CN117040825A - Authentication method of Internet of things equipment and storage medium - Google Patents
Authentication method of Internet of things equipment and storage medium Download PDFInfo
- Publication number
- CN117040825A CN117040825A CN202310974134.2A CN202310974134A CN117040825A CN 117040825 A CN117040825 A CN 117040825A CN 202310974134 A CN202310974134 A CN 202310974134A CN 117040825 A CN117040825 A CN 117040825A
- Authority
- CN
- China
- Prior art keywords
- verification
- internet
- information
- equipment
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 85
- 238000012795 verification Methods 0.000 claims abstract description 341
- 238000004364 calculation method Methods 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 5
- 230000006854 communication Effects 0.000 abstract description 15
- 238000004891 communication Methods 0.000 abstract description 14
- 230000008569 process Effects 0.000 description 25
- 230000006870 function Effects 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 10
- 238000012545 processing Methods 0.000 description 7
- 238000013473 artificial intelligence Methods 0.000 description 5
- 238000004422 calculation algorithm Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003058 natural language processing Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000000053 physical method Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The embodiment of the application provides an authentication method and a storage medium of Internet of things equipment, and belongs to the technical field of Internet of things. The method comprises the following steps: registering with a server to obtain equipment verification number information; transmitting the equipment verification number information and the first encrypted data to a server to perform identity verification on the Internet of things equipment to obtain first equipment identity verification information; if the first equipment identity verification information is successful in verification, receiving first verification data fed back by a server; carrying out identity verification on the server according to the first verification data to obtain server identity verification information; if the server authentication information is successful in authentication, sending second authentication data to the server to perform authentication on the Internet of things equipment to obtain second equipment authentication information; if the second equipment identity authentication information is successful in authentication, the second equipment identity authentication information and the server share a secret key. According to the embodiment of the application, the cost of the authentication of the equipment of the Internet of things can be reduced, and the safety of the communication of the equipment of the Internet of things can be improved.
Description
Technical Field
The application relates to the technical field of the internet of things, in particular to an authentication method and a storage medium of internet of things equipment.
Background
As people live more and more intelligently, various internet of things devices are presented. Before the internet of things equipment communicates, the internet of things equipment needs to be authenticated, so that the safety of the internet of things equipment in the communication process is improved. In the related art, the secure communication channel method of the internet of things device often requires that the internet of things device stores a digital certificate so as to complete identity authentication through the digital certificate. The digital certificate is issued by a CA organization, and payment is required every year, so that the authentication cost of the Internet of things equipment is increased. Moreover, with the increase of the internet of things devices, if each internet of things device needs to install a digital certificate, a great deal of expenditure is brought. Therefore, how to reduce the cost of the identity authentication of the internet of things equipment and make the operation of the internet of things equipment authentication simple becomes a technical problem to be solved urgently.
Disclosure of Invention
The embodiment of the application mainly aims to provide an authentication method and a storage medium of internet of things equipment, aiming at reducing the cost of internet of things equipment authentication and enabling the internet of things equipment authentication to be simpler.
To achieve the above object, a first aspect of an embodiment of the present application provides an authentication method of an internet of things device, which is applied to the internet of things device, and the method includes:
Registering with a server to obtain equipment verification number information;
the equipment verification number information and preset first encryption data are sent to the server, so that the server performs identity verification on the Internet of things equipment according to the first encryption data and the equipment verification number information to obtain first equipment identity verification information;
if the first equipment identity verification information is successful in verification, first verification data fed back by the server are received;
carrying out identity verification on the server according to the first verification data to obtain server identity verification information;
if the server identity authentication information is successful in authentication, generating and sending second authentication data to the server so that the server performs identity authentication on the Internet of things equipment according to the second authentication data to obtain second equipment identity authentication information;
and if the second equipment identity authentication information is successful in authentication, sharing a secret key with the server.
In some embodiments, the first encrypted data is a first random number; the first authentication data includes: a second random number and first hash data; the step of performing authentication on the server according to the first authentication data to obtain server authentication information includes:
Carrying out hash value calculation according to the first random number and the second random number to obtain second hash data;
and comparing the first hash data with the second hash data to obtain the server identity authentication information.
In some embodiments, the registering with the server to obtain the device authentication number information includes:
sending a registration request to the server so that the server generates candidate verification number information according to the registration request;
receiving the candidate verification number information sent by the server, generating a third random number, a fifth random number and a sixth random number, and generating a fourth random number according to the third random number and the fifth random number;
encrypting the fifth random number, the sixth random number and the candidate verification number information according to a preset public key to obtain third encrypted data;
the third encrypted data is sent to the server, so that the server performs identity verification on the Internet of things equipment according to the third encrypted data to obtain first registration verification information;
if the first registration verification information is successful in verification, receiving an eighth random number and fifth hash data sent by the server;
Verifying the server according to the eighth random number and the fifth hash data to obtain second registration verification information;
and if the second registration verification information is successful in verification, the candidate verification number information is used as the equipment verification number information.
In some embodiments, the verifying the server according to the eighth random number and the fifth hash data to obtain second registration verification information includes:
carrying out hash value calculation according to the eighth random number and the sixth random number to obtain sixth hash data;
and comparing the fifth hash data with the sixth hash data to obtain the second registration verification information.
To achieve the above object, a second aspect of an embodiment of the present application provides an authentication method of an internet of things device, applied to a server, where the method includes:
registering the Internet of things equipment to generate equipment verification number information, and sending the equipment verification number information to the Internet of things equipment;
receiving equipment verification number information and first encryption data sent by the Internet of things equipment, carrying out identity verification on the Internet of things equipment according to the equipment verification number information and the first encryption data to obtain first equipment identity verification information, and generating first verification data;
If the first equipment identity authentication information is successful in authentication, the first authentication data is sent to the Internet of things equipment, so that the Internet of things equipment authenticates the server according to the first authentication data to obtain server identity authentication information;
if the server identity verification information is successful in verification, receiving second verification data sent by the Internet of things equipment;
performing identity verification on the Internet of things equipment according to the second verification data to obtain second equipment identity verification information;
and if the second equipment identity verification information is successful in verification, sharing a secret key with the Internet of things equipment.
In some embodiments, the first authentication data comprises: a second random number and first hash data; the receiving the equipment verification number information and the first encrypted data sent by the internet of things equipment, and performing identity verification on the internet of things equipment according to the equipment verification number information and the first encrypted data to obtain first equipment identity verification information, and generating first verification data, including:
decrypting the first encrypted data according to a preset private key to obtain a first random number and equipment number information to be verified
Comparing the equipment to-be-tested number information with the equipment verification number information to obtain the first equipment identity verification information;
and randomly generating a second random number, and calculating a hash value according to the first random number and the second random number to obtain the first hash data.
In some embodiments, the second verification data is third hash data; the third hash data is obtained by randomly generating a third random number by the Internet of things equipment, generating a fifth random number according to the third random number and a fourth random number which is generated in advance, and carrying out hash value calculation according to the fifth random number and the second random number; the step of performing authentication on the internet of things device according to the second authentication data to obtain second device authentication information includes:
carrying out hash value calculation according to the fifth random number and the second random number which are received in advance to obtain fourth hash data;
and comparing the third hash data with the fourth hash data to obtain the second equipment identity verification information.
In some embodiments, the registering the internet of things device to generate device authentication number information and sending the device authentication number information to the internet of things device includes:
Receiving a registration request sent by the Internet of things equipment, and generating candidate verification number information according to the registration request;
sending the candidate verification number information to the internet of things equipment and receiving third encrypted data;
decrypting the third encrypted data according to a preset private key to obtain a fifth random number, a sixth random number and candidate to-be-tested number information;
comparing the candidate number information to be tested with the candidate verification number information to obtain third verification information;
if the third verification information is successful in verification, generating a seventh random number, and performing hash value calculation according to the seventh random number and the sixth random number to obtain fifth hash data;
transmitting the fifth hash data and the seventh random number to the internet of things equipment, so that the internet of things equipment calculates hash values according to the seventh random number and the sixth random number to obtain sixth hash data, and comparing the fifth hash data with the sixth hash data to obtain registration verification information;
and if the registration verification information is successful in verification, the candidate verification number information is used as the equipment verification number information, and the equipment verification number information is sent to the Internet of things equipment.
To achieve the above object, a third aspect of the embodiments of the present application provides an authentication method for an internet of things device, where the method includes:
the Internet of things equipment registers with a server to acquire equipment verification number information;
the internet of things device sends the device verification number information and preset first encryption data to the server, and the server performs identity verification on the internet of things device according to the first encryption data to obtain first device identity verification information;
if the first equipment identity verification information is verification success, the server generates and sends first verification data to the Internet of things equipment;
the internet of things device performs identity verification on the server according to the first verification data to obtain server identity verification information;
if the server identity authentication information is successful in authentication, generating and sending second authentication data to the server;
the server performs identity verification on the Internet of things equipment according to the second verification data to obtain second equipment identity verification information;
and if the second equipment identity verification information is successful in verification, the Internet of things equipment and the server share a secret key.
To achieve the above object, a fourth aspect of the embodiments of the present application proposes a computer-readable storage medium storing a computer program which, when executed by a processor, implements the method of the first aspect, or the second aspect, or the third aspect.
According to the authentication method and the storage medium for the Internet of things equipment, equipment verification number information is obtained through the registration of the Internet of things equipment and the server, and mutual verification is performed between the Internet of things equipment and the server so as to share secret keys with each other between successful verification. Therefore, the key can be shared after the identity of the Internet of things equipment and the server are automatically authenticated, so that the Internet of things equipment of the server can be safely communicated, the authentication operation between the Internet of things equipment is simple, and the cost is saved without setting a digital certificate.
Drawings
Fig. 1 is a flowchart of an authentication method of an internet of things device according to an embodiment of the present application;
fig. 2 is a flowchart of step S101 in fig. 1;
fig. 3 is a flowchart of step S206 in fig. 2;
fig. 4 is a flowchart of step S104 in fig. 1;
fig. 5 is a flowchart of an authentication method of an internet of things device according to an embodiment of the present application;
Fig. 6 is a flowchart of step S501 in fig. 5;
fig. 7 is a flowchart of step S502 in fig. 5;
fig. 8 is a flowchart of step S505 in fig. 5;
fig. 9 is a flowchart of an authentication method of an internet of things device according to an embodiment of the present application;
fig. 10 is a detailed flowchart of registration of an internet of things device in the authentication method of the internet of things device provided by the embodiment of the present application;
fig. 11 is a detailed flowchart of authentication and key sharing of an internet of things device and a server in the authentication method of the internet of things device provided by the embodiment of the application;
fig. 12 is a block diagram of an internet of things device according to an embodiment of the present application;
fig. 13 is a block diagram of a server according to an embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
It should be noted that although functional block division is performed in a device diagram and a logic sequence is shown in a flowchart, in some cases, the steps shown or described may be performed in a different order than the block division in the device, or in the flowchart. The terms first, second and the like in the description and in the claims and in the above-described figures, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of the application only and is not intended to be limiting of the application.
First, several nouns involved in the present application are parsed:
public key encryption: public key encryption algorithms are another type of encryption algorithm, and the encryption process of public key encryption uses a different key than the decryption process, where the encryption key is generally public, and thus the key is called public key. Its encryption and decryption algorithms are generally denoted (Enc, dec), respectively; let the key pair be (pk, sk), where pk is the public key used in encryption and sk is the private key used in decryption; the process of encrypting the message m using pk to obtain ciphertext c is denoted as c≡enc (pk, m); the process of decrypting ciphertext c using sk to obtain message m is denoted as m++Dec (sk, c).
Cryptographic hash function: for calculating the hash value in the scheme, we note it as h and assume that the output of h is l bits.
Physical Unclonable Function (PUF): is a hardware security technique in which a physical unclonable function utilizes inherent device changes to produce an unclonable unique device response to a given input. In short, the PUF of each device generates the same one random value each time.
True Random Number Generator (TRNG): the random number generator generates a random number of a fixed length each time. The True Random Number Generator (TRNG) refers to a random number generator implemented using a physical method.
Establishing a secure communication channel between authenticated internet of things devices is critical in internet of things applications. If two internet of things devices are able to authenticate each other and share a random session key, a secure communication channel is easily established between the two internet of things devices.
In the related art, the communication method of the internet of things device often requires that the internet of things device stores a digital certificate. Digital certificates, however, require annual payment by CA authorities, each of which is expensive. With the increase of the devices of the internet of things, digital certificates are required to be correspondingly increased, so that a great deal of expenditure is required for the system of the internet of things.
Based on the above, the embodiment of the application provides an authentication method and a storage medium of an internet of things device, aiming at obtaining device verification number information through registration of the internet of things device and a server, so that the internet of things device and the server can mutually verify according to the device verification number information, and secret keys can be shared between the successful verification. Therefore, the key can be shared after the identity of the Internet of things equipment and the server can be automatically authenticated, so that the Internet of things equipment connected through one server can be safely communicated, the authentication operation between the Internet of things equipment is simple, a digital certificate is not required to be set, and the cost is saved.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Among these, artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend and extend human intelligence, sense the environment, acquire knowledge and use knowledge to obtain optimal results.
Artificial intelligence infrastructure technologies generally include technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a robot technology, a biological recognition technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and other directions.
The embodiment of the application provides an authentication method of Internet of things equipment, and relates to the technical field of Internet of things. The authentication method of the Internet of things equipment provided by the embodiment of the application can be applied to the terminal, can be applied to the server side, and can also be software running in the terminal or the server side. In some embodiments, the terminal may be a smart phone, tablet, notebook, desktop, etc.; the server side can be configured as an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, and a cloud server for providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, basic cloud computing services such as big data and artificial intelligent platforms and the like; the software may be an application or the like that implements an authentication method of the internet of things device, but is not limited to the above form.
The application is operational with numerous general purpose or special purpose computer system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like. The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
It should be noted that, in each specific embodiment of the present application, when related processing is required according to user information, user behavior data, user history data, user location information, and other data related to user identity or characteristics, permission or consent of the user is obtained first, and the collection, use, processing, and the like of the data comply with related laws and regulations and standards. In addition, when the embodiment of the application needs to acquire the sensitive personal information of the user, the independent permission or independent consent of the user is acquired through popup or jump to a confirmation page and the like, and after the independent permission or independent consent of the user is definitely acquired, the necessary relevant data of the user for enabling the embodiment of the application to normally operate is acquired.
Fig. 1 is an optional flowchart of an authentication method of an internet of things device provided by an embodiment of the present application, and the authentication method of the internet of things device in fig. 1 is applied to the internet of things device. The method in fig. 1 may include, but is not limited to including, step S101 to step S106.
Step S101, registering with a server to obtain equipment verification number information;
step S102, equipment verification number information and preset first encryption data are sent to a server, so that the server performs identity verification on the Internet of things equipment according to the first encryption data and the equipment verification number information to obtain first equipment identity verification information;
step S103, if the first equipment identity verification information is successful in verification, receiving first verification data fed back by a server;
step S104, carrying out identity verification on the server according to the first verification data to obtain server identity verification information;
step S105, if the server authentication information is successful in authentication, generating and sending second authentication data to the server so that the server performs authentication on the Internet of things equipment according to the second authentication data to obtain second equipment authentication information;
step S106, if the second equipment identity authentication information is successful, the second equipment identity authentication information and the server share the secret key.
In steps S101 to S106 shown in the embodiment of the present application, the internet of things device registers with the server to obtain the device authentication number information, and then sends the first encrypted data and the device authentication number to the server, so that the server performs identity authentication on the internet of things device according to the first encrypted data and the device authentication number information to obtain the first device identity authentication information. If the first equipment identity verification information is successful in verification, the internet of things equipment receives first verification data fed back by the server, and the first verification data is used as reference data for verification of the server by the internet of things equipment. And the internet of things equipment performs identity verification on the server according to the first verification data to obtain server identity verification information. If the server authentication information is successful in authentication, the Internet of things equipment generates second authentication data and sends the second authentication data to the server, so that the server performs authentication on the Internet of things equipment according to the second authentication data to obtain second equipment authentication information. And if the second equipment identity authentication information is successful in authentication, the secret key is shared between the Internet of things equipment and the server. Therefore, the key is shared after the identity authentication is automatically carried out between the Internet of things equipment and the server, and the digital certificate is not required to be set on each Internet of things equipment for carrying out the identity authentication, so that the cost of the Internet of things equipment authentication is reduced, and the Internet of things equipment authentication operation is simpler.
Referring to fig. 2, in some embodiments, step S101 may include, but is not limited to, steps S201 to S206:
step S201, a registration request is sent to a server, so that the server generates candidate verification number information according to the registration request;
step S202, receiving candidate verification number information sent by a server, generating a third random number, a fifth random number and a sixth random number, and generating a fourth random number according to the third random number and the fifth random number;
step S203, the fifth random number, the sixth random number and the candidate verification number information are encrypted according to a preset public key to obtain third encrypted data;
step S204, the third encrypted data is sent to the server, so that the server performs identity verification on the Internet of things equipment according to the third encrypted data to obtain first registration verification information;
step S205, if the first registration verification information is successful in verification, receiving an eighth random number and fifth hash data sent by a server;
step S206, verifying the server according to the eighth random number and the fifth hash data to obtain second registration verification information;
step S207, if the second registration verification information is successful verification, the candidate verification number information is used as the device verification number information.
In step S201 of some embodiments, the registration request is a request that the internet of things device needs to register with the server, and the registration request includes at least a unique identifier, where the unique identifier is used to indicate a network card address, and the network card address is an address of the server. When the internet of things equipment is required to be networked, the internet of things equipment generates a registration request according to user control and sends the registration request to the server, so that the server distributes candidate verification number information to the internet of things equipment according to the registration request, and the candidate verification number information distributed by each internet of things equipment is independent and unique number information, so that accurate authentication can be made between the internet of things equipment and the server according to the candidate verification number information. For example, the candidate authentication number information is NODEV, and the candidate authentication number information may be a number, a character string, or the like, and the content of the candidate authentication number information is not particularly limited in this embodiment.
It should be noted that, the internet of things device is provided with a physical unclonable function, a true random number generator, a computing unit and a storage unit. The server is a server deployed in the background, and the server is in communication connection with the Internet of things device. The internet of things device stores a public key of a server, the server stores a key pair with practical encryption and decryption functions, and the key pair comprises the public key and a private key.
In step S202 of some embodiments, after the internet of things device receives the candidate verification number information, the internet of things device generates a third random number using a physical unclonable function, and generates a fifth random number and a sixth random number using a true random number generator. After the third random number, the fifth random number and the sixth random number are generated, performing bitwise exclusive OR operation according to the third random number and the sixth random number to obtain a fourth random number.
It should be noted that, the internet of things device generates the same random number according to the physical unclonable function each time, so the random number generated by the internet of things device using the internet of things unclonable function is equal to the third random number whenever the internet of things device uses the internet of things unclonable function.
For example, referring to fig. 10, the physical unclonable function is PUF, and the true random number generator is TRNG; the third random number is generated as p0 by using the PUF, the fifth random number and the sixth random number are generated as k0 and r0 by using the TRNG, and the fourth random number is recorded as q0=p0 @ k0 by performing cross calculation on the third random number and the sixth random number. The third random number p0 and the fifth random number k0 have equal bit lengths, and if not, an interception is needed to make the third random number p0 and the fifth random number k0 equal.
In step S203 of some embodiments, the internet of things device encrypts the fifth random number, the sixth random number and the candidate verification number information according to the public key to obtain third encrypted data. After the third encrypted data is completed, the fourth random number is stored in the storage unit, and then the internet of things device sends the third encrypted data and the sixth random number to the server, so that the server verifies the internet of things device according to the third encrypted data and the sixth random number and completes registration.
For example, the process of encrypting the fifth random number, the sixth random number, and the candidate authentication number information according to the public key to obtain third encrypted data is denoted as c=enc (pk, (k 0, r0, NODEV)).
In step S204 of some embodiments, the third encrypted data is sent to the server, and the server receives the third encrypted data from the internet of things device, and performs authentication on the internet of things device according to the third encrypted data to obtain first registration authentication information, so as to determine whether the internet of things device can correctly and stably communicate according to the first registration authentication information.
The server decrypts the third encrypted data according to the private key to obtain the fifth random number, the sixth random number and the equipment number information to be verified. The process of decrypting the third encrypted data is denoted as Dec (sk, c) = (k 0', r0', NO DEV ’),NO DEV ' is the device to-be-tested number information. The server compares the device number information to be tested with the device verification number information to determine first registration verification information. If the equipment to-be-tested number information and the equipment verification number information are the same, namely NO DEV ’=NO DEV The first registration verification information is verification success; if the equipment number information to be checked is different from the equipment verification number information, the first registration verification information is verification failure; if the first registration verification information is verification failure, the data transmission error between the Internet of things equipment and the server is indicated, or the Internet of things equipment intentionally deceives the server.
In step S205 of some embodiments, if the first registration verification information is verification success, it is determined that normal and secure communication can be performed between the internet of things device and the server, and the server sends an eighth random number and fifth hash data, where the eighth random number is randomly generated by the server, and the fifth hash data is obtained by the server according to a hash value calculated between the eighth random number and the sixth hash data. For example, the eighth random number is denoted as r0", the sixth random number at the server is denoted as r0', and the process of hash value calculation of the sixth random number and the eighth random number is denoted as h=hash (r 0', r 0").
In step S206 of some embodiments, the server is authenticated according to the eighth random number and the fifth hash data to obtain second registration verification information, so as to determine whether the server can normally communicate with the internet of things device according to the second registration verification information.
In step S207 of some embodiments, if the second registration verification information is verification success, it is indicated that normal communication between the server and the internet of things device is possible, so the candidate verification number information is used as device verification number information of the internet of things device.
In steps S201 to S207 illustrated in the present embodiment, before the internet of things device and the server perform authentication and key exchange, the internet of things device needs to be registered at the server. The internet of things equipment encrypts the random numbers and the equipment verification number information by generating various random numbers so as to send the random numbers and the encrypted data to the server, and the server performs registration verification on the internet of things equipment according to the random numbers and the encrypted data. Therefore, registration verification is performed between the server and the Internet of things equipment to determine whether the data can be normally and accurately transmitted between the Internet of things equipment and the server, and then registration is completed, so that the server can register the Internet of things equipment with normal and accurate communication.
Referring to fig. 3, in some embodiments, step S206 may include, but is not limited to, steps S301 to S302:
step S301, hash value calculation is carried out according to the eighth random number and the sixth random number to obtain sixth hash data;
step S302, comparing the fifth hash data with the sixth hash data to obtain second registration verification information.
In step S301 of some embodiments, the sixth random number in the internet of things device is r0, the eighth random number is r0", and the process of calculating the hash value of the sixth random number and the eighth random number is denoted as h '=hash (r 0, r 0"), so the sixth hash data is h'.
In some embodiments, after the internet of things device determines the sixth hash data, the second registration verification information may be obtained by directly comparing the sixth hash data with the fifth hash data. If the sixth hash data and the fifth hash data are the same, the second registration verification information is successful verification; if the sixth hash data and the fifth hash data are different, the second registration verification information is verification failure. The internet of things equipment determines second registration verification information and then feeds the second registration verification information back to the server, so that the server takes the candidate verification number information as equipment verification number information when verification is successful according to the second registration verification information.
Referring to fig. 4, in some embodiments, the first encrypted data is a first random number; the first authentication data includes: a second random number and first hash data. Step S104 may include, but is not limited to, steps S401 to S402:
step S401, hash value calculation is carried out according to the first random number and the second random number, and second hash data are obtained;
step S402, comparing the first hash data with the second hash data to obtain server identity verification information.
In steps S401 to S402 of some embodiments, when the internet of things device needs to authenticate with the server, the internet of things device calculates a hash value of the first random number and the second random number to obtain second hash data, and the process of generating the second hash data is recorded as h1 '=hash (r 1, r 2), and verifies whether the first hash data and the second hash data are h1=h1'. If the first hash data is equal to the second hash data, the server identity verification information is successful in verification; if the second hash data is not equal to the first hash data, the server identity authentication information is authentication failure. If the server identity verification information is verification failure, the process is stopped, and the subsequent operation is not completed.
In steps S401 to S402 illustrated in this embodiment, when the internet of things device performs identity authentication on the server, the first hash data is compared with the second hash data generated by itself to determine whether the server can decrypt the correct first random number through the private key carried by itself, so that the internet of things device does not need to set a digital certificate for identity authentication of the server, and the authentication process is simple and has lower cost.
In addition, referring to fig. 5, the embodiment of the invention also discloses an authentication method of the internet of things device, which is applied to a server, and the authentication method of the internet of things device applied to the server may include, but is not limited to, steps S501 to S506:
step S501, registering the Internet of things equipment to generate equipment verification number information, and sending the equipment verification number information to the Internet of things equipment;
step S502, equipment verification number information and first encryption data sent by the Internet of things equipment are received, the Internet of things equipment is subjected to identity verification according to the equipment verification number information and the first encryption data to obtain first equipment identity verification information, and first verification data are generated;
step S503, if the first equipment identity authentication information is successful in authentication, the first authentication data is sent to the Internet of things equipment, so that the Internet of things equipment authenticates the server according to the first authentication data to obtain server identity authentication information;
Step S504, if the server identity authentication information is successful in authentication, receiving second authentication data sent by the Internet of things equipment;
step S505, carrying out identity verification on the Internet of things equipment according to the second verification data to obtain second equipment identity verification information;
step S506, if the second equipment identity authentication information is successful, the second equipment identity authentication information shares the secret key with the Internet of things equipment.
In steps S501 to S506 illustrated in the present embodiment, device authentication number information is allocated by the server when the internet of things device is registered, so as to provide the internet of things device with a unique authentication credential. When authentication is performed, the server receives equipment verification number information and first encrypted data sent by the Internet of things equipment, and performs identity verification on the Internet of things equipment according to the equipment verification number information and the first encrypted data to obtain first equipment identity verification information. If the first equipment authentication information is successful in authentication, receiving second authentication data sent by the Internet of things equipment, and carrying out authentication on the Internet of things equipment according to the second authentication data to obtain second equipment authentication information, and sharing a secret key with the Internet of things equipment when the second equipment authentication information is successful in authentication. Therefore, the server performs the key sharing with the internet of things equipment after performing the identity authentication on the internet of things equipment according to the authentication data twice, and the identity authentication can be completed without setting a digital certificate in each internet of things equipment, so that the identity authentication is simpler.
Referring to fig. 6, in some embodiments, step S501 may include, but is not limited to, steps S601 to S607:
step S601, receiving a registration request sent by the Internet of things equipment, and generating candidate verification number information according to the registration request;
step S602, sending the candidate verification number information to the Internet of things equipment and receiving third encrypted data;
step S603, performing decryption processing on the third encrypted data according to a preset private key to obtain a fifth random number, a sixth random number and candidate number information to be tested;
step S604, comparing the candidate to-be-tested number information with the candidate verification number information to obtain third verification information;
step S605, if the third verification information is verification success, generating a seventh random number, and performing hash value calculation according to the seventh random number and the sixth random number to obtain fifth hash data;
step S606, the fifth hash data and the seventh random number are sent to the Internet of things equipment, so that the Internet of things equipment calculates hash values according to the seventh random number and the sixth random number to obtain sixth hash data, and the fifth hash data and the sixth hash data are compared to obtain registration verification information;
step S607, if the registration verification information is verification success, the candidate verification number information is used as the device verification number information, and the device verification number information is sent to the internet of things device.
In step S601 of some embodiments, registration at the server is required before the internet of things device exchanges authentication keys with the server. The server receives a registration request and the registration request includes at least a unique identifier, the unique identifier indicating a network card address, and the network card address being an address of the server. After receiving the registration request, the server generates candidate verification number information for the Internet of things equipment, and the generated candidate verification number information is inconsistent each time so as to keep the unique candidate verification number information of the Internet of things equipment.
In step S602 of some embodiments, the candidate verification number information is sent to the internet of things device, so that when the internet of things device needs to perform registration authentication, a PUF is used to generate a third random number p0, a TRNG is used to generate a fifth random number and a sixth random number k0, r0, and a fourth random number is obtained by cross calculation of the third random number and the sixth random number and is denoted as q0=p0 k0. The internet of things device encrypts the fifth random number, the sixth random number and the device verification number information according to the public key to obtain third encrypted data, and the process of encrypting the fifth random number, the sixth random number and the device verification number information according to the public key to obtain third encrypted data is denoted as c=enc (pk, (k 0, r0, NO) DEV )). Thus, the server receives the third encrypted data from the internet of things device.
In step S603 of some embodiments, the server decrypts the third encrypted data according to the private key to obtain the fifth random number, the sixth random number, and the device number to be verified information. The process of decrypting the third encrypted data is denoted as Dec (sk, c) = (k 0', r0', NO DEV ’),NO DEV ' is candidate number information to be tested.
In step S604 of some embodiments, the server compares the candidate to-be-verified number information and the candidate verification number information to determine third verification information. If the candidate number information to be tested is the same as the candidate verification number information, namely NO DEV ’=NO DEV Then the third authentication information is successful; if the candidate number information to be verified is different from the candidate verification number information, the third verification information is verification failure; if the third verification information is verification failure, the data transmission error between the Internet of things equipment and the server is indicated, or the Internet of things equipment intentionally deceives the server.
In step S605 of some embodiments, if the third verification information is verification success, a seventh random number is generated, and the seventh random number is recorded as r0". And then carrying out hash value calculation on the seventh random number and the decrypted sixth random number to obtain fifth hash data, so that registration verification is carried out between the server and the Internet of things equipment according to the fifth hash data. For example, referring to fig. 10, the process of performing hash value calculation on the sixth random number and the seventh random number is denoted as h=hash (r 0', r0 ").
It should be noted that, if the third verification information is verification failure, the server will suspend the registration process, and the internet of things device will not be registered at the server.
In steps S606 to S607 of some embodiments, the fifth hash data and the seventh random number are sent to the internet of things device, the internet of things device receives the fifth hash data and the seventh random number sent from the server, and the internet of things device calculates hash values of the seventh random number and the sixth random number to obtain sixth hash data. The process of generating the sixth hash data is denoted as h '=hash (r 0', r0 "). After the internet of things device determines the sixth hash data, the registration verification information can be obtained by directly comparing the sixth hash data with the fifth hash data. If the sixth hash data and the fifth hash data are the same, registering verification information to verify successfully; if the sixth hash data and the fifth hash data are different, the registration verification information is verification failure. The internet of things equipment determines registration verification information and then feeds the registration verification information back to the server, so that the server stores equipment verification number information and fifth random number when verification is successful according to the registration verification information.
Referring to fig. 7, in some embodiments, the first verification data includes: a second random number and first hash data; step S502 may include, but is not limited to, steps S701 to S703:
Step S701, decrypting the first encrypted data according to a preset private key to obtain a first random number and equipment number information to be verified;
step S702, comparing the equipment to-be-tested number information with the equipment verification number information to obtain first equipment identity verification information;
in step S703, a second random number is randomly generated, and a hash value is calculated according to the first random number and the second random number to obtain first hash data.
In steps S701 to S702 of some embodiments, the internet of things device encrypts the first encrypted data c1 and the device authentication number information NO DEV And sending the encrypted data to the server, and decrypting the first encrypted data by the server according to the private key carried by the server to obtain a second random number and the equipment number information to be verified. Since only the server holding the private key sk can decrypt the first encrypted data to obtain the correct first random number, the accurate first hash data can be calculated based on the first random number. Therefore, the server compares the decrypted equipment to-be-verified number information with the equipment verification number information to obtain first equipment identity verification information, so that the identity of the Internet of things equipment is judged according to the verification result.
It should be noted that, referring to fig. 11, the process of decrypting the first encrypted data by the server is Dec (sk, c) = (r 1', NO DEV '), and then comparing the equipment to-be-tested number information and the equipment verification number information into NO DEV ’=NO DEV Then the first device authentication information is successful in the authentication. If the first equipment identity verification information is verification failure, the process is stopped, and the server does not send the first hash data and the second random number to the Internet of things equipment.
In step S703 of some embodiments, if the first device authentication information is successful, the server generates a second random number, and performs hash value calculation according to the decrypted first random number and the second random number to obtain the first hash data. Therefore, the internet of things device receives the second random number and the first hash data sent from the server. Note that, the process of generating the first hash data by the server is h1=hash (r 1', r 2).
In steps S701 to S703 illustrated in this embodiment, the server decrypts the first encrypted data by using its own private key to obtain the device number information to be verified, and compares the device verification number information previously distributed to the internet of things device with the device number information to be verified to determine whether the internet of things device is registered in advance. And then the server authenticates the Internet of things equipment based on the random numbers and hash data among the random numbers, so that the authentication between the server and the Internet of things equipment does not need a digital certificate, and the operation is simple and easy, and the cost is saved.
Referring to fig. 8, in some embodiments, the second verification data is third hash data; the third hash data is obtained by randomly generating a third random number by Internet of things equipment, generating a fifth random number according to the third random number and a fourth random number which is generated in advance, and carrying out hash value calculation according to the fifth random number and the second random number. Step S505 may include, but is not limited to, steps S801 to S802:
step S801, hash value calculation is carried out according to a fifth random number and a second random number which are received in advance, and fourth hash data are obtained;
step S802, comparing the third hash data with the fourth hash data to obtain second equipment identity verification information.
In steps S801 to S802 illustrated in the present embodiment, the server performs hash computation according to the fifth random number and the second random number to obtain fourth hash data, and compares the fourth hash data with the third hash data to obtain the device identity verification information. If the third hash data and the fourth hash data are the same, the equipment identity verification information is successful verification; if the third hash data and the fourth hash data are different, the equipment identity verification information is verification failure. Therefore, after the equipment identity authentication is completed between the equipment of the Internet of things and the server, the accuracy of the equipment identity authentication is improved after the equipment identity authentication is further authenticated.
For example, referring to fig. 11, the PUF is used to generate the third random number p0, the fifth random number is generated by k0=p0 +_q0, the process of calculating the third hash data is h2=hash (k 0, r 2), the process of calculating the fourth hash data is h2 '=hash (k 0, r 2), and if h2=h2', the device authentication information is successful.
It should be noted that, if the device authentication information is that the authentication is successful, the hash values of the first random number and the second random number are used as the secret key, so as to complete the sharing of the secret key. Therefore, the finally generated shared key is a key, the shared key is a hash value, two parameters participating in the hash are a first random number r1 and a second random number r2, and the first random number r1 is not transmitted on the public link, so that the privacy of the shared key is ensured.
In summary, the authentication between the Internet of things devices is completed by adopting the device number information and the hash data, and the two-way identity authentication and the shared key establishment of the server and the Internet of things devices can be effectively realized, so that the security of network data communication of the Internet of things devices is improved.
In addition, referring to fig. 9, the embodiment of the application also discloses an authentication method of the internet of things device, which may include, but is not limited to, steps S901 to S907:
Step S901, an internet of things device registers with a server to obtain device verification number information;
step S902, the Internet of things equipment sends equipment verification number information and preset first encryption data to a server, and the server performs identity verification on the Internet of things equipment according to the first encryption data to obtain first equipment identity verification information;
step 903, if the first device authentication information is successful, the server generates and sends first authentication data to the internet of things device;
step S904, the Internet of things equipment performs identity verification on the server according to the first verification data to obtain server identity verification information;
step S905, if the server authentication information is successful, generating and transmitting second authentication data to the server;
step S906, the server performs identity verification on the Internet of things equipment according to the second verification data to obtain second equipment identity verification information;
in step S907, if the second device authentication information is successful, the internet of things device shares the key with the server.
In steps S901 to S907 illustrated in the present embodiment, device authentication number information is obtained by registering the internet of things device and the server, so that mutual authentication is performed between the internet of things device and the server according to the device authentication number information, so that secret keys are shared between authentication success. Therefore, the key can be shared after the identity of the Internet of things equipment and the server can be automatically authenticated, so that the Internet of things equipment connected through one server can be safely communicated, the authentication operation between the Internet of things equipment is simple, a digital certificate is not required to be set, and the cost is saved.
The registration and authentication process between the internet of things device and the server refer to the authentication method of the internet of things device, and will not be described herein.
Referring to fig. 12, the embodiment of the present application further provides an internet of things device, which may implement the authentication method of the internet of things device, where the internet of things device includes:
a first registration module 1201, configured to register with a server to obtain device authentication number information;
the encrypted data sending module 1202 is configured to send the device authentication number information and preset first encrypted data to a server, so that the server performs identity authentication on the internet of things device according to the first encrypted data to obtain first device identity authentication information;
the first verification data receiving module 1203 is configured to receive, if the first device authentication information is verification success, first verification data fed back by the server;
the first authentication module 1204 is configured to perform authentication on the server according to the first authentication data, to obtain authentication information of the server;
the first verification data sending module 1205 is configured to generate and send second verification data to the server if the server authentication information is successful, so that the server performs authentication on the internet of things device according to the second verification data to obtain second device authentication information;
The first key sharing module 1206 is configured to share a key with the server if the second device authentication information is successful.
The specific implementation manner of the internet of things device is basically the same as the specific embodiment of the authentication method of the internet of things device, and is not described herein again.
Referring to fig. 13, the embodiment of the present application further provides a server, which may implement the authentication method of the internet of things device, where the server includes:
the number generation module 1301 is configured to register an internet of things device to generate device verification number information, and send the device verification number information to the internet of things device;
the encrypted data receiving module 1302 is configured to receive the device authentication number information and the first encrypted data sent by the internet of things device, perform identity authentication on the internet of things device according to the device authentication number information and the first encrypted data to obtain first device identity authentication information, and generate first authentication data;
the second verification data sending module 1303 is configured to send the first verification data to the internet of things device if the first device authentication information is successful, so that the internet of things device verifies the server according to the first verification data to obtain server authentication information;
The second verification data receiving module 1304 is configured to receive second verification data sent by the internet of things device if the server authentication information is successful in verification;
the second identity verification module 1305 is configured to perform identity verification on the internet of things device according to the second verification data to obtain second device identity verification information;
the second key sharing module 1306 is configured to share a key with the internet of things device if the second device authentication information is authentication success.
The embodiment of the application also provides an authentication system of the Internet of things equipment, which comprises the Internet of things equipment and the server; the internet of things device is used for executing the authentication method of the internet of things device shown in fig. 1 to 4, and the server is used for executing the authentication of the internet of things device shown in fig. 5 to 8.
The embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores a computer program, and the computer program realizes the authentication method of the Internet of things equipment when being executed by a processor.
The memory, as a non-transitory computer readable storage medium, may be used to store non-transitory software programs as well as non-transitory computer executable programs. In addition, the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory remotely located relative to the processor, the remote memory being connectable to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The embodiments described in the embodiments of the present application are for more clearly describing the technical solutions of the embodiments of the present application, and do not constitute a limitation on the technical solutions provided by the embodiments of the present application, and those skilled in the art can know that, with the evolution of technology and the appearance of new application scenarios, the technical solutions provided by the embodiments of the present application are equally applicable to similar technical problems.
It will be appreciated by persons skilled in the art that the embodiments of the application are not limited by the illustrations, and that more or fewer steps than those shown may be included, or certain steps may be combined, or different steps may be included.
The above described apparatus embodiments are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, i.e. may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
Those of ordinary skill in the art will appreciate that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof.
The terms "first," "second," "third," "fourth," and the like in the description of the application and in the above figures, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that in the present application, "at least one (item)" means one or more, and "a plurality" means two or more. "and/or" for describing the association relationship of the association object, the representation may have three relationships, for example, "a and/or B" may represent: only a, only B and both a and B are present, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b or c may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the above-described division of units is merely a logical function division, and there may be another division manner in actual implementation, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including multiple instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method of the various embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing a program.
The preferred embodiments of the present application have been described above with reference to the accompanying drawings, and are not thereby limiting the scope of the claims of the embodiments of the present application. Any modifications, equivalent substitutions and improvements made by those skilled in the art without departing from the scope and spirit of the embodiments of the present application shall fall within the scope of the claims of the embodiments of the present application.
Claims (10)
1. An authentication method of an internet of things device, which is characterized by being applied to the internet of things device, the method comprising:
registering with a server to obtain equipment verification number information;
the equipment verification number information and preset first encryption data are sent to the server, so that the server performs identity verification on the Internet of things equipment according to the first encryption data and the equipment verification number information to obtain first equipment identity verification information;
if the first equipment identity verification information is successful in verification, first verification data fed back by the server are received;
carrying out identity verification on the server according to the first verification data to obtain server identity verification information;
if the server identity authentication information is successful in authentication, generating and sending second authentication data to the server so that the server performs identity authentication on the Internet of things equipment according to the second authentication data to obtain second equipment identity authentication information;
and if the second equipment identity authentication information is successful in authentication, sharing a secret key with the server.
2. The method of claim 1, wherein the first encrypted data is a first random number; the first authentication data includes: a second random number and first hash data; the step of performing authentication on the server according to the first authentication data to obtain server authentication information includes:
Carrying out hash value calculation according to the first random number and the second random number to obtain second hash data;
and comparing the first hash data with the second hash data to obtain the server identity authentication information.
3. The method of claim 1, wherein registering with a server to obtain device authentication number information comprises:
sending a registration request to the server so that the server generates candidate verification number information according to the registration request;
receiving the candidate verification number information sent by the server, generating a third random number, a fifth random number and a sixth random number, and generating a fourth random number according to the third random number and the fifth random number;
encrypting the fifth random number, the sixth random number and the candidate verification number information according to a preset public key to obtain third encrypted data;
the third encrypted data is sent to the server, so that the server performs identity verification on the Internet of things equipment according to the third encrypted data to obtain first registration verification information;
if the first registration verification information is successful in verification, receiving an eighth random number and fifth hash data sent by the server;
Verifying the server according to the eighth random number and the fifth hash data to obtain second registration verification information;
and if the second registration verification information is successful in verification, the candidate verification number information is used as the equipment verification number information.
4. A method according to claim 3, wherein said verifying the server according to the eighth random number and the fifth hash data to obtain second registration verification information comprises:
carrying out hash value calculation according to the eighth random number and the sixth random number to obtain sixth hash data;
and comparing the fifth hash data with the sixth hash data to obtain the second registration verification information.
5. An authentication method of an internet of things device, which is applied to a server, the method comprising:
registering the Internet of things equipment to generate equipment verification number information, and sending the equipment verification number information to the Internet of things equipment;
receiving equipment verification number information and first encryption data sent by the Internet of things equipment, carrying out identity verification on the Internet of things equipment according to the equipment verification number information and the first encryption data to obtain first equipment identity verification information, and generating first verification data;
If the first equipment identity authentication information is successful in authentication, the first authentication data is sent to the Internet of things equipment, so that the Internet of things equipment authenticates the server according to the first authentication data to obtain server identity authentication information;
if the server identity verification information is successful in verification, receiving second verification data sent by the Internet of things equipment;
performing identity verification on the Internet of things equipment according to the second verification data to obtain second equipment identity verification information;
and if the second equipment identity verification information is successful in verification, sharing a secret key with the Internet of things equipment.
6. The method of claim 5, wherein the first authentication data comprises: a second random number and first hash data; the receiving the equipment verification number information and the first encrypted data sent by the internet of things equipment, and performing identity verification on the internet of things equipment according to the equipment verification number information and the first encrypted data to obtain first equipment identity verification information, and generating first verification data, including:
decrypting the first encrypted data according to a preset private key to obtain a first random number and equipment number information to be verified;
Comparing the equipment to-be-tested number information with the equipment verification number information to obtain the first equipment identity verification information;
and randomly generating a second random number, and calculating a hash value according to the first random number and the second random number to obtain the first hash data.
7. The method of claim 6, wherein the second verification data is third hash data; the third hash data is obtained by randomly generating a third random number by the Internet of things equipment, generating a fifth random number according to the third random number and a fourth random number which is generated in advance, and carrying out hash value calculation according to the fifth random number and the second random number; the step of performing authentication on the internet of things device according to the second authentication data to obtain second device authentication information includes:
carrying out hash value calculation according to the fifth random number and the second random number which are received in advance to obtain fourth hash data;
and comparing the third hash data with the fourth hash data to obtain the second equipment identity verification information.
8. The method of claim 5, wherein registering the internet of things device to generate device authentication number information and transmitting the device authentication number information to the internet of things device comprises:
Receiving a registration request sent by the Internet of things equipment, and generating candidate verification number information according to the registration request;
sending the candidate verification number information to the internet of things equipment and receiving third encrypted data;
decrypting the third encrypted data according to a preset private key to obtain a fifth random number, a sixth random number and candidate to-be-tested number information;
comparing the candidate number information to be tested with the candidate verification number information to obtain third verification information;
if the third verification information is successful in verification, generating a seventh random number, and performing hash value calculation according to the seventh random number and the sixth random number to obtain fifth hash data;
transmitting the fifth hash data and the seventh random number to the internet of things equipment, so that the internet of things equipment calculates hash values according to the seventh random number and the sixth random number to obtain sixth hash data, and comparing the fifth hash data with the sixth hash data to obtain registration verification information;
and if the registration verification information is successful in verification, the candidate verification number information is used as the equipment verification number information, and the equipment verification number information is sent to the Internet of things equipment.
9. An authentication method of an internet of things device, the method comprising:
the Internet of things equipment registers with a server to acquire equipment verification number information;
the internet of things device sends the device verification number information and preset first encryption data to the server, and the server performs identity verification on the internet of things device according to the first encryption data to obtain first device identity verification information;
if the first equipment identity verification information is verification success, the server generates and sends first verification data to the Internet of things equipment;
the internet of things device performs identity verification on the server according to the first verification data to obtain server identity verification information;
if the server identity authentication information is successful in authentication, generating and sending second authentication data to the server;
the server performs identity verification on the Internet of things equipment according to the second verification data to obtain second equipment identity verification information;
and if the second equipment identity verification information is successful in verification, the Internet of things equipment and the server share a secret key.
10. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the method of authenticating an internet of things device according to any one of claims 1 to 4, or the method of authenticating an internet of things device according to any one of claims 5 to 8, or the method of authenticating an internet of things device according to claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310974134.2A CN117040825A (en) | 2023-08-03 | 2023-08-03 | Authentication method of Internet of things equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310974134.2A CN117040825A (en) | 2023-08-03 | 2023-08-03 | Authentication method of Internet of things equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117040825A true CN117040825A (en) | 2023-11-10 |
Family
ID=88640629
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310974134.2A Pending CN117040825A (en) | 2023-08-03 | 2023-08-03 | Authentication method of Internet of things equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117040825A (en) |
-
2023
- 2023-08-03 CN CN202310974134.2A patent/CN117040825A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107079034B (en) | Identity authentication method, terminal equipment, authentication server and electronic equipment | |
| US10015159B2 (en) | Terminal authentication system, server device, and terminal authentication method | |
| US20190229911A1 (en) | Blockchain-implemented method and system | |
| US8396218B2 (en) | Cryptographic module distribution system, apparatus, and program | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| CN107733933B (en) | Method and system for double-factor identity authentication based on biological recognition technology | |
| CN110690956B (en) | Bidirectional authentication method and system, server and terminal | |
| CN109391468A (en) | A kind of authentication method and system | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| US20210167963A1 (en) | Decentralised Authentication | |
| US11425547B2 (en) | Master-slave system for communication over a Bluetooth Low Energy connection | |
| CN109309566B (en) | Authentication method, device, system, equipment and storage medium | |
| CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
| CN110597836A (en) | Information query request response method and device based on block chain network | |
| CN114143108A (en) | Session encryption method, device, equipment and storage medium | |
| CN112422500A (en) | Cross-platform data transmission method and device, storage medium and electronic device | |
| CN105554008A (en) | User terminal, authentication server, middle server, system and transmission method | |
| CN106257859A (en) | A kind of password using method | |
| CN110166460B (en) | Service account registration method and device, storage medium and electronic device | |
| CN110175471B (en) | File storage method and system | |
| CN113545004A (en) | Authentication system with reduced attack surface | |
| CN111586024B (en) | Authentication method, authentication equipment and storage medium | |
| CN117040825A (en) | Authentication method of Internet of things equipment and storage medium | |
| CN115344882A (en) | Multi-party computing method, device and storage medium based on trusted computing environment | |
| US11343078B2 (en) | System and method for secure input at a remote service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Country or region after: China Address after: 518000 north of the intersection of Zhenxing Avenue and Chuangye Avenue, EBU Town, Shenshan special cooperation zone, Shenzhen, Guangdong Applicant after: China Resources Intelligent Computing Technology (Guangdong) Co.,Ltd. Address before: 518000 north of the intersection of Zhenxing Avenue and Chuangye Avenue, EBU Town, Shenshan special cooperation zone, Shenzhen, Guangdong Applicant before: Guangdong Runlian Information Technology Co.,Ltd. Country or region before: China |
|
| CB02 | Change of applicant information |