CN102075929B - Access authentication method, gateway and system for smart home system - Google Patents
Access authentication method, gateway and system for smart home system Download PDFInfo
- Publication number
- CN102075929B CN102075929B CN201110028492.1A CN201110028492A CN102075929B CN 102075929 B CN102075929 B CN 102075929B CN 201110028492 A CN201110028492 A CN 201110028492A CN 102075929 B CN102075929 B CN 102075929B
- Authority
- CN
- China
- Prior art keywords
- terminal
- gateway
- request information
- information
- position register
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to an access authentication method, a gateway and a system for a smart home system. The method comprises the following steps that a terminal transmits location registration request information to the gateway; the gateway receives the location registration request information transmitted by the terminal and judges whether the terminal is a terminal compatible with the system or not according to terminal compatibility information carried by the location registration request information; and if not, access authentication is conducted to the gateway and the terminal according to first encrypted information carried by the location registration request information. Through the mutual identity authentication between the terminal and the gateway, the consistency of the system is ensured and malicious users can be prevented from entering the system to conduct illegal operation; the personal privacies of the users can be effectively protected and the requirements of the users on system security can be satisfied; and moreover, the access authentication method is simple, the performance is reliable and the problem that potential safety hazards exist in the system because unified standards are not available can be solved.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of DECT (Digital Enhanced Cordless Telecommunications, DECT)/US (the United States, the U.S.)-DECT/WDCT (Worldwide Digital Cordless Telecommunication, world's standard digital cordless phone)-DECT intelligent domestic system access authentication method, gateway and system.
Background technology
DECT technology is digital communication wireless standard advanced in the world, has the debug defencive function of optimal voice quality and height, and it is mainly used in cordless telephone field, also has part businessman that DECT technology is applied to family as Based Intelligent Control means.
DECT/US-DECT consensus standard only for the air interface of digital cordless phone made standard, but for the application of Smart Home, do not make definition targetedly.Caused thus the access of mobile control terminal in DECT/US-DECT intelligent domestic system there is no unified standard.
And prior art cannot effectively authenticate the access of mobile control terminal; thereby cause preventing that user from maliciously entering the direct control of system; cause system reliability and fail safe effectively not to be guaranteed; cannot effectively protect user's individual privacy, more cannot meet the requirement of user to security of system.
Summary of the invention
Main purpose of the present invention is to provide a kind of intelligent domestic system access authentication method, gateway and system, the fail safe that is intended to improve intelligent domestic system.
In order to achieve the above object, the present invention proposes a kind of intelligent domestic system access authentication method, comprises the following steps:
Terminal sends position register request information to gateway;
The position register request information that gateway receiving terminal sends, and the terminal compatible information carrying according to described position register request information judges whether described terminal is native system compatible terminal;
When described terminal is not native system compatible terminal, the first enciphered message and described terminal that gateway carries according to described position register request information are carried out access authentication.
Preferably, the step that the first enciphered message that described gateway carries according to position register request information and described terminal are carried out access authentication comprises:
The first enciphered message that gateway carries described position register request information is decrypted according to treaty rule, obtains the first decryption information;
If the first decryption information is incorrect, do not allow described terminal access native system; Otherwise
Allow described terminal access native system, and send location register confirmation to described terminal;
The second enciphered message that the described location register confirmation that end-on is received is carried is decrypted according to treaty rule, obtains the second decryption information;
When described the second decryption information is when correct, the control command sending after gateway authentication success described in terminal response, completion system access authentication.
Preferably, described the first enciphered message and the second enciphered message are by the ciphertext after des encryption algorithm process.
Preferably, the described terminal compatible information carrying according to position register request information judges that whether described terminal is also to comprise after the step of native system compatible terminal:
When described terminal is native system compatible terminal, gateway allows described terminal access native system.
The present invention also proposes a kind of intelligent domestic system access authentication gateway, comprising:
Receiver module, the position register request information sending for receiving terminal;
Judge module, judges for the terminal compatible information carrying according to described position register request information whether described terminal is native system compatible terminal;
Authentication module, for when described terminal is not native system compatible terminal, first enciphered message of carrying according to described position register request information is carried out access authentication to described terminal.
Preferably, described authentication module comprises:
Decryption unit, is decrypted according to treaty rule for the first enciphered message that described position register request information is carried, and obtains the first decryption information;
Confirmation transmitting element, for when the first decryption information is when correct, to described terminal, send location register confirmation, second enciphered message of described location register confirmation being carried by described terminal is decrypted according to treaty rule, obtains the second decryption information;
Access control unit, for when the first decryption information is when incorrect, does not allow described terminal access native system; And when the first decryption information is when correct, allow described terminal access native system, and, described terminal is controlled when correct at described the second decryption information.
Preferably, described the first enciphered message and the second enciphered message are by the ciphertext after des encryption algorithm process.
Preferably, described access control unit, also for when described terminal is native system compatible terminal, allows described terminal access native system.
The present invention also proposes a kind of intelligent domestic system access authentication system, comprising: gateway and terminal, wherein:
Described terminal, for sending position register request information to described gateway, and first enciphered message of carrying according to described position register request information and described gateway carry out access authentication;
Described gateway, for receiving described position register request information, and first enciphered message of carrying according to described position register request information and described terminal are carried out access authentication.
Preferably, described gateway, is also decrypted according to treaty rule for the first enciphered message that described position register request information is carried, and when successful decryption, to described terminal, sends location register confirmation;
Described terminal, the location register confirmation also sending when the first enciphered message successful decryption that described position register request information is carried for receiving described gateway, and the second enciphered message that described location register confirmation is carried is decrypted according to the rule of agreement, when successful decryption, respond the control command sending after described gateway authentication success.
Preferably, described gateway is gateway as above; Described terminal is handheld terminal or non-handheld terminal.
A kind of intelligent domestic system access authentication method, gateway and system that the present invention proposes, by gateway, the non-compatible terminal (comprising handheld terminal and non-handheld terminal) of request location register is carried out to system access authentication, the terminal of only having authentication to pass through just can allow to be linked into gateway, and receives the Based Intelligent Control instruction that gateway sends; After non-compatible terminal authenticates by gateway accessing, in the registration ack message of position, can receive the authentication information of gateway, the gateway that only has authentication to pass through, the Based Intelligent Control instruction that terminal just can be sent this gateway responds.By the mutual identity authentication between terminal and gateway in above-mentioned two kinds of modes, can guarantee the consistency of system, thereby avoided user maliciously to enter internal system, carry out illegal operation; Individual privacy to user is effectively protected, and has met the requirement of user to security of system; Reliable and the safety of the system that further effectively guarantees, prevents the attack of the bad personnel of object to system; And access authentication method of the present invention is simple, dependable performance, has solved owing to having caused system to have the not enough problem of potential safety hazard without unified standard.
Accompanying drawing explanation
Fig. 1 is intelligent domestic system access authentication method one embodiment schematic flow sheet of the present invention;
Fig. 2 is the schematic flow sheet that the first enciphered message that in intelligent domestic system access authentication method one embodiment of the present invention, gateway carries according to position register request information and described terminal are carried out access authentication;
Fig. 3 is intelligent domestic system access authentication gateway one example structure schematic diagram of the present invention;
Fig. 4 is the structural representation of authentication module in intelligent domestic system access authentication gateway of the present invention one embodiment;
Fig. 5 is intelligent domestic system access authentication system one example structure schematic diagram of the present invention;
Fig. 6 is PP terminal parameter product process schematic diagram in intelligent domestic system access authentication system one embodiment of the present invention;
Fig. 7 is FP gateway authentication schematic flow sheet in intelligent domestic system access authentication system one embodiment of the present invention;
Fig. 8 is FP gateway parameter product process schematic diagram in intelligent domestic system access authentication system one embodiment of the present invention;
Fig. 9 is PP terminal authentication schematic flow sheet in intelligent domestic system access authentication system one embodiment of the present invention.
In order to make technical scheme of the present invention clearer, clear, below in conjunction with accompanying drawing, be described in further detail.
Embodiment
The main design of the embodiment of the present invention is: gateway carries out system access authentication to the non-compatible terminal of request location register, and the terminal of only having authentication to pass through just can allow to be linked into gateway, and can receive the Based Intelligent Control instruction that gateway sends; After non-compatible terminal authenticates by gateway accessing, in the registration ack message of position, can receive the authentication information of gateway, the gateway that only has authentication to pass through, the Based Intelligent Control instruction that terminal just can be sent this gateway responds.By the mutual identity authentication between terminal and gateway in above-mentioned two kinds of modes, to guarantee the consistency of system, improve the fail safe of system.
As shown in Figure 1, one embodiment of the invention proposes a kind of intelligent domestic system access authentication method, comprises the following steps:
Step S101, terminal sends position register request information to gateway;
The present embodiment method realizes based on DECT network layer (NWK) mobility management protocol (MM), that is: in mobility management protocol (MM), in position register request information (LOCATE-REQUEST) and location register confirmation (LOCATE-ACCEPT), add the IWU-TO-IWU message element of self-defining encrypting and authenticating, this message element has comprised the necessary information of access authentication.
When terminal need to access intelligent domestic system (hereinafter to be referred as native system), terminal sends position register request information (LOCATE-REQUEST) to system place IAD, in this position register request information, carry terminal compatible information (Terminal capabilty) and the specific IWU information of this terminal, this specific IWU information is alleged the first enciphered message in the present embodiment, only has the non-compatible terminal of native system just can send out this specific IWU information.This IWU information is to adopt des encryption algorithm process ciphertext later in prior art.Des encryption algorithm is the DSE arithmetic in cryptographic system, and its key length is 56, expressly by 64, divides into groups, and the plaintext group after grouping and 56 s' key step-by-step is substituted or the method for exchange forms the encryption method of ciphertext group.In prior art, the existing mature technology of des encryption algorithm, does not repeat them here.
Step S102, the position register request information that gateway receiving terminal sends, and the terminal compatible information carrying according to position register request information judges whether terminal is native system compatible terminal; If so, enter step S104; Otherwise, enter step S103;
Step S103, the first enciphered message and terminal that gateway carries according to position register request information are carried out access authentication;
Step S104, gateway allows terminal access native system.
In above-mentioned steps S102, step S103 and step S104, when gateway receives after the position register request information of terminal transmission, the terminal compatible information that first gateway carries according to position register request information judges whether terminal is native system compatible terminal, whether be related protocol specified standard terminal, if native system compatible terminal, gateway can allow in this terminal access native system, and does not need to carry out follow-up access authentication; If this terminal is not native system compatible terminal, gateway carries out access authentication by first enciphered message of carrying according to position register request information and terminal.
As shown in Figure 2, the step that the first enciphered message that in step S103, gateway carries according to position register request information and described terminal are carried out access authentication comprises:
Step S1031, the first enciphered message that gateway carries position register request information is decrypted according to treaty rule, obtains the first decryption information;
Step S1032, gateway judges that whether the first decryption information is correct, if so, enters step S1034; Otherwise, enter step S1033;
Step S1033, gateway does not allow terminal access native system;
Step S1034, gateway allows terminal access native system, and sends location register confirmation to terminal;
Step S1035, the second enciphered message that the location register confirmation that end-on is received is carried is decrypted according to treaty rule, obtains the second decryption information;
Step S1036, whether terminal judges the second decryption information is correct; If so, enter step S1037; Otherwise, enter step S1038;
Step S1037, the control command sending after the success of terminal response gateway authentication, completion system access authentication;
Step S1038, the control command that terminal does not send after response gateway authentication success.
Above-mentioned treaty rule refers to the deciphering rule that native system is made an appointment, in the present embodiment, according to treaty rule, the first enciphered message is decrypted, obtain the first decryption information, if the first decryption information obtaining be wrong be Decryption failures, do not allow this terminal to be linked in native system, that is: gateway cannot send control command to this terminal; If the first decryption information obtaining is correctly successful decryption, gateway allows this terminal to be linked in native system, for gateway, this terminal has successfully been passed through access authentication, and send location register confirmation (LOCATE-ACCEPT) to the terminal by access authentication, it is alleged the second enciphered message in the present embodiment that this location register confirmation carries specific IWU information, and this second enciphered message is to adopt des encryption algorithm process ciphertext later equally.
Corresponding terminal receives after the location register confirmation of gateway transmission, according to treaty rule, this location register confirmation is decrypted, obtain the second decryption information, if the second decryption information mistake obtaining, terminal does not allow gateway to control it, thereby can avoid user maliciously to enter internal system, carries out illegal operation; If obtain the second decryption information, be correctly successful decryption, represent terminal access authentication success, terminal will respond the control command sending after gateway authentication success, and accepts gateway it is controlled.
In the present embodiment, terminal can be handheld terminal, can be also non-handheld terminal.
Because the present embodiment access authentication method has added the IWU-TO-IWU message element of self-defining encrypting and authenticating in mobility management protocol (MM) in position register request information (LOCATE-REQUEST) and location register confirmation (LOCATE-ACCEPT), this message element has comprised the necessary information of access authentication, can solve following technical problem: prevent that user from maliciously entering the direct control of system; Individual privacy to user is effectively protected; Meet the requirement of user to security of system; Effectively guaranteed the reliability and security of system; And can prevent the attack of the bad personnel of object to system.
Therefore, the present embodiment has the following advantages compared to existing technology:
1) terminal (handset) of the handset-type that gateway can compatible buy on the market, realizes PSTN (Public Switched Telephone Network, PSTN) call function;
2) terminal of non-standard handset-type is due to must be in position register request information with correct encrypting and authenticating information (IWU information), gateway just allows its access native system, be equivalent to illegal terminal to shield, can avoid user maliciously to enter internal system and carry out illegal operation;
3) in the location register confirmation that the terminal of native system can also be returned by gateway with correct encrypting and authenticating information (IWU information), distinguish this terminal and whether this gateway belongs to same system, if not same system, the control command that terminal can not sent this gateway responds, thereby can avoid user maliciously to enter internal system, carries out illegal operation; Not only can avoid using the control terminal of other system to be linked in native system and oppositely decode system, also avoid the control terminal of native system to be linked in other system and oppositely to decode, thereby reach the object of effective protection user's rights and interests.
As shown in Figure 3, one embodiment of the invention proposes a kind of intelligent domestic system access authentication gateway, comprising: receiver module 301, judge module 302 and authentication module 303, wherein:
The present embodiment is realized based on DECT network layer (NWK) mobility management protocol (MM), that is: in mobility management protocol (MM), in position register request information (LOCATE-REQUEST) and location register confirmation (LOCATE-ACCEPT), add the IWU-TO-IWU message element of self-defining encrypting and authenticating, this message element has comprised the necessary information of access authentication.
When terminal need to access intelligent domestic system (hereinafter to be referred as native system), terminal sends position register request information (LOCATE-REQUEST) to the present embodiment gateway, in gateway, receiver module 301 receives this position register request information, in this position register request information, carry terminal compatible information (Terminal capabilty) and the specific IWU information of this terminal, this specific IWU information is alleged the first enciphered message in the present embodiment, only has the non-compatible terminal of native system just can send out this specific IWU information.This IWU information is to adopt des encryption algorithm process ciphertext later in prior art.Des encryption algorithm is the DSE arithmetic in cryptographic system, and its key length is 56, expressly by 64, divides into groups, and the plaintext group after grouping and 56 s' key step-by-step is substituted or the method for exchange forms the encryption method of ciphertext group.In prior art, the existing mature technology of des encryption algorithm, does not repeat them here.
When gateway receives after the position register request information of terminal transmission, the terminal compatible information that in gateway, judge module 302 carries according to position register request information judges whether terminal is native system compatible terminal, whether be related protocol specified standard terminal, if native system compatible terminal, in gateway, authentication module 303 can allow in this terminal access native system, and does not need to carry out follow-up access authentication; If this terminal is not native system compatible terminal, authentication module 303 carries out access authentication by first enciphered message of carrying according to position register request information and terminal.
As shown in Figure 4, authentication module 303 comprises: decryption unit 3031, confirmation transmitting element 3032 and access control unit 3033, wherein:
Further, access control unit 3033 also when being native system compatible terminal when terminal, allows terminal access native system.
Above-mentioned treaty rule refers to the deciphering rule that native system is made an appointment, in the present embodiment, according to treaty rule, the first enciphered message is decrypted, obtain the first decryption information, if the first decryption information obtaining be wrong be Decryption failures, do not allow this terminal to be linked in native system, that is: gateway cannot send control command to this terminal; If the first decryption information obtaining is correctly successful decryption, gateway allows this terminal to be linked in native system, for gateway, this terminal has successfully been passed through access authentication, and send location register confirmation (LOCATE-ACCEPT) to the terminal by access authentication, it is alleged the second enciphered message in the present embodiment that this location register confirmation carries specific IWU information, and this second enciphered message is to adopt des encryption algorithm process ciphertext later equally.
Corresponding terminal receives after the location register confirmation of gateway transmission, according to treaty rule, this location register confirmation is decrypted, obtain the second decryption information, if the second decryption information mistake obtaining, terminal does not allow gateway to control it, thereby can avoid user maliciously to enter internal system, carries out illegal operation; If obtain the second decryption information, be correctly successful decryption, represent terminal access authentication success, terminal will respond the control command sending after gateway authentication success, and accepts gateway it is controlled.
In the present embodiment, terminal can be handheld terminal, can be also non-handheld terminal.
Because the present embodiment has added the IWU-TO-IWU message element of self-defining encrypting and authenticating in mobility management protocol (MM) in position register request information (LOCATE-REQUEST) and location register confirmation (LOCATE-ACCEPT), this message element has comprised the necessary information of access authentication, can solve following technical problem: prevent that user from maliciously entering the direct control of system; Individual privacy to user is effectively protected; Meet the requirement of user to security of system; Effectively guaranteed the reliability and security of system; And can prevent the attack of the bad personnel of object to system.
As shown in Figure 5, the present invention also proposes a kind of intelligent domestic system access authentication system, comprising: gateway 501 and terminal 502, wherein:
In the present embodiment, gateway 501 can be the gateway described in above-described embodiment; Terminal 502 can be handheld terminal or self-defining non-handheld terminal.The present embodiment system access authentication principles can be with reference to the associated description of the embodiment of the method for above-mentioned correspondence.
With PP terminal and FP gateway, in conjunction with des encryption algorithm, introduce in detail the present embodiment system access identifying procedure below:
PP terminal is in launch position registration request information { during LOCATE-REQUEST}, if judgement terminal type is the type of non-compatible terminal, need to be { add < < IWU-To-IWU > > field in LOCATE-REQUEST}, this field have comprised <PP_IWU_HOME_AUTOMATION_SYSTEM_VERIFY_CMDGr eatT.GreaT.GT message.
FP gateway is received { after LOCATE-REQUEST}, the type that PP terminal is non-compatible terminal if judge, need to check { in LOCATE-REQUEST}, whether to carry < < IWU-To-IWU > >, and verify that whether <PP_IWU_HOME_AUTOMATION_SYSTEM_VERIFY_CMDGr eatT.GreaT.GT data are effective.If these data are effective, record this terminal control < and enable > for effective; If these data are invalid, revising this terminal control <, to enable > be invalid.It is for judging whether to allow to control this terminal that < enables >.
After FP gateway is received < < IWU-To-IWU > > and is verified as effectively, in the location register confirmation of replying, { in LOCATE-ACCEPT}, add < < IWU-To-IWU > > field, this field has comprised <FP_IWU_HOME_AUTOMATION_SYSTEM_VERIFY_CMDGr eatT.GreaT.GT information.
When PP terminal is received after < < IWU-To-IWU > >, whether checking <FP_IWU_HOME_AUTOMATION_SYSTEM_VERIFY_CMDGr eatT.GreaT.GT data are effective.If these data are effective, record this gateway Based Intelligent Control < and enable > for effective; If these data are invalid, revising this gateway Based Intelligent Control <, to enable > be invalid.It is for judging whether to allow to receive Based Intelligent Control instruction that < enables >.
The method that corresponding message generates, as described below:
1) <PP_IWU_HOME_AUTOMATION_SYSTEM_VERIFY_CMDGr eatT.GreaT.GT message parameter generates and the method authenticating:
As shown in Figure 6, be PP terminal parameter product process, wherein:
A1: 5 IPUI codes by three characters " KYH " and PP terminal self rearrange simple_Data[8 in order];
A2: by calling void Des_SetKey (const char Key[8]) function, the entrance Key[8 of function] content be Ky-Uhome, generated the KS[8 that A31 computing needs];
A31: by call void Des_Run (char Out[8], char In[8], char Type) function, the outlet parameter Out[8 of function] be set to bVerify_cipherData[8]; The parameter I n[8 of function] be set to simple_Data[8]; Type is set to 1 (encryption).
Result after functional operation is kept at bVerify_cipherData[8], be IWU_HOME_AUTOMATION_SYSTEM_VERIFY_CMD parameter.
As shown in Figure 7, be FP gateway authentication flow process, wherein:
A2: by calling void Des_SetKey (const char Key[8]) function, the entrance Key[8 of function] content be Ky-Uhome, generated the KS[8 that A32 computing needs];
A32: by call void Des_Run (char Out[8], char In[8], char Type) function, the outlet parameter Out[8 of function] be set to simple_Data ' [8]; The parameter I n[8 of function] be set to bVerify_cipherData[8]; Type is set to 0 (deciphering).Result after functional operation is kept at simple_Data ' [8].FP gateway passes through simple_Data ' [8] and simple_Data[8] relatively, if equated, authentication is passed through, if unequal, authentification failure.
Wherein, 5 IPUI codes that FP gateway gets corresponding PP terminal by three characters " KYH " with from mutual dect agreement rearrange simple_Data[8 in order].
2) method that <FP_IWU_HOME_AUTOMATION_SYSTEM_VERIFY_CMDGr eatT.GreaT.GT message parameter generates:
As shown in Figure 8, be FP gateway parameter product process, wherein:
A1: 5 RFPI codes by three characters " KYB " and FP rearrange simple_BData[8 in order];
A2: by calling void Des_SetKey (const char Key[8]) function, the entrance Key[8 of function] content be Ky-Uhome, generated the KS[8 that A3 computing needs];
A31: by call void Des_Run (char Out[8], char In[8], char Type) function, the outlet parameter Out[8 of function] be set to bVerify_cipherData[8]; The parameter I n[8 of function] be set to simple_BData[8]; Type is set to 1 (encryption).
Result after functional operation is kept at bVerify_cipherData[8], be FP_IWU_HOME_AUTOMATION_SYSTEM_VERIFY_CMD parameter.
As shown in Figure 9, be PP terminal authentication flow process, wherein:
A2: by calling void Des_SetKey (const char Key[8]) function, the entrance Key[8 of function] content be Ky-Uhome, generated the KS[8 that A32 computing needs];
A32: by call void Des_Run (char Out[8], char In[8], char Type) function, the outlet parameter Out[8 of function] be set to simple_BData ' [8]; The parameter I n[8 of function] be set to bVerify_cipherData[8]; Type is set to 0 (deciphering).Result after functional operation is kept at simple_BData ' [8].FP passes through simple_BData ' [8] and simple_BData[8] relatively, if equated, authentication is passed through, if unequal, authentification failure.
Wherein, PP rearranges simple_BData[8 in order by 5 RFPI codes of three characters " KYB " and synchronous upper FP].
In above-described embodiment, { element value in LOCATE-REQUEST} information is as shown in table 1 below, and { element value in Terminal capabilty} information is as shown in table 2 below, and { the message element value in LOCATE-ACCEPT} is as shown in table 3 below.
Element value in table 1:{LOCATE-REQUEST} information
Element value in table 2:{Terminal capabilty} information
In above-mentioned table 2,0000 of counterpart terminal type (octet 5) represents common hand-held set, and other are that non-handset-type terminal is used.
Message element value in table 3:{LOCATE-ACCEPT}
Embodiment of the present invention intelligent domestic system access authentication method, gateway and system are carried out system access authentication by gateway to the non-handheld terminal of request location register, the terminal of only having authentication to pass through just can allow to be linked into gateway, and receives the Based Intelligent Control instruction that gateway sends; After non-compatible terminal authenticates by gateway accessing, in the registration ack message of position, can receive the authentication information of gateway, the gateway that only has authentication to pass through, the Based Intelligent Control instruction that terminal just can be sent this gateway responds, by the terminal of above-mentioned two kinds of modes and the mutual identity authentication between gateway, guarantee the consistency of system, can effectively shield disabled user's metering-in control system and carry out malicious attack, can effectively guarantee that system safety moves reliably.And access authentication procedure is simple, can automatically be completed by software, solved prior art due to without unified standard, cause system exist potential safety hazard not enough problem.
The foregoing is only the preferred embodiments of the present invention; not thereby limit the scope of the claims of the present invention; every equivalent structure or flow process conversion that utilizes specification of the present invention and accompanying drawing content to do; or be directly or indirectly used in other relevant technical field, be all in like manner included in scope of patent protection of the present invention.
Claims (8)
1. an intelligent domestic system access authentication method, is characterized in that, comprises the following steps:
Terminal sends position register request information to gateway;
The position register request information that gateway receiving terminal sends, and the terminal compatible information carrying according to described position register request information judges whether described terminal is native system compatible terminal;
When described terminal is not native system compatible terminal, the first enciphered message and described terminal that gateway carries according to described position register request information are carried out access authentication;
The step that the first enciphered message that described gateway carries according to position register request information and described terminal are carried out access authentication comprises:
The first enciphered message that gateway carries described position register request information is decrypted according to treaty rule, obtains the first decryption information;
If the first decryption information is incorrect, do not allow described terminal access native system; Otherwise
Allow described terminal access native system, and send location register confirmation to described terminal;
The second enciphered message that the described location register confirmation that end-on is received is carried is decrypted according to treaty rule, obtains the second decryption information;
When described the second decryption information is when correct, the control command sending after gateway authentication success described in terminal response, completion system access authentication.
2. method according to claim 1, is characterized in that, described the first enciphered message and the second enciphered message are by the ciphertext after des encryption algorithm process.
3. method according to claim 1 and 2, is characterized in that, the described terminal compatible information carrying according to position register request information judges that whether described terminal is also to comprise after the step of native system compatible terminal:
When described terminal is native system compatible terminal, gateway allows described terminal access native system.
4. an intelligent domestic system access authentication gateway, is characterized in that, comprising:
Receiver module, the position register request information sending for receiving terminal;
Judge module, judges for the terminal compatible information carrying according to described position register request information whether described terminal is native system compatible terminal;
Authentication module, for when described terminal is not native system compatible terminal, first enciphered message of carrying according to described position register request information is carried out access authentication to described terminal;
Described authentication module comprises:
Decryption unit, is decrypted according to treaty rule for the first enciphered message that described position register request information is carried, and obtains the first decryption information;
Confirmation transmitting element, for when the first decryption information is when correct, to described terminal, send location register confirmation, second enciphered message of described location register confirmation being carried by described terminal is decrypted according to treaty rule, obtains the second decryption information;
Access control unit, for when the first decryption information is when incorrect, does not allow described terminal access native system; And when the first decryption information is when correct, allow described terminal access native system, and, described terminal is controlled when correct at described the second decryption information.
5. gateway according to claim 4, is characterized in that, described the first enciphered message and the second enciphered message are by the ciphertext after des encryption algorithm process.
6. according to the gateway described in claim 4 or 5, it is characterized in that, described access control unit, also for when described terminal is native system compatible terminal, allows described terminal access native system.
7. an intelligent domestic system access authentication system, is characterized in that, comprising: gateway and terminal, wherein:
Described terminal, for sending position register request information to described gateway, and first enciphered message of carrying according to described position register request information and described gateway carry out access authentication;
Described gateway, for receiving described position register request information, and first enciphered message of carrying according to described position register request information and described terminal are carried out access authentication;
Described gateway, is also decrypted according to treaty rule for the first enciphered message that described position register request information is carried, and when successful decryption, to described terminal, sends location register confirmation;
Described terminal, the location register confirmation also sending when the first enciphered message successful decryption that described position register request information is carried for receiving described gateway, and the second enciphered message that described location register confirmation is carried is decrypted according to the rule of agreement, when successful decryption, respond the control command sending after described gateway authentication success.
8. system according to claim 7, is characterized in that, described gateway is the gateway described in any one in claim 5-8; Described terminal is handheld terminal or non-handheld terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110028492.1A CN102075929B (en) | 2011-01-26 | 2011-01-26 | Access authentication method, gateway and system for smart home system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110028492.1A CN102075929B (en) | 2011-01-26 | 2011-01-26 | Access authentication method, gateway and system for smart home system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102075929A CN102075929A (en) | 2011-05-25 |
| CN102075929B true CN102075929B (en) | 2014-04-02 |
Family
ID=44034242
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110028492.1A Expired - Fee Related CN102075929B (en) | 2011-01-26 | 2011-01-26 | Access authentication method, gateway and system for smart home system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102075929B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9271252B2 (en) * | 2012-09-07 | 2016-02-23 | Panasonic Intellectual Property Management Co., Ltd. | Communication terminal device, communication system, and method of controlling communication terminal device |
| CN102984603A (en) * | 2012-11-19 | 2013-03-20 | 中兴通讯股份有限公司 | System, method and terminal for home gateway intelligent control |
| CN103970103A (en) * | 2014-05-12 | 2014-08-06 | 凌彬 | Intelligent home scene control method and system and scene controller |
| CN104865838B (en) * | 2015-05-29 | 2017-10-27 | 四川长虹电器股份有限公司 | A kind of information processing method and smart home control device |
| CN105467846A (en) * | 2015-11-10 | 2016-04-06 | 广东安居宝数码科技股份有限公司 | Intelligent household appliance control method and system |
| CN105577388A (en) * | 2015-12-31 | 2016-05-11 | 金邦达有限公司 | Authentication method, authentication device and device control system |
| CN106899603A (en) * | 2017-03-14 | 2017-06-27 | 微鲸科技有限公司 | A kind of smart machine monitoring method and device |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101820344A (en) * | 2010-03-23 | 2010-09-01 | 中国电信股份有限公司 | AAA server, home network access method and system |
-
2011
- 2011-01-26 CN CN201110028492.1A patent/CN102075929B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101820344A (en) * | 2010-03-23 | 2010-09-01 | 中国电信股份有限公司 | AAA server, home network access method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102075929A (en) | 2011-05-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102075929B (en) | Access authentication method, gateway and system for smart home system | |
| US20050188219A1 (en) | Method and a system for communication between a terminal and at least one communication equipment | |
| CN110267270B (en) | Identity authentication method for sensor terminal access edge gateway in transformer substation | |
| CN103237305B (en) | Password protection method for smart card on facing moving terminal | |
| CN102685119A (en) | Data transmitting/receiving method, data transmitting/receiving device, transmission method, transmission system and server | |
| WO2007117914A2 (en) | Bio-metric encryption key generator | |
| CN110336788B (en) | Data security interaction method for Internet of things equipment and mobile terminal | |
| CN106790251B (en) | User access method and user access system | |
| TW201729562A (en) | Server, mobile terminal, and internet real name authentication system and method | |
| KR20130007565A (en) | Confidential communication method using vpn, a system and program for the same, and memory media for program therefor | |
| CN202759475U (en) | Data transmission device, data reception device, data transmission system and server | |
| WO2011020350A1 (en) | Client terminal for providing service, wireless terminal and binding implementation method | |
| US20050195778A1 (en) | Method and device for setting up connections between communication terminals and data and/or communication networks having wireless transmission links, such as, for example, wireless local area networks (WLAN) and/or mobile telephone networks, and a corresponding computer program and a corresponding computer-readable storage medium | |
| CN105704711A (en) | Method for ensuring call communication security, device and user terminal | |
| CN101977379A (en) | Authentication method and device of mobile terminal | |
| CN103297940A (en) | Short message encryption communication system and method | |
| CN105873059A (en) | Joint identity authentication method and system for power distribution communication wireless private network | |
| CN101765110B (en) | Dedicated encryption protection method between user and wireless access point | |
| Wang et al. | An enhanced authentication protocol for WRANs in TV white space | |
| WO2011144129A2 (en) | Machine-card interlocking method, user identity model card and terminal | |
| CN111212017A (en) | Intelligent terminal-oriented safe transmission method and system | |
| US20040186990A1 (en) | Method of e-mail encryption | |
| CN107864136A (en) | A kind of stolen method of anti-locking system short message service | |
| CN1921411B (en) | Method for creating a user equipment split between a terminal equipment and serially connected equipments | |
| JP2010117988A (en) | System and method for high-level authentication and formation of secure virtual network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Free format text: FORMER OWNER: SHENZHEN SANSHENG BIOTECHNOLOGY CO., LTD. Effective date: 20120816 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20120816 Address after: 518000 Shenzhen City, Luohu District Jiefang Road Mingshi court block A room 1704 Applicant after: Yang Xiuying Address before: 518000 Guangdong city of Shenzhen province Futian District City Road four Zhuzilin Zizhu bridge management office building 1-3 building (office building, two floor, No. 215 road and Bridge Management) Applicant before: Shenzhen Sansheng Biotechnology Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140402 Termination date: 20150126 |
|
| EXPY | Termination of patent right or utility model |