CN103517273A - Authentication method, managing platform and Internet-of-Things equipment - Google Patents
Authentication method, managing platform and Internet-of-Things equipment Download PDFInfo
- Publication number
- CN103517273A CN103517273A CN201310467622.0A CN201310467622A CN103517273A CN 103517273 A CN103517273 A CN 103517273A CN 201310467622 A CN201310467622 A CN 201310467622A CN 103517273 A CN103517273 A CN 103517273A
- Authority
- CN
- China
- Prior art keywords
- internet
- things equipment
- management platform
- authentication
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses an authentication method, a managing platform and Internet-of-Things equipment. The shortcoming that an existing Internet-of-Things authentication technology cannot achieve mutual validity verification between the Internet-of-Things equipment and the remote managing platform is overcome. According to the method, the managing platform receives an authentication request which is sent by the Internet-of-Things equipment and is encrypted with Ppuk, the authentication request comprises the equipment information and the equipment ID of the Internet-of-Things equipment; the authentication request is decrypted with Ppuk, the equipment information and the equipment ID of the Internet-of-Things equipment are obtained; according to the equipment ID of the Internet-of-Things equipment, inquiring is carried out on MDM, the MDM can store the corresponding relationship of the equipment ID and the equipment information; according to the inquiring results fed back by the MDM or the inquiring results fed back by the MDM and a decryption authentication request, the equipment information of the Internet-of-Things equipment is obtained, and the Internet-of-Things equipment is subjected to authentication. The fact that only the legal Internet-of-Things equipment is connected into the legal managing platform can be guaranteed.
Description
Technical field
The present invention relates to Internet of Things authentication techniques, relate in particular to a kind of authentication method, management platform and internet of things equipment.
Background technology
Along with popularizing of technology of Internet of things, more and more traditional commodities, as automobile, intelligent gauge, consumer electronics, watch-dog etc. are embedded into transducer and communication module, become internet of things equipment.These internet of things equipments and Internet of Things management platform communicate, to complete set task.
Network architecture of Internet of things is mainly comprised of sensing layer, network layer and application layer.Sensing layer is realized the Intellisense identification of physical world, Information Collecting & Processing and is automatically controlled, and by communication module, physical entity is connected to network layer and application layer.Network layer mainly realizes transmission, route and the control of information, comprises and extends net, Access Network and core net, and network layer can be relied on public telecom network and the Internet, also can rely on industry dedicated communications network.Application layer is Internet of Things management platform, for Internet of Things application provides general basic service facility, ability and the resource transfer interfaces such as information processing, calculating, realizes based on this Internet of Things in the various application of various fields.Internet of Things management platform can be built by operator, also can be built by the third-party institution.
In existing mobile communications network, because terminal equipment is user's personal objects, so carrier network cannot guarantee the safety of terminal equipment, the network access authentication of operator only guarantees that the user of access network is validated user (legal user refers to the user that Ju Yumou operator is signing), and can not guarantee the fail safe of user's personal objects.
In Internet of Things, internet of things equipment is generally in unattended environment, easily under attack, destroy, the subscriber identification module of the identity information of the representative of consumer on equipment (SIM) or universal subscriber identity module (USIM) are also easily sabotaged etc. by people, thereby bring the controversial issue problem of interests., have after the illegality equipment access carrier network of validated user identity meanwhile, also may implement further to destroy to carrier network.Therefore, be necessary to verify the legitimacy of the internet of things equipment of access network, to avoid illegal internet of things equipment access-in management platform, and then Attack Platform or attack other internet of things equipments.
At true identity and its of entity, claim status incongruence time, can think illegality equipment.Such as device A, having forged false identity (is false No. ID, software and hardware information etc.), if remote management platform does not authenticate device A, but the direct access-in management platform of the device A of leaving, device A can be uploaded false business information to remote management platform, thereby affects the function of remote management platform.And other equipment that device A can also be lower with remote management platform administration communicate, such as pushing spoofing to these equipment, send rogue program etc. to cheat or to damage those equipment.
But how internet of things equipment authenticates, and there is no at present standard agreement.Some Internet of Things application, for a large amount of internet of things equipment employing group authentication mechanisms that belong to same enterprise or sector application, be some internet of things equipments and select gateway node, by gateway node and management platform, authenticated, after authentication is passed through, internet of things equipment is by gateway node unified management, and internet of things equipment is communicated by letter with management platform by the latter.This authentication mode does not belong to same enterprise or industry for internet of things equipment, cannot select unified gateway node, can not carry out the unified certification of these equipment by the technical scheme of group authentication.
Not only be necessary the legitimacy of the internet of things equipment of access Internet of Things to verify, on the other hand, also exist assailant and send instruction by forging remote management platform, and then attack or control the problem of internet of things equipment.Such as forging false management platform, lawless person lures equipment B access into, if equipment B does not authenticate the false management platform of this forgery, but the access way providing by lawless person is directly linked into this falseness management platform, lawless person just can carry out by this falseness management platform the operation of control appliance B, and then all information of equipment B are for illegal object.Therefore, to the authentication of remote management platform whether, with whether the same to the authentication of internet of things equipment, all directly traffic affecting is normally runed.
Such as other Internet of Things application, use shared secret mechanism to carry out unilateral authentication to equipment, this scheme supposes to authenticate that in both sides, to have a side be believable conventionally, it is believable to be that server side is considered to, Authentication devices identity only, authentication server identity not, and can be on server the key of pre-stored equipment or private information for subsequent authentication.This authentication mode cannot be applicable to the authentication that third party builds remote management platform, because this situation lower platform and internet of things equipment are all incredible, between two incredible entities, be difficult to shared secret information, thereby be not suitable for using symmetric key mechanisms to authenticate.In addition, two-way authentication is not the stack of two unilateral authentication, and existing unilateral authentication scheme can not simple extension be that two-way authentication is applied to the incredible scene of both sides.
Moreover if preserve key or the secret information of property networked devices on remote management platform, when internet of things equipment scale sharply increases, the information that preserve will magnanimity increase, maintenance difficulties is very big.And, when internet of things equipment need to switch remote management platform because cooperation policy changes, between two remote management platforms, also need to exchange key or secret information, exist equally potential safety hazard.
Therefore, existing Internet of Things authentication techniques, cannot realize the demand of verifying mutually the other side's legitimacy between internet of things equipment and remote management platform, to guarantee the fail safe of Internet of Things system.
Summary of the invention
Technical problem to be solved by this invention is to overcome current Internet of Things authentication techniques cannot realize the deficiency of verifying mutually the other side's legitimacy between internet of things equipment and remote management platform.
In order to solve the problems of the technologies described above, the application's embodiment provides a kind of method that internet of things equipment is authenticated, for management platform, described internet of things equipment is authenticated, described internet of things equipment presets the platform PKI (Ppuk) of described management platform, and described management platform presets platform private key (Psuk); In the method, described management platform is carried out following operation:
An authentication request that receives the described Ppuk encryption of use of described internet of things equipment transmission, described authentication request comprises facility information and the device identification (ID) of described internet of things equipment;
Use described Psuk to decipher described authentication request, obtain facility information and the device id of described internet of things equipment;
According to the device id of described internet of things equipment, to mobile device management (MDM), inquire about, described MDM can memory device ID and the corresponding relation of facility information;
According to the Query Result of described MDM feedback, or the Query Result of described MDM feedback and decipher the facility information of the described internet of things equipment that described authentication request obtains, described internet of things equipment is authenticated.
Preferably, according to described device id, to mobile device management (MDM), inquire about, comprising:
To mobile device management (MDM), send an inquiry request, described inquiry request includes described device id;
Receive the facility information corresponding with described device id or the inquiry failed message of described MDM feedback.
Preferably, according to the Query Result of described MDM feedback, or the Query Result of described MDM feedback and decipher the facility information of the described internet of things equipment that described authentication request obtains, described internet of things equipment is authenticated, comprising:
According to described inquiry failed message, do not pass through the authentication to described internet of things equipment; Or
The facility information of described internet of things equipment and the facility information corresponding with described device id are compared; When the facility information of described internet of things equipment and the facility information corresponding with described device id are consistent by the authentication to described internet of things equipment, when the facility information of described internet of things equipment and the facility information corresponding with described device id are inconsistent by the authentication to described internet of things equipment;
Wherein, described Query Result comprises described inquiry failed message or the facility information corresponding with described device id.
The application's embodiment also provides a kind of management platform has been carried out to authentication method, for internet of things equipment, described management platform is authenticated, described internet of things equipment presets the platform PKI (Ppuk) of device private (Dsuk), equipment PKI (Dpuk) and described management platform, and described management platform is by communicating and obtain described Dpuk with described internet of things equipment; In the method, described internet of things equipment is carried out following operation:
Receive the authentication information that described management platform sends, described authentication information is used described Dpuk to encrypt generation to a random number and an enciphered message by described management platform;
Use described Dsuk to be decrypted described authentication information, obtain described random number and enciphered message;
Use described Ppuk to be decrypted described enciphered message, obtain one with reference to random number;
According to described random number and with reference to random number, described management platform is authenticated.
Preferably, according to described random number and with reference to random number, described management platform is authenticated, comprising:
Judge whether described random number equates with reference to random number with described;
Judge described random number with described while equating with reference to random number, described internet of things equipment is by the authentication to described management platform; Judge described random number and described when unequal with reference to random number, described internet of things equipment is by the authentication to described management platform;
Wherein, described enciphered message is used preset platform private key (Psuk) that described random number is encrypted and is obtained by described management platform.
The application's embodiment also provides a kind of management platform, and for internet of things equipment is authenticated, described internet of things equipment presets the platform PKI (Ppuk) of described management platform, and described management platform presets platform private key (Psuk); Described management platform comprises:
Receiver module, receives the authentication request that the described Ppuk of use that described internet of things equipment sends encrypts, and described authentication request comprises facility information and the device identification (ID) of described internet of things equipment;
Deciphering module, is used described Psuk to decipher described authentication request, obtains facility information and the device id of described internet of things equipment;
Enquiry module, inquires about to mobile device management (MDM) according to the device id of described internet of things equipment, and described MDM can memory device ID and the corresponding relation of facility information;
Authentication module, according to the Query Result of described MDM feedback, or the Query Result of described MDM feedback and decipher the facility information of the described internet of things equipment that described authentication request obtains, described internet of things equipment is authenticated.
Preferably, described enquiry module comprises:
Transmitting element, sends an inquiry request to mobile device management (MDM), and described inquiry request includes described device id;
Receiving element, receives the facility information corresponding with described device id of described MDM feedback or inquires about failed message.
Preferably, described authentication module comprises:
Comparing unit, compares the facility information of described internet of things equipment and the facility information corresponding with described device id;
Authentication ' unit, does not pass through the authentication to described internet of things equipment according to described inquiry failed message; Or described comparing unit compare the facility information of described internet of things equipment and the facility information corresponding with described device id when consistent by the authentication to described internet of things equipment, described comparing unit compare the facility information of described internet of things equipment and the facility information corresponding with described device id when inconsistent by the authentication to described internet of things equipment.
The application's embodiment also provides a kind of internet of things equipment, for described management platform is authenticated, described internet of things equipment presets the platform PKI (Ppuk) of device private (Dsuk), equipment PKI (Dpuk) and described management platform, and described management platform is by communicating and obtain described Dpuk with described internet of things equipment; Described internet of things equipment comprises:
Receiver module, receives the authentication information that described management platform sends, and described authentication information is used described Dpuk to encrypt generation to a random number and an enciphered message by described management platform;
The first deciphering module, is used described Dsuk to be decrypted described authentication information, obtains described random number and enciphered message;
The second deciphering module, is used described Ppuk to be decrypted described enciphered message, obtains one with reference to random number;
Authentication module, authenticates described management platform according to described random number and with reference to random number.
Preferably, described authentication module comprises:
Judging unit, judges whether described random number equates with reference to random number with described;
Authentication ' unit, described judging unit is judged described random number with described while equating with reference to random number, and described internet of things equipment is by the authentication to described management platform; Described judging unit is judged described random number and described when unequal with reference to random number, and described internet of things equipment is by the authentication to described management platform;
Wherein, described enciphered message is used preset platform private key (Psuk) that described random number is encrypted and is obtained by described management platform.
Compared with prior art, the application's embodiment provides a kind of certificate scheme between internet of things equipment and management platform, can guarantee to only have legal internet of things equipment to access legal management platform, avoid affecting business and normally runing because illegality equipment accesses legal management platform, and legal user's internet of things equipment is linked into unauthorized management platform and legitimate rights and interests incur loss.The application's embodiment can keep the continuity of current internet of things service, can effectively avoid or reduce user's economic loss.
Other features and advantages of the present invention will be set forth in the following description, and, partly from specification, become apparent, or understand by implementing the present invention.Object of the present invention and other advantages can be realized and be obtained by specifically noted structure in specification, claims and accompanying drawing.
Accompanying drawing explanation
Accompanying drawing is used to provide the further understanding to technical solution of the present invention, and forms a part for specification, is used from explanation technical scheme of the present invention with the application's embodiment mono-, does not form the restriction to technical solution of the present invention.
Fig. 1 is the schematic flow sheet of the method that internet of things equipment is authenticated of the embodiment of the present application.
Fig. 2 is the schematic flow sheet of the method that management platform is authenticated of the embodiment of the present application.
Fig. 3 is the organigram of the management platform of the embodiment of the present application.
Fig. 4 is the organigram of the internet of things equipment of the embodiment of the present application.
Embodiment
Below with reference to drawings and Examples, describe embodiments of the present invention in detail, to the present invention, how application technology means solve technical problem whereby, and the implementation procedure of reaching technique effect can fully understand and implement according to this.Each feature in the embodiment of the present application and embodiment is the mutually combining under prerequisite of not conflicting mutually, all within protection scope of the present invention.
In addition, in the step shown in the flow chart of accompanying drawing, can in the computer system such as one group of computer executable instructions, carry out.And, although there is shown logical order in flow process, in some cases, can carry out shown or described step with the order being different from herein.
In the authentication method of the embodiment of the present application, before internet of things equipment is communicated by letter with management platform, management platform authenticates internet of things equipment by inquiry MDM, and internet of things equipment authenticates management platform by public-key mechanism, thereby completes the two-way authentication between internet of things equipment and management platform.In mutual authentication process, generate the session key of communication subsequently.The facility informations such as the ardware model number of internet of things equipment, software version, use country, geographical position, operator are registered in mobile device management (MDM).MDMYou internet of things equipment production firm unifies operation management, and inquiry service is provided.
In the application's embodiment, internet of things equipment and management platform can be carried out the regular two-way authentication of carrying out, and new session key more.
The method that internet of things equipment is authenticated of the embodiment of the present application, for management platform, internet of things equipment is authenticated, internet of things equipment presets the platform PKI Ppuk of equipment PKI Dpuk and management platform, and management platform presets platform private key Psuk and Ppuk.
It should be noted that, in the application's embodiment, management platform can be server.
As shown in Figure 1, the method that internet of things equipment is authenticated of the embodiment of the present application mainly comprises following content.
Step S110, internet of things equipment sends authentication request to management platform, and this authentication request usage platform PKI Ppuk encrypts.This authentication request comprises the information such as facility information, device identification (ID) and equipment PKI Dpuk of internet of things equipment, and wherein the facility information of internet of things equipment mainly comprises the information such as device parameter (as ardware model number etc.), software parameter (as software version etc.) and operator's (comprising country, geographical position etc.) of internet of things equipment.
Step S120, management platform usage platform private key Psuk deciphers the authentication request that internet of things equipment sends, and obtains the information such as facility information, equipment PKI Dpuk and device identification (ID) of this internet of things equipment.
Step S130, management platform, by inquiry one address table T, obtains the MDM address that this internet of things equipment is corresponding, to MDM, sends an inquiry request, includes this device id in this inquiry request.
In the application's embodiment, what in this address table T, store can be the device id of each internet of things equipment; Also can be the span of device id, and not need to store the ID of each internet of things equipment.
Step S140, MDM receives the inquiry request of management platform, according to the device id in this inquiry request, carries out local search, if successfully inquire this device id, goes to step S141, otherwise goes to step S142.
Step S141, MDM inquires corresponding facility information according to this device id, to management platform, sends the facility information corresponding with this device id, goes to step S150 and continues to carry out.
Step S142, sends inquiry failed message to management platform, goes to step S152 and continues to carry out.
Step S150, the facility information that the facility information that management platform comparison MDM returns and internet of things equipment report by authentication request, when the two is identical, management platform is by the authentication to this internet of things equipment, success identity internet of things equipment, going to step S151 continues to carry out, otherwise show that internet of things equipment cannot now can assert that this internet of things equipment is illegality equipment by the authentication of management platform, go to step S152 and continue to carry out.
Step S151, management platform sends authentication success message to internet of things equipment, and expression management platform has successfully been passed through the authentication to this internet of things equipment.Follow-up, management platform can utilize the information such as equipment PKI Dpuk that comprise in aforementioned authentication request to continue to carry out internet of things equipment to the verification process of management platform (this verification process please refer to the flow process shown in Fig. 2).
Step S152, management platform sends authentification failure message to internet of things equipment, represents that management platform does not have by the authentication to this internet of things equipment.
The application's embodiment records the true and false of to be detected identity that internet of things equipment is claimed by MDM, if management platform is judged facility information and the MDM institute canned data that this internet of things equipment to be detected claims, be not inconsistent, assert that this internet of things equipment to be detected is illegality equipment.If it is consistent with MDM institute canned data that management platform is judged facility information that this internet of things equipment to be detected claims, assert that this internet of things equipment to be detected is legitimate device.
In above-mentioned steps S151, management platform has successfully been passed through after the authentication of this internet of things equipment, and session key generation in the lump, for the coded communication between follow-up management platform and this internet of things equipment.
The method that management platform is authenticated of the embodiment of the present application, authenticates management platform for internet of things equipment.Internet of things equipment presets the platform PKI Ppuk of device private Dsuk, equipment PKI Dpuk and management platform, and management platform presets platform private key Psuk, and stores the equipment PKI Dpuk of internet of things equipment.Embodiment as shown in Figure 1, the equipment PKI Dpuk of this internet of things equipment of management platform storage herein, is that internet of things equipment sends to management platform by aforementioned authentication request.In other embodiments, the equipment PKI Dpuk of this internet of things equipment also can directly be preset at management platform place.
Consider following scene: internet of things equipment sends authentication request to false management platform, false management platform can not done any operation, and directly return authentication success allows internet of things equipment access.The internet of things equipment existing risk of this processing procedure that has no way of finding out about it, thus also cannot carry out any strick precaution.Afterwards, false management platform can be controlled internet of things equipment completely.Therefore, be necessary by internet of things equipment, remote management platform to be authenticated, avoid being subject to illegal, false management platform deception internet of things equipment.
As shown in Figure 2, the method that internet of things equipment authenticates management platform mainly comprises following content.
Step S210, management platform produces a random number R and an enciphered message A; Wherein management platform can be encrypted random number R by usage platform private key Psuk, obtains this enciphered message A.
Step S220, management platform is used the equipment PKI Dpuk of this internet of things equipment to encrypt producing authentication information to random number R and enciphered message A, and generated authentication information is issued to internet of things equipment.
Step S230, internet of things equipment receives this authentication information, and uses device private Dsuk to be decrypted received authentication information, obtains random number R and enciphered message A.
Step S240, internet of things equipment usage platform PKI Ppuk is decrypted enciphered message A, obtains with reference to random number R '.
Step S250, internet of things equipment is according to this random number R and with reference to random number R ', management platform is authenticated.Particularly, whether R and R ' are equated to judge, when judging R=R ' establishment, go to step S261, otherwise can assert that this management platform is illegal platform, goes to step S262.
Step S261, internet of things equipment, successfully by the authentication to this management platform, sends authentication success message to management platform.
Step S262, internet of things equipment can not pass through the authentication to this management platform, to management platform, sends authentification failure message.
The application's embodiment completes the authentication of internet of things equipment to remote management platform by public-key mechanism, because legal internet of things equipment has had the PKI of legal management platform before initialization, and illegal management platform does not have PKI and the private key of legal management platform, therefore cannot be by the authentication of internet of things equipment.
In above-mentioned steps S261, after internet of things equipment success identity management platform, can also be used for communicating between follow-up internet of things equipment and management platform by session key generation.
The management platform of the embodiment of the present application, for authenticating internet of things equipment.Internet of things equipment presets the platform PKI (Ppuk) of this management platform, and this management platform presets platform private key (Psuk).As shown in Figure 3, this management platform can comprise receiver module 310, deciphering module 320, enquiry module 330 and authentication module 340, wherein:
Receiver module 310, receives the authentication request that this Ppuk of use that this internet of things equipment sends encrypts, and this authentication request comprises facility information and the device identification (ID) of this internet of things equipment.
Deciphering module 320, is connected with receiver module 310, uses this Psuk to decipher this authentication request, obtains facility information and the device id of this internet of things equipment.
Enquiry module 330, is connected with deciphering module 320 and a MDM500, and the device id obtaining according to deciphering module 320 these authentication request of deciphering is inquired about to MDM500.This MDM500 can store the device id of many internet of things equipments and the corresponding relation of facility information.
Authentication module 340, be connected with deciphering module 320 and enquiry module 330, according to the Query Result of this MDM500 feedback, or the Query Result of this MDM500 feedback and decipher the facility information of this internet of things equipment that this authentication request obtains, this internet of things equipment is authenticated.
As shown in Figure 3, this enquiry module 330 can comprise transmitting element 331 and receiving element 332, wherein:
Transmitting element 331, is connected with MDM500 and this deciphering module 320, to MDM500, sends an inquiry request, and this inquiry request includes this device id.
Receiving element 332, is connected with MDM500 and this authentication module 340, receives the facility information corresponding with this device id or the inquiry failed message of this MDM500 feedback.
As shown in Figure 3, this authentication module 340 can comprise comparing unit 341 and authentication ' unit 342, wherein:
Comparing unit 341, is connected with the receiving element 332 in deciphering module 320 and enquiry module 330, and the facility information of this internet of things equipment and the facility information corresponding with this device id are compared.
Authentication ' unit 342, is connected with the receiving element 332 in comparing unit 341 and enquiry module 330, according to this inquiry failed message, does not pass through the authentication to this internet of things equipment; Or this comparing unit 341 compare the facility information of this internet of things equipment and the facility information corresponding with this device id when consistent by the authentication to this internet of things equipment, this comparing unit 341 compare the facility information of this internet of things equipment and the facility information corresponding with this device id when inconsistent by the authentication to this internet of things equipment.
The internet of things equipment of the embodiment of the present application, for this management platform is authenticated, this internet of things equipment presets the platform PKI (Ppuk) of device private (Dsuk), equipment PKI (Dpuk) and this management platform, and this management platform is by communicating and obtain this Dpuk with this internet of things equipment.
As shown in Figure 4, this internet of things equipment can comprise receiver module 410, the first deciphering module 420, the second deciphering module 430 and authentication module 440, wherein:
Receiver module 410, receives the authentication information that this management platform sends, and this authentication information is used this Dpuk to encrypt generation to a random number and an enciphered message by this management platform.
The first deciphering module 420, is connected with receiver module 410, uses this Dsuk to be decrypted this authentication information, obtains this random number and enciphered message.
The second deciphering module 430, is connected with the first deciphering module 420, uses this Ppuk to be decrypted this enciphered message, obtains one with reference to random number.
Authentication module 440, is connected with the first deciphering module 420 and the second deciphering module 430, according to this random number and with reference to random number, this management platform is authenticated.
As shown in Figure 4, this authentication module 440 can comprise judging unit 441 and authentication ' unit 442, wherein:
Judging unit 441, is connected with the first deciphering module 420 and the second deciphering module 430, judges whether this random number equates with reference to random number with this.
Authentication ' unit 442, is connected with judging unit 441, and when this judging unit 441 is judged this random number and equated with reference to random number with this, this internet of things equipment is by the authentication to this management platform; This judging unit 441 is judged this random number and this when unequal with reference to random number, and this internet of things equipment is by the authentication to this management platform.Wherein, this enciphered message is used preset platform private key (Psuk) that this random number is encrypted and is obtained by this management platform.
In the authentication method embodiment of the above-mentioned internet of things equipment of the application and the embodiment of management platform, management platform does not need key or the secret information that preservation object networked devices is relevant.
In the application's embodiment, internet of things equipment does not rely on management platform, and handover management platform, when having improved authentication efficiency, has also increased fail safe and extensibility flexibly.Internet of things equipment does not need to introduce extra secret information yet, has simplified the workflow of internet of things equipment.
The application's embodiment can guarantee that internet of things equipment and management platform work under a safe and reliable environment, can guarantee to only have legal internet-of-things terminal equipment access network and management platform, guarantee that internet of things equipment is used Internet of Things application under safe and reliable environment, avoids the interests controversial issue problem and the network security problem that because of illegality equipment access, bring.
The application's embodiment can guarantee that internet of things equipment and management platform can work under a safe and reliable environment, guarantees to only have legal internet of things equipment access-in management platform, avoids normally runing because illegality equipment access affects business.The application's embodiment can guarantee that internet of things equipment user's legitimate rights and interests can not incur loss.
Those skilled in the art should be understood that, each part of the device that above-mentioned the embodiment of the present application provides and/or system, and each step in method, they can concentrate on single calculation element, or are distributed on the network that a plurality of calculation elements form.Alternatively, they can be realized with the executable program code of calculation element.Thereby, they can be stored in storage device and be carried out by calculation element, or they are made into respectively to each integrated circuit modules, or a plurality of modules in them or step are made into single integrated circuit module realize.Like this, the present invention is not restricted to any specific hardware and software combination.
Although the disclosed execution mode of the present invention as above, the execution mode that described content only adopts for ease of understanding the present invention, not in order to limit the present invention.Those of skill in the art under any the present invention; do not departing under the prerequisite of the disclosed spirit and scope of the present invention; can in the form of implementing and details, carry out any modification and variation; but scope of patent protection of the present invention, still must be as the criterion with the scope that appending claims was defined.
Claims (10)
1. method internet of things equipment being authenticated, authenticates described internet of things equipment for management platform, and described internet of things equipment presets the platform PKI (Ppuk) of described management platform, and described management platform presets platform private key (Psuk); In the method, described management platform is carried out following operation:
An authentication request that receives the described Ppuk encryption of use of described internet of things equipment transmission, described authentication request comprises facility information and the device identification (ID) of described internet of things equipment;
Use described Psuk to decipher described authentication request, obtain facility information and the device id of described internet of things equipment;
According to the device id of described internet of things equipment, to mobile device management (MDM), inquire about, described MDM can memory device ID and the corresponding relation of facility information;
According to the Query Result of described MDM feedback, or the Query Result of described MDM feedback and decipher the facility information of the described internet of things equipment that described authentication request obtains, described internet of things equipment is authenticated.
2. method according to claim 1, wherein, inquires about to mobile device management (MDM) according to described device id, comprising:
To mobile device management (MDM), send an inquiry request, described inquiry request includes described device id;
Receive the facility information corresponding with described device id or the inquiry failed message of described MDM feedback.
3. method according to claim 2, wherein, according to the Query Result of described MDM feedback, or the Query Result of described MDM feedback and decipher the facility information of the described internet of things equipment that described authentication request obtains, described internet of things equipment is authenticated, comprising:
According to described inquiry failed message, do not pass through the authentication to described internet of things equipment; Or
The facility information of described internet of things equipment and the facility information corresponding with described device id are compared; When the facility information of described internet of things equipment and the facility information corresponding with described device id are consistent by the authentication to described internet of things equipment, when the facility information of described internet of things equipment and the facility information corresponding with described device id are inconsistent by the authentication to described internet of things equipment;
Wherein, described Query Result comprises described inquiry failed message or the facility information corresponding with described device id.
4. one kind is carried out authentication method to management platform, for internet of things equipment, described management platform is authenticated, described internet of things equipment presets the platform PKI (Ppuk) of device private (Dsuk), equipment PKI (Dpuk) and described management platform, and described management platform is by communicating and obtain described Dpuk with described internet of things equipment; In the method, described internet of things equipment is carried out following operation:
Receive the authentication information that described management platform sends, described authentication information is used described Dpuk to encrypt generation to a random number and an enciphered message by described management platform;
Use described Dsuk to be decrypted described authentication information, obtain described random number and enciphered message;
Use described Ppuk to be decrypted described enciphered message, obtain one with reference to random number;
According to described random number and with reference to random number, described management platform is authenticated.
5. method according to claim 4, wherein, authenticates described management platform according to described random number and with reference to random number, comprising:
Judge whether described random number equates with reference to random number with described;
Judge described random number with described while equating with reference to random number, described internet of things equipment is by the authentication to described management platform; Judge described random number and described when unequal with reference to random number, described internet of things equipment is by the authentication to described management platform;
Wherein, described enciphered message is used preset platform private key (Psuk) that described random number is encrypted and is obtained by described management platform.
6. a management platform, for internet of things equipment is authenticated, described internet of things equipment presets the platform PKI (Ppuk) of described management platform, and described management platform presets platform private key (Psuk); Described management platform comprises:
Receiver module, receives the authentication request that the described Ppuk of use that described internet of things equipment sends encrypts, and described authentication request comprises facility information and the device identification (ID) of described internet of things equipment;
Deciphering module, is used described Psuk to decipher described authentication request, obtains facility information and the device id of described internet of things equipment;
Enquiry module, inquires about to mobile device management (MDM) according to the device id of described internet of things equipment, and described MDM can memory device ID and the corresponding relation of facility information;
Authentication module, according to the Query Result of described MDM feedback, or the Query Result of described MDM feedback and decipher the facility information of the described internet of things equipment that described authentication request obtains, described internet of things equipment is authenticated.
7. management platform according to claim 6, wherein, described enquiry module comprises:
Transmitting element, sends an inquiry request to mobile device management (MDM), and described inquiry request includes described device id;
Receiving element, receives the facility information corresponding with described device id of described MDM feedback or inquires about failed message.
8. management platform according to claim 7, wherein, described authentication module comprises:
Comparing unit, compares the facility information of described internet of things equipment and the facility information corresponding with described device id;
Authentication ' unit, does not pass through the authentication to described internet of things equipment according to described inquiry failed message; Or described comparing unit compare the facility information of described internet of things equipment and the facility information corresponding with described device id when consistent by the authentication to described internet of things equipment, described comparing unit compare the facility information of described internet of things equipment and the facility information corresponding with described device id when inconsistent by the authentication to described internet of things equipment.
9. an internet of things equipment, for described management platform is authenticated, described internet of things equipment presets the platform PKI (Ppuk) of device private (Dsuk), equipment PKI (Dpuk) and described management platform, and described management platform is by communicating and obtain described Dpuk with described internet of things equipment; Described internet of things equipment comprises:
Receiver module, receives the authentication information that described management platform sends, and described authentication information is used described Dpuk to encrypt generation to a random number and an enciphered message by described management platform;
The first deciphering module, is used described Dsuk to be decrypted described authentication information, obtains described random number and enciphered message;
The second deciphering module, is used described Ppuk to be decrypted described enciphered message, obtains one with reference to random number;
Authentication module, authenticates described management platform according to described random number and with reference to random number.
10. internet of things equipment according to claim 9, wherein, described authentication module comprises:
Judging unit, judges whether described random number equates with reference to random number with described;
Authentication ' unit, described judging unit is judged described random number with described while equating with reference to random number, and described internet of things equipment is by the authentication to described management platform; Described judging unit is judged described random number and described when unequal with reference to random number, and described internet of things equipment is by the authentication to described management platform;
Wherein, described enciphered message is used preset platform private key (Psuk) that described random number is encrypted and is obtained by described management platform.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310467622.0A CN103517273B (en) | 2013-10-09 | 2013-10-09 | Authentication method, managing platform and Internet-of-Things equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310467622.0A CN103517273B (en) | 2013-10-09 | 2013-10-09 | Authentication method, managing platform and Internet-of-Things equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103517273A true CN103517273A (en) | 2014-01-15 |
| CN103517273B CN103517273B (en) | 2017-04-12 |
Family
ID=49899126
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310467622.0A Active CN103517273B (en) | 2013-10-09 | 2013-10-09 | Authentication method, managing platform and Internet-of-Things equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103517273B (en) |
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103841119A (en) * | 2014-03-25 | 2014-06-04 | 广州物联家信息科技股份有限公司 | Method and system for achieving equipment access authentication based on Home-IOT cloud gateway |
| CN103929748A (en) * | 2014-04-30 | 2014-07-16 | 普联技术有限公司 | Internet of things wireless terminal, configuration method thereof and wireless network access point |
| CN104580261A (en) * | 2015-02-10 | 2015-04-29 | 成都英力拓信息技术有限公司 | Safety method applicable to wireless internet of things |
| CN104683345A (en) * | 2015-03-05 | 2015-06-03 | 华北电力大学(保定) | Internet of things security authentication method based on pseudo-ID |
| CN105120425A (en) * | 2015-09-30 | 2015-12-02 | 中国联合网络通信集团有限公司 | M2M identification method and apparatus, internet of things terminal and M2M identification system |
| CN105407072A (en) * | 2014-09-05 | 2016-03-16 | 北京握奇智能科技有限公司 | Method and system for achieving safety of Internet of Things, and interconnection equipment |
| CN105577612A (en) * | 2014-10-11 | 2016-05-11 | 中兴通讯股份有限公司 | Identity authentication method, third party server, merchant server, and user terminal |
| CN105763517A (en) * | 2014-12-17 | 2016-07-13 | 联芯科技有限公司 | Router security access and control method and system |
| CN106161147A (en) * | 2015-03-31 | 2016-11-23 | 腾讯科技(深圳)有限公司 | Set up the method and device that network connects |
| TWI576779B (en) * | 2015-10-13 | 2017-04-01 | Nat Sun Yat-Sen Univ | Method and Method of Payment Authentication System for Internet of Things |
| CN106603461A (en) * | 2015-10-14 | 2017-04-26 | 阿里巴巴集团控股有限公司 | Business authentication method, apparatus and system |
| CN106686015A (en) * | 2017-03-16 | 2017-05-17 | 北京方研矩行科技有限公司 | Method for dynamically verifying safety networking for intelligent device |
| CN107483456A (en) * | 2017-08-25 | 2017-12-15 | 北京元心科技有限公司 | Identity identifying method and device |
| CN107786486A (en) * | 2016-08-18 | 2018-03-09 | 成都鼎桥通信技术有限公司 | The Activiation method and device of operating system |
| TWI627554B (en) * | 2017-05-10 | 2018-06-21 | 威盛電子股份有限公司 | Methods for blocking unauthorized applications and apparatuses using the same |
| CN108512862A (en) * | 2018-05-30 | 2018-09-07 | 博潮科技(北京)有限公司 | Internet-of-things terminal safety certification control platform based on no certificates identified authentication techniques |
| WO2018233724A1 (en) * | 2017-06-19 | 2018-12-27 | 中兴通讯股份有限公司 | Device certificate distribution method and system, user device, and management entity |
| CN109150508A (en) * | 2017-06-27 | 2019-01-04 | 腾讯科技(深圳)有限公司 | Equipment control and controlled method, device, computer equipment and storage medium |
| CN109547395A (en) * | 2017-09-22 | 2019-03-29 | 中兴通讯股份有限公司 | A kind of method and device improving intelligent gateway safety |
| CN110061849A (en) * | 2019-04-29 | 2019-07-26 | 中兴新能源汽车有限责任公司 | Verification method, server, mobile unit and the storage medium of mobile unit |
| CN110099065A (en) * | 2019-05-10 | 2019-08-06 | 北京百度网讯科技有限公司 | Internet of things equipment and authentication method, Cloud Server, processing equipment, readable medium |
| CN110839044A (en) * | 2019-11-27 | 2020-02-25 | 广州佳都数据服务有限公司 | Cloud key SaaS autonomous AIoT control system and method |
| CN111125648A (en) * | 2018-11-01 | 2020-05-08 | 大唐移动通信设备有限公司 | Equipment change method and device |
| CN111800259A (en) * | 2020-06-17 | 2020-10-20 | 浙江睿朗信息科技有限公司 | Key issuing mode for gas meter safety module |
| CN112087417A (en) * | 2020-07-22 | 2020-12-15 | 深圳奇迹智慧网络有限公司 | Terminal authority control method and device, computer equipment and storage medium |
| US10868689B2 (en) | 2018-02-08 | 2020-12-15 | Amtran Technology Co., Ltd. | Management device of internet-of-thing devices, communication system and communication method |
| CN112733128A (en) * | 2021-02-06 | 2021-04-30 | 深圳市云小白科技有限公司 | Centerless Internet of things security authentication method based on asymmetric encryption |
| CN113132995A (en) * | 2019-12-31 | 2021-07-16 | 中移智行网络科技有限公司 | Equipment control method and device, storage medium and computer equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101789934A (en) * | 2009-11-17 | 2010-07-28 | 北京飞天诚信科技有限公司 | Method and system for online security trading |
| US20110022842A1 (en) * | 2004-03-19 | 2011-01-27 | Hitachi, Ltd. | Contents transmitter apparatus, contents receiver apparatus and contents transmitting method |
-
2013
- 2013-10-09 CN CN201310467622.0A patent/CN103517273B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110022842A1 (en) * | 2004-03-19 | 2011-01-27 | Hitachi, Ltd. | Contents transmitter apparatus, contents receiver apparatus and contents transmitting method |
| CN101789934A (en) * | 2009-11-17 | 2010-07-28 | 北京飞天诚信科技有限公司 | Method and system for online security trading |
Cited By (41)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103841119A (en) * | 2014-03-25 | 2014-06-04 | 广州物联家信息科技股份有限公司 | Method and system for achieving equipment access authentication based on Home-IOT cloud gateway |
| CN103841119B (en) * | 2014-03-25 | 2017-12-01 | 广州物联家信息科技股份有限公司 | The method and system for realizing equipment access authentication are closed based on Home IOT clouds |
| CN103929748B (en) * | 2014-04-30 | 2017-07-04 | 普联技术有限公司 | A kind of Internet of Things wireless terminal and its collocation method and wireless network access point |
| CN103929748A (en) * | 2014-04-30 | 2014-07-16 | 普联技术有限公司 | Internet of things wireless terminal, configuration method thereof and wireless network access point |
| CN105407072A (en) * | 2014-09-05 | 2016-03-16 | 北京握奇智能科技有限公司 | Method and system for achieving safety of Internet of Things, and interconnection equipment |
| CN105577612A (en) * | 2014-10-11 | 2016-05-11 | 中兴通讯股份有限公司 | Identity authentication method, third party server, merchant server, and user terminal |
| CN105763517A (en) * | 2014-12-17 | 2016-07-13 | 联芯科技有限公司 | Router security access and control method and system |
| CN104580261A (en) * | 2015-02-10 | 2015-04-29 | 成都英力拓信息技术有限公司 | Safety method applicable to wireless internet of things |
| CN104580261B (en) * | 2015-02-10 | 2018-01-05 | 成都英力拓信息技术有限公司 | A kind of safety method suitable for Internet of Things |
| CN104683345A (en) * | 2015-03-05 | 2015-06-03 | 华北电力大学(保定) | Internet of things security authentication method based on pseudo-ID |
| CN104683345B (en) * | 2015-03-05 | 2017-10-20 | 华北电力大学(保定) | Internet of Things safety certifying method based on pseudo- ID |
| CN106161147A (en) * | 2015-03-31 | 2016-11-23 | 腾讯科技(深圳)有限公司 | Set up the method and device that network connects |
| CN106161147B (en) * | 2015-03-31 | 2019-08-06 | 腾讯科技(深圳)有限公司 | Establish the method and device of network connection |
| CN105120425B (en) * | 2015-09-30 | 2019-05-21 | 中国联合网络通信集团有限公司 | M2M recognition methods and device, internet-of-things terminal, M2M identifying system |
| CN105120425A (en) * | 2015-09-30 | 2015-12-02 | 中国联合网络通信集团有限公司 | M2M identification method and apparatus, internet of things terminal and M2M identification system |
| TWI576779B (en) * | 2015-10-13 | 2017-04-01 | Nat Sun Yat-Sen Univ | Method and Method of Payment Authentication System for Internet of Things |
| CN106603461A (en) * | 2015-10-14 | 2017-04-26 | 阿里巴巴集团控股有限公司 | Business authentication method, apparatus and system |
| CN107786486A (en) * | 2016-08-18 | 2018-03-09 | 成都鼎桥通信技术有限公司 | The Activiation method and device of operating system |
| CN107786486B (en) * | 2016-08-18 | 2020-03-24 | 成都鼎桥通信技术有限公司 | Method and device for activating operating system |
| CN106686015B (en) * | 2017-03-16 | 2019-10-22 | 北京方研矩行科技有限公司 | A kind of safe networking dynamic confirming method for smart machine |
| CN106686015A (en) * | 2017-03-16 | 2017-05-17 | 北京方研矩行科技有限公司 | Method for dynamically verifying safety networking for intelligent device |
| TWI627554B (en) * | 2017-05-10 | 2018-06-21 | 威盛電子股份有限公司 | Methods for blocking unauthorized applications and apparatuses using the same |
| US10701061B2 (en) | 2017-05-10 | 2020-06-30 | Via Technologies, Inc. | Methods for blocking unauthorized applications and apparatuses using the same |
| WO2018233724A1 (en) * | 2017-06-19 | 2018-12-27 | 中兴通讯股份有限公司 | Device certificate distribution method and system, user device, and management entity |
| CN109150508A (en) * | 2017-06-27 | 2019-01-04 | 腾讯科技(深圳)有限公司 | Equipment control and controlled method, device, computer equipment and storage medium |
| CN107483456A (en) * | 2017-08-25 | 2017-12-15 | 北京元心科技有限公司 | Identity identifying method and device |
| CN109547395A (en) * | 2017-09-22 | 2019-03-29 | 中兴通讯股份有限公司 | A kind of method and device improving intelligent gateway safety |
| US10868689B2 (en) | 2018-02-08 | 2020-12-15 | Amtran Technology Co., Ltd. | Management device of internet-of-thing devices, communication system and communication method |
| CN108512862A (en) * | 2018-05-30 | 2018-09-07 | 博潮科技(北京)有限公司 | Internet-of-things terminal safety certification control platform based on no certificates identified authentication techniques |
| CN108512862B (en) * | 2018-05-30 | 2023-12-05 | 博潮科技(北京)有限公司 | Internet of things terminal security authentication management and control platform based on certificate-free identification authentication technology |
| CN111125648A (en) * | 2018-11-01 | 2020-05-08 | 大唐移动通信设备有限公司 | Equipment change method and device |
| CN111125648B (en) * | 2018-11-01 | 2022-03-29 | 大唐移动通信设备有限公司 | Equipment change method and device |
| CN110061849A (en) * | 2019-04-29 | 2019-07-26 | 中兴新能源汽车有限责任公司 | Verification method, server, mobile unit and the storage medium of mobile unit |
| CN110099065A (en) * | 2019-05-10 | 2019-08-06 | 北京百度网讯科技有限公司 | Internet of things equipment and authentication method, Cloud Server, processing equipment, readable medium |
| US11522854B2 (en) | 2019-05-10 | 2022-12-06 | Beijing Baidu Netcom Science And Technology Co., Ltd. | IoT device and authentication method thereof, cloud server, processing device and readable medium |
| CN110839044A (en) * | 2019-11-27 | 2020-02-25 | 广州佳都数据服务有限公司 | Cloud key SaaS autonomous AIoT control system and method |
| CN113132995A (en) * | 2019-12-31 | 2021-07-16 | 中移智行网络科技有限公司 | Equipment control method and device, storage medium and computer equipment |
| CN111800259A (en) * | 2020-06-17 | 2020-10-20 | 浙江睿朗信息科技有限公司 | Key issuing mode for gas meter safety module |
| CN112087417A (en) * | 2020-07-22 | 2020-12-15 | 深圳奇迹智慧网络有限公司 | Terminal authority control method and device, computer equipment and storage medium |
| CN112733128A (en) * | 2021-02-06 | 2021-04-30 | 深圳市云小白科技有限公司 | Centerless Internet of things security authentication method based on asymmetric encryption |
| CN112733128B (en) * | 2021-02-06 | 2022-06-14 | 深圳市云小白科技有限公司 | Centerless Internet of things security authentication method based on asymmetric encryption |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103517273B (en) | 2017-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103517273A (en) | Authentication method, managing platform and Internet-of-Things equipment | |
| US10642969B2 (en) | Automating internet of things security provisioning | |
| CN106878318B (en) | Block chain real-time polling cloud system | |
| CN103532963A (en) | IOT (Internet of Things) based equipment authentication method, device and system | |
| US8527762B2 (en) | Method for realizing an authentication center and an authentication system thereof | |
| CN113055363B (en) | Identification analysis system implementation method based on blockchain trust mechanism | |
| CN105162772A (en) | IoT equipment authentication and key agreement method and device | |
| KR20180095873A (en) | Wireless network access method and apparatus, and storage medium | |
| CA2879910C (en) | Terminal identity verification and service authentication method, system and terminal | |
| CN103248479A (en) | Cloud storage safety system, data protection method and data sharing method | |
| CN104660605A (en) | Multi-factor identity authentication method and system | |
| CN104185176A (en) | Method and system for remote initialization of Internet of Things virtual subscriber identity module card | |
| CN103856468A (en) | Authentication system and method | |
| CN105656859A (en) | Secure online upgrade method and system for tax control equipment software | |
| CN106027475B (en) | The transmission method and system of a kind of key acquisition method, ID card information | |
| CN105553666A (en) | Security authentication system and method for smart power terminal | |
| Dua et al. | Replay attack prevention in Kerberos authentication protocol using triple password | |
| CN107612949B (en) | Wireless intelligent terminal access authentication method and system based on radio frequency fingerprint | |
| CN103780609A (en) | Cloud data processing method and device and cloud data security gateway | |
| He et al. | An accountable, privacy-preserving, and efficient authentication framework for wireless access networks | |
| CN110929231A (en) | Digital asset authorization method and device and server | |
| CN103152326A (en) | Distributed authentication method and authentication system | |
| CN115967941A (en) | Power 5G terminal authentication method and authentication system | |
| CN108075895B (en) | Node permission method and system based on block chain | |
| CN113221188B (en) | AIS data evidence storage method, evidence obtaining method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |