CN116760628A - Local authentication method for Internet of things equipment - Google Patents
Local authentication method for Internet of things equipment Download PDFInfo
- Publication number
- CN116760628A CN116760628A CN202310900659.1A CN202310900659A CN116760628A CN 116760628 A CN116760628 A CN 116760628A CN 202310900659 A CN202310900659 A CN 202310900659A CN 116760628 A CN116760628 A CN 116760628A
- Authority
- CN
- China
- Prior art keywords
- internet
- things equipment
- things
- authentication
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000004891 communication Methods 0.000 claims abstract description 32
- 230000005540 biological transmission Effects 0.000 claims description 13
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000012795 verification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y30/00—IoT infrastructure
- G16Y30/10—Security thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a local authentication method for Internet of things equipment. The authentication method comprises the following steps: s1: the method comprises the steps that an Internet of things device in a local area network monitors a data request broadcast or multicast to the local area network by a user side, and verifies whether the data request is matched; s2: if yes, the internet of things equipment randomly acquires the authentication code, encrypts and acquires a first encryption code and unicasts the first encryption code to the user side; s3: the user end decrypts the first encryption code to obtain an authentication code, encrypts the authentication code to obtain a second encryption code, and unicasts the second encryption code to the corresponding Internet of things equipment; s4: the internet of things device decrypts the second encryption code to obtain an authentication code and checks the authentication code; after checking, generating a passing result, and encrypting and unicasting to a user side; s5: and after receiving the passing result, the user terminal judges that the local authentication passes. The technical problem that the communication is unsafe when the secret key is leaked in the authentication mode of local communication in the prior art is solved.
Description
Technical Field
The invention relates to the technical field of local communication of Internet of things equipment, in particular to a local authentication method of Internet of things equipment.
Background
At present, the Internet of things has more and more devices and more abundant types, and the Internet of things has been integrated into the life of the masses; the communication mode of the Internet of things equipment comprises remote communication and local communication.
The local communication refers to communication between the Internet of things equipment and the user side under the same local area network; in the prior art, local communication is directly performed in a symmetric encryption mode, mutual authentication is performed through a secret key, and the disadvantage is that when the secret key is leaked, communication information between the internet of things equipment and the user side is leaked.
As is clear from this, in the prior art, the authentication method of local communication causes communication to be unsafe when the key leaks.
Disclosure of Invention
Aiming at the defects existing in the prior art, the invention provides a local authentication method of Internet of things equipment, which solves the technical problem that the communication is unsafe when a secret key is leaked in an authentication mode of local communication existing in the prior art.
The invention relates to a local authentication method of Internet of things equipment, which comprises the following steps:
s1: the method comprises the steps that an Internet of things device in a local area network monitors a data request broadcast or multicast to the local area network by a user side, and verifies whether the data request is matched;
s2: if yes, the internet of things equipment randomly acquires the authentication code, encrypts and acquires a first encryption code and unicasts the first encryption code to the user side;
s3: the user end decrypts the first encryption code to obtain an authentication code, encrypts the authentication code to obtain a second encryption code, and unicasts the second encryption code to the corresponding Internet of things equipment;
s4: the internet of things device decrypts the second encryption code to obtain an authentication code and checks the authentication code; after checking, generating a passing result, and encrypting and unicasting to a user side;
s5: and after receiving the passing result, the user terminal judges that the local authentication passes.
Further, when the user side and the internet of things device perform unicast, multicast and broadcast data, the data are marked with time stamps.
Further, the user terminal encrypts the data request before broadcasting or multicasting the data request, wherein the data request comprises a first character string; the internet of things device verifies whether the data requests match, including:
when the internet of things equipment successfully decrypts the data request, the first character string is legal, and the time stamp in the data request is legal;
and the Internet of things equipment judges that the data requests are matched.
Further, the internet of things equipment randomly acquires the authentication code to encrypt to acquire a first encryption code and unicast the first encryption code to the user terminal:
the internet of things equipment generates a random number, and a second character string is spliced to generate an authentication code;
and after the authentication code is encrypted, unicast to the user terminal, and wait for receiving a second encryption code fed back by the user terminal within a preset time period.
Further, the method further comprises the steps that after the user side judges that the authentication of the Internet of things equipment is passed, a communication interface is opened, and the interface number is unicast to the corresponding Internet of things equipment;
the internet of things equipment is connected with a communication interface of the user side according to the interface number to carry out interface transmission, and the user side and the internet of things equipment mark time stamps on data transmitted by the interface each time.
Further, before encrypting the authentication code to obtain the second encryption code, the user terminal further comprises adjusting the random number in the authentication code according to a preset rule.
Further, when the data requests are verified to be unmatched by the Internet of things equipment, discarding the current data requests by the Internet of things terminal equipment, and continuing to monitor the data requests sent by the user end subsequently;
and discarding the data request subsequently sent by the user terminal after the internet of things equipment verifies that the data requests are matched.
Further, the authentication method further includes: the user side circularly encrypts a third character string which can be identified by the timestamp and sends the third character string to the Internet of things equipment; the Internet of things equipment checks a third character string circularly sent by the user side; if the current time stamp is larger than the previous time stamp, judging that the current interface transmission is legal, and continuing to carry out the interface transmission; and disconnecting the Internet of things equipment from the user side.
Further, the user side and the internet of things device are opposite ends, and after the user side or the internet of things device sends data to the opposite side, the reply of the opposite end in the corresponding preset time is waiting;
if the opposite end of the user end or the Internet of things equipment returns to the timeout, the step S1 is directly returned.
Further, when the internet of things equipment is connected to the local area network, the UDP broadcast/multicast monitoring is started to acquire the data request of the user.
Compared with the prior art, the invention has the following beneficial effects:
according to the method, the security of communication between the user side and the Internet of things equipment is improved by setting the step of mutual authentication before the Internet of things equipment and the user side formally communicate; the user side sends a data request to the Internet of things equipment in the same local area network in a broadcast and multicast mode, so that the traffic load of the user side is lower; when the internet of things equipment identifies that the verification data requests are matched and replies the first encryption code, the user side and the internet of things equipment communicate in a unicast mode in the local area network; the communication between the user terminal and the equipment of the Internet of things is more accurate, and other equipment of the Internet of things is not affected. And carrying out data transmission in a communication interface mode only after the local authentication of the user side and the Internet of things equipment is passed. The method solves the technical problem that the communication is unsafe when the secret key is leaked in the authentication mode of local communication in the prior art.
Drawings
Fig. 1 is a method step diagram of an embodiment of the present invention.
Detailed Description
The technical scheme of the invention is further described below with reference to the accompanying drawings and examples.
As shown in fig. 1, a local authentication method for an internet of things device, the authentication method includes:
s1: the method comprises the steps that an Internet of things device in a local area network monitors a data request broadcast or multicast to the local area network by a user side, and verifies whether the data request is matched;
when the Internet of things equipment is connected to the local area network, UDP broadcast/multicast monitoring is started to acquire a data request of a user. When the user side needs to communicate with the Internet of things equipment and acquire data, a data request is generated and broadcast or multicast to the local area network, and the Internet of things equipment in the local area network verifies whether the data request is matched. The user side comprises an APP in the smart phone, an APP in the tablet personal computer and software in other PC sides.
S2: if yes, the internet of things equipment randomly acquires the authentication code, encrypts and acquires a first encryption code and unicasts the first encryption code to the user side;
when the data requests are verified to be unmatched by the Internet of things equipment, the current data requests are directly discarded by the Internet of things equipment, and the data requests which are subsequently issued by the user side are continuously waited;
when the internet of things equipment encrypts the authentication code, each internet of things equipment encrypts the authentication code according to a preset encryption rule, and a key corresponding to the encryption rule of each internet of things equipment is stored in a user side.
S3: the user end decrypts the first encryption code to obtain an authentication code, encrypts the authentication code to obtain a second encryption code, and unicasts the second encryption code to the corresponding Internet of things equipment;
after the user side obtains the first encryption code, the internet of things equipment of the opposite side is confirmed, so that the second encryption code is obtained by encrypting the authentication code according to the same preset rule, and the second encryption code is directly unicast to the internet of things equipment, but not multicast or broadcast to the local area network.
S4: the internet of things device decrypts the second encryption code to obtain an authentication code and checks the authentication code; after checking, generating a passing result, and encrypting and unicasting to a user side;
s5: and after receiving the passing result, the user terminal judges that the local authentication passes.
After the user judges that the authentication of the Internet of things equipment is passed, a communication interface is opened and the interface number is unicast to the corresponding Internet of things equipment;
the internet of things equipment is connected with a communication interface of the user side according to the interface number to carry out interface transmission, and the user side and the internet of things equipment mark time stamps on data transmitted by the interface each time.
The implementation process of the embodiment comprises the following steps:
in the embodiment, the security of communication between the user side and the Internet of things equipment is increased by setting a mutual authentication step before the Internet of things equipment and the user side formally communicate; the user side sends a data request to the Internet of things equipment in the same local area network in a broadcast and multicast mode, so that the traffic load of the user side is lower; when the internet of things equipment identifies that the verification data requests are matched and replies the first encryption code, the user side and the internet of things equipment communicate in a unicast mode in the local area network; the communication between the user terminal and the equipment of the Internet of things is more accurate, and other equipment of the Internet of things is not affected. And carrying out data transmission in a communication interface mode only after the local authentication of the user side and the Internet of things equipment passes. The method solves the technical problem that the communication is unsafe when the secret key is leaked in the authentication mode of local communication in the prior art.
In this embodiment, when the user side and the internet of things device perform unicast, multicast and broadcast data, the data are marked with time stamps.
The present embodiment finds that. The user terminal encrypts a data request before broadcasting or multicasting the data request, wherein the data request comprises a first character string; the internet of things device verifies whether the data requests match, including:
when the internet of things equipment successfully decrypts the data request, the first character string is legal, and the time stamp in the data request is legal; and the Internet of things equipment judges that the data requests are matched.
After the internet of things equipment monitors the data request, firstly decrypting the data request, and judging that the data request is not matched immediately when the decryption is failed because the key corresponding to each internet of things equipment is different, if the internet of things equipment is not the target internet of things equipment of the user side, the decryption is failed;
then, the first character string in the data request is verified, for example, in the embodiment, the format of the character string is { "cmd": "DeviceSearch", "protocol": "V1.0.0", "source": "App", "timestamp":1687155836311}; when the character string is illegal, judging that the data request is not matched;
finally, verifying the validity of the time stamp of the data request, wherein each Internet of things device stores an initial time stamp, and judging that the time stamp is legal when the time stamp of the data request is larger than the initial time stamp; when the time stamp of the data request is not greater than the initial time stamp, judging that the time stamp is illegal. When the time stamp is illegal, the data request is judged to be unmatched.
When the data requests are verified to be unmatched by the Internet of things equipment, discarding the current data requests by the Internet of things terminal equipment, and continuing to monitor the data requests sent by the user end subsequently;
and discarding the data request subsequently sent by the user terminal after the internet of things equipment verifies that the data requests are matched.
In this embodiment, the internet of things device randomly acquires the authentication code, encrypts and acquires the first encryption code, and unicasts the first encryption code to the user terminal:
the internet of things equipment generates a random number, and a second character string is spliced to generate an authentication code; the authentication code includes an identifiable json string; for example, in this embodiment, an authentication code is { "cmd": "random check", "number":458436989};
and after the authentication code is encrypted, unicast to the user terminal, and wait for receiving a second encryption code fed back by the user terminal within a preset time period. The preset time period in this embodiment includes 3 seconds.
In another embodiment of the present invention, the user terminal further includes adjusting the random number in the authentication code according to a preset rule before encrypting the authentication code to obtain the second encryption code.
In this embodiment, the preset rule includes; the random number in the authentication code is added by 1, i.e., { "cmd": "random response", "number":458436990}.
After receiving the second encryption code, the internet of things device decrypts the second encryption code and identifies whether the random number is adjusted according to a preset rule; if yes, checking passing and generating a passing result; if not, immediately returning to the step S1.
In another embodiment of the present invention, the authentication method further includes: the user side circularly encrypts a third character string which can be identified by the timestamp and sends the third character string to the Internet of things equipment; the Internet of things equipment checks a third character string circularly sent by the user side; if the current time stamp is larger than the previous time stamp, judging that the current interface transmission is legal, and continuing to carry out the interface transmission; and disconnecting the Internet of things equipment from the user side.
The implementation process of the embodiment comprises the following steps:
in this embodiment, the user records a timestamp of each communication time, and then circularly sends the timestamp to the internet of things device according to a third character string formed by the timestamp, and the internet of things device judges whether the current interface transmission is legal or not according to the timestamp of the third character string; if not, judging that the current interface transmission is illegal, disconnecting the communication interface by the Internet of things equipment, and returning to the step S1.
In another embodiment of the present invention, the user terminal and the internet of things device are opposite terminals, and after the user terminal or the internet of things device sends data to the other party, the reply of the opposite terminal within a corresponding preset time is waiting;
if the opposite end of the user end or the Internet of things equipment returns to the timeout, the step S1 is directly returned.
The implementation process of the embodiment comprises the following steps:
after the user terminal or the Internet of things equipment sends data to the opposite terminal each time, waiting for the reply of the opposite terminal within the corresponding preset time, and once overtime, directly returning to the step S1 to carry out local authentication again; flood attack is effectively avoided.
Finally, it is noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made thereto without departing from the spirit and scope of the technical solution of the present invention, which is intended to be covered by the scope of the claims of the present invention.
Claims (10)
1. The local authentication method for the Internet of things equipment is characterized by comprising the following steps of: the authentication method comprises the following steps:
s1: the method comprises the steps that an Internet of things device in a local area network monitors a data request broadcast or multicast to the local area network by a user side, and verifies whether the data request is matched;
s2: if yes, the internet of things equipment randomly acquires the authentication code, encrypts and acquires a first encryption code and unicasts the first encryption code to the user side;
s3: the user end decrypts the first encryption code to obtain an authentication code, encrypts the authentication code to obtain a second encryption code, and unicasts the second encryption code to the corresponding Internet of things equipment;
s4: the internet of things device decrypts the second encryption code to obtain an authentication code and checks the authentication code; after checking, generating a passing result, and encrypting and unicasting to a user side;
s5: and after receiving the passing result, the user terminal judges that the local authentication passes.
2. The method for locally authenticating the internet of things device according to claim 1, wherein the method comprises the following steps: when the user side and the Internet of things device perform unicast, multicast and broadcast data, the data are marked with time stamps.
3. The method for locally authenticating the internet of things device according to claim 2, wherein: the user terminal encrypts a data request before broadcasting or multicasting the data request, wherein the data request comprises a first character string; the internet of things device verifies whether the data requests match, including:
when the internet of things equipment successfully decrypts the data request, the first character string is legal, and the time stamp in the data request is legal;
and the Internet of things equipment judges that the data requests are matched.
4. The method for locally authenticating an internet of things device according to claim 3, wherein: the internet of things equipment randomly acquires an authentication code to encrypt to acquire a first encryption code and unicast the first encryption code to a user:
the internet of things equipment generates a random number, and a second character string is spliced to generate an authentication code;
and after the authentication code is encrypted, unicast to the user terminal, and wait for receiving a second encryption code fed back by the user terminal within a preset time period.
5. The method for locally authenticating the internet of things device according to claim 4, wherein: the method further comprises the steps that after the user side judges that the authentication of the Internet of things equipment is passed, a communication interface is opened, and the interface number is unicast to the corresponding Internet of things equipment;
the internet of things equipment is connected with a communication interface of the user side according to the interface number to carry out interface transmission, and the user side and the internet of things equipment mark time stamps on data transmitted by the interface each time.
6. The method for locally authenticating the internet of things device according to claim 4, wherein: before encrypting the authentication code to obtain the second encryption code, the user also comprises adjusting the random number in the authentication code according to a preset rule.
7. The method for locally authenticating an internet of things device according to claim 3, wherein: when the data requests are verified to be unmatched by the Internet of things equipment, discarding the current data requests by the Internet of things terminal equipment, and continuing to monitor the data requests sent by the user end subsequently;
and discarding the data request subsequently sent by the user terminal after the internet of things equipment verifies that the data requests are matched.
8. The method for locally authenticating the internet of things device according to claim 5, wherein: the authentication method further comprises the steps of: the user side circularly encrypts a third character string which can be identified by the timestamp and sends the third character string to the Internet of things equipment; the Internet of things equipment checks a third character string circularly sent by the user side; if the current time stamp is larger than the previous time stamp, judging that the current interface transmission is legal, and continuing to carry out the interface transmission; and disconnecting the Internet of things equipment from the user side.
9. The method for locally authenticating the internet of things device according to claim 5, wherein: the user end and the Internet of things equipment are opposite ends, and after the user end or the Internet of things equipment sends data to the opposite end, the reply of the opposite end within the corresponding preset time is waiting;
if the opposite end of the user end or the Internet of things equipment returns to the timeout, the step S1 is directly returned.
10. The method for locally authenticating the internet of things device according to claim 1, wherein the method comprises the following steps: when the Internet of things equipment is connected to the local area network, UDP broadcast/multicast monitoring is started to acquire a data request of a user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310900659.1A CN116760628A (en) | 2023-07-21 | 2023-07-21 | Local authentication method for Internet of things equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310900659.1A CN116760628A (en) | 2023-07-21 | 2023-07-21 | Local authentication method for Internet of things equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116760628A true CN116760628A (en) | 2023-09-15 |
Family
ID=87959133
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310900659.1A Pending CN116760628A (en) | 2023-07-21 | 2023-07-21 | Local authentication method for Internet of things equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116760628A (en) |
-
2023
- 2023-07-21 CN CN202310900659.1A patent/CN116760628A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8214649B2 (en) | System and method for secure communications between at least one user device and a network entity | |
| US7020778B1 (en) | Method for issuing an electronic identity | |
| RU2406251C2 (en) | Method and device for establishing security association | |
| JP5345675B2 (en) | Network helper for authentication between token and verifier | |
| JP4689815B2 (en) | Data authentication method, message transmission method, and distributed system | |
| CN111030814B (en) | Secret key negotiation method and device | |
| WO2022021992A1 (en) | Data transmission method and system based on nb-iot communication, and medium | |
| US20090144541A1 (en) | Method and apparatus of mutual authentication and key distribution for downloadable conditional access system in digital cable broadcasting network | |
| CN1234662A (en) | Enciphered ignition treatment method and apparatus thereof | |
| WO2008043292A1 (en) | An authentication method, device and system for multicast and broadcast service | |
| CN111884811B (en) | Block chain-based data evidence storing method and data evidence storing platform | |
| CN113612605A (en) | Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology | |
| CN112637136A (en) | Encrypted communication method and system | |
| CN107517194B (en) | Return source authentication method and device of content distribution network | |
| CN113079022B (en) | Secure transmission method and system based on SM2 key negotiation mechanism | |
| KR20110083886A (en) | Apparatus and method for other portable terminal authentication in portable terminal | |
| CN114362946B (en) | Key agreement method and system | |
| CN114390524B (en) | Method and device for realizing one-key login service | |
| CN114826659A (en) | Encryption communication method and system | |
| US20240106633A1 (en) | Account opening methods, systems, and apparatuses | |
| CN114650173A (en) | Encryption communication method and system | |
| CN110611679A (en) | Data transmission method, device, equipment and system | |
| CN114928503B (en) | Method for realizing secure channel and data transmission method | |
| CN116760628A (en) | Local authentication method for Internet of things equipment | |
| JP2023512096A (en) | Secure communication between device and remote server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |