CN105245547B - A kind of equipment authentication method based on gateway - Google Patents
A kind of equipment authentication method based on gateway Download PDFInfo
- Publication number
- CN105245547B CN105245547B CN201510722909.2A CN201510722909A CN105245547B CN 105245547 B CN105245547 B CN 105245547B CN 201510722909 A CN201510722909 A CN 201510722909A CN 105245547 B CN105245547 B CN 105245547B
- Authority
- CN
- China
- Prior art keywords
- equipment
- certified
- network
- authentication
- authenticating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The present invention relates to a kind of equipment authentication methods based on gateway, make full use of the existing network savvy for being certified equipment, based on the authenticating device and network authentication center for not having network savvy, by the data forwarding function of being certified equipment, so that authenticating device is after receiving the network authentication for being certified equipment request, utilize the network savvy for being certified equipment, through being certified equipment information exchange is carried out with network authentication center, realization is certified equipment and obtains network authentication center Certificate Authority, not only effectively control the cost of authenticating device in practical applications, and it is directed to data interaction of the authenticating device through being certified between equipment and network authentication center, introduce data encryption technology, it effectively prevents interaction data and is learned by equipment is certified, the safety and flexibility of designed authentication method of the invention are fully ensured that.
Description
Technical field
The present invention relates to a kind of equipment authentication methods based on gateway, belong to networking certification technical field.
Background technology
It is more and more common now for the demand of information security and device security, thus need equipment to access and reflect
Power mechanism, current existing authentication mechanism generally have it is following two, first, as shown in Figure 1, based on local authentication, equipment it
Between by information known to fixed both sides come the legitimacy of certification other side, this mode because both sides Given information is solid each other
Fixed, and verification lacks variation every time, and such time is grown, and safety can instead become relatively low;Second, as shown in Fig. 2, base
Authentication in network authorization center, both devices are authenticated by third-party certificate server, this mode safety ratio
It is higher, and authorize flexible.But it authenticating device and is certified equipment and needs networked capabilities, required for some equipment in this way
It is too high, it is very difficult to be realized under certain cost.
Invention content
In view of the above technical problems, technical problem to be solved by the invention is to provide a kind of device authentication based on gateway
Method makes full use of the existing network savvy for being certified equipment, using the authenticating device and network authentication for not having network savvy
Center is based on data forwarding thought, effectively controls the cost of device authentication equipment, ensure that the working efficiency of device authentication.
In order to solve the above-mentioned technical problem the present invention uses following technical scheme:The present invention devises a kind of based on gateway
Equipment authentication method is authenticated operation so that be certified and set for being certified equipment authenticated device to network authentication center
It is standby to obtain Certificate Authority, wherein being certified equipment, there is network savvy, authenticating device not to have network savvy;The equipment is recognized
Card method includes the following steps:
Step 001. is certified equipment and sends network authentication request to authenticating device, and enters step 002, wherein network
Certification request includes being certified the device number of equipment;
Step 002. authenticating device is received asks from the network authentication for being certified equipment, and is asked according to network authentication
In be certified the device number of equipment, to the request of equipment sending device network authentication parameters is certified, enter step 003;
Step 003. is certified equipment and receives and according to the device network authentication parameter requests from authenticating device, to recognizing
Equipment sending device network authentication parameters are demonstrate,proved, enter step 004;
Step 004. authenticating device is received from the device network parameters for authentication for being certified equipment, and is directed to the facility network
Network parameter is encrypted, and obtains device network parameter encrypted packet, enters step 005;
Step 005. authenticating device is using being certified the network savvy of equipment, according to the device number for being certified equipment, through pair
It should be certified equipment networking, establish authentication url with network authentication center, and enter step 006;
Authenticated link to network authentication center transmission of step 006. authenticating device is asked for the certification for being certified equipment
Ask, and enter step 007, wherein certification request include be certified equipment device number and corresponding device network parameter add
Mi Bao;
Step 007. network authentication center receives certification request, is carried out for device network parameter using with authenticating device
The opposite decryption method of encryption method is decrypted for the device network parameter encrypted packet in certification request, is certified
The device network parameter of equipment, and enter step 008;
Step 008. network authentication center is directed to according to the device network parameter for being certified equipment, acquisition and is certified equipment
Equipment temporary Authorization code the device number for being certified equipment and equipment temporary Authorization code are returned to then by authentication url
Corresponding authenticating device, and enter step 009;
After the reception of step 009. authenticating device is certified device number and the equipment temporary Authorization code of equipment, according to being certified
Equipment temporary Authorization code is sent to and corresponding is certified equipment by the device number of equipment so that is certified equipment and obtains certification and awards
Power.
As a preferred technical solution of the present invention:The authenticating device through be certified equipment and network authentication center it
Between authentication url, realized by being set to the data packet forward module that is certified in equipment.
As a preferred technical solution of the present invention:The authenticating device is BLE authenticating devices.
As a preferred technical solution of the present invention:The equipment that is certified is wirelessly to be certified equipment.
As a preferred technical solution of the present invention:The wireless equipment that is certified is smart mobile phone or tablet computer.
A kind of equipment authentication method based on gateway of the present invention has using above technical scheme is compared with the prior art
There is following technique effect:The equipment authentication method based on gateway that the present invention designs makes full use of the existing connection for being certified equipment
Net function, based on the authenticating device and network authentication center for not having network savvy, by the data forwarding work(for being certified equipment
It can so that authenticating device utilizes the network savvy for being certified equipment, warp after receiving the network authentication for being certified equipment request
It being certified equipment and carries out information exchange with network authentication center, realization is certified equipment and obtains network authentication center Certificate Authority,
The cost of authenticating device in practical applications is not only effectively controlled, and is recognized with network through being certified equipment for authenticating device
Data interaction between card center introduces data encryption technology, effectively prevents interaction data and learned by equipment is certified, fully
It ensure that the safety and flexibility of authentication method designed by the present invention.
Description of the drawings
Fig. 1 is the existing Organization Chart based on local authentication;
Fig. 2 is the Organization Chart of the existing authentication based on network authorization center;
Fig. 3 is the module diagram in a kind of equipment authentication method based on gateway designed by the present invention;
Fig. 4 is a kind of flow diagram of the equipment authentication method based on gateway designed by the present invention.
Specific implementation mode
Specific embodiments of the present invention will be described in further detail for needle with reference to the accompanying drawings of the specification.
As shown in Figure 3 and Figure 4, the present invention it is designed based on the equipment authentication method of gateway in actual application,
Operation is authenticated to network authentication center so that be wirelessly certified equipment for being wirelessly certified equipment through BLE authenticating devices
Obtain Certificate Authority, wherein there is the wireless equipment that is certified network savvy, BLE authenticating devices not to have network savvy;It is described to set
Standby authentication method includes the following steps:
Step 001. is wirelessly certified equipment and sends network authentication request to BLE authenticating devices, and enters step 002,
In, network authentication request includes the device number for being wirelessly certified equipment;
Step 002. BLE authenticating devices are received asks from the network authentication for being wirelessly certified equipment, and is recognized according to network
It is wirelessly certified the device number of equipment in card request, is certified the request of equipment sending device network authentication parameters to wireless, enters
Step 003;
Step 003. is wirelessly certified equipment and receives and asked according to the device network parameters for authentication from BLE authenticating devices
It asks, to BLE authenticating device sending device network authentication parameters, enters step 004;
Step 004. BLE authenticating devices are received from the device network parameters for authentication for being wirelessly certified equipment, and being directed to should
Device network parameter is encrypted, and obtains device network parameter encrypted packet, enters step 005;
Step 005. BLE authenticating devices are using being wirelessly certified the network savvy of equipment, according to being wirelessly certified equipment
Device number is wirelessly certified equipment networking through correspondence, establishes authentication url with network authentication center, which passes through setting
It goes to realize in the data packet forward module being wirelessly certified in equipment, i.e., is recognizing between BLE authenticating devices and network authentication center
The data transmission chained is demonstrate,proved, is that the data packet forward module through being wirelessly certified in equipment is realized, is wirelessly certified and sets
Data packet forward module in standby plays forwarding capability for the data between BLE authenticating devices and network authentication center, then
Enter step 006;
Step 006. BLE authenticating devices are authenticated to be linked and is sent to network authentication center for being wirelessly certified equipment
Certification request, and enter step 007, wherein certification request includes the device number for being wirelessly certified equipment and corresponding equipment
Network parameter encrypted packet;
Step 007. network authentication center receive certification request, using with BLE authenticating devices for device network parameter into
The opposite decryption method of row encryption method is decrypted for the device network parameter encrypted packet in certification request, obtains wireless
It is certified the device network parameter of equipment, and enters step 008;
Step 008. network authentication center is obtained according to the device network parameter for being wirelessly certified equipment for wirelessly quilt
The equipment temporary Authorization code of authenticating device, it is then by authentication url, the device number and equipment that are wirelessly certified equipment is interim
Authorization code returns to corresponding BLE authenticating devices, and enters step 009;
After the reception of step 009. BLE authenticating devices is wirelessly certified device number and the equipment temporary Authorization code of equipment, according to
Equipment temporary Authorization code is sent to and corresponding is wirelessly certified equipment so that wirelessly quilt by the wireless device number for being certified equipment
Authenticating device obtains Certificate Authority.
The above-mentioned designed equipment authentication method based on gateway, in practical applications, the wireless equipment that is certified is intelligence
Can mobile phone or tablet computer, above equipment authentication method make full use of the existing network savvy for being certified equipment, based on not having
The authenticating device and network authentication center of network savvy, by the data forwarding function of being certified equipment so that authenticating device exists
It receives after being certified the network authentication request of equipment, using the network savvy for being certified equipment, through being certified equipment and network
Authentication center carries out information exchange, and realization is certified equipment and obtains network authentication center Certificate Authority, not only effectively controls and recognize
The cost of equipment in practical applications is demonstrate,proved, and is directed to data of the authenticating device through being certified between equipment and network authentication center
Interaction introduces data encryption technology, effectively prevents interaction data and learned by equipment is certified, and has fully ensured that of the invention set
Count the safety and flexibility of authentication method.
It is explained in detail for embodiments of the present invention above in conjunction with Figure of description, but the present invention is not limited to
The above embodiment can also not depart from present inventive concept within the knowledge of a person skilled in the art
Under the premise of make a variety of changes.
Claims (5)
1. a kind of equipment authentication method based on gateway is recognized for being certified equipment authenticated device to network authentication center
Card operation so that be certified equipment and obtain Certificate Authority, which is characterized in that being certified equipment has network savvy, authenticating device
Do not have network savvy;The equipment authentication method includes the following steps:
Step 001. is certified equipment and sends network authentication request to authenticating device, and enters step 002, wherein network authentication
Request includes being certified the device number of equipment;
Step 002. authenticating device is received asks from the network authentication for being certified equipment, and quilt in being asked according to network authentication
The device number of authenticating device enters step 003 to the request of equipment sending device network authentication parameters is certified;
Step 003. is certified equipment and receives and according to the device network authentication parameter requests from authenticating device, set to certification
Preparation send device network parameters for authentication, enters step 004;
Step 004. authenticating device is received from the device network parameters for authentication for being certified equipment, and is joined for the device network
Number is encrypted, and obtains device network parameter encrypted packet, enters step 005;
Step 005. authenticating device is using the network savvy for being certified equipment, according to the device number for being certified equipment, through corresponding quilt
Authenticating device is networked, and establishes authentication url with network authentication center, and enter step 006;
Authenticated link of step 006. authenticating device sends to network authentication center for the certification request for being certified equipment, and
Enter step 007, wherein certification request includes the device number for being certified equipment and corresponding device network parameter encrypted packet;
Step 007. network authentication center receives certification request, is encrypted for device network parameter using with authenticating device
The opposite decryption method of method is decrypted for the device network parameter encrypted packet in certification request, and acquisition is certified equipment
Device network parameter, and enter step 008;
Step 008. network authentication center is directed to according to the device network parameter for being certified equipment, acquisition and is certified setting for equipment
The device number for being certified equipment and equipment temporary Authorization code are returned to correspondence by standby temporary Authorization code then by authentication url
Authenticating device, and enter step 009;
After the reception of step 009. authenticating device is certified device number and the equipment temporary Authorization code of equipment, according to being certified equipment
Device number, equipment temporary Authorization code is sent to and corresponding is certified equipment so that is certified equipment and obtains Certificate Authority.
2. a kind of equipment authentication method based on gateway according to claim 1, it is characterised in that:The authenticating device is through quilt
Authentication url between authenticating device and network authentication center, it is real by being set to the data packet forward module being certified in equipment
It is existing.
3. a kind of equipment authentication method based on gateway according to claim 1, it is characterised in that:The authenticating device is
BLE authenticating devices.
4. a kind of equipment authentication method based on gateway according to claim 1, it is characterised in that:The equipment that is certified is
Wirelessly it is certified equipment.
5. a kind of equipment authentication method based on gateway according to claim 4, it is characterised in that:Wireless be certified sets
Standby is smart mobile phone or tablet computer.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510722909.2A CN105245547B (en) | 2015-10-29 | 2015-10-29 | A kind of equipment authentication method based on gateway |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510722909.2A CN105245547B (en) | 2015-10-29 | 2015-10-29 | A kind of equipment authentication method based on gateway |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105245547A CN105245547A (en) | 2016-01-13 |
CN105245547B true CN105245547B (en) | 2018-08-21 |
Family
ID=55043047
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510722909.2A Expired - Fee Related CN105245547B (en) | 2015-10-29 | 2015-10-29 | A kind of equipment authentication method based on gateway |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105245547B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1723747A1 (en) * | 2004-03-10 | 2006-11-22 | AB Seesta OY | Heterogeneous network system, network node and mobile host |
CN101808353A (en) * | 2010-03-08 | 2010-08-18 | 南昌航空大学 | Method for monitoring and analyzing own health status of wireless sensor network |
CN102238146A (en) * | 2010-04-27 | 2011-11-09 | 中国移动通信集团公司 | Authentication method, device, authentication center and system |
CN103249043A (en) * | 2012-02-14 | 2013-08-14 | 上海贝尔股份有限公司 | Methods for SN (sensor node) equipment authentication and state authentication, as well as security protocol method |
CN103442359A (en) * | 2013-09-02 | 2013-12-11 | 北京鹏通高科科技有限公司 | Sensor node authentication method and system based on short distance wireless access mode |
CN104038414A (en) * | 2013-08-21 | 2014-09-10 | 江南大学 | Multiprotocol intelligent household gateway apparatus and system thereof |
-
2015
- 2015-10-29 CN CN201510722909.2A patent/CN105245547B/en not_active Expired - Fee Related
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1723747A1 (en) * | 2004-03-10 | 2006-11-22 | AB Seesta OY | Heterogeneous network system, network node and mobile host |
CN101808353A (en) * | 2010-03-08 | 2010-08-18 | 南昌航空大学 | Method for monitoring and analyzing own health status of wireless sensor network |
CN102238146A (en) * | 2010-04-27 | 2011-11-09 | 中国移动通信集团公司 | Authentication method, device, authentication center and system |
CN103249043A (en) * | 2012-02-14 | 2013-08-14 | 上海贝尔股份有限公司 | Methods for SN (sensor node) equipment authentication and state authentication, as well as security protocol method |
CN104038414A (en) * | 2013-08-21 | 2014-09-10 | 江南大学 | Multiprotocol intelligent household gateway apparatus and system thereof |
CN103442359A (en) * | 2013-09-02 | 2013-12-11 | 北京鹏通高科科技有限公司 | Sensor node authentication method and system based on short distance wireless access mode |
Also Published As
Publication number | Publication date |
---|---|
CN105245547A (en) | 2016-01-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3051745B1 (en) | Security management method and security management device in home network system | |
CN107873137B (en) | Techniques for managing profiles in a communication system | |
CN105162772B (en) | A kind of internet of things equipment certifiede-mail protocol method and apparatus | |
CN105959189A (en) | Home appliance equipment, communication system and method of cloud server and terminal, and terminal | |
CN105472192B (en) | The smart machine, terminal device and method realizing control security certificate and sharing | |
KR101560416B1 (en) | Secure channel establishment method and apparatus in short range communication | |
JP6062828B2 (en) | Subscriber profile transfer method, subscriber profile transfer system, and user apparatus | |
KR101378647B1 (en) | Providing apparatus and method capable of protecting privacy mac frame in ieee 802.15.4 networks | |
CN107181770B (en) | Method of data synchronization and system | |
CN104661219B (en) | A kind of means of communication of wireless device, wireless device and server | |
CN102957584B (en) | Home network equipment management method, control equipment and home network equipment | |
CN109462850A (en) | A kind of network collocating method and smart machine of smart machine | |
CN109716724A (en) | The method and system authenticated with double nets of the communication equipment of server communication | |
CN102547701A (en) | Authentication method and wireless access point as well as authentication server | |
CN102026180A (en) | M2M transmission control method, device and system | |
CN105871918A (en) | Household appliance, communication system and method between household appliance and cloud server as well as cloud server | |
CN109714360B (en) | Intelligent gateway and gateway communication processing method | |
CN112995612B (en) | Safe access method and system for power video monitoring terminal | |
KR102119586B1 (en) | Systems and methods for relaying data over communication networks | |
CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
JP7043497B2 (en) | Methods and equipment for installing and managing eSIM profiles | |
CN103647788B (en) | A kind of node security authentication method in intelligent grid | |
CN112640387B (en) | non-SI device, method, and computer readable and/or microprocessor executable medium for wireless connection | |
CN109256821A (en) | Multifunction wireless charging system and its data transmission method | |
CN105491034A (en) | Method for establishing connection with terminal and terminal authentication method and apparatus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180821 Termination date: 20191029 |