CN105975846A - Terminal authentication method and system - Google Patents
Terminal authentication method and system Download PDFInfo
- Publication number
- CN105975846A CN105975846A CN201610280800.2A CN201610280800A CN105975846A CN 105975846 A CN105975846 A CN 105975846A CN 201610280800 A CN201610280800 A CN 201610280800A CN 105975846 A CN105975846 A CN 105975846A
- Authority
- CN
- China
- Prior art keywords
- terminal
- key
- user
- certification
- registrar
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a terminal authentication method. The method is used for realizing bidirectional authentication between two terminals. The method comprises the steps that a first terminal receives an authentication request transmitted by a second terminal, authentication information is calculated according to the authentication request, and whether to accept the authentication of the second terminal or not is judged according to the authentication information. The invention also provides a terminal authentication system. According to the method and the system, when the authentication is carried out, a third party is unnecessary; occupation of network resources and calculation resources is reduced; and the online transaction security problem of a user terminal can be solved.
Description
Technical field
The present invention relates to technical field of network security, in particular it relates to the authentication method of a kind of terminal and system.
Background technology
In broad terms, M2M can represent Machine To Machine (Machine to Machine), Human-to-Machine (Man to
Machine), machine to people (Machine to Man), mobile network to the connection between machine (Mobile to Machine)
With communication, it covers all realizations and sets up technology and the means of communication connection between people, machine, system.M2M business is each
The client of kind of industry provides and a kind of collects data acquisition, transmits, processes and the total solution of operational control.At present, M2M
Focus on the radio communication of Machine To Machine, there are following three kinds of modes: Machine To Machine, machine to mobile phone (as with
Family remotely monitors), mobile phone is to machine (as user remotely controls).
Radio equipment is whole for realizing M2M in M2M business to machine agreement (WMMP, Wireless M2M Protocol)
Hold between M2M platform, data communication process between M2M terminal, between M2M platform and application platform and the application layer that designs
Agreement, is the agreement developed for M2M business of China Mobile, the protocol provides for radio equipment communication end to end, terminal
The basic function of the aspects such as management and service security.Specifying according to WMMP, M2M terminal is only registered at M2M platform and is passed through and recognizes
M2M business could be used after card.
The solution of the authentication between existing machine and machine is substantially based on public-key cryptosystem.Described base
Include in public-key cryptosystem: each M2M terminal is all from believable third party digital certificate authentication center (Certificate
Authority, is called for short CA) place obtains each self-corresponding letter of identity and corresponding private key, and can obtain CA certificate for verifying
Each self-corresponding letter of identity;During M2M accessing terminal to network, carry out verifying both sides' identity by sending respective letter of identity;
Certification by rear just can be with access network.
That this public-key cryptosystem also exists cryptographic calculation is complicated, and when encrypting big data, performance and efficiency are all substantially reduced
Shortcoming, when terminal node quantity is huge, a large number of users certification can consume the Internet resources of Signalling exchange and calculate resource.
Additionally, this public-key cryptosystem needs to rely on third party trusty manages key, fish at virus, hacker, network
Under the deliberate threats such as fish and Phishing swindle, bring challenge greatly to the safety of online transaction.
Summary of the invention
In view of the foregoing, it is necessary to propose the authentication method of a kind of terminal, need not third party when certification, reduce net
Network resource and calculate the taking of resource, and can solve the problem that user terminal online transaction safety issue.
A kind of authentication method of terminal, including:
First terminal receives the first certification request that the second terminal sends, according to described first certification request calculating the
One checking information, and perform the certification to described second terminal according to described first checking information;And
When described first terminal have authenticated the legal identity of described second terminal, described first terminal is to described second eventually
End transmits the second certification request, so that described second terminal calculates the second checking information, and root according to described second certification request
The certification to described first terminal is performed according to described second checking information.
In other preferred embodiments of the present invention, the first certification request that described second terminal sends includes described second
The user name of terminal, certification key and timestamp;And described first checking information includes the first authentication secret, described first
The user name of described second terminal received according to authentication secret and timestamp, utilize the server of registrar
Key and AES are calculated.
In other preferred embodiments of the present invention, perform the certification bag to described second terminal according to described first checking information
Include:
When the certification key of described second terminal is identical with described first authentication secret, the conjunction of the second terminal described in certification
Method identity;And
When the certification key of described second terminal differs with described first authentication secret, terminate described second terminal
Authentication operation.
In other preferred embodiments of the present invention, calculate the first checking information according to described first certification request, and according to institute
Before stating the certification that the first checking information performs described second terminal, also include:
Timestamp when receiving the first certification request that described second terminal transmits and described second terminal transmit
When difference between timestamp is less than the effective time interval preset, calculate described first checking information;And
Timestamp when receiving the first certification request that described second terminal transmits and described second terminal transmit
When difference between timestamp is spaced more than or equal to described default effective time, terminate the certification to described second terminal
Operation.
In other preferred embodiments of the present invention, described authentication method also includes described first terminal is performed registration, described
First terminal performs registration and includes:
Described first terminal user key after the user name and encryption of the registrar described first terminal of transmission;
Receive user key, the login key of described first terminal of the secondary encryption that described registrar transmits, add
The AES that server key after close and described registrar are used, wherein, the user of described secondary encryption is close
Key is obtained by described registrar uses described AES to carry out described user key encrypting for the second time, described registration
Key is that described registrar is close according to the server after user name, user key and the described encryption of described first terminal
Key, uses described AES calculated;And
Store the server after the user key of secondary encryption of described registrar transmission, login key, encryption close
The AES that key and described registrar are used is in the secure storage section of described first terminal.
In other preferred embodiments of the present invention, described user key is one or more in the biometric keys of user
Combination, including fingerprint key, iris key, sound key and face key.
In other preferred embodiments of the present invention, described secure storage section is the embedded SIM card of described first terminal
Secure storage areas.
In other preferred embodiments of the present invention, the identity that the entitled described embedded SIM card of described user provides.
In other preferred embodiments of the present invention, described authentication method is additionally included in the user key that described first terminal performs
Amendment, the amendment of described user key includes:
When receiving the request of amendment user key, prompting user inputs current user key;And
When the described current user key verifying user's input is correct, point out described user defeated to described first terminal
Enter new user key.
In other preferred embodiments of the present invention, the amendment of described user key also includes:
Use described AES that described new user key is carried out secondary encryption, and the use according to described first terminal
Server key after name in an account book, described new user key and encryption, uses described AES to calculate described first eventually
The new login key of end, and store the new user key of described secondary encryption and new login key in described first eventually
In the secure storage section of end, and the user key pointing out user new is arranged successfully.
In view of the foregoing, there is a need to propose the Verification System of a kind of terminal, need not third party when certification, reduce
Internet resources and calculate the taking of resource, and can solve the problem that user terminal online transaction safety issue.
A kind of Verification System of terminal, described Verification System includes:
Authentication module, is used for:
Receive the first certification request that the second terminal sends, calculate the first checking letter according to described first certification request
Breath, and perform the certification to described second terminal according to described first checking information;And
When have authenticated the legal identity of described second terminal, transmit the second certification request to described second terminal, so that
Described second terminal calculates the second checking information according to described second certification request, and right according to described second checking information execution
The certification of first terminal.
In other preferred embodiments of the present invention, the first certification request that described second terminal sends includes described second
The user name of terminal, certification key and timestamp;And described first checking information includes the first authentication secret, described first
The user name of described second terminal received according to authentication secret and timestamp, utilize the server of registrar
Key and AES are calculated.
In other preferred embodiments of the present invention, perform the certification bag to described second terminal according to described first checking information
Include:
When the certification key of described second terminal is identical with described first authentication secret, the conjunction of the second terminal described in certification
Method identity;And
When the certification key of described second terminal differs with described first authentication secret, terminate described second terminal
Authentication operation.
In other preferred embodiments of the present invention, described authentication module is additionally operable to:
Timestamp when receiving the first certification request that described second terminal transmits and described second terminal transmit
When difference between timestamp is less than the effective time interval preset, calculate described first checking information;And
Timestamp when receiving the first certification request that described second terminal transmits and described second terminal transmit
When difference between timestamp is spaced more than or equal to described default effective time, terminate the certification to described second terminal
Operation.
In other preferred embodiments of the present invention, this two-way authentication system also includes:
Registering modules, for proposing registration request to registrar, and receives described registrar according to described note
The registration relevant information that volume request transmits, and described registration relevant information is stored in the secure storage areas of described first terminal
In, wherein:
Described registration request include described first terminal user name and encryption after user key;And
After described registration relevant information includes user key that secondary encrypts, the login key of described first terminal, encryption
Server key and the AES that used of described registrar, wherein, the user key of described secondary encryption is
Obtained by described registrar uses described AES to carry out described user key encrypting for the second time, described login key
Be described registrar according to the server key after user name, user key and the described encryption of described first terminal,
Use described AES calculated.
In other preferred embodiments of the present invention, described user key is one or more in the biometric keys of user
Combination, including fingerprint key, iris key, sound key and face key.
In other preferred embodiments of the present invention, described secure storage section is the embedded SIM card of described first terminal
Secure storage areas.
In other preferred embodiments of the present invention, the identity that the entitled described embedded SIM card of described user provides.
In other preferred embodiments of the present invention, this Verification System also includes:
Key modified module, for when receiving the request of amendment user key, prompting user inputs described first eventually
Hold current user key, and when the described current user key of user's input is correct, prompting user inputs new user
Key.
In other preferred embodiments of the present invention, described key modified module is additionally operable to:
Use described AES that described new user key is carried out secondary encryption, and the use according to described first terminal
Server key after name in an account book, described new user key and encryption, uses described AES to calculate described first eventually
The new login key of end, and store the new user key of described secondary encryption and new login key in described first eventually
In the secure storage section of end, and the user key pointing out user new is arranged successfully.
Compared to prior art, in method used in the present invention, send out to registrar registration phase, terminal in terminal
The user key after user name and encryption is sent to registrar rather than to directly transmit user key to registrar.Institute
So that user key also cannot be obtained when registrar exists the person of internaling attack, it is ensured that the safety of user key.Additionally,
The inventive method employs timestamp mechanism, is possible to prevent Replay Attack.Furthermore, in the method for the present invention, though registration service
The key of device is compromised, and the information of any user key is all safe, because registrar itself does not store any
User key information.Further, the inventive method is when carrying out the two-way authentication of M2M terminal, it is not necessary to registrar
Participate in, release the calculating resource of registrar.
Accompanying drawing explanation
It it is the method flow diagram of registration phase in the authentication method preferred embodiment of M2M terminal of the present invention shown in Fig. 1.
It it is the exemplary plot of registration phase in the authentication method preferred embodiment of M2M terminal of the present invention shown in Fig. 2.
It it is the method flow in two-way authentication stage in the authentication method preferred embodiment of terminal of the present invention shown in Fig. 3 and Fig. 4
Figure.
It it is the exemplary plot in two-way authentication stage in a kind of authentication method preferred embodiment of terminal of the present invention shown in Fig. 5.
It it is the exemplary plot in two-way authentication stage in the another kind of authentication method preferred embodiment of terminal of the present invention shown in Fig. 6.
It it is the method flow diagram of key modification stage in the authentication method preferred embodiment of terminal of the present invention shown in Fig. 7.
It it is the exemplary plot of key modification stage in the authentication method preferred embodiment of terminal of the present invention shown in Fig. 8.
It it is the applied environment schematic diagram of the Verification System preferred embodiment of terminal of the present invention shown in Fig. 9.
It it is the hardware structure figure of terminal of the present invention shown in Figure 10.
It it is functional block diagram in the Verification System preferred embodiment of terminal of the present invention shown in Figure 11.
Main element symbol description
M2M terminal 1
Registrar 2
Verification System 10
Communication unit 11
Memorizer 12
Processor 13
ESIM card 14
Registering modules 100
Authentication module 101
Key modified module 102
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is purged, complete
Describe, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments wholely.
Based on the embodiment in the present invention, those of ordinary skill in the art are institute on the premise of not making creative work
The every other embodiment obtained, broadly falls into the scope of protection of the invention.
In the embodiment of the present invention, described terminal is a M2M terminal.Described M2M can represent Machine To Machine
(Machine to Machine), Human-to-Machine (Man to Machine), machine are to people (Machine to Man), mobile network
Network to the connection between machine (Mobile to Machine) and communication, it cover all realizations people, machine, system it
Between set up technology and the means of communication connection.One M2M terminal can be that the connection between first terminal and the second terminal is with logical
Letter, " first ", the word (if present) such as " second " is used for representing title, and is not offered as any specific order.
Refer to Fig. 1, be the method flow diagram of registration phase in the authentication method preferred embodiment of terminal of the present invention.According to
Different demands, the execution sequence in flow chart shown in this figure can change, and some can omit.
S10, M2M terminal to registrar transmit this M2M terminal user name and encryption after user key.
In present pre-ferred embodiments, described user name can be embedded in the body that the eSIM card of described M2M terminal provides
Part mark, such as cell-phone number, or can also be user-defined user name, but this user name must first be tied up with described cell-phone number
Fixed.Described user key can be one or more the combination in the biometric keys of user, conventional biological characteristic
Key includes fingerprint key, iris key, sound key, face key etc..
S11, after described registrar receives user name and the user key of the transmission of described M2M terminal, use adds
Close algorithm carries out second time and encrypts described user key.
In the present embodiment, described AES can be a kind of hashing algorithm.
S12, user name that described registrar transmits according to described M2M terminal and user key, and further with
Server key after the encryption of described registrar, uses described AES to calculate the registration of described M2M terminal close
Key.
S13, described registrar by calculate secondary encryption user key, the login key of this M2M terminal,
Server key and the AES of above-mentioned use after encryption send described M2M terminal to, and are stored in described M2M terminal
In secure storage section, such as, it is stored in the secure storage areas of the eSIM card being embedded in described M2M terminal.
From above-mentioned flow process, in present pre-ferred embodiments, put down when user's first application of M2M terminal adds M2M
When platform uses M2M business, to registrar, lawful registration application can be proposed.User can select user name UID (User with oneself
ID) and user key BK (Biosignature key), then, sent out by safe lane by described UID with through the BK of encryption
Deliver to described registrar.The information such as described registrar response user ask, the login key of calculating M2M terminal.?
After, described registrar, is sent to information such as login keys in the secure storage areas of M2M terminal by safe lane.
In present pre-ferred embodiments, the user in M2M terminal performs in the stage of registration to registrar, Yong Hushi
The BK of the UID and encryption that send user to registrar rather than directly transmits user key BK to registrar.So
When there is the person of internaling attack in registrar, it also cannot obtain user key BK, it is ensured that the safety of user key.
One example of described registration phase, refers to the schematic diagram shown in following Fig. 2.
First some parameters used the registration phase shown in Fig. 2 are stated as follows:
UID represents user name;BK represents user biological feature key;Hash () represents hash function;RSK represents registration clothes
Business device key;※ represents encryption and decryption computing (such as XOR).
Refering to shown in Fig. 2, the registration of M2M terminal use UIDi includes:
1: the user key Hash (BKi) after user name UIDi and encryption is sent to registrar.
2: registrar first passes through hash function and calculates the user key cryptographic Hash of user UIDi: HHBKi=Hash
(Hash(BKi));
3: registrar re-uses the user key after described hash function and user name UIDi of user, encryption
Registrar key Hash (RSK) after Hash (BKi), encryption, these parameters calculate the login key of user UIDi and breathe out
Uncommon value: HRSKi=Hash (UIDi ※ Hash (RSK)) ※ Hash (BKi);
4: registrar will add used in user key cryptographic Hash and user's login key cryptographic Hash process calculating
The information that deciphering is relevant, is stored in the eSIM card of user UIDi including [HHBKi, HRSKi, UIDi, Hash (RSK), Hash ()]
Secure storage areas in.
In like manner, the registration of M2M terminal use UIDj includes:
1: the user key Hash (BKj) after user name UIDj and encryption is sent to described registrar;
2: registrar calculates user key cryptographic Hash HHBKj=Hash (Hash (BKj)) of user UIDj;
3: registrar calculates user's login key cryptographic Hash of user UIDj: HRSKj=Hash (UIDj ※ Hash
(RSK))※Hash(BKj);
4: registrar will add used in user key cryptographic Hash and user's login key cryptographic Hash process calculating
The information that deciphering is relevant, is stored in the eSIM card of user UIDj including [HHBKj, HRSKj, UIDj, Hash (RSK), Hash ()]
Secure storage areas in.
So far, the verification process of two M2M terminals is completed.
After M2M terminal use UIDi and user UIDj completes registration, also need to carry out the authentication of both sides, the most permissible
Realize connection between the two and communication.According to existing authentication mode, each M2M terminal need separately with registration
Server completes authentication and transmits data, then, registrar cannot process the office of the hugest user's request by facing
Face, thus seriously reduce the service quality of M2M service.
This case is in authentication phase, it is only necessary to carrying out authentication between two or more M2M terminals, verification process is also
Need not the participation of registrar, detailed process refers to the description of following Fig. 3 to Fig. 5.
Refering to shown in Fig. 3 and Fig. 4, it it is the method for authentication phase in the authentication method preferred embodiment of M2M terminal of the present invention
Flow chart.According to different demands, the execution sequence in flow chart shown in this figure can change, and some can omit.
Refering to shown in Fig. 3:
S20, first terminal is according to the user key after the login key stored in its secure storage areas, encryption and works as
Front time stamp T ci, utilizes the AES stored in its secure storage areas to calculate certification key SK i of this first terminal.
In the present embodiment, the login key, the AES that are stored are in registration phase, and registrar transmits.
S21, its user name, described certification key SK i and described time stamp T ci are sent to second eventually by first terminal
End.
S22, the second terminal receive first terminal transmit user name, certification key SK i and time stamp T ci time,
Obtain current time stamp Tcj.
S23, the second terminal judges whether Tcj-Tci < Δ T.Described Δ T is default effective time interval.
As Tcj-Tci >=Δ T, the second terminal judges has been likely to occur and has prevented Replay Attack, therefore terminates this time to recognize
Card flow process.
As Tcj-Tci < Δ T,
S24, the second terminal is according to the user name of received first terminal and time stamp T ci, and utilizes and stored
The server key of registrar, calculate authentication secret SKij.
S25, the second terminal judges whether SKij=SKi.
If SKij ≠ SKi, then terminate this identifying procedure.
Otherwise, if SKij=SKi, then S26, the second terminal receives the certification of first terminal.
So far, complete the certification to first terminal of second terminal, then, perform the first terminal certification to the second terminal,
Refering to shown in Fig. 4:
S30, the second terminal is according to the user key after the login key stored in its secure storage areas, encryption and works as
Front time stamp T cj, utilizes the AES stored in its secure storage areas to calculate certification key SK j of this second terminal.
In the present embodiment, the login key, the AES that are stored are in registration phase, and registrar transmits.
S31, its user name, described certification key SK j and described time stamp T cj are sent to first eventually by the second terminal
End.
S32, first terminal is receiving user name, certification key SK j and the described time that described second terminal transmits
During stamp Tcj, obtain current time stamp Tcji.
S33, first terminal judges whether Tcji-Tcj < Δ T.Described Δ T is default effective time interval.
As Tcji-Tcj >=Δ T, first terminal judges to be likely to occur to prevent Replay Attack, therefore terminates this time to recognize
Card flow process.
As Tcji-Tcj < Δ T,
S34, first terminal is according to the user name of the second received terminal and time stamp T cj, and utilizes and stored
The server key of registrar, calculate authentication secret SKji.
S35, first terminal judges whether SKji=SKj.
If SKji ≠ SKj, then terminate this identifying procedure.
Otherwise, if SKji=SKj, then S36, first terminal accepts the certification of the second terminal.
So far, the first terminal checking to the second terminal is completed.
It is to be understood that first, second terminal described in above-described embodiment is only the exemplary end of described M2M terminal
End, both roles can exchange, and the flow process performed in described second terminal is equally applicable to described first terminal and in institute
The flow process stating first terminal execution is equally applicable to described second terminal.
According to foregoing description it can be seen that when user requires be verified or need other users of certification when, can hold
Row two-way authentication operates.As shown in Figure 5, this two-way authentication operation includes:
S37, first terminal receives the first certification request that the second terminal sends, according to described first certification request meter
Calculate the first checking information, and perform the certification to described second terminal according to described first checking information;And
S38, when described first terminal have authenticated the legal identity of described second terminal, described first terminal is to described
Two terminals transmit the second certification request, so that described second terminal calculates the second checking information according to described second certification request,
And perform the certification to described first terminal according to described second checking information.
In present pre-ferred embodiments, described two-way authentication operation only occurs in and carries out authentication between M2M terminal, and
Need not the participation of registrar.
One example in described two-way authentication stage, refers to the schematic diagram shown in following Fig. 6.
First, some parameters used the two-way authentication stage shown in Fig. 6 are stated as follows:
Tci represents the timestamp that M2M terminal use UIDi is current;Tcj represents the time that M2M terminal use UIDj is current
Stamp;Δ T represents effective time interval.
1: calculate the certification keyed hash value of user UIDi: SKi=Hash (HRSKi ※ Hash (BKi) ※ Tci);
2: the user UIDi all users in M2M operation system send authentication request message [UIDi, SKi, Tci];
After any online user in 3:M2M operation system receives request message, it is introduced into message authentication process.
Assume that user UIDi sends request message to user UIDj, and user UIDj receives user UIDi transmission at Tcj and asks
Seek message.
4: user UIDj first verifies the legitimacy of request time, i.e. judges that whether (Tcj Tci) be less than Δ T.If (Tcj
Tci) < Δ T, user UIDj just accept certification request, otherwise refusal certification request.
5: after performing 4, it is assumed that user UIDj demonstrates the legitimacy of user's UIDi request time, accepts user UIDi
Certification request.Then the user UIDj authentication secret cryptographic Hash in the Tci moment can be calculated: SKij=Hash (Hash
(UIDi ※ Hash (RSK)) ※ Tci), and judge SKi that SKij and the user UIDi that currently calculates sends over whether phase
With.If both are identical, user UIDj just accepts user UIDi and becomes its validated user, otherwise it is assumed that user UIDi
It is a disabled user.
6: by performing after 5, if user UIDj accepts after user UIDi becomes its validated user, with regard to accounting
Calculate the current authentication keyed hash value of user UIDj: SKj=Hash (HRSKj ※ Hash (BKj) ※ Tcj), then user
UIDj sends request message [SKj, UIDj, Tcj] to user UIDi.
7: user UIDi first verifies the legitimacy of request time, it is judged that whether (Tcji Tcj) be less than Δ T.If (Tcji
Tcj) < Δ T, user UIDi just accept certification request, otherwise refusal certification request.
8: after performing 7, it is assumed that user UIDi demonstrates the legitimacy of user's UIDj request time, accepts user UIDj
Certification request, then can calculate the user UIDi authentication secret cryptographic Hash in the Tcj moment: SKji=Hash (Hash
(UIDj ※ Hash (RSK)) ※ Tcj), finally judge SKj that the SKji currently calculated and user UIDj sends over whether phase
With.If both are equal, user UIDi accepts user UIDj and becomes its validated user.Otherwise it is assumed that user UIDj is
One disabled user.
After having performed 5, show that SKij is identical with the SKi that user UIDi sends over, and after having performed 8, draw
The SKj that SKji sends over user UIDj is identical, namely as SKij=SKi and SKji=SKj, just realizes user
Two-way authentication operation between UIDi and user UIDj.
Above-described embodiment describes and utilizes user biological feature as user key, performs registration and the certification of terminal.
Being to be understood that the biometric keys of user sometimes needs amendment, such as, user wishes its user key from fingerprint
Key becomes iris key, or, need to be revised as user key from the biological characteristic of user A the biological characteristic of user B.Under
The amendment how performing user key is introduced in face.
Refering to shown in Fig. 7, it it is the side of key modification stage in the mutual authentication method preferred embodiment of M2M terminal of the present invention
Method flow chart.According to different demands, the execution sequence in flow chart shown in this figure can change, and some can omit.
S40, M2M terminal is when receiving the request of amendment user key, and prompting user inputs current user key.Example
As, described M2M terminal can provide a key amendment request icon in its user interface, when user selects this icon,
Described M2M terminal judges receives the request of amendment user key.
The current user key that user is inputted by S41, M2M terminal judges carries out the value after twice cryptographic calculation and registration
The user key of the secondary encryption that server transmits is the most consistent.
If the current user key inputting user carries out the value after twice cryptographic calculation and registrar transmission
The user key of secondary encryption is inconsistent, then terminate key modification process.
Otherwise, if the value after the current user key inputting user carries out twice cryptographic calculation passes with registrar
The user key of the secondary encryption sent is consistent, then S42, M2M terminal notifying user inputs new user key.
S43, M2M terminal uses AES that described new user key carries out secondary encryption, and according to this M2M terminal
User name, new user key and encryption after server key, use described AES to calculate the new of this terminal
Login key, and store described secondary encryption new user key and new login key in the secure storage areas of terminal
In territory.
The new user key of S44, M2M terminal notifying user is arranged successfully.
According to foregoing description, the amendment user key stage occur mainly in user need to revise user key time
Wait;After user inputs correct user biological key, the amendment key flow process that just can perform.ESIM due to M2M terminal
The information that encryption is relevant is deposited in the secure storage areas that (Embedded SIM, embedded SIM) blocks, so the process of amendment key
Need not the participation of registrar.
One example of described key amendment, refers to the schematic diagram shown in Fig. 8.
1: when needs amendment user key, user first inputs current user key BKi in M2M terminal;
The user that 2:M2M terminal uses hash function Hash () in the place of safety being stored in eSIM card to input user is close
Key carries out hash function computing Hash (Hash (BKi)), and judges whether it is equal to stored HHBKi, if both are equal,
Illustrate that the user key BKi that user inputs is legitimate secret, be put into new key registration process;
3:M2M terminal uses hash function to calculate the new user key cryptographic Hash of user UIDi: HHBKn by twice
=Hash (Hash (BKn));
4:M2M terminal re-uses UIDi, Hash (BKn) of hash function and user, Hash (RSK) these parameters calculate
Go out new user's login key cryptographic Hash of user UIDi: HRSKn=Hash (UIDn ※ Hash (RSK)) ※ Hash (BKn);
New user key cryptographic Hash and user's login key cryptographic Hash [HHBKn, HRSKn] are stored in by 5:M2M terminal
In secure storage areas in the eSIM card of the M2M terminal of user UIDi;
6:M2M terminal notifying user UIDi, amendment new key success.
Analysis to the safety of the inventive method:
In the method for the present invention, user to registrar registration phase, be UID and Hash (BK) sending user to
Registrar rather than directly transmit user key BK to registrar, so when registrar exists internal attacking
The person of hitting, it also cannot obtain the key BK of user, it is ensured that the safety of user key information.Additionally, the inventive method employs
Timestamp mechanism, is possible to prevent Replay Attack.Further, in the method for the present invention, if the key RSK quilt of registrar
Revealing, any user key information is also safe, because registrar itself does not store any user key letter
Breath.
The above, be only the detailed description of the invention of the present invention, but protection scope of the present invention be not limited thereto, for
For those of ordinary skill in the art, without departing from the concept of the premise of the invention, it is also possible to make improvement, but these
Belong to protection scope of the present invention.
Above-mentioned Fig. 1 to Fig. 8 describes the register method of M2M terminal of the present invention, authentication method and key amendment in detail
Method, below in conjunction with the 9th~11 figures, respectively to the hardware system structure of authentication method and the realization realizing above-mentioned M2M terminal
The functional module of the software system of the authentication method of this M2M terminal is introduced.
It should be appreciated that this embodiment is only purposes of discussion, patent claim is not limited by this structure.
As it is shown in figure 9, realize the hardware system structure of the authentication method preferred embodiment of described M2M terminal for the present invention
Figure.
In one of them preferred embodiment of the present invention, the realization of the authentication method of described M2M terminal is by two large divisions
Constitute: multiple stage M2M terminal 1, registrar 2.
Wherein, described M2M terminal 1 is that the request that can answer the data being included in some equipment maybe can automatically deliver
Comprise the equipment of data in such devices, apply electric power, traffic, Industry Control, retail, Administration of Public Affairs, medical treatment,
Multiple industry such as water conservancy, oil, for vehicle anti-theft, safety monitoring, automatic vending, flight-line maintenance, mobile logistics management (M-
Logistic management), mobile payment (M-POS), mobile monitor (M-monitoring) etc..
As shown in Figure 10, described M2M terminal 1 include Verification System 10, communication unit 11, memorizer 12, processor 13 with
And eSIM card 14.It should be appreciated that described M2M terminal 1 can also include other hardware or software, such as, display screen, shooting
Head, control circuit etc., and it is not restricted to the above-mentioned parts enumerated.
Described communication unit 11 is for described M2M terminal 1 and other equipment, as between other M2M terminals 1 or server
Information exchange.
Described communication unit 11 can be wireless communication module, including Wi-Fi module, WiMax (World
Interoperability for Microwave Access, i.e. World Interoperability for Microwave Access, WiMax) module, GSM (Global
System for Mobile Communication, global system for mobile communications) module, CDMA (Code Division
Multiple Access, CDMA) module, including CDMA2000, CDMA, CDMA2000 1x evdo, WCDMA, TD-
SCDMA etc.), LTE (Long Term Evolution, Long Term Evolution) module, HiperLAN (high-performance
Radio local area network, high performance radio local area network) module and short range wireless transmission module, as bluetooth,
Zigbee, RF etc..
Described memorizer 12 is used for the program that stores and various data, and realizes in M2M terminal 1 running at a high speed, certainly
Complete the access of program or data dynamicly.Described memorizer 12 can be external memory storage and/or the storage inside of M2M terminal 1
Device.Further, described memorizer 12 can be the circuit with storage function not having physical form in integrated circuit, as
RAM (Random-Access Memory, random access memory), FIFO (First In First Out) etc..Or, institute
Stating memorizer 12 can also be the storage device with physical form, such as memory bar, TF card (Trans-flash Card) etc..
Described processor 13, also known as central processing unit (CPU, Central Processing Unit), is one piece of super large rule
The integrated circuit of mould, is arithmetic core (Core) and the control core (Control Unit) of M2M terminal 1.The merit of processor 11
Interpreter directive can be mainly and process the data in software.
Described eSIM card 14 refers to be directly embedded in device chip by traditional SIM card rather than move as independent
Except in parts addition equipment, with the requirement of satisfied facility, trip, cost, safety etc..
Described Verification System 10 can include multiple functional module (referring to Figure 11) being made up of program segment.Described certification
The program code of each program segment in system 10 can be stored in described memorizer 12, and is held by described processor 13
OK, with perform registration on M2M platform and with the operation such as the certification of other M2M terminals 1 (refer to Figure 11 described in).
Wherein, in present pre-ferred embodiments, described registrar 2 can be a CA server, for numeral
The applicant of certificate provides, manages, cancellation etc..The effect of described CA is the legitimacy checking certificate holder's identity, and signs and issues
Certificate (is mathematically signed) on certificate, in case certificate is forged or distorts.
In the present embodiment, described registrar 2 is for accepting the registration of each M2M terminal 1, so that M2M terminal 1 is permissible
Legal use M2M business.
In present pre-ferred embodiments, described registrar 2 accepts the registration request first of M2M terminal 1, and response should
Registration request, calculates keyed hash value HHBK and login key cryptographic Hash HRSK of user, and the information such as HHBK, HRSK is led to
Cross safe lane to be sent in the secure storage areas of eSIM card 14 of M2M terminal 1.
In present pre-ferred embodiments, described registrar 2 is only involved in the operation of registration first of M2M terminal 1, in registration
Each operation afterwards, as the authentication operation etc. between each M2M terminal 1 can be not involved in.
Refering to shown in Figure 11, for the functional block diagram of position of the present invention commending system preferred embodiment.In the present embodiment, institute
State Verification System 10 according to its performed function, multiple functional module can be divided into.In the present embodiment, described function mould
Block includes: Registering modules 100, authentication module 101 and key modified module 102.
Described Registering modules 100 is for proposing registration request to registrar 2, and receives registrar 2 according to institute
State the registration relevant information that registration request transmission is returned, and the registration relevant information this received is stored in the peace of M2M terminal 1
In full memory area, such as, it is stored in the secure storage areas of the eSIM card 14 being embedded in described M2M terminal 1.
In the present embodiment, described Registering modules 100, when proposing registration request to registrar 2, transmits M2M terminal 1
User name and encryption after user key, receive registrar 2 calculate and transmit secondary encryption user key, should
The AES etc. that server key after the login key of M2M terminal 1, encryption and registrar 2 are used.
In present pre-ferred embodiments, described user name can be the identity that described eSIM card 14 provides, such as hands
Plane No. etc., or can also be user-defined user name, but this user name must first be bound with described cell-phone number.Described user
Key can be the one in the biometric keys of user, and it is close that conventional biometric keys includes fingerprint key, iris
Key, sound key, face key etc..
The certification request that described authentication module 101 transmits for receiving another M2M terminal 1, according to this certification request meter
Calculate a checking information, and judge whether to receive the certification of another M2M terminal 1 described according to described checking information.
In the present embodiment, described certification request includes the described user name of another M2M terminal 1, certification key and
Time stamp T ci.Described certification key be another M2M terminal 1 described according to the user key after its login key, encryption and
Described time stamp T ci, utilizes the AES stored calculated.Wherein, described login key and described encryption are calculated
Method is that another M2M terminal 1 described is transmitted by registrar 2 at registration phase.
In the present embodiment, described checking information includes an authentication secret, and described authentication secret is according to received
The user name of another M2M terminal 1 described and time stamp T ci, and utilize the server key of stored registrar 2
And AES is calculated.Wherein, server key and the described AES of described registrar 2 is at note
The volume stage, transmitted registrar 2.
Further, described authentication module 101 is additionally operable to judge to receive the certification that another M2M terminal 1 described transmits
The difference of time stamp T cj during request and described time stamp T ci whether less than the effective time interval delta T preset, the most whether Tcj-
Tci<ΔT.Only when Tcj-Tci < Δ T, described authentication module 101 just calculates described checking information.As Tcj-Tci >=Δ T
Time, described authentication module 101 terminates authentication operation.
In present pre-ferred embodiments, judge whether to receive recognizing of another M2M terminal 1 described according to described checking information
Card is the most identical with described authentication secret by judging described certification key.When described certification key and described authentication secret phase
Meanwhile, described authentication module 101 receives the certification of another M2M terminal 1 described.When described certification key and described authentication secret
When differing, described authentication module 101 terminates authentication operation.
Described key modified module 102 is for when receiving the request of amendment user key, and what prompting user inputted works as
Before user key, and when the current user key judging that user inputs is correct, point out user to input new user key,
And when new key is arranged successfully, the user key pointing out user new is arranged successfully.
The described current user key judging user's input correctly refers to enter the current user key of user's input
The value obtained after twice cryptographic calculation of row is consistent with the user key of the secondary encryption that registrar 2 transmits.
In present pre-ferred embodiments, when described key modified module 102 uses AES close to described new user
Key carries out secondary encryption, and according to the server key after the user name of this M2M terminal 1, new user key and encryption, makes
Calculate the new login key of this terminal with described AES, and store the encryption of described secondary new user key and
After new login key is in the secure storage section of M2M terminal 1, new key is arranged successfully.
In several embodiments provided by the present invention, it should be understood that disclosed system, apparatus and method are permissible
Realize by another way.Such as, device embodiment described above is only schematically, such as, and described module
Dividing, be only a kind of logic function and divide, actual can have other dividing mode when realizing.
It addition, each functional module in each embodiment of the present invention can be integrated in a processing unit, it is also possible to
It is that unit is individually physically present, it is also possible to two or more unit are integrated in a unit.Above-mentioned integrated list
Unit both can realize to use the form of hardware, it would however also be possible to employ hardware adds the form of software function module and realizes.
The above-mentioned integrated unit realized with the form of software function module, can be stored in an embodied on computer readable and deposit
In storage media.Above-mentioned software function module is stored in a storage medium, including some instructions with so that a computer
Equipment (can be personal computer, server, or the network equipment etc.) or processor (processor) perform the present invention each
The part of method described in embodiment.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie
In the case of the spirit or essential attributes of the present invention, it is possible to realize the present invention in other specific forms.Therefore, no matter
From the point of view of which point, all should regard embodiment as exemplary, and be nonrestrictive, the scope of the present invention is by appended power
Profit requires rather than described above limits, it is intended that all by fall in the implication of equivalency and scope of claim
Change is included in the present invention.Should not be considered as limiting involved claim by any reference in claim.This
Outward, it is clear that " including " word be not excluded for other unit or, odd number is not excluded for plural number.Multiple unit of statement in system claims
Or device can also be realized by software or hardware by a unit or device.
Finally it should be noted that above example only in order to technical scheme to be described and unrestricted, although reference
The present invention has been described in detail by preferred embodiment, it will be understood by those within the art that, can be to the present invention's
Technical scheme is modified or equivalent, without deviating from the spirit and scope of technical solution of the present invention.
Claims (20)
1. the authentication method of a terminal, it is characterised in that described authentication method includes:
First terminal receives the first certification request that the second terminal sends, and calculates first according to described first certification request and tests
Card information, and perform the certification to described second terminal according to described first checking information;And
When described first terminal have authenticated the legal identity of described second terminal, described first terminal passes to described second terminal
Send the second certification request, so that described second terminal calculates the second checking information according to described second certification request, and according to institute
Second checking information of stating performs the certification to described first terminal.
2. the authentication method of terminal as claimed in claim 1, it is characterised in that what described second terminal sent first recognizes
Card request includes the user name of described second terminal, certification key and timestamp;And described first checking information includes
One authentication secret, the user name of described second terminal received according to described first authentication secret and timestamp, profit
Server key and AES with registrar are calculated.
3. the authentication method of terminal as claimed in claim 2, it is characterised in that described according to described first checking information execution
Certification to described second terminal includes:
When the certification key of described second terminal is identical with described first authentication secret, the legal body of the second terminal described in certification
Part;And
When the certification key of described second terminal differs with described first authentication secret, terminate described second terminal is recognized
Card operation.
4. the authentication method of terminal as claimed in claim 2, it is characterised in that described according to described first certification request calculating
First checking information, and before performing certification to described second terminal according to described first checking information, also include:
The time that timestamp when receiving the first certification request that described second terminal transmits transmits with described second terminal
When difference between stamp is less than the effective time interval preset, calculate described first checking information;And
The time that timestamp when receiving the first certification request that described second terminal transmits transmits with described second terminal
When difference between stamp is spaced more than or equal to described default effective time, terminates the certification to described second terminal and grasp
Make.
5. the authentication method of terminal as claimed in claim 1, it is characterised in that described authentication method also includes described first
Terminal performs registration, and described first terminal performs registration and includes:
Described first terminal user key after the user name and encryption of the registrar described first terminal of transmission;
After receiving the user key of secondary encryption of described registrar transmission, the login key of described first terminal, encryption
Server key and the AES that used of described registrar, wherein, the user key of described secondary encryption is
Obtained by described registrar uses described AES to carry out described user key encrypting for the second time, described login key
Be described registrar according to the server key after user name, user key and the described encryption of described first terminal,
Use described AES calculated;And
Store the user key of secondary encryption that described registrar transmits, login key, server key after encryption and
The AES that described registrar is used is in the secure storage section of described first terminal.
6. the authentication method of terminal as claimed in claim 5, it is characterised in that described user key is the biological characteristic of user
The combination of one or more in key, including fingerprint key, iris key, sound key and face key.
7. the authentication method of terminal as claimed in claim 5, it is characterised in that described secure storage section is described first end
The secure storage areas of the embedded SIM card of end.
8. the authentication method of terminal as claimed in claim 7, it is characterised in that the entitled described embedded SIM card of described user
The identity provided.
9. the authentication method of terminal as claimed in claim 5, it is characterised in that described authentication method is additionally included in described first
The user key amendment that terminal performs, the amendment of described user key includes:
When receiving the request of amendment user key, prompting user inputs current user key;And
When the described current user key verifying user's input is correct, point out described user new to the input of described first terminal
User key.
10. the authentication method of terminal as claimed in claim 9, it is characterised in that the amendment of described user key also includes:
Use described AES that described new user key is carried out secondary encryption, and the user according to described first terminal
Server key after name, described new user key and encryption, uses described AES to calculate described first terminal
New login key, and store described secondary encryption new user key and new login key in described first terminal
Secure storage section in, and the user key pointing out user new arranges successfully.
The Verification System of 11. 1 kinds of terminals, it is characterised in that described system includes:
Authentication module, is used for:
Receive the first certification request that the second terminal sends, calculate the first checking information according to described first certification request,
And perform the certification to described second terminal according to described first checking information;And
When have authenticated the legal identity of described second terminal, transmit the second certification request to described second terminal, so that described
Second terminal calculates the second checking information according to described second certification request, and performs first according to described second checking information
The certification of terminal.
The Verification System of 12. terminals as claimed in claim 11, it is characterised in that described second terminal send first
Certification request includes the user name of described second terminal, certification key and timestamp;And described first checking information includes
First authentication secret, the user name of described second terminal received according to described first authentication secret and timestamp,
The server key and the AES that utilize registrar are calculated.
The Verification System of 13. terminals as claimed in claim 12, it is characterised in that described hold according to described first checking information
The certification of described second terminal is included by row:
When the certification key of described second terminal is identical with described first authentication secret, the legal body of the second terminal described in certification
Part;And
When the certification key of described second terminal differs with described first authentication secret, terminate described second terminal is recognized
Card operation.
The Verification System of 14. terminals as claimed in claim 12, it is characterised in that described authentication module is additionally operable to:
The time that timestamp when receiving the first certification request that described second terminal transmits transmits with described second terminal
When difference between stamp is less than the effective time interval preset, calculate described first checking information;And
The time that timestamp when receiving the first certification request that described second terminal transmits transmits with described second terminal
When difference between stamp is spaced more than or equal to described default effective time, terminates the certification to described second terminal and grasp
Make.
The Verification System of 15. terminals as claimed in claim 11, it is characterised in that described system also includes:
Registering modules, for registrar propose registration request, and receive described registrar according to described registration please
Seek the registration relevant information of transmission, and described registration relevant information is stored in the secure storage areas of described first terminal, its
In:
Described registration request include described first terminal user name and encryption after user key;And
Described registration relevant information includes the clothes after user key that secondary encrypts, the login key of described first terminal, encryption
The AES that business device key and described registrar are used, wherein, the user key of described secondary encryption is described
Obtained by registrar uses described AES to carry out described user key encrypting for the second time, described login key is institute
State registrar according to the server key after user name, user key and the described encryption of described first terminal, use
Described AES is calculated.
The Verification System of 16. terminals as claimed in claim 15, it is characterised in that described user key is the biological special of user
Levy the combination of one or more in key, including fingerprint key, iris key, sound key and face key.
The Verification System of 17. terminals as claimed in claim 15, it is characterised in that described secure storage section is described first
The secure storage areas of the embedded SIM card of terminal.
The Verification System of 18. terminals as claimed in claim 17, it is characterised in that the entitled described embedded SIM of described user
The identity that card provides.
The Verification System of 19. terminals as claimed in claim 15, it is characterised in that described Verification System also includes:
Key modified module, for when receiving the request of amendment user key, prompting user inputs described first terminal and works as
Before user key, and when the described current user key of user's input is correct, point out described user to input new user
Key.
The Verification System of 20. terminals as claimed in claim 19, it is characterised in that described key modified module is additionally operable to:
Use described AES that described new user key is carried out secondary encryption, and the user according to described first terminal
Server key after name, described new user key and encryption, uses described AES to calculate described first terminal
New login key, and store described secondary encryption new user key and new login key in described first terminal
Secure storage section in, and the user key pointing out user new arranges successfully.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610280800.2A CN105975846B (en) | 2016-04-29 | 2016-04-29 | The authentication method and system of terminal |
PCT/CN2016/084058 WO2017185450A1 (en) | 2016-04-29 | 2016-05-31 | Method and system for authenticating terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610280800.2A CN105975846B (en) | 2016-04-29 | 2016-04-29 | The authentication method and system of terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105975846A true CN105975846A (en) | 2016-09-28 |
CN105975846B CN105975846B (en) | 2019-04-12 |
Family
ID=56993542
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610280800.2A Active CN105975846B (en) | 2016-04-29 | 2016-04-29 | The authentication method and system of terminal |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105975846B (en) |
WO (1) | WO2017185450A1 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108985046A (en) * | 2018-06-07 | 2018-12-11 | 国民技术股份有限公司 | A kind of safety stop control method, system and computer readable storage medium |
CN110213229A (en) * | 2019-04-25 | 2019-09-06 | 平安科技(深圳)有限公司 | Identity identifying method, system, computer equipment and storage medium |
CN110570261A (en) * | 2019-08-30 | 2019-12-13 | 天地融科技股份有限公司 | Method and system for acquiring non-stop toll collection invoice and vehicle-mounted unit |
CN111262889A (en) * | 2020-05-06 | 2020-06-09 | 腾讯科技(深圳)有限公司 | Authority authentication method, device, equipment and medium for cloud service |
WO2020140296A1 (en) * | 2019-01-04 | 2020-07-09 | 华为技术有限公司 | Image recognition data protection method, apparatus, and system |
CN111741465A (en) * | 2019-03-25 | 2020-10-02 | 成都鼎桥通信技术有限公司 | Soft SIM protection method and equipment |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI733340B (en) * | 2020-02-19 | 2021-07-11 | 網聯科技股份有限公司 | Legality verification method |
CN113992416A (en) * | 2021-10-28 | 2022-01-28 | 上海辰锐信息科技公司 | Internet of things perception terminal authentication method and internet of things perception terminal |
CN114422145B (en) * | 2022-01-21 | 2024-05-28 | 上海交通大学 | End-to-end dynamic identity authentication method of Internet of things based on PUF and Hash |
CN115001822B (en) * | 2022-06-02 | 2023-11-10 | 广东电网有限责任公司 | Power distribution network security authentication method and gateway based on time delay judgment |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101150405A (en) * | 2006-09-22 | 2008-03-26 | 华为技术有限公司 | Method and system for multicast and broadcast service authentication and authorization |
CN101771535A (en) * | 2008-12-30 | 2010-07-07 | 上海茂碧信息科技有限公司 | Mutual authentication method between terminal and server |
CN101873298A (en) * | 2009-04-21 | 2010-10-27 | 华为软件技术有限公司 | Registration method, terminal, server and system |
JP2011113157A (en) * | 2009-11-25 | 2011-06-09 | Kddi Corp | Authentication system, authentication method, and program |
CN102137103A (en) * | 2011-03-09 | 2011-07-27 | 北京交通大学 | Method for realizing trusted transmission of voice over internet phone (VoIP) media stream by expanding MIKEY protocol |
CN102413132A (en) * | 2011-11-16 | 2012-04-11 | 北京数码视讯软件技术发展有限公司 | Two-way-security-authentication-based data downloading method and system |
CN102685110A (en) * | 2012-04-17 | 2012-09-19 | 中国科学院计算技术研究所 | Universal method and system for user registration authentication based on fingerprint characteristics |
CN103152735A (en) * | 2013-03-27 | 2013-06-12 | 深圳市中兴移动通信有限公司 | Method and device for two-way signature in mobile terminal |
KR101568940B1 (en) * | 2014-10-01 | 2015-11-20 | 이화여자대학교 산학협력단 | Authentication method for device to device communication in mobile open iptv system and device to device communication method in mobile open iptv system |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1691578A (en) * | 2004-04-29 | 2005-11-02 | 华为技术有限公司 | A method of self validity verification for an equipment |
CN101409621B (en) * | 2008-11-13 | 2011-05-11 | 中国移动通信集团北京有限公司 | Multipart identification authentication method and system base on equipment |
CN101442411A (en) * | 2008-12-23 | 2009-05-27 | 中国科学院计算技术研究所 | Identification authentication method between peer-to-peer user nodes in P2P network |
CN101902476B (en) * | 2010-07-27 | 2013-04-24 | 浙江大学 | Method for authenticating identity of mobile peer-to-peer user |
KR102124413B1 (en) * | 2013-12-30 | 2020-06-19 | 삼성에스디에스 주식회사 | System and method for identity based key management |
-
2016
- 2016-04-29 CN CN201610280800.2A patent/CN105975846B/en active Active
- 2016-05-31 WO PCT/CN2016/084058 patent/WO2017185450A1/en active Application Filing
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101150405A (en) * | 2006-09-22 | 2008-03-26 | 华为技术有限公司 | Method and system for multicast and broadcast service authentication and authorization |
CN101771535A (en) * | 2008-12-30 | 2010-07-07 | 上海茂碧信息科技有限公司 | Mutual authentication method between terminal and server |
CN101873298A (en) * | 2009-04-21 | 2010-10-27 | 华为软件技术有限公司 | Registration method, terminal, server and system |
JP2011113157A (en) * | 2009-11-25 | 2011-06-09 | Kddi Corp | Authentication system, authentication method, and program |
CN102137103A (en) * | 2011-03-09 | 2011-07-27 | 北京交通大学 | Method for realizing trusted transmission of voice over internet phone (VoIP) media stream by expanding MIKEY protocol |
CN102413132A (en) * | 2011-11-16 | 2012-04-11 | 北京数码视讯软件技术发展有限公司 | Two-way-security-authentication-based data downloading method and system |
CN102685110A (en) * | 2012-04-17 | 2012-09-19 | 中国科学院计算技术研究所 | Universal method and system for user registration authentication based on fingerprint characteristics |
CN103152735A (en) * | 2013-03-27 | 2013-06-12 | 深圳市中兴移动通信有限公司 | Method and device for two-way signature in mobile terminal |
KR101568940B1 (en) * | 2014-10-01 | 2015-11-20 | 이화여자대학교 산학협력단 | Authentication method for device to device communication in mobile open iptv system and device to device communication method in mobile open iptv system |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108985046A (en) * | 2018-06-07 | 2018-12-11 | 国民技术股份有限公司 | A kind of safety stop control method, system and computer readable storage medium |
WO2020140296A1 (en) * | 2019-01-04 | 2020-07-09 | 华为技术有限公司 | Image recognition data protection method, apparatus, and system |
CN111741465A (en) * | 2019-03-25 | 2020-10-02 | 成都鼎桥通信技术有限公司 | Soft SIM protection method and equipment |
CN110213229A (en) * | 2019-04-25 | 2019-09-06 | 平安科技(深圳)有限公司 | Identity identifying method, system, computer equipment and storage medium |
WO2020215709A1 (en) * | 2019-04-25 | 2020-10-29 | 平安科技(深圳)有限公司 | Identity authentication method and system, computer device, and storage medium |
CN110570261A (en) * | 2019-08-30 | 2019-12-13 | 天地融科技股份有限公司 | Method and system for acquiring non-stop toll collection invoice and vehicle-mounted unit |
CN110570261B (en) * | 2019-08-30 | 2022-05-24 | 天地融科技股份有限公司 | Method and system for acquiring non-stop toll collection invoice and vehicle-mounted unit |
CN111262889A (en) * | 2020-05-06 | 2020-06-09 | 腾讯科技(深圳)有限公司 | Authority authentication method, device, equipment and medium for cloud service |
CN111262889B (en) * | 2020-05-06 | 2020-09-04 | 腾讯科技(深圳)有限公司 | Authority authentication method, device, equipment and medium for cloud service |
Also Published As
Publication number | Publication date |
---|---|
WO2017185450A1 (en) | 2017-11-02 |
CN105975846B (en) | 2019-04-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105975846B (en) | The authentication method and system of terminal | |
Yang et al. | Multimedia cloud transmission and storage system based on internet of things | |
CN106101068B (en) | Terminal communicating method and system | |
KR101434769B1 (en) | Method and apparatus for trusted federated identity management and data access authorization | |
CN103597799B (en) | service access authentication method and system | |
CN101873331B (en) | Safety authentication method and system | |
CN109600223A (en) | Verification method, Activiation method, device, equipment and storage medium | |
CN105141636B (en) | Suitable for the HTTP safety communicating methods and system of CDN value-added service platforms | |
Li et al. | Providing privacy-aware incentives in mobile sensing systems | |
CN102685749B (en) | Wireless safety authentication method orienting to mobile terminal | |
CN104869102B (en) | Authorization method, device and system based on xAuth agreement | |
CN106230838A (en) | A kind of third-party application accesses the method and apparatus of resource | |
CN103229452A (en) | Mobile handset identification and communication authentication | |
EP1997291A2 (en) | Method and arrangement for secure autentication | |
CN112968971B (en) | Method, device, electronic equipment and readable storage medium for establishing session connection | |
CN102577301A (en) | Method and apparatus for trusted authentication and logon | |
CN105516980A (en) | Token authentication method for wireless sensor network based on Restful architecture | |
CN107911211B (en) | Two-dimensional code authentication system based on quantum communication network | |
CN109861947B (en) | Network hijacking processing method and device and electronic equipment | |
CN106549926A (en) | A kind of method for authorizing account access right, apparatus and system | |
Kumar et al. | A conditional privacy-preserving and desynchronization-resistant authentication protocol for vehicular ad hoc network | |
CN109740319A (en) | Digital identity verification method and server | |
Li et al. | Further improvement on a novel privacy preserving authentication and access control scheme for pervasive computing environments | |
CN105379176B (en) | System and method for verifying the request of SCEP certificate registration | |
CN201717885U (en) | Code providing equipment and code identification system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |