminal is confirmed to pass the authentication, and starting the application function corresponding to the authentication request.
8. An authentication method for Internet of things equipment is applied to a server side, and the method comprises the following steps:
after establishing connection with an equipment end, acquiring a server-end key parameter of the server end, an equipment key parameter and an equipment number sent by the equipment end;
if the equipment number is consistent with the equipment code number of the equipment end in the server database, generating server mask data according to the equipment key parameter, and sending the server mask data and the server key parameter to the equipment end;
after the mask data of the server and the key parameter of the server are sent to the equipment end, the mask data of the equipment sent by the equipment end is obtained;
and determining that the equipment end passes the authentication according to the equipment mask data, and sending equipment end authentication passing information of the equipment end to the equipment end.
9. The method of claim 8, wherein the determining that the device side is authenticated according to the device mask data comprises:
generating a device verification parameter of the device end according to the device mask data;
obtaining a second fuzzy Hamming distance according to the equipment verification parameter and the equipment key parameter;
and if the second fuzzy Hamming distance is not smaller than a second set distance threshold, determining that the equipment end passes the authentication, and sending equipment end authentication passing information of the equipment end to the equipment end.
10. The utility model provides an authentication device of thing networking equipment which characterized in that is applied to the server side, the device includes:
the first acquisition module is used for acquiring a server side key parameter of a server side, an equipment key parameter sent by the equipment side and an equipment number after establishing connection with the equipment side;
the judging module is used for generating server mask data according to the equipment key parameter if the equipment number is consistent with the equipment code number of the equipment end in the server database, and sending the server mask data and the server key parameter to the equipment end;
the second obtaining module is used for obtaining the device mask data sent by the device side after the server side mask data and the server side key parameters are sent to the device side;
and the determining module is used for determining that the equipment end passes the authentication according to the equipment mask data and sending the equipment end authentication passing information of the equipment end to the equipment end.
CN202210926720.5A 2022-08-03 2022-08-03 Authentication method and device for Internet of things equipment Pending CN115277240A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210926720.5A CN115277240A (en) 2022-08-03 2022-08-03 Authentication method and device for Internet of things equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210926720.5A CN115277240A (en) 2022-08-03 2022-08-03 Authentication method and device for Internet of things equipment

Publications (1)

Publication Number Publication Date
CN115277240A true CN115277240A (en) 2022-11-01

Family

ID=83749465

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210926720.5A Pending CN115277240A (en) 2022-08-03 2022-08-03 Authentication method and device for Internet of things equipment

Country Status (1)

Country Link
CN (1) CN115277240A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019052532A1 (en) * 2017-09-18 2019-03-21 阿里巴巴集团控股有限公司 Information interaction method, apparatus and device for internet of things device
CN110545543A (en) * 2019-09-03 2019-12-06 南瑞集团有限公司 authentication method, device and system of wireless equipment
CN111740965A (en) * 2020-06-09 2020-10-02 河海大学常州校区 Internet of things equipment authentication method based on physical unclonable equation
US20200412556A1 (en) * 2019-06-28 2020-12-31 Electronics And Telecommunications Research Institute User device, physical-unclonable-function-based authentication server, and operating method thereof
CN113099443A (en) * 2019-12-23 2021-07-09 阿里巴巴集团控股有限公司 Equipment authentication method, device, equipment and system
CN113162768A (en) * 2021-02-24 2021-07-23 北京科技大学 Intelligent Internet of things equipment authentication method and system based on block chain
CN114039732A (en) * 2021-11-08 2022-02-11 中国人民解放军国防科技大学 Physical layer authentication method, system, equipment and computer readable storage medium
CN114157451A (en) * 2021-11-11 2022-03-08 广东石油化工学院 Internet of things equipment identity authentication method, device and system and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019052532A1 (en) * 2017-09-18 2019-03-21 阿里巴巴集团控股有限公司 Information interaction method, apparatus and device for internet of things device
US20200412556A1 (en) * 2019-06-28 2020-12-31 Electronics And Telecommunications Research Institute User device, physical-unclonable-function-based authentication server, and operating method thereof
CN110545543A (en) * 2019-09-03 2019-12-06 南瑞集团有限公司 authentication method, device and system of wireless equipment
CN113099443A (en) * 2019-12-23 2021-07-09 阿里巴巴集团控股有限公司 Equipment authentication method, device, equipment and system
CN111740965A (en) * 2020-06-09 2020-10-02 河海大学常州校区 Internet of things equipment authentication method based on physical unclonable equation
CN113162768A (en) * 2021-02-24 2021-07-23 北京科技大学 Intelligent Internet of things equipment authentication method and system based on block chain
CN114039732A (en) * 2021-11-08 2022-02-11 中国人民解放军国防科技大学 Physical layer authentication method, system, equipment and computer readable storage medium
CN114157451A (en) * 2021-11-11 2022-03-08 广东石油化工学院 Internet of things equipment identity authentication method, device and system and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘东慧;: "基于物联网的计算机网络安全分析", 计算机产品与流通, no. 07 *

Similar Documents

Publication Publication Date Title
CN106330850B (en) Security verification method based on biological characteristics, client and server
CN109729523B (en) Terminal networking authentication method and device
CN108199845B (en) Light-weight authentication device and authentication method based on PUF
US11063941B2 (en) Authentication system, authentication method, and program
US11228438B2 (en) Security device for providing security function for image, camera device including the same, and system on chip for controlling the camera device
US20100153731A1 (en) Lightweight Authentication Method, System, and Key Exchange Protocol For Low-Cost Electronic Devices
US8667283B2 (en) Soft message signing
US20100153719A1 (en) Lightweight Authentication Method and System for Low-Cost Devices Without Pseudorandom Number Generator
CN1934823A (en) Anonymous authentication method
CN111800377B (en) Mobile terminal identity authentication system based on safe multi-party calculation
CN112084234A (en) Data acquisition method, apparatus, device and medium
CN111131300A (en) Communication method, terminal and server
CN113726774A (en) Client login authentication method, system and computer equipment
CN110191467A (en) A kind of method for authenticating of internet of things equipment, unit and storage medium
CN110990814A (en) Trusted digital identity authentication method, system, equipment and medium
CN110460609B (en) Bidirectional authentication method and system for terminal application and security authentication platform
US11240661B2 (en) Secure simultaneous authentication of equals anti-clogging mechanism
CN115550002B (en) TEE-based intelligent home remote control method and related device
CN113595743B (en) Authorization token processing method and device
CN115277240A (en) Authentication method and device for Internet of things equipment
CN109150891B (en) Verification method and device and information security equipment
CN113395249A (en) Client login authentication method, system and computer equipment
CN109936522B (en) Equipment authentication method and equipment authentication system
CN110098915B (en) Authentication method and system, and terminal
CN108076460B (en) Method and terminal for authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination