CN103517273B - Authentication method, managing platform and Internet-of-Things equipment - Google Patents
Authentication method, managing platform and Internet-of-Things equipment Download PDFInfo
- Publication number
- CN103517273B CN103517273B CN201310467622.0A CN201310467622A CN103517273B CN 103517273 B CN103517273 B CN 103517273B CN 201310467622 A CN201310467622 A CN 201310467622A CN 103517273 B CN103517273 B CN 103517273B
- Authority
- CN
- China
- Prior art keywords
- internet
- things equipment
- management platform
- equipment
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Computer And Data Communications (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses an authentication method, a managing platform and Internet-of-Things equipment. The shortcoming that an existing Internet-of-Things authentication technology cannot achieve mutual validity verification between the Internet-of-Things equipment and the remote managing platform is overcome. According to the method, the managing platform receives an authentication request which is sent by the Internet-of-Things equipment and is encrypted with Ppuk, the authentication request comprises the equipment information and the equipment ID of the Internet-of-Things equipment; the authentication request is decrypted with Ppuk, the equipment information and the equipment ID of the Internet-of-Things equipment are obtained; according to the equipment ID of the Internet-of-Things equipment, inquiring is carried out on MDM, the MDM can store the corresponding relationship of the equipment ID and the equipment information; according to the inquiring results fed back by the MDM or the inquiring results fed back by the MDM and a decryption authentication request, the equipment information of the Internet-of-Things equipment is obtained, and the Internet-of-Things equipment is subjected to authentication. The fact that only the legal Internet-of-Things equipment is connected into the legal managing platform can be guaranteed.
Description
Technical field
The present invention relates to Internet of Things authentication techniques, more particularly to a kind of authentication method, management platform and internet of things equipment.
Background technology
With the popularization of technology of Internet of things, more and more traditional commodities such as automobile, intelligent gauge, consumer electronics, monitoring
Equipment etc. is embedded into sensor and communication module, becomes internet of things equipment.These internet of things equipment enter with Internet of Things management platform
Row communication, to complete set task.
Network architecture of Internet of things is mainly made up of sensing layer, Internet and application layer.Sensing layer is realized to physical world
Intellisense identification, Information Collecting & Processing and automatically control, and physical entity is connected to by Internet and should by communication module
With layer.Internet is mainly realized the transmission of information, route and is controlled, including extends net, access network and core net, and Internet can be according to
Support public telecom network and the Internet, it is also possible to rely on industry dedicated communications network.Application layer is Internet of Things management platform, is Internet of Things
Net application provides general basic service facility, ability and the resource transfer interfaces such as information processing, calculating, and thing is realized based on this
Network in the various applications of various fields.Internet of Things management platform can be by operator's construction, it is also possible to built by the third-party institution
If.
In existing mobile communications network, because terminal unit is the personal objects of user, so carrier network cannot
Ensure the safety of terminal unit, the network access authentication of operator only ensures that the user of access network is validated user(Legal
User refers to the user of tool and certain operator's signing), and it cannot be guaranteed that the safety of the personal objects of user.
In Internet of Things, internet of things equipment is typically in unattended environment, easily under attack, destruction, equipment
On representative user identity information subscriber identification module(SIM)Or universal subscriber identity module(USIM)Also easily by people
Sabotage, so as to bring the controversial issue problem of interests.Meanwhile, the illegality equipment access carrier net with validated user identity
After network, it is also possible to implement further destruction to carrier network.Therefore, it is necessary to verify the internet of things equipment of access network
Legitimacy, to avoid illegal internet of things equipment access-in management platform, and then Attack Platform or attack other internet of things equipment.
In the status incongruence that the true identity of entity is claimed with it, you can be considered illegality equipment.Such as device A is pseudo-
The identity of falseness is made(I.e. false No. ID, software and hardware information etc.)If remote management platform is not carried out to device A
Certification, but device A of leaving is directly accessed management platform, then device A can upload false business information to remote management platform,
So as to affect the function of remote management platform.And, device A can be carried out with the other equipment under administering with remote management platform
Communication, such as push spoofing to these equipment, sends rogue program etc. to cheat or damage those equipment.
But, internet of things equipment how certification has no at present standard agreement.Some Internet of Things applications, it is same for belonging to
A large amount of internet of things equipment of enterprise or sector application select gateway node using group authentication mechanism, as some internet of things equipment,
By gateway node and management platform certification, after certification passes through, internet of things equipment is managed collectively by gateway node, and internet of things equipment leads to
Cross the latter to communicate with management platform.This authentication mode is not belonging to same enterprise or industry for internet of things equipment, then without
Method selects unified gateway node, it is impossible to the unified certification of these equipment is carried out using the technical scheme of group certification.
The legitimacy for not being only necessary to dock the internet of things equipment into Internet of Things is verified, on the other hand, also existed
Attacker sends instruction by forging remote management platform, and then attacks or control the problem of internet of things equipment.Such as illegal point
Son forges false management platform and lures that equipment B is accessed into, if equipment B is not authenticated to the false management platform of the forgery, and
It is that the access way provided by lawless person is directly connected to the false management platform, then lawless person just can be by the void
False tube platform carrys out the operation of control device B, and then obtains all information of equipment B for illegal purpose.Therefore, to long-range
With the certification to internet of things equipment whether whether is the certification of management platform, can directly affect the normal operation of business.
Such as other Internet of Things applications, using shared secret mechanism unilateral authentication is carried out to equipment, and this scheme is usual
Assume have a side to be believable in certification both sides, i.e., server side is considered as believable, only verifies equipment identities, is not verified
Server identity, and the key or private information of equipment can be on the server prestored for subsequent authentication.It is this to recognize
Card mode cannot be applied to the certification that third party builds remote management platform, because this situation lower platform is equal with internet of things equipment
It is incredible, between two incredible entities shared secret information is difficult to, thus is not suitable for entering using symmetric key mechanisms
Row certification.Additionally, two-way authentication is not the superposition of two unilateral authentication, existing unilateral authentication scheme can not simple extension
The incredible scene of both sides is applied to for two-way authentication.
Furthermore, if preserving the key or secret information of all internet of things equipment on remote management platform, work as Internet of Things
When equipment scale is sharply increased, the information to be preserved will magnanimity increase, maintenance difficulties are very big.And, when internet of things equipment by
When cooperation policy change needs to switch remote management platform, also need to exchange key or secret between two remote management platforms
Information, equally exists potential safety hazard.
Therefore, existing Internet of Things authentication techniques, cannot realize between internet of things equipment and remote management platform mutually
The demand of the legitimacy of checking other side, to ensure the safety of Internet of Things net system.
The content of the invention
The technical problem to be solved be overcome current Internet of Things authentication techniques cannot realize internet of things equipment with
Verify the deficiency of the legitimacy of other side between remote management platform mutually.
In order to solve above-mentioned technical problem, embodiments herein provides a kind of side being authenticated to internet of things equipment
Method, is authenticated for management platform to the internet of things equipment, and the internet of things equipment presets the flat of the management platform
Platform public key(Ppuk), the management platform presets platform private key(Psuk);In the method, the management platform performs as follows
Operation:
The certification request that the use Ppuk of the internet of things equipment transmission is encrypted is received, is wrapped in the certification request
Include facility information and the device identification of the internet of things equipment(ID);
The certification request is decrypted using the Psuk, the facility information and device id of the internet of things equipment is obtained;
According to the device id of the internet of things equipment to mobile device management(MDM)Inquired about, the MDM can be stored
The corresponding relation of device id and facility information;
According to the Query Result of MDM feedbacks, or MDM feedbacks Query Result and decrypt the certification request
The facility information of the internet of things equipment for obtaining, is authenticated to the internet of things equipment.
Preferably, according to the device id to mobile device management(MDM)Inquired about, including:
To mobile device management(MDM)An inquiry request is sent, the inquiry request includes the device id;
Receive the facility information corresponding with the device id or inquiry failed message of the MDM feedbacks.
Preferably, according to the Query Result of MDM feedbacks, or MDM feedbacks Query Result and decryption it is described
The facility information of the internet of things equipment that certification request is obtained, is authenticated to the internet of things equipment, including:
According to the inquiry failed message not by the certification to the internet of things equipment;Or
Facility information and facility information corresponding with the device id to the internet of things equipment is compared;The thing
The facility information of networked devices and it is consistent with the corresponding facility information of the device id when by recognizing the internet of things equipment
Card, not by the thing when facility information of the internet of things equipment and inconsistent facility information corresponding with the device id
The certification of networked devices;
Wherein, the Query Result includes the inquiry failed message or facility information corresponding with the device id.
Embodiments herein additionally provide it is a kind of method is authenticated to management platform, for internet of things equipment to described
Management platform is authenticated, and the internet of things equipment presets device private(Dsuk), equipment public key(Dpuk)And the management
The platform public key of platform(Ppuk), the management platform with the internet of things equipment by carrying out the acquisition Dpuk that communicates;
In the method, the internet of things equipment performs following operation:
The authentication information that the management platform sends is received, the authentication information is used described by the management platform
Dpuk is generated to a random number and encryption information encryption;
The authentication information is decrypted using the Dsuk, obtains the random number and encryption information;
The encryption information is decrypted using the Ppuk, is obtained one and is referred to random number;
The management platform is authenticated according to the random number and with reference to random number.
Preferably, the management platform is authenticated according to the random number and with reference to random number, including:
Judge whether the random number is equal with the reference random number;
When judging that the random number is equal with the reference random number, the internet of things equipment is by flat to the management
The certification of platform;When judging that the random number is unequal with the reference random number, the internet of things equipment is not by described
The certification of management platform;
Wherein, the encryption information uses preset platform private key by the management platform(Psuk)The random number is entered
Row encryption is obtained.
Embodiments herein additionally provides a kind of management platform, for being authenticated to internet of things equipment, the Internet of Things
Net equipment presets the platform public key of the management platform(Ppuk), the management platform presets platform private key(Psuk);Institute
Stating management platform includes:
Receiver module, receives the certification request that the use Ppuk of the internet of things equipment transmission is encrypted, described to recognize
Card request includes facility information and the device identification of the internet of things equipment(ID);
Deciphering module, using the Psuk certification request is decrypted, obtain the internet of things equipment facility information and
Device id;
Enquiry module, according to the device id of the internet of things equipment to mobile device management(MDM)Inquired about, it is described
MDM can be with storage device ID and the corresponding relation of facility information;
Authentication module, according to the MDM feedback Query Result, or the MDM feedback Query Result and decryption institute
The facility information of the internet of things equipment that certification request is obtained is stated, the internet of things equipment is authenticated.
Preferably, the enquiry module includes:
Transmitting element, to mobile device management(MDM)An inquiry request is sent, the inquiry request includes the equipment
ID;
Receiving unit, receives the facility information corresponding with the device id or inquiry failed message of the MDM feedbacks.
Preferably, the authentication module includes:
Comparing unit, the facility information and facility information corresponding with the device id to the internet of things equipment compares
Compared with;
Authentication ' unit, according to the inquiry failed message not by the certification to the internet of things equipment;Or the ratio
Compared with unit compare the facility information of the internet of things equipment and it is consistent with the corresponding facility information of the device id when by right
The certification of the internet of things equipment, the comparing unit compare the facility information of the internet of things equipment and with the device id
Not by the certification to the internet of things equipment when corresponding facility information is inconsistent.
Embodiments herein additionally provides a kind of internet of things equipment, described for being authenticated to the management platform
Internet of things equipment presets device private(Dsuk), equipment public key(Dpuk)And the platform public key of the management platform(Ppuk),
The management platform with the internet of things equipment by carrying out the acquisition Dpuk that communicates;The internet of things equipment includes:
Receiver module, receives the authentication information that the management platform sends, and the authentication information is by the management platform
One random number and encryption information encryption are generated using the Dpuk;
First deciphering module, is decrypted using the Dsuk to the authentication information, obtains the random number and encryption
Information;
Second deciphering module, is decrypted using the Ppuk to the encryption information, is obtained one and is referred to random number;
Authentication module, is authenticated according to the random number and with reference to random number to the management platform.
Preferably, the authentication module includes:
Judging unit, judges whether the random number is equal with the reference random number;
Authentication ' unit, when the judging unit judges that the random number is equal with the reference random number, the Internet of Things
Net equipment is by the certification to the management platform;The judging unit judges the random number with the reference random number not
When equal, the internet of things equipment is not by the certification to the management platform;
Wherein, the encryption information uses preset platform private key by the management platform(Psuk)The random number is entered
Row encryption is obtained.
Compared with prior art, embodiments herein provides a kind of recognizing between internet of things equipment and management platform
Card scheme, it can be ensured that only legal internet of things equipment accesses legal management platform, it is to avoid because illegality equipment access it is legal
Management platform and affect business normal operation, and legal user's internet of things equipment is linked into unauthorized management platform and legal power
Benefit incurs loss.Embodiments herein can keep the seriality of current internet of things service, can be prevented effectively from or reduce user
Economic loss.
Other features and advantages of the present invention will be illustrated in the following description, also, the partly change from description
Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages can be by description, rights
Specifically noted structure is realizing and obtain in claim and accompanying drawing.
Description of the drawings
Accompanying drawing is used for providing further understanding technical solution of the present invention, and constitutes a part for description, with this
The embodiment of application for explaining technical scheme, does not constitute the restriction to technical solution of the present invention together.
Fig. 1 is the schematic flow sheet of the method being authenticated to internet of things equipment of the embodiment of the present application.
Fig. 2 is the schematic flow sheet of the method being authenticated to management platform of the embodiment of the present application.
Fig. 3 is the organigram of the management platform of the embodiment of the present application.
Fig. 4 is the organigram of the internet of things equipment of the embodiment of the present application.
Specific embodiment
Describe embodiments of the present invention in detail below with reference to drawings and Examples, how the present invention is applied whereby
Technological means solving technical problem, and reach technique effect realize that process can fully understand and implement according to this.The application reality
Apply example and each feature the be combineding with each other under the premise of not colliding in embodiment, protection scope of the present invention it
It is interior.
In addition, can be in the department of computer science of such as one group of computer executable instructions the step of the flow process of accompanying drawing is illustrated
Perform in system.And, although show logical order in flow charts, but in some cases, can be with different from herein
Order perform shown or described step.
In the authentication method of the embodiment of the present application, before internet of things equipment communicates with management platform, management platform is by inquiry
MDM is authenticated to internet of things equipment, and internet of things equipment is authenticated by public-key mechanism to management platform, so as to complete Internet of Things
Two-way authentication between net equipment and management platform.In mutual authentication process, the session key of subsequently communication is generated.Internet of Things
The ardware model number of equipment, software version, it is registered in mobile device management using facility informations such as country, geographical position, operators
(MDM)In.MDM unifies operation management by internet of things equipment production firm, there is provided inquiry service.
In embodiments herein, internet of things equipment and management platform can regularly be carried out two-way authentication, and more
New session key.
The method being authenticated to internet of things equipment of the embodiment of the present application, is carried out for management platform to internet of things equipment
Certification, internet of things equipment presets the platform public key Ppuk of equipment public key Dpuk and management platform, and management platform presets platform
Private key Psuk and Ppuk.
It should be noted that in embodiments herein, management platform can be server.
As shown in figure 1, the method being authenticated to internet of things equipment of the embodiment of the present application mainly includes following content.
Step S110, internet of things equipment to management platform sends certification request, and the certification request uses platform public key Ppuk
Encryption.The certification request includes the facility information of internet of things equipment, device identification(ID)And the information such as equipment public key Dpuk,
Wherein the facility information of internet of things equipment is mainly including the device parameter of internet of things equipment(Such as ardware model number), software parameter
(Such as software version)And operator(Including country, geographical position etc.)Etc. information.
Step S120, management platform decrypts the certification request that internet of things equipment sends using platform private key Psuk, is somebody's turn to do
The facility information of internet of things equipment, equipment public key Dpuk and device identification(ID)Etc. information.
Step S130, management platform obtains the corresponding MDM addresses of the internet of things equipment by inquiring about an address table T, to
MDM sends an inquiry request, and the device id is included in the inquiry request.
In embodiments herein, what is stored in address table T can be the device id of each internet of things equipment;Can also
It is the span of device id, the ID without storing each internet of things equipment.
Step S140, MDM is connected to the inquiry request of management platform, and the device id in the inquiry request is locally looked into
Ask, if successful query is to the device id, go to step S141, otherwise go to step S142.
Step S141, MDM inquires corresponding facility information according to the device id, sends and the equipment to management platform
The corresponding facility informations of ID, go to step S150 and continue executing with.
Step S142, to management platform inquiry failed message is sent, and is gone to step S152 and is continued executing with.
Step S150, management platform compares what the facility information and internet of things equipment of MDM returns was reported by certification request
Facility information, management platform is gone to step by the certification to the internet of things equipment, success identity internet of things equipment when the two is identical
S151 is continued executing with, and otherwise shows that internet of things equipment now cannot can assert the internet of things equipment by the certification of management platform
For illegality equipment, go to step S152 and continue executing with.
Step S151, management platform to internet of things equipment sends certification success message, represents that management platform is successfully passed through
Certification to the internet of things equipment.Subsequently, management platform can utilize the equipment public key included in aforementioned certification request
The information such as Dpuk continue executing with verification process of the internet of things equipment to management platform(This verification process refer to and be illustrated with Fig. 2
Flow process).
Step S152, management platform to internet of things equipment sends authentification failure message, represents management platform not over right
The certification of the internet of things equipment.
Embodiments herein records the true and false of internet of things equipment institute alleged identity to be detected by MDM, if management
Platform judges that the internet of things equipment to be detected facility information claimed and the information that MDM is stored are not inconsistent, then assert should
Internet of things equipment to be detected is illegality equipment.If management platform judges that what the internet of things equipment to be detected claimed sets
Standby information is consistent with the information that MDM is stored, then assert that the internet of things equipment to be detected is legitimate device.
Management platform has been successfully passed through after the certification to the internet of things equipment in above-mentioned steps S151, can also be given birth in the lump
Into session key, for the coded communication between follow-up management platform and the internet of things equipment.
The method being authenticated to management platform of the embodiment of the present application, recognizes management platform for internet of things equipment
Card.Internet of things equipment presets the platform public key Ppuk of device private Dsuk, equipment public key Dpuk and management platform, management platform
Preset platform private key Psuk, and the equipment public key Dpuk of the internet of things equipment that is stored with.Embodiment as shown in Figure 1, manages herein
The equipment public key Dpuk of the internet of things equipment of platform storage, is that internet of things equipment is sent to management by aforementioned certification request
Platform.In other embodiments, the equipment public key Dpuk of the internet of things equipment can also be directly preset at management platform.
Consider following scene:Internet of things equipment to false management platform sends certification request, and false management platform can
Not do any operation, direct return authentication success, it is allowed to which internet of things equipment is accessed.Internet of things equipment has no way of finding out about it this process
Risk existing for process, so as to cannot also carry out any strick precaution.Afterwards, false management platform can completely control Internet of Things
Equipment.Therefore, it is necessary to be authenticated to remote management platform by internet of things equipment, it is to avoid flat by illegal, false management
Platform cheats internet of things equipment.
As shown in Fig. 2 the method that internet of things equipment is authenticated to management platform mainly includes following content.
Step S210, management platform produces a random number R and encryption information A;Wherein management platform can use platform
Private key Psuk is encrypted to random number R, obtains encryption information A.
Step S220, management platform is added using the equipment public key Dpuk of the internet of things equipment to random number R and encryption information A
Close generation authentication information, and the authentication information for being generated is issued into internet of things equipment.
Step S230, internet of things equipment receives the authentication information, and the certification for being received is believed using device private Dsuk
Breath is decrypted, and obtains random number R and encryption information A.
Step S240, internet of things equipment is decrypted using platform public key Ppuk to encryption information A, obtains referring to random number
R’。
Step S250, internet of things equipment is according to the random number R and refers to random number R ', management platform is authenticated.Tool
Body ground, it is whether equal to R and R ' to judge, S261 is gone to step when judging that R=R ' sets up, otherwise it can be assumed that the management
Platform is illegal platform, goes to step S262.
Step S261, internet of things equipment successfully passes through the certification to the management platform, to management platform send certification into
Work(message.
Step S262, internet of things equipment can not send authentification failure by the certification to the management platform to management platform
Message.
Embodiments herein completes certification of the internet of things equipment to remote management platform by public-key mechanism, because closing
The internet of things equipment of method has possessed the public key of legal management platform before initialization, and illegal management platform does not have legal pipe
The public key and private key of platform, therefore cannot be by the certification of internet of things equipment.
In above-mentioned steps S261 after internet of things equipment success identity management platform, can also generate session key is used for subsequently
Communicated between internet of things equipment and management platform.
The management platform of the embodiment of the present application, for being authenticated to internet of things equipment.Internet of things equipment presets the pipe
The platform public key of platform(Ppuk), the management platform presets platform private key(Psuk).As shown in figure 3, the management platform can
To include receiver module 310, deciphering module 320, enquiry module 330 and authentication module 340, wherein:
Receiver module 310, the certification request that the use Ppuk for receiving that the internet of things equipment sends is encrypted, the certification please
Asking includes the facility information of the internet of things equipment and device identification(ID).
Deciphering module 320, is connected with receiver module 310, and using the Psuk certification request is decrypted, and obtains the Internet of Things and sets
Standby facility information and device id.
Enquiry module 330, is connected with the MDM500 of deciphering module 320 and, and according to deciphering module 320 certification request is decrypted
The device id of acquisition is inquired about to MDM500.The MDM500 can store the device id and facility information of multiple stage internet of things equipment
Corresponding relation.
Authentication module 340, is connected with deciphering module 320 and enquiry module 330, according to the inquiry knot of the MDM500 feedbacks
Really, or MDM500 feedback Query Result and decrypt the facility information of the internet of things equipment that the certification request is obtained, it is right
The internet of things equipment is authenticated.
As shown in figure 3, the enquiry module 330 can include transmitting element 331 and receiving unit 332, wherein:
Transmitting element 331, is connected with MDM500 and the deciphering module 320, and to MDM500 an inquiry request, the inquiry are sent
Request bag contains the device id.
Receiving unit 332, is connected with MDM500 and the authentication module 340, receive MDM500 feedback with the device id
Corresponding facility information or inquiry failed message.
As shown in figure 3, the authentication module 340 can include comparing unit 341 and authentication ' unit 342, wherein:
Comparing unit 341, is connected, to the Internet of Things with the receiving unit 332 in deciphering module 320 and enquiry module 330
The facility information of equipment and facility information corresponding with the device id are compared.
Authentication ' unit 342, is connected, according to the inquiry with the receiving unit 332 in comparing unit 341 and enquiry module 330
Failed message is not by the certification to the internet of things equipment;Or the equipment that the comparing unit 341 compares the internet of things equipment
Information and it is consistent with the corresponding facility information of the device id when by the certification to the internet of things equipment, the comparing unit 341 compares
Compared with when the facility information for going out the internet of things equipment and inconsistent facility information corresponding with the device id not by the Internet of Things
The certification of equipment.
The internet of things equipment of the embodiment of the present application, for being authenticated to the management platform, the internet of things equipment presets
Device private(Dsuk), equipment public key(Dpuk)And the platform public key of the management platform(Ppuk), the management platform by with this
Internet of things equipment carries out communication and obtains the Dpuk.
As shown in figure 4, the internet of things equipment can include that receiver module 410, the first deciphering module 420, second decrypt mould
Block 430 and authentication module 440, wherein:
Receiver module 410, receives the authentication information that the management platform sends, and the authentication information is used by the management platform
The Dpuk is generated to a random number and encryption information encryption.
First deciphering module 420, is connected with receiver module 410, and the authentication information is decrypted using the Dsuk, obtains
The random number and encryption information.
Second deciphering module 430, is connected with the first deciphering module 420, and the encryption information is decrypted using the Ppuk,
Obtain one and refer to random number.
Authentication module 440, is connected, according to the random number and reference with the first deciphering module 420 and the second deciphering module 430
Random number is authenticated to the management platform.
As shown in figure 4, the authentication module 440 can include judging unit 441 and authentication ' unit 442, wherein:
Judging unit 441, is connected with the first deciphering module 420 and the second deciphering module 430, judges the random number and the ginseng
Whether equal examine random number.
Authentication ' unit 442, is connected with judging unit 441, and the judging unit 441 judges that the random number is random with the reference
When number is equal, the internet of things equipment is by the certification to the management platform;The judging unit 441 judges the random number and the ginseng
Examine random number it is unequal when, the internet of things equipment is not by the certification to the management platform.Wherein, the encryption information is by the management
Platform uses preset platform private key(Psuk)The random number is encrypted and is obtained.
In the authentication method embodiment of the above-mentioned internet of things equipment of the application and the embodiment of management platform, management platform is not
Need to preserve the related key of internet of things equipment or secret information.
In embodiments herein, internet of things equipment does not rely on management platform, can flexible handover management platform, improve
While authentication efficiency, safety and extensibility are also increased.Internet of things equipment is believed also without extra secret is introduced
Breath, simplifies the workflow of internet of things equipment.
Embodiments herein ensure that internet of things equipment and management platform work in the environment of a secure and trusted,
May insure only legal internet-of-things terminal equipment access network and management platform, it is ensured that internet of things equipment is safe and reliable
Internet of Things application is used under environment, it is to avoid because illegality equipment accesses the interests controversial issue problem and network security problem brought.
Embodiments herein can ensure that internet of things equipment and management platform can be in the environment of a secure and trusteds
Work, it is ensured that only legal internet of things equipment access-in management platform, it is to avoid impact business is normally transported because illegality equipment is accessed
Battalion.Embodiments herein can ensure that the legitimate rights and interests of internet of things equipment user will not incur loss.
Those skilled in the art should be understood that each of the device that above-mentioned the embodiment of the present application provided and/or system
Each step in ingredient, and method, they can be concentrated on single computing device, or are distributed in multiple calculating
On the network that device is constituted.Alternatively, they can be realized with the executable program code of computing device.It is thus possible to
It is stored in storage device being performed by computing device, or they is fabricated to respectively each integrated circuit modules,
Or be fabricated to single integrated circuit module to realize by the multiple modules or step in them.So, the present invention is not restricted to
Any specific hardware and software is combined.
Although disclosed herein embodiment as above, described content is only to readily appreciate the present invention and adopt
Embodiment, is not limited to the present invention.Technical staff in any art of the present invention, is being taken off without departing from the present invention
On the premise of the spirit and scope of dew, any modification and change, but the present invention can be carried out in the form and details implemented
Scope of patent protection, still must be defined by the scope of which is defined in the appended claims.
Claims (6)
1. a kind of method being authenticated to internet of things equipment, is authenticated for management platform to internet of things equipment, the thing
Networked devices preset the platform public key Ppuk of the management platform, and the management platform presets platform private key Psuk;At this
In method, the management platform performs following operation:
The certification request that the use Ppuk of the internet of things equipment transmission is encrypted is received, the certification request includes institute
State the facility information and device identification ID of internet of things equipment;
The certification request is decrypted using the Psuk, the facility information and device id of the internet of things equipment is obtained;
Inquired about to mobile device management MDM according to the device id of the internet of things equipment, MDM storage devices ID with set
The corresponding relation of standby information;Wherein, carrying out inquiry to mobile device management MDM according to the device id includes:To mobile device
Management MDM sends an inquiry request, and the inquiry request includes the device id, receives setting with described for the MDM feedbacks
The standby corresponding facility informations of ID or inquiry failed message;
Obtained according to the Query Result and the decryption certification request of the Query Result of MDM feedbacks, or MDM feedbacks
The internet of things equipment facility information, the internet of things equipment is authenticated, including:
According to the inquiry failed message not by the certification to the internet of things equipment;Or
Facility information and facility information corresponding with the device id to the internet of things equipment is compared;The Internet of Things
The facility information of equipment and it is consistent with the corresponding facility information of the device id when by the certification to the internet of things equipment, institute
Not by the Internet of Things when stating the facility information and inconsistent facility information corresponding with the device id of internet of things equipment
The certification of equipment.
2. a kind of method that Internet of Things and management platform carry out two-way authentication, including setting to Internet of Things as claimed in claim 1
The standby method being authenticated, is also authenticated including internet of things equipment to management platform, and the internet of things equipment presets equipment
The platform public key Ppuk of private key Dsuk, equipment public key Dpuk and the management platform, the management platform by with the Internet of Things
Net equipment carries out communication and obtains the Dpuk;In the method, the internet of things equipment performs following operation:
The authentication information that the management platform sends is received, the authentication information uses described Dpuk pair by the management platform
One random number and encryption information encryption are generated;
The authentication information is decrypted using the Dsuk, obtains the random number and encryption information;
The encryption information is decrypted using the Ppuk, is obtained one and is referred to random number;
The management platform is authenticated according to the random number and with reference to random number.
3. method according to claim 2, wherein, the management platform is entered according to the random number and with reference to random number
Row certification, including:
Judge whether the random number is equal with the reference random number;
When judging that the random number is equal with the reference random number, the internet of things equipment is by the management platform
Certification;When judging that the random number is unequal with the reference random number, the internet of things equipment is not by the management
The certification of platform;
Wherein, the encryption information is encrypted using preset platform private key Psuk by the management platform to the random number
Obtain.
4. a kind of management platform, for being authenticated to internet of things equipment, the internet of things equipment presets the flat of management platform
Platform public key Ppuk, the management platform presets platform private key Psuk;The management platform includes:
Receiver module, receives the certification request that the use Ppuk of the internet of things equipment transmission is encrypted, and the certification please
Asking includes the facility information of the internet of things equipment and device identification ID;
Deciphering module, using the Psuk certification request is decrypted, and obtains the facility information and equipment of the internet of things equipment
ID;
Enquiry module, is inquired about according to the device id of the internet of things equipment to mobile device management MDM, and the MDM can be with
The corresponding relation of storage device ID and facility information;The enquiry module includes transmitting element and receiving unit, wherein,
Transmitting element, to mobile device management MDM an inquiry request is sent, and the inquiry request includes the device id;
Receiving unit, receives the facility information corresponding with the device id or inquiry failed message of the MDM feedbacks;
Authentication module, according to the MDM feedback Query Result, or the MDM feedback Query Result and decryption described in recognize
The facility information of the internet of things equipment that card request is obtained, is authenticated to the internet of things equipment;The authentication module bag
Comparing unit and authentication ' unit are included, wherein,
Comparing unit, the facility information and facility information corresponding with the device id to the internet of things equipment is compared;
Authentication ' unit, according to the inquiry failed message not by the certification to the internet of things equipment;Or it is described relatively more single
Unit compare the facility information of the internet of things equipment and it is consistent with the corresponding facility information of the device id when by described
The certification of internet of things equipment, the comparing unit compares the facility information of the internet of things equipment and corresponding with the device id
Facility information it is inconsistent when not by the certification to the internet of things equipment.
5. the system that a kind of internet of things equipment carries out two-way authentication with management platform, is carried out two-way for Internet of Things and management platform
Certification, including management platform as claimed in claim 4, also including internet of things equipment, the internet of things equipment presets equipment
The platform public key Ppuk of private key Dsuk, equipment public key Dpuk and the management platform, the management platform by with the Internet of Things
Net equipment carries out communication and obtains the Dpuk;The internet of things equipment includes:
Receiver module, receives the authentication information that the management platform sends, and the authentication information is used by the management platform
The Dpuk is generated to a random number and encryption information encryption;
First deciphering module, is decrypted using the Dsuk to the authentication information, obtains the random number and encryption information;
Second deciphering module, is decrypted using the Ppuk to the encryption information, is obtained one and is referred to random number;
Authentication module, is authenticated according to the random number and with reference to random number to the management platform.
6. system according to claim 5, wherein, the authentication module includes:
Judging unit, judges whether the random number is equal with the reference random number;
Authentication ' unit, when the judging unit judges that the random number is equal with the reference random number, the Internet of Things sets
For by the certification to the management platform;The judging unit judges that the random number is unequal with the reference random number
When, the internet of things equipment is not by the certification to the management platform;
Wherein, the encryption information is encrypted using preset platform private key Psuk by the management platform to the random number
Obtain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310467622.0A CN103517273B (en) | 2013-10-09 | 2013-10-09 | Authentication method, managing platform and Internet-of-Things equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310467622.0A CN103517273B (en) | 2013-10-09 | 2013-10-09 | Authentication method, managing platform and Internet-of-Things equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103517273A CN103517273A (en) | 2014-01-15 |
| CN103517273B true CN103517273B (en) | 2017-04-12 |
Family
ID=49899126
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310467622.0A Active CN103517273B (en) | 2013-10-09 | 2013-10-09 | Authentication method, managing platform and Internet-of-Things equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103517273B (en) |
Families Citing this family (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103841119B (en) * | 2014-03-25 | 2017-12-01 | 广州物联家信息科技股份有限公司 | The method and system for realizing equipment access authentication are closed based on Home IOT clouds |
| CN103929748B (en) * | 2014-04-30 | 2017-07-04 | 普联技术有限公司 | A kind of Internet of Things wireless terminal and its collocation method and wireless network access point |
| CN105407072A (en) * | 2014-09-05 | 2016-03-16 | 北京握奇智能科技有限公司 | Method and system for achieving safety of Internet of Things, and interconnection equipment |
| CN105577612B (en) * | 2014-10-11 | 2020-04-17 | 中兴通讯股份有限公司 | Identity authentication method, third-party server, merchant server and user terminal |
| CN105763517B (en) * | 2014-12-17 | 2019-09-13 | 联芯科技有限公司 | A kind of method and system of Router Security access and control |
| CN104580261B (en) * | 2015-02-10 | 2018-01-05 | 成都英力拓信息技术有限公司 | A kind of safety method suitable for Internet of Things |
| CN104683345B (en) * | 2015-03-05 | 2017-10-20 | 华北电力大学(保定) | Internet of Things safety certifying method based on pseudo- ID |
| CN106161147B (en) * | 2015-03-31 | 2019-08-06 | 腾讯科技(深圳)有限公司 | Establish the method and device of network connection |
| CN105120425B (en) * | 2015-09-30 | 2019-05-21 | 中国联合网络通信集团有限公司 | M2M recognition methods and device, internet-of-things terminal, M2M identifying system |
| TWI576779B (en) * | 2015-10-13 | 2017-04-01 | Nat Sun Yat-Sen Univ | Method and Method of Payment Authentication System for Internet of Things |
| CN106603461A (en) * | 2015-10-14 | 2017-04-26 | 阿里巴巴集团控股有限公司 | Business authentication method, apparatus and system |
| CN107786486B (en) * | 2016-08-18 | 2020-03-24 | 成都鼎桥通信技术有限公司 | Method and device for activating operating system |
| CN106686015B (en) * | 2017-03-16 | 2019-10-22 | 北京方研矩行科技有限公司 | A kind of safe networking dynamic confirming method for smart machine |
| CN107169344B (en) | 2017-05-10 | 2020-04-21 | 威盛电子股份有限公司 | Method for blocking unauthorized application and apparatus using the same |
| CN109150507B (en) * | 2017-06-19 | 2023-05-23 | 中兴通讯股份有限公司 | Equipment credential distribution method and system, user equipment and management entity |
| CN109150508B (en) * | 2017-06-27 | 2021-06-25 | 腾讯科技(深圳)有限公司 | Device control method, device, computer device, storage medium, and device control apparatus |
| CN107483456A (en) * | 2017-08-25 | 2017-12-15 | 北京元心科技有限公司 | Identity identifying method and device |
| CN109547395A (en) * | 2017-09-22 | 2019-03-29 | 中兴通讯股份有限公司 | A kind of method and device improving intelligent gateway safety |
| TWI656446B (en) | 2018-02-08 | 2019-04-11 | 瑞軒科技股份有限公司 | Network device management device, communication system and communication method |
| CN108512862B (en) * | 2018-05-30 | 2023-12-05 | 博潮科技(北京)有限公司 | Internet of things terminal security authentication management and control platform based on certificate-free identification authentication technology |
| CN111125648B (en) * | 2018-11-01 | 2022-03-29 | 大唐移动通信设备有限公司 | Equipment change method and device |
| CN110061849A (en) * | 2019-04-29 | 2019-07-26 | 中兴新能源汽车有限责任公司 | Verification method, server, mobile unit and the storage medium of mobile unit |
| CN110099065A (en) | 2019-05-10 | 2019-08-06 | 北京百度网讯科技有限公司 | Internet of things equipment and authentication method, Cloud Server, processing equipment, readable medium |
| CN110839044A (en) * | 2019-11-27 | 2020-02-25 | 广州佳都数据服务有限公司 | Cloud key SaaS autonomous AIoT control system and method |
| CN113132995B (en) * | 2019-12-31 | 2023-04-07 | 中移智行网络科技有限公司 | Equipment control method and device, storage medium and computer equipment |
| CN111800259A (en) * | 2020-06-17 | 2020-10-20 | 浙江睿朗信息科技有限公司 | Key issuing mode for gas meter safety module |
| CN112087417B (en) * | 2020-07-22 | 2022-10-21 | 深圳奇迹智慧网络有限公司 | Terminal authority control method and device, computer equipment and storage medium |
| CN112733128B (en) * | 2021-02-06 | 2022-06-14 | 深圳市云小白科技有限公司 | Centerless Internet of things security authentication method based on asymmetric encryption |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101789934A (en) * | 2009-11-17 | 2010-07-28 | 北京飞天诚信科技有限公司 | Method and system for online security trading |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4645049B2 (en) * | 2004-03-19 | 2011-03-09 | 株式会社日立製作所 | Content transmitting apparatus and content transmitting method |
-
2013
- 2013-10-09 CN CN201310467622.0A patent/CN103517273B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101789934A (en) * | 2009-11-17 | 2010-07-28 | 北京飞天诚信科技有限公司 | Method and system for online security trading |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103517273A (en) | 2014-01-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103517273B (en) | Authentication method, managing platform and Internet-of-Things equipment | |
| US11386420B2 (en) | Contextual authentication of an electronic wallet | |
| CN106878318B (en) | Block chain real-time polling cloud system | |
| CN106899410B (en) | A kind of method and device of equipment identities certification | |
| US20190034919A1 (en) | Securing Electronic Wallet Transactions | |
| CN108270571A (en) | Internet of Things identity authorization system and its method based on block chain | |
| KR101634158B1 (en) | Method for authenticating identity and generating share key | |
| CN103532963A (en) | IOT (Internet of Things) based equipment authentication method, device and system | |
| CN108512862A (en) | Internet-of-things terminal safety certification control platform based on no certificates identified authentication techniques | |
| CN106452782A (en) | Method and system for producing a secure communication channel for terminals | |
| CN105553666B (en) | Intelligent power terminal safety authentication system and method | |
| WO2020038137A1 (en) | Two-dimensional code generation method, data processing method, apparatus, and server | |
| CN105162772A (en) | IoT equipment authentication and key agreement method and device | |
| CN103236931B (en) | A kind of auth method based on TPM and system and relevant device | |
| CN107026874A (en) | One kind instruction signature and verification method and system | |
| CN101777978A (en) | Method and system based on wireless terminal for applying digital certificate and wireless terminal | |
| CN103888938A (en) | PKI private key protection method of dynamically generated key based on parameters | |
| WO2016188335A1 (en) | Access control method, apparatus and system for user data | |
| WO2019056971A1 (en) | Authentication method and device | |
| CN104980437A (en) | Identity-based authorized third party data integrity proving method | |
| CN110929231A (en) | Digital asset authorization method and device and server | |
| CN110098925B (en) | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and random number | |
| CN114095919A (en) | Certificate authorization processing method based on Internet of vehicles and related equipment | |
| US20230007491A1 (en) | Managing a subscription identifier associated with a device | |
| CN103152326A (en) | Distributed authentication method and authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |