CN106656479A - Equipment password authentication method, servers and terminal - Google Patents

Equipment password authentication method, servers and terminal Download PDF

Info

Publication number
CN106656479A
CN106656479A CN201610931262.9A CN201610931262A CN106656479A CN 106656479 A CN106656479 A CN 106656479A CN 201610931262 A CN201610931262 A CN 201610931262A CN 106656479 A CN106656479 A CN 106656479A
Authority
CN
China
Prior art keywords
server
target device
encryption parameter
terminal
parameter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610931262.9A
Other languages
Chinese (zh)
Other versions
CN106656479B (en
Inventor
孟亚楠
刘铁俊
刘东旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xiaomi Mobile Software Co Ltd
Beijing Smartmi Technology Co Ltd
Original Assignee
Beijing Xiaomi Mobile Software Co Ltd
Beijing Smartmi Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xiaomi Mobile Software Co Ltd, Beijing Smartmi Technology Co Ltd filed Critical Beijing Xiaomi Mobile Software Co Ltd
Priority to CN201610931262.9A priority Critical patent/CN106656479B/en
Publication of CN106656479A publication Critical patent/CN106656479A/en
Application granted granted Critical
Publication of CN106656479B publication Critical patent/CN106656479B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention relates to an equipment password authentication method, servers and a terminal. The method is applied to a first server, and comprises the steps of: acquiring an authentication request sent by the terminal, the authentication request including an identifier of target equipment and signature information encrypted by adopting a first encryption parameter; performing authentication according to the authentication request; when the authentication fails, generating a dynamic encryption parameter; and sending the dynamic encryption parameter to the second server, so that the second server updates the first encryption parameter of the target equipment according to the dynamic encryption parameter. According to the equipment password authentication method, the servers and the terminal, the operation of authenticating the terminal by the second server is converted to be executed by the first server, so that the overhead of the second server is reduced while the terminal is authenticated.

Description

Device password method for authenticating, server and terminal
Technical field
It relates to Intelligent housing technology, more particularly to a kind of device password method for authenticating, server and terminal.
Background technology
With developing rapidly for internet, intelligent home device as new technology product, increasingly by the green grass or young crops of people Look at.Common intelligent home device has gateway, touches dimmer switch, Temperature Humidity Sensor, air purifier etc..
By taking air purifier as an example, in correlation technique, user, can be by with sky when using above-mentioned air purifier The terminal of the control authority of gas purifier, instructs, to configure purification of air to the server send configuration belonging to air purifier The use scene of device.Current technology scheme is needed before the configuration-direct is performed, to the control authority of terminal in account certification It is authenticated on server, account certificate server, can be according to institute in the configuration-direct after the configuration-direct is received The mark of the air purifier of carrying and the mark of terminal, authenticate to the terminal, to confirm whether the terminal has control The authority of air purifier.If authentication passes through, illustrate that the terminal has the authority of control air purifier, then account authentication service Device stores the configuration-direct that the terminal sends, so that account certificate server can be according to the use field of the configuration-direct indication Scape, control air purifier is turned on and off, and realizes the intelligent work of air purifier.
Disclosure
To overcome problem present in correlation technique, the disclosure to provide a kind of device password method for authenticating, server and end End.Technical scheme is as follows:
According to the first aspect of the embodiment of the present disclosure, there is provided a kind of device password method for authenticating, first server is applied to, Including:
The authentication request that terminal sends is obtained, the authentication request includes:The mark of target device and adopt first Signing messages after encryption parameter encryption;
Authenticated according to the authentication request;
When the authentication fails, dynamic encryption parameter is generated;
The dynamic encryption parameter is sent into second server, so that the second server is according to the dynamic encryption Parameter is updated to the first encryption parameter of the target device.
Optionally, it is described to be authenticated according to the authentication request, including:
According to the mark of the target device, inquire about whether corresponding comprising the target device in the first server Second encryption parameter;
It is described to generate dynamic encryption parameter when the authentication fails, including:
When the second encryption parameter corresponding not comprising the target device in the first server, dynamic encryption is generated Parameter.
Optionally, it is described to be authenticated according to the authentication request, including:
According to the mark of the target device, inquire about whether corresponding comprising the target device in the first server Second encryption parameter;
When the second encryption parameter corresponding comprising the target device in the first server, add according to described second Close parameter, generates using the signing messages after second encryption parameter encryption;
When the first server determine it is described adopt the first encryption parameter encrypt after signing messages and employing institute State the second encryption parameter encryption after signing messages it is identical when, to the terminal send authentication success response;
It is described to generate dynamic encryption parameter when the authentication fails, including:
When the first server determine it is described adopt the first encryption parameter encrypt after signing messages and employing institute When stating the signing messages difference after the encryption of the second encryption parameter, dynamic encryption parameter is generated.
Further, it is described that the dynamic encryption parameter is sent to after second server, also include:
The configuration message that the second server sends is received, the configuration message is used to indicate that the target device is adopted The dynamic encryption parameter configuration success;
Reconfiguration request is sent to the terminal according to the configuration message, the reconfiguration request is used to indicate the end Again the authentication request is initiated in end.
According to the second aspect of the embodiment of the present disclosure, there is provided a kind of device password method for authenticating, second server is applied to, Including:
Receive the corresponding dynamic encryption of the target device that first server sends after to target device failed authentication Parameter;
The dynamic encryption parameter is sent into the target device.
Further, it is described that the dynamic encryption parameter is sent to after the target device, also include:
The configuration response that the target device sends is received, the configuration response is used to indicate that the target device adopts institute State dynamic encryption parameter configuration success;
According to the configuration response, to the first server send configuration message, the configuration message is used to indicate institute Target device is stated using the dynamic encryption parameter configuration success.
According to the third aspect of the embodiment of the present disclosure, there is provided a kind of device password method for authenticating, terminal is applied to, including:
The mark and the first encryption parameter of target device are obtained from target device;
Authentication request is sent to first server, the authentication request includes:The mark of target device and adopt Signing messages after the encryption of one encryption parameter;
Receive the reconfiguration request that the first server sends after failed authentication;The reconfiguration request is used to indicate The terminal initiates the authentication request again;
Again the mark and dynamic encryption parameter of target device are obtained from the target device;
Again authentication request is sent to the first server, the authentication for sending to the first server again please Asking includes:Again from the target device obtain target device mark and using dynamic encryption parameter encryption after Signing messages.
According to the fourth aspect of the embodiment of the present disclosure, there is provided a kind of server, server is first server, first service Device includes:
Acquisition module, is configured to obtain the authentication request that terminal sends, and authentication request includes:The mark of target device Know and using the signing messages after the encryption of the first encryption parameter;
Authentication module, is configured to be authenticated according to authentication request;
Generation module, is configured to, in authentication module failed authentication, generate dynamic encryption parameter;
First sending module, is configured to for dynamic encryption parameter to be sent to second server, so that the second service Device is updated according to the dynamic encryption parameter to the first encryption parameter of the target device.
Optionally, authentication module, is configured to the mark according to target device, and whether mesh is included in inquiry first server Corresponding second encryption parameter of marking device;
Generation module, is configured in authentication module determines first server add not comprising target device corresponding second During close parameter, dynamic encryption parameter is generated.
Optionally, authentication module, is configured to the mark according to target device, and whether mesh is included in inquiry first server Corresponding second encryption parameter of marking device, and it is determined that including corresponding second encryption parameter of target device in first server When, according to target device mark and the second encryption parameter, generate using the signing messages after the encryption of the second encryption parameter;
Generation module, is configured to determine using the signing messages after the encryption of the first encryption parameter and adopt in authentication module When signing messages after being encrypted with the second encryption parameter is different, dynamic encryption parameter is generated;
First server also includes:
Second sending module, be configured to authentication module determine using the first encryption parameter encryption after signing messages, With using the second encryption parameter encryption after signing messages it is identical when, to terminal send authentication success response.
Further, first server also includes:
Receiver module, is configured to after dynamic encryption parameter to be sent to the first sending module second server, connects The configuration message that second server sends is received, configuration message is used to represent that target device adopts dynamic encryption parameter configuration success;
3rd sending module, is configured to send reconfiguration request to terminal according to configuration message, and reconfiguration request is used for Instruction terminal initiates the authentication request again.
According to the 5th of embodiment of the present disclosure aspect, there is provided a kind of server, server is second server, second service Device includes:
First receiver module, is configured to receive the corresponding dynamic encryption parameter of target device that first server sends;
First sending module, is configured to for dynamic encryption parameter to be sent to target device.
Further, second server also includes:
Second receiver module, is configured to after dynamic encryption parameter to be sent to the first sending module target device, The configuration response that target device sends is received, configuration response is used for target device and adopts dynamic encryption parameter configuration success;
Second sending module, is configured to according to configuration response, and to first server send configuration message, the configuration disappears Cease for indicating that the target device adopts the dynamic encryption parameter configuration success.
According to the 6th aspect of the embodiment of the present disclosure, there is provided a kind of terminal, including:
First acquisition module, is configured to from target device obtain the mark and the first encryption parameter of target device;
First sending module, is configured to send authentication request to first server, and authentication request includes:Target device Mark and using the first encryption parameter encryption after signing messages;
First receiver module, is configured to receive the reconfiguration request that first server sends, and reconfiguration request is used to refer to Show that terminal initiates the authentication request again;
Second acquisition module, the mark and dynamic for being configured to obtain target device from the target device again adds Close parameter;
Second sending module, is configured to send authentication request to the first server again, described again to described The authentication request that first server sends includes:Again from the target device obtain target device mark and adopt With the signing messages after the encryption of dynamic encryption parameter.
According to the 7th of embodiment of the present disclosure aspect, there is provided a kind of server, server is first server, first service Device includes:
Processor;
For storing the memory of the executable instruction of processor;
Wherein, processor is configured to:
The authentication request that terminal sends is obtained, authentication request includes:The mark of target device and using first encryption Signing messages after parameter encryption;
Authenticated according to authentication request, when the authentication fails, generated dynamic encryption parameter;
Dynamic encryption parameter is sent into second server, so that the second server is according to the dynamic encryption parameter First encryption parameter of the target device is updated.
According to the eighth aspect of the embodiment of the present disclosure, there is provided a kind of server, server is second server, second service Device includes:
Processor;
For storing the memory of the executable instruction of processor;
Wherein, processor is configured to:
Receive the corresponding dynamic encryption of the target device that first server sends after to target device failed authentication Parameter;
The dynamic encryption parameter is sent into the target device.
According to the 9th aspect of the embodiment of the present disclosure, there is provided a kind of terminal, terminal includes:
Processor;
For storing the memory of the executable instruction of processor;
Wherein, processor is configured to:
The mark and the first encryption parameter of target device are obtained from target device;
Authentication request is sent to first server, the authentication request includes:The mark of target device and adopt Signing messages after the encryption of one encryption parameter;
Receive the reconfiguration request that the first server sends after failed authentication;The reconfiguration request is used to indicate The terminal initiates the authentication request again;
Again the mark and dynamic encryption parameter of target device are obtained from the target device;
Again authentication request is sent to the first server, the authentication for sending to the first server again please Asking includes:Again from the target device obtain target device mark and using dynamic encryption parameter encryption after Signing messages.
The technical scheme that the disclosure is provided can include following beneficial effect:Second server no longer needs to perform terminal The operation of authentication, but by the first server as authentication server after the authentication request for getting terminal transmission, it is right Terminal is authenticated, and in failed authentication, can be received first server for target device and be generated the dynamic of replacement encryption parameter State encryption parameter, and then by way of the dynamic encryption parameter is sent into target device so that target device is according to using The dynamic encryption parameter replaces encryption parameter thereon, so that the authentication that first server sends in subsequently received terminal After request, it can be determined that whether entrained signing messages is to be generated using dynamic encryption parameter in the follow-up authentication request for sending , and then cause first server to can determine whether terminal has from target device the authority for obtaining dynamic encryption parameter, So that first server can determine whether terminal has the authority of control targe equipment, i.e. whether terminal authenticates successfully. In this way, script is performed the operation for authenticating terminal by second server to be converted into being held by first server OK, therefore, on the basis of realizing terminal is authenticated, reduce the expense of second server.
It should be appreciated that the general description of the above and detailed description hereinafter are only exemplary and explanatory, not The disclosure can be limited.
Description of the drawings
Accompanying drawing herein is merged in specification and constitutes the part of this specification, shows the enforcement for meeting the disclosure Example, and be used to explain the principle of the disclosure together with specification.
Fig. 1 is a kind of application scenario diagram of the device password method for authenticating according to an exemplary embodiment;
Fig. 2 is a kind of flow chart of the device password method for authenticating according to an exemplary embodiment;
Fig. 3 is a kind of flow chart of the device password method for authenticating for implementing to exemplify according to another exemplary;
Fig. 4 is a kind of flow chart of the device password method for authenticating for implementing to exemplify according to another exemplary;
Fig. 5 is a kind of flow chart of the device password method for authenticating for implementing to exemplify according to another exemplary;
Fig. 6 is a kind of flow chart of the device password method for authenticating for implementing to exemplify according to another exemplary;
Fig. 7 is a kind of flow chart of the device password method for authenticating for implementing to exemplify according to another exemplary;
Fig. 8 is a kind of signaling process figure of the device password method for authenticating for implementing to exemplify according to another exemplary;
Fig. 9 is a kind of signaling process figure of the device password method for authenticating for implementing to exemplify according to another exemplary;
Figure 10 is a kind of block diagram of the server according to an exemplary embodiment;
Figure 11 is a kind of block diagram of the server for implementing to exemplify according to another exemplary;
Figure 12 is a kind of block diagram of the server for implementing to exemplify according to another exemplary;
Figure 13 is a kind of block diagram of the server for implementing to exemplify according to another exemplary;
Figure 14 is a kind of block diagram of the server for implementing to exemplify according to another exemplary;
Figure 15 is a kind of block diagram of the terminal according to an exemplary embodiment;
Figure 16 is a kind of block diagram of the server 1600 according to an exemplary embodiment;
Figure 17 is a kind of block diagram of the server 1700 according to an exemplary embodiment;
Figure 18 is a kind of block diagram of the terminal 1800 according to an exemplary embodiment.
By above-mentioned accompanying drawing, it has been shown that the clear and definite embodiment of the disclosure, hereinafter will be described in more detail.These accompanying drawings It is not intended to limit the scope of disclosure design by any mode with word description, but is by reference to specific embodiment Those skilled in the art illustrate the concept of the disclosure.
Specific embodiment
Here exemplary embodiment will be illustrated in detail, its example is illustrated in the accompanying drawings.Explained below is related to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represent same or analogous key element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the disclosure.Conversely, they be only with it is such as appended The example of the consistent apparatus and method of some aspects described in detail in claims, the disclosure.
Fig. 1 is a kind of application scenario diagram of the device password method for authenticating according to an exemplary embodiment, such as Fig. 1 institutes Show, the application scenarios for example can include:Target device 101, terminal 102, first server 103 and second server 104.Its In, terminal 102 is communicated with first server 103 and target device 101, and second server 104 can be with first server 103 and target device 101 communicated.
In this example, target device 101 can (Fig. 1 be illustrated that and set with smart home for arbitrary intelligent home device The standby application scenario diagram for as a example by air purifier);Terminal 102 can send control instruction or configuration to first server 103 Instruction, performs corresponding action or target device 101 is configured with control targe equipment 101;First server 103 is mirror Power server, for after the control instruction or configuration-direct for receiving the transmission of terminal 102, authenticating to terminal 102, with true Determine the control authority whether terminal 102 has target device 101;Second server 104 is account certificate server, for by the The instruction that one server 103 sends is transmitted to target device 101, so that target device 101 performs corresponding action.
It is described in detail with specifically embodiment technical scheme of this disclosure below.These specific enforcements below Example can be combined with each other, for same or analogous concept or process may be repeated no more in some embodiments.
Fig. 2 is a kind of flow chart of the device password method for authenticating according to an exemplary embodiment, as shown in Fig. 2 The executive agent of the method can be first server, and the present embodiment refers to first server in the authentication sent to terminal After request failure, to second server the detailed process of dynamic encryption parameter is sent.The method may comprise steps of:
In step S101, the authentication request that terminal sends is obtained;Wherein, the authentication request includes:Target device Identify and using the signing messages after the encryption of the first encryption parameter.
Specifically, above-mentioned target device can be arbitrary intelligent home device, for example:Gateway, touch dimmer switch, warm and humid Degree sensor, air purifier etc..Be stored with the mark and encryption parameter of target device in above-mentioned target device, wherein, it is above-mentioned The mark of target device can be arbitrary mark that can represent the target device identity, ID of such as target device etc..It is above-mentioned The encryption parameter that encryption parameter can be used by arbitrary AES, such as salt values etc., specifically can be according to first service Default AES determines between device and target device.Above-mentioned encryption parameter can be the encryption ginseng being preset in target device Number, the dynamic encryption parameter that can also be configured for target device for first server.When implementing, above-mentioned encryption parameter can be with In being arranged on the firmware of above-mentioned target device.
Above-mentioned first server can be arbitrary server for being authenticated to terminal, in the present embodiment, above-mentioned The authentication request that first server can be sent with receive user by terminal.Wherein, above-mentioned authentication request includes:Target device Identify and using the signing messages after the encryption of the first encryption parameter.When implementing, the end with target device control authority End can send parameter acquiring request after the configuring request or control data of user input target device to target device, from Obtain in target device target device mark and encryption parameter (if terminal does not have a control authority of target device, terminal without Method obtains the mark and encryption parameter of target device from target device), then using the encryption parameter as the first encryption parameter, To obtain using the signing messages after the first encryption parameter encryption, after ultimately producing including being encrypted using the first encryption parameter The authentication request of signing messages, and in company with the configuration parameter in configuring request be together sent to first server or, in company with control Control parameter in request is together sent to first server, so that first server can get the authentication of terminal transmission Request.
Wherein, the present embodiment does not limit how above-mentioned terminal is obtained using the signing messages after the encryption of the first encryption parameter, For example:Above-mentioned terminal can be encrypted using the first encryption parameter to the mark of target device, and by the target after encrypting The mark of equipment is used as signing messages;Above-mentioned terminal can also be encrypted using the first encryption parameter to presupposed information, and will Presupposed information after the encryption as signing messages, wherein, the presupposed information can arrange for terminal and first server both sides Information.
Optionally, if authentication request is together sent to first service by above-mentioned terminal in company with the configuration parameter in configuring request Device, then above-mentioned terminal the authentication request and configuration parameter can be carried and be sent to first service in the configuration-direct for pre-seting Device.In this case, in another implementation of the disclosure, in this way, the complexity of signing messages can be increased Degree, improves the security of authentication request.Optionally, if above-mentioned terminal by authentication request in company with the control parameter in control data First server is together sent to, then above-mentioned terminal can carry the authentication request and control parameter in default control instruction In be sent to first server.In this way, the complexity of signing messages can be increased, the safety of authentication request is improve Property.
It should be noted that the present embodiment does not limit above-mentioned terminal sends parameter acquiring request to target device, with from mesh The mark of target device and the specific implementation of encryption parameter are obtained in marking device, for example:Terminal can be by setting to target Preparation send remote procedure call (Remote Procedure Call, abbreviation:RPC) the mode of order, sends to target device and joins Number obtains request, to get the mark and encryption parameter etc. of target device from target device.Optionally, in order to ensure terminal The security of the communication between target device, above-mentioned terminal to target device sends parameter acquiring request, and target device When the mark and encryption parameter of target device is sent to terminal, the encryption side arranged between terminal and target device can also be adopted Formula is encrypted to above-mentioned message, is verified with the identity to both sides, it is to avoid target device receives illegal terminal transmission After request, the mark and encryption parameter of target device are sent to illegal terminal, cause the mark and encryption parameter quilt of target device Reveal;Or, terminal receives the mark of the target device of illegal terminal transmission and the encryption parameter of mistake, causes terminal to use The problem of wrong encryption parameter failed authentication again, improves Consumer's Experience.Above-mentioned terminal is given birth to using the first encryption parameter Implementation into the signing messages after encryption specifically may refer to correlation technique, and this is repeated no more.
In step s 102, authenticated according to authentication request.
Specifically, above-mentioned first server is after authentication request is got, it is possible to according to what is carried in authentication request The mark and signing messages of target device, the terminal to sending the authentication request is authenticated, to determine whether terminal has mesh The control authority of marking device.Wherein, the present embodiment do not limit above-mentioned first server according to authentication request authenticated it is concrete Implementation, for example:First server can pass through the mark of the target device carried in authentication request, and itself be stored Target device mark corresponding to encryption parameter, and with this to judge authentication request in the signing messages that carries adopted Whether the first encryption parameter is the encryption parameter got from target device.Due to the control authority that there is no target device Terminal cannot get encryption parameter from target device, therefore, terminal can be authenticated in this way, to determine Whether terminal has the authority of control targe equipment.
If authenticating successfully, illustrate that terminal has the control authority of target device.Now, if being sent to authentication request One server is configuration parameter, then first server can store the configuration parameter sent with authentication request;If with mirror What power request was sent to first server is control parameter, then the control parameter can be sent to second service by first server Device, so that second server performs control parameter with corresponding operation according to the control parameter come control targe equipment.
In step s 103, when the authentication fails, dynamic encryption parameter is generated.
Specifically, if first server is according to authentication request, the terminal authentication to sending the authentication request fails, then illustrates The first encryption parameter that terminal is used may not be the encryption parameter got from target device, or, terminal is used The first encryption parameter be the encryption parameter got from target device, but the encryption parameter and stored in target device The corresponding encryption parameter of mark of the target device stored in one server is different, therefore, first server is in failed authentication Afterwards, dynamic encryption parameter can be generated for target device, to further determine that terminal by the encryption parameter of modification target device Whether there is the control authority of target device.
In step S104, dynamic encryption parameter is sent into second server, so that second server adds according to dynamic First encryption parameter of close parameters on target equipment is updated.
Specifically, in the present embodiment, second server is no longer used to perform the operation for authenticating terminal, is only used for When the relevant parameter of first server transmission is received, control targe equipment performs corresponding operating.So, when the above-mentioned first clothes Business device is that target device is generated after dynamic encryption parameter, it is possible to which the dynamic encryption parameter is sent into second server, with Second server is updated according to the first encryption parameter of dynamic encryption parameters on target equipment.Implement When, above-mentioned second server can send the dynamic encryption parameter to target device, so that target device can be used being somebody's turn to do Dynamic encryption parameter replaces original encryption parameter thereon, will the dynamic encryption parameter as target device encryption parameter. Now, if terminal has the control authority of target device, terminal can get again the dynamic encryption from target device Parameter, and authentication request is generated again to first server request authentication based on the dynamic encryption parameter.Due to this institute of terminal The dynamic encryption parameter for using is the dynamic encryption parameter that first server is target device generation, therefore, first server is led to Cross the dynamic encryption parameter and can determine terminal authentication success.In this way, ensure that base successful to terminal authentication On plinth, it is to avoid illegal terminal malice sends the problem that the encryption parameter of authentication request or target device is maliciously tampered.
Wherein, the present embodiment does not limit above-mentioned first server and dynamic encryption parameter is sent into the concrete of second server Implementation, for example:First server can send the dynamic encryption parameter by RPC orders to second server.Optionally, In order to ensure the security of the communication between first server and second server, above-mentioned first server to second server is sent out When sending dynamic encryption parameter, the cipher mode arranged between first server and second server can also be adopted to add the dynamic Close parameter is encrypted, mutually to carry out authentication, such that it is able to avoid first server from sending dynamic to second server During state encryption parameter, dynamic encryption parameter is maliciously tampered, and causes target device to replace former thereon using the encryption parameter of mistake Some encryption parameters, cause terminal to use the problem of wrong encryption parameter failed authentication again, improve Consumer's Experience.
The device password method for authenticating that the disclosure is provided, second server no longer needs the operation that authentication is performed to terminal, But by the first server as authentication server after the authentication request for getting terminal transmission, according to the authentication request In target device mark and using the signing messages after encryption parameter encryption, terminal is authenticated, and in failed authentication When, can be that target device is generated and replaces the dynamic encryption parameter of encryption parameter, and target is sent to by second server sets It is standby, so that first server may determine that whether signing messages entrained in the authentication request that SS later sends is adopted Generated with dynamic encryption parameter, and then cause the first server to can determine that whether terminal has and obtain dynamic from target device The authority of state encryption parameter, so that first server can determine whether terminal has the authority of control targe equipment, i.e., Whether terminal authenticates successfully.In this way, script is performed the operation conversion authenticated to terminal by second server Into being performed by first server, therefore, on the basis of realizing terminal is authenticated, reduce opening for second server Pin.
Fig. 3 is to implement the flow chart of a kind of device password method for authenticating that exemplifies, the present embodiment according to another exemplary The first server how detailed process authenticated according to authentication request is referred to, as shown in figure 3, above-mentioned S102 specifically may be used To include:
In step s 201, according to the mark of target device, whether comprising target device correspondence in inquiry first server The second encryption parameter.If it is not, then performing S204, S202 is if so, then performed.
Specifically, in the present embodiment, be stored with above-mentioned first server equipment mark with the second encryption parameter Mapping relations, the corresponding equipment of mark of the equipment for being stored here, are the configuring request that first server had been received Or the corresponding equipment of control data, the i.e. equipment of access network.Wherein, it is being stored in first server with equipment mark Know corresponding second encryption parameter, be configuring request or the control of the equipment that first server receives terminal transmission in first time During system request, by the dynamic encryption parameter for authentication that second server is the device configuration, i.e., first server is at this During equipment first time access network, by the dynamic encryption parameter for authentication that second server is the device configuration.Now, The encryption parameter stored in the equipment is second encryption parameter.
So, first server is after the authentication request for getting terminal transmission, it is possible to according in the authentication request The mark of the target device of carrying, first inquires about in first server whether include corresponding second encryption parameter of the target device. When in above-mentioned first server inquiry first server comprising target device corresponding second encryption parameter, then first server Just directly authentication operations can be performed using second encryption parameter, that is, perform S202.When above-mentioned first server inquires about first In server during the second encryption parameter corresponding not comprising target device, illustrate that target device is new equipment, i.e. first server The second encryption parameter was not generated for target device, also just said, the encryption parameter stored now in target device set to dispatch from the factory Encryption parameter when putting, in this case, first server cannot perform authentication for the terminal, then give tacit consent to failed authentication, enter And be that target device generates dynamic encryption parameter, that is, perform S204.
In step S202, according to the second encryption parameter, generate using the signing messages after the encryption of the second encryption parameter.
Specifically, when above-mentioned first server is it is determined that comprising the corresponding second encryption ginseng of target device in first server During number, above-mentioned first server just can be generated using the signing messages after the encryption of the second encryption parameter.Optionally, if above-mentioned end End is encrypted using the first encryption parameter to the mark of target device, and using the mark of the target device after encrypting as adopting With the first encryption parameter encryption after signing messages, then above-mentioned first server just target can be set using the second encryption parameter Standby mark is encrypted, and the mark of the target device after encrypting is taken as into the signature after the encryption of the second encryption parameter Information.Optionally, if above-mentioned terminal is encrypted using the first encryption parameter to presupposed information, and by the default letter after encrypting Breath is taken as the signing messages after the encryption of the first encryption parameter, then above-mentioned first server can just adopt the second encryption parameter Presupposed information is encrypted, and the presupposed information after encrypting is taken as into the A.L.S. after the encryption of the second encryption parameter Breath.Wherein, above-mentioned first server adopt the second encryption parameter to generate the implementation of the signing messages after encryption specifically can be with Referring to correlation technique, this is repeated no more.
Optionally, if also including in the signing messages in the above-mentioned authentication request that receives of first server:Using first Control parameter or configuration parameter after encryption parameter encryption.Then above-mentioned first server is generating signature using the second encryption parameter During information, while can also generate and add using second using the second encryption parameter to being encrypted to control parameter or configuration parameter Signing messages after close parameter encryption, it is identical to guarantee the object that generated signing messages is included, so as to by determining Using the first encryption parameter encryption after signing messages and using the second encryption parameter encryption after signing messages it is whether identical come When authenticating to terminal, the accuracy of authenticating result is just can ensure that.
In step S203, it is determined that using the signing messages after the encryption of the first encryption parameter and using the second encryption parameter Whether the signing messages after encryption is identical.If it is not, then performing S204, S205 is if so, then performed.
Specifically, when above-mentioned first server is after signing messages after encryption using the second encryption parameter is generated, just To can carry out using the signing messages after the encryption of the first encryption parameter and using the signing messages after the encryption of the second encryption parameter Relatively, with the A.L.S. after determining the signing messages after encrypting using the first encryption parameter and being encrypted using the second encryption parameter Whether breath is identical.
In step S204, dynamic encryption parameter is generated.
Specifically, the first situation:If first server is determined in first server not comprising target device corresponding the Two encryption parameters, then first server can be generated for the dynamic encryption parameter of authentication for target device, and is taken by second The dynamic encryption parameter is sent to target device by business device, so that target device can be replaced using the dynamic encryption parameter Original encryption parameter thereon, will the dynamic encryption parameter as the target device encryption parameter.Now, if terminal has The control authority of target device, then terminal can get the dynamic encryption parameter from target device again, to generate authentication Request is authenticated again to first server request.Now, because the dynamic encryption parameter that terminal is used is for first server The dynamic encryption parameter that target device is generated, therefore, first server can determine terminal authentication by the dynamic encryption parameter Success.
Second situation:If first server determines using the signing messages after the encryption of the first encryption parameter and adopts the Signing messages after the encryption of two encryption parameters is different, illustrate that not first server is mesh for the first encryption parameter that terminal used The second encryption parameter that marking device is generated.That is, the first encryption parameter that terminal is used may not be from target device In the encryption parameter that gets, or, the first encryption parameter that terminal is used is the encryption ginseng got from target device Number, but the encryption parameter stored in target device encryption corresponding with the mark of the target device stored in first server Parameter is different, therefore, first server is it is determined that using the signing messages after the encryption of the first encryption parameter and using the second encryption After signing messages difference after parameter encryption, dynamic encryption parameter can be generated for target device, with by changing target device Encryption parameter whether there is the control authority of target device further determining that terminal.Now, if terminal has target device Control authority, then terminal can get the dynamic encryption parameter from target device again, and based on dynamic encryption ginseng Number generates authentication request and authenticates to first server request again.Now, because the dynamic encryption parameter that terminal is used is First server is the dynamic encryption parameter that target device is generated, therefore, first server can be with by the dynamic encryption parameter Determine terminal authentication success.In this way, ensure that to terminal authentication it is successful on the basis of, it is to avoid illegal terminal evil The problem that the encryption parameter of meaning transmission authentication request or target device is maliciously tampered.
Wherein, how first server generates dynamic encryption parameter and specifically may refer to correlation technique, it should be noted that The dynamic encryption parameter that above-mentioned first server is generated specifically can be according to agreement between first server and target device Cipher mode determines, this is repeated no more.
In step S205, to terminal authentication success response is sent.
Specifically, when first server determine using encryption parameter encrypt after signing messages and using second encryption join When signing messages after number encryption is identical, illustrate that the first encryption parameter that terminal is used is adding of getting from target device Close parameter, and first encryption parameter is the dynamic encryption parameter that first server is target device configuration, accordingly, it is determined that eventually Control authority of the end with target device, i.e., to terminal authentication success.Now, first server can send to terminal and authenticate into Work(is responded, and is authenticated successfully with instruction terminal.Now, if be sent to first server with authentication request is configuration parameter, One server can store the configuration parameter sent with authentication request;If being with what authentication request was sent to first server Control parameter, then the control parameter can be sent to second server by first server, so that second server is according to the control Parameter processed carrys out the operation corresponding to control targe equipment execution control parameter.
The device password method for authenticating that the disclosure is provided, second server no longer needs the operation that authentication is performed to terminal, But by the first server as authentication server after the authentication request for getting terminal transmission, according to the authentication request In target device mark and using the signing messages after encryption parameter encryption, terminal is authenticated, and in failed authentication When, can be that target device is generated and replaces the dynamic encryption parameter of encryption parameter, and target is sent to by second server sets It is standby, so that first server may determine that SS later sends whether signing messages entrained in authentication request is to adopt What dynamic encryption parameter was generated, and then cause first server to can determine whether terminal has the acquisition dynamic from target device The authority of encryption parameter, so that first server can determine whether terminal has the authority of control targe equipment, i.e., eventually Whether end authenticates successfully.In this way, script is performed the operation for authenticating terminal by second server to be converted into Performed by first server, therefore, on the basis of realizing terminal is authenticated, reduce the expense of second server.
Fig. 4 is a kind of flow chart of the device password method for authenticating for implementing to exemplify according to another exemplary, such as Fig. 4 institutes Show, on the basis of above-described embodiment, the present embodiment refers to first server and sending dynamic encryption to second server After parameter, the detailed process of reconfiguration request is sent to terminal according to the configuration message that second server sends.The method can To comprise the following steps:
In step S301, the configuration message that second server sends is received, configuration message is adopted for target device With dynamic encryption parameter configuration success.
Specifically, when above-mentioned first server to second server after dynamic encryption parameter is sent, second server The dynamic encryption parameter can be transmitted to target device, so that target device can replace it using the dynamic encryption parameter Upper original encryption parameter, i.e., configured using dynamic encryption parameter.Target device completes the configuration of dynamic encryption parameter After success, can be to the message of second server send configuration response, to indicate that second server target device is added using dynamic Close parameter configuration success so that second server can according to the configuration response, to first server send configuration message, To indicate that first server target device adopts dynamic encryption parameter configuration success.
In step s 302, reconfiguration request is sent to terminal according to configuration message, reconfiguration request is used for instruction terminal Again authentication request is initiated.
Specifically, after the configuration message for receiving second server transmission, first server can be with for first server Reconfiguration request is sent to terminal according to the configuration message, authentication request, i.e. instruction terminal are initiated again with instruction terminal again To target device send parameter acquiring request, to reacquire target device in the encryption parameter (dynamic i.e. in target device Encryption parameter).Now, if terminal has the control authority of target device, terminal can be asked by the parameter acquiring, from mesh The dynamic encryption parameter is got in marking device, and authentication request is generated based on the dynamic encryption parameter, with again to the first clothes Business device request authentication.Because the dynamic encryption parameter that terminal is this time used is first server for moving that target device is generated State encryption parameter, therefore, first server can determine terminal authentication success by the dynamic encryption parameter.
The device password method for authenticating that the disclosure is provided, first server, when failing to terminal authentication, can be target Equipment generates the dynamic encryption parameter for replacing encryption parameter, and returns target device using dynamic encryption parameter in second server After the configuration message of configuration successful, reconfiguration request is sent to terminal, authentication request is initiated with instruction terminal again, so that Obtaining terminal can get dynamic encryption parameter from target device, and reuse the dynamic encryption parameter, to first service Device sends authentication request, and then first server is authenticated again to terminal, it is ensured that first server is to end The accuracy and successful of end authentication.
Fig. 5 is a kind of flow chart of the device password method for authenticating for implementing to exemplify according to another exemplary, such as Fig. 5 institutes Show, the executive agent of the method can be second server, and the present embodiment refers to second server in first server pair After terminal authentication failure, the corresponding dynamic encryption parameter of target device that first server sends is transmitted into the tool of target device Body process.The method may comprise steps of:
In step S401, the target device that reception first server sends after to target device failed authentication is corresponding Dynamic encryption parameter.
Specifically, above-mentioned target device can be arbitrary intelligent home device, for example:Gateway, touch dimmer switch, warm and humid Degree sensor, air purifier etc..Be stored with the mark and encryption parameter of target device in above-mentioned target device, wherein, it is above-mentioned The mark of target device can be arbitrary mark that can represent the target device identity, ID of such as target device etc..It is above-mentioned The encryption parameter that encryption parameter can be used by arbitrary AES, such as salt values etc., specifically can be according to first service Default AES determines between device and target device.Above-mentioned encryption parameter can be the encryption ginseng being preset in target device Number, the dynamic encryption parameter that can also be configured for target device for first server.When implementing, above-mentioned encryption parameter can be with In being arranged on the firmware of above-mentioned target device.
In the present embodiment, second server is no longer used to perform the operation for authenticating terminal, but by the first clothes Business device is authenticated to terminal, and second server is only used for when the relevant parameter of first server transmission is received, and controls mesh Marking device performs corresponding operating.So, when above-mentioned first server receive authentication request that user sent by terminal it Afterwards, according to the mark and signing messages of the target device carried in authentication request, the terminal to sending the authentication request is reflected Power, during determining whether terminal has the control authority of target device, when determining that terminal does not have the control authority of target device, When i.e. to the failed authentication of terminal, second server can just receive first server and generate dynamic encryption ginseng for target device Number.
Wherein, the present embodiment does not limit the tool that above-mentioned second server receives the dynamic encryption parameter that first server sends Body implementation, for example:First server can send the dynamic encryption parameter by RPC orders to second server.It is optional , in order to ensure the security of the communication between first server and second server, above-mentioned first server is to second service When device sends dynamic encryption parameter, the cipher mode arranged between first server and second server can also be adopted dynamic to this State encryption parameter is encrypted, mutually to carry out authentication, such that it is able to avoid first server from sending out to second server When sending dynamic encryption parameter, dynamic encryption parameter is maliciously tampered, and causes target device to replace it using the encryption parameter of mistake Upper original encryption parameter, causes terminal to use the problem of wrong encryption parameter failed authentication again, improves user's body Test.
In step S402, dynamic encryption parameter is sent into target device.
Specifically, above-mentioned second server is after dynamic encryption parameter is received, it is possible to by the dynamic encryption parameter Target device is sent to, original encryption parameter thereon is replaced using the dynamic encryption parameter with target device, will Encryption parameter of the dynamic encryption parameter as target device.Now, if terminal has the control authority of target device, terminal can To get from target device the dynamic encryption parameter again, and authentication request is generated based on the dynamic encryption parameter, with again It is secondary to authenticate to first server request.Set for target because the dynamic encryption parameter that terminal is this time used is first server The standby dynamic encryption parameter for generating, therefore, first server can determine terminal authentication success by the dynamic encryption parameter.
Wherein, the present embodiment does not limit the concrete reality that dynamic encryption parameter is sent to above-mentioned second server target device Existing mode, for example:Second server can send the dynamic encryption parameter by RPC orders to target device.Optionally, in order to Guarantee the security of the communication between second server and target device, above-mentioned second server sends dynamic and adds to target device During close parameter, the cipher mode arranged between second server and target device can also be adopted to carry out the dynamic encryption parameter Encryption, mutually to carry out authentication, such that it is able to avoid second server to target device send dynamic encryption parameter when, Dynamic encryption parameter is maliciously tampered, and causes target device to replace original encryption parameter thereon using the encryption parameter of mistake, Cause terminal to use the problem of wrong encryption parameter failed authentication again, improve Consumer's Experience.
The device password method for authenticating that the disclosure is provided, second server no longer needs the operation that authentication is performed to terminal, But by the first server as authentication server terminal is reflected after the authentication request for getting terminal transmission Power, and in failed authentication, first server can be received for target device and generate the dynamic encryption parameter for replacing encryption parameter, And then by way of the dynamic encryption parameter is sent into target device so that target device using the dynamic encryption according to being joined Number replaces encryption parameters thereon, so that first server is after the authentication request that subsequently received terminal sends, can be with Judge that whether signing messages entrained in the follow-up authentication request for sending is to generate using dynamic encryption parameter, and then cause First server can determine whether terminal has from target device the authority for obtaining dynamic encryption parameter, so that first Server can determine whether terminal has the authority of control targe equipment, i.e. whether terminal authenticates successfully.In this way, Script is performed the operation for authenticating terminal by second server to be converted into being performed by first server, therefore, realizing On the basis of terminal is authenticated, the expense of second server is reduced.
Fig. 6 is a kind of flow chart of the device password method for authenticating for implementing to exemplify according to another exemplary, such as Fig. 6 institutes Show, on the basis of above-described embodiment, the present embodiment refers to second server and sets in the target for sending first server Standby corresponding dynamic encryption parameter is transmitted to after target device, according to the configuration response of received target device transmission to first The detailed process of server send configuration message.The method may comprise steps of:
In step S501, the configuration response that target device sends is received, configuration response is for target device employing Dynamic encryption parameter configuration success.
Specifically, when above-mentioned first server is that the dynamic encryption parameter that target device is generated is sent out by above-mentioned second server After giving target device, target device can replace original encryption parameter thereon using the dynamic encryption parameter, that is, adopt Dynamic encryption parameter is configured.Target device, can be to second server after the configuration successful for completing dynamic encryption parameter The message of send configuration response, to indicate that second server target device adopts dynamic encryption parameter configuration success.
In step S502, according to configuration response, to first server send configuration message, configuration message is used to indicate mesh Marking device adopts dynamic encryption parameter configuration success.
Specifically, after second server receives the configuration response of target device transmission, it is possible to according to the configuration Response, to first server send configuration message, with indicate first server target device using dynamic encryption parameter configuration into Work(.First server can be sent out according to the configuration message after the configuration message for receiving second server transmission to terminal Reconfiguration request is sent, authentication request, i.e. instruction terminal is initiated with instruction terminal again and is sent parameter acquiring to target device again Request, to reacquire target device in encryption parameter, i.e., the dynamic encryption parameter in target device.Now, if terminal tool There is the control authority of target device, then terminal can be asked by the parameter acquiring, the dynamic is got from target device and is added Close parameter, and authentication request is generated based on the dynamic encryption parameter, with again to first server request authentication.Due to terminal this Secondary used dynamic encryption parameter is the dynamic encryption parameter that first server is that target device is generated, therefore, the first clothes Business device can determine terminal authentication success by the dynamic encryption parameter.
The device password method for authenticating that the disclosure is provided, second server is being it to target device forwarding first server After the dynamic encryption parameter of generation, joining using dynamic encryption for target device for target device transmission can be received Number configuration successfuls configuration response so that second server can accordingly to first server send configuration message so that Obtaining first server can determine target device using dynamic encryption parameter configuration success according to the configuration message, so that First server can send reconfiguration request to terminal, authentication request be initiated again with instruction terminal, so that terminal can To get dynamic encryption parameter from target device, and the dynamic encryption parameter is reused, send to first server and reflect Power request, and then first server is authenticated again to terminal, it is ensured that first server is to terminal authentication Accuracy and successful.
Fig. 7 is a kind of flow chart of the device password method for authenticating for implementing to exemplify according to another exemplary, such as Fig. 7 institutes Show, the executive agent of the method can be terminal, and the present embodiment refers to terminal and sending authentication request to first server Afterwards, after first server is to terminal authentication failure, the detailed process of the reconfiguration request that first server sends is received.Should Method may comprise steps of:
In step s 601, the mark and the first encryption parameter of target device are obtained from target device.
Specifically, above-mentioned target device can be arbitrary intelligent home device, for example:Gateway, touch dimmer switch, warm and humid Degree sensor, air purifier etc..Be stored with the mark and encryption parameter of target device in above-mentioned target device, wherein, it is above-mentioned The mark of target device can be arbitrary mark that can represent the target device identity, ID of such as target device etc..It is above-mentioned The encryption parameter that encryption parameter can be used by arbitrary AES, such as salt values etc., specifically can be according to first service Default AES determines between device and target device.Above-mentioned encryption parameter can be the encryption ginseng being preset in target device Number, the dynamic encryption parameter that can also be configured for target device for first server.When implementing, above-mentioned encryption parameter can be with In being arranged on the firmware of above-mentioned target device.
In the present embodiment, when user is input into the configuring request or control data of target device in terminal, terminal can To obtain the mark and the first encryption parameter of target device from target device.When implementing, with target device control After the configuring request or control data of user input target device, can send parameter acquiring to target device please for the terminal of limit Ask, the mark and encryption parameter of target device are obtained from target device (if terminal does not have the control authority of target device, eventually End cannot obtain the mark and encryption parameter of target device from target device), then using the encryption parameter as the first encryption Parameter.
It should be noted that the present embodiment does not limit above-mentioned terminal sends parameter acquiring request to target device, with from mesh The mark of target device and the specific implementation of encryption parameter are obtained in marking device, for example:Terminal can be by setting to target Preparation send remote procedure call (Remote Procedure Call, abbreviation:RPC) the mode of order, sends to target device and joins Number obtains request, to get the mark and encryption parameter etc. of target device from target device.Optionally, in order to ensure terminal The security of the communication between target device, above-mentioned terminal to target device sends parameter acquiring request, and target device When the mark and encryption parameter of target device is sent to terminal, the encryption side arranged between terminal and target device can also be adopted Formula is encrypted to above-mentioned message, is verified with the identity to both sides, it is to avoid target device receives illegal terminal transmission After request, the mark and encryption parameter of target device are sent to illegal terminal, cause the mark and encryption parameter quilt of target device Reveal, or, terminal receives the mark of the target device of illegal terminal transmission and the encryption parameter of mistake, causes terminal to use The problem of wrong encryption parameter failed authentication again, improves Consumer's Experience.Above-mentioned terminal is given birth to using the first encryption parameter Implementation into the signing messages after encryption specifically may refer to correlation technique, and this is repeated no more.
In step S602, authentication request is sent to first server, authentication request includes:The mark of target device, And using the signing messages after encryption parameter encryption.
Specifically, terminal can be utilized this after the mark for getting target device and the first encryption parameter Signing messages after the encryption of first encryption parameter, to generate the mark for including target device, after using the encryption of the first encryption parameter Signing messages authentication request, such that it is able to authentication request is sent into first server.When implementing, if terminal is connecing In the case of receiving the configuring request of user input target device, authentication request is sent to first server, then terminal will can reflect Power request is together sent to first server in company with the configuration parameter in configuring request, so that first server can get The authentication request that terminal sends.If terminal is in the case of the control data for receiving user input target device, to first service Device sends authentication request, then authentication request can be together sent to first service by terminal in company with the control parameter in control data Device, so that first server can get the authentication request of terminal transmission.
Wherein, the present embodiment does not limit how above-mentioned terminal is obtained using the signing messages after the encryption of the first encryption parameter, For example:Above-mentioned terminal can be encrypted using the first encryption parameter to the mark of target device, and by the target after encrypting The mark of equipment is used as signing messages;Above-mentioned terminal can also be encrypted using the first encryption parameter to presupposed information, and will Presupposed information after the encryption as signing messages, wherein, the presupposed information can arrange for terminal and first server both sides Information.
Optionally, if authentication request is together sent to first service by above-mentioned terminal in company with the configuration parameter in configuring request Device, then above-mentioned terminal the authentication request and configuration parameter can be carried and be sent to first service in default configuration-direct Device.In this case, in another implementation of the disclosure, can also wrap in the signing messages in above-mentioned authentication request Include:Using the configuration parameter after the encryption of the first encryption parameter.In this way, the complexity of signing messages can be increased, is carried The high security of authentication request.Optionally, if above-mentioned terminal by authentication request in company with the control parameter in control data together First server is sent to, then the authentication request and control parameter can be carried and sent out in default control instruction by above-mentioned terminal Give first server.In this case, in another implementation of the disclosure, the signing messages in above-mentioned authentication request In can also include:Using the control parameter after the encryption of the first encryption parameter.In this way, signing messages can be increased Complexity, improves the security of authentication request.
In step S603, the reconfiguration request that first server sends is received, reconfiguration request is used for instruction terminal weight It is new to initiate authentication request.
Specifically, first server, can be according to the mirror of terminal transmission after the authentication request for receiving terminal transmission The mark and signing messages of the target device carried in power request, the terminal to sending the authentication request is authenticated, to determine Whether terminal has the control authority of target device.
If authenticating successfully, illustrate that terminal has the control authority of target device, now, if being sent to authentication request One server is configuration parameter, then first server can store the configuration parameter sent with authentication request;If with mirror What power request was sent to first server is control parameter, then the control parameter can be sent to second service by first server Device, so that second server performs control parameter with corresponding operation according to the control parameter come control targe equipment.If authentication Failure, then illustrate that the first encryption parameter that terminal is used may not be the encryption parameter got from target device, or, The first encryption parameter that terminal is used is the encryption parameter got from target device, but stored in target device plus Close parameter is different from the corresponding encryption parameter of the mark of the target device stored in first server, therefore, first server After failed authentication, dynamic encryption parameter can be generated for target device, to change the encryption of target device by second server Whether parameter has the control authority of target device further determining that terminal.
So, after first server determines failed authentication, and determine target device according to the first clothes in first server The dynamic encryption parameter that business device is generated, replaces original encryption parameter thereon, i.e., using dynamic using the dynamic encryption parameter Encryption parameter is carried out after configuration successful, and terminal will receive the reconfiguration request of first server transmission, with instruction terminal again Initiate authentication request, i.e. instruction terminal again to target device send parameter acquiring request, to reacquire target device in Dynamic encryption parameter in encryption parameter, i.e. target device.
In step s 604, again from the mark and dynamic encryption parameter of target device acquisition target device.
Specifically, terminal, can again from target device after the reconfiguration request for receiving first server transmission Obtain the mark and dynamic encryption parameter of target device.When implementing, terminal can be by again to target device transmission The mode of parameter acquiring request, the mark and encryption parameter of the target device in reacquisition target device is (i.e. in target device Dynamic encryption parameter).Now, if terminal has the control authority of target device, terminal gets this from target device Dynamic encryption parameter, and using the dynamic encryption parameter as the first encryption parameter, authentication request is generated again to first server Request authentication.Add for the dynamic that target device is generated because the first encryption parameter that terminal is this time used is first server Close parameter, therefore, first server can determine terminal authentication success by the dynamic encryption parameter.
In step s 605, again to first server transmission authentication request, the authentication for sending to first server again Request includes:Again from target device obtain target device mark and using dynamic encryption parameter encryption after label Name information.
Specifically, terminal is whole after the mark and dynamic encryption parameter for obtaining target device from target device again End can be utilized the signing messages after the dynamic encryption parameter encryption, and generation includes that this is added using the dynamic encryption parameter The authentication request of the mark of signing messages and target device after close, with again to first server request authentication.Due to terminal The dynamic encryption parameter for this time being used is the dynamic encryption parameter that first server is that target device is generated, therefore, first Server can determine terminal authentication success by the dynamic encryption parameter.
The device password method for authenticating that the disclosure is provided, second server no longer needs the operation that authentication is performed to terminal, But authentication operations are performed to terminal by the first server as authentication server, that is to say, that terminal is no longer to second Server sends authentication request, but sends authentication request to first server, and when first server is to its failed authentication, The reconfiguration request of first server transmission can be received, authentication request, i.e. instruction terminal are initiated again with instruction terminal again After obtaining the encryption parameter in target device, generate authentication request and authenticate to first server request again.In this way, Script is performed the operation for authenticating terminal by second server to be converted into being performed by first server, therefore, realizing On the basis of terminal is authenticated, the expense of second server is reduced.
With reference to specific application scenarios, with the device password authentication side that two specific examples to provide the disclosure Method is described in detail.In this example, target device is air purifier, and the first encryption parameter and the second encryption parameter are Salt values, the mark and salt values (i.e. encryption parameter) of the air purifier that is stored with the MCU of air purifier, in authentication request Entrained signing messages is the A.L.S. after being encrypted to the mark and configuration parameter of air purifier using the first encryption parameter Breath, is provided with the APP interacted with user, air purifier, first server in terminal.
To terminal authentication success, Fig. 8 is that the one kind for implementing to exemplify according to another exemplary sets to example one, first server The signaling process figure of standby code authentication method, as shown in figure 8, the method may comprise steps of:
In step S801, terminal receives the configuring request of user input.
Specifically, when user needs to arrange new configuration parameter or the original configuration parameter of modification for air purifier When, the APP in terminal can just receive the configuring request of user input, wherein, carry configuration parameter in the configuring request.
In step S802, terminal to air purifier sends parameter acquiring request.
Specifically, the APP that terminal can pass through thereon sends parameter acquiring request to air purifier, net to obtain air Change the mark and salt values of the air purifier stored in the MCU of device.When implementing, above-mentioned parameter obtains request specifically can be with Realized by RPC orders.
In step S803, air purifier sends the mark and salt values of air purifier to terminal.
Specifically, after parameter acquiring request is sent to air purifier, air purifier can be returned terminal to terminal Return the mark and salt values of the air purifier stored in its MCU.
In step S804, terminal generates authentication request according to mark, salt values, the configuration parameter of air purifier.
Specifically, terminal, can be with after the mark of air purifier of air purifier transmission and salt values is received Using the salt values as the first encryption parameter, the mark and configuration parameter of air purifier are carried out using first encryption parameter Encryption, obtains using the signing messages after the encryption of the first encryption parameter, and by the mark of air purifier, configuration parameter, and Carried using the signing messages after the encryption of the first encryption parameter and first server is sent in authentication request.
In step S805, terminal to first server sends authentication request.
In step S806, first server is authenticated according to authentication request.
Specifically, first server, can be according to air purifier after the authentication request for receiving terminal transmission Mark, in the mark of its equipment for storing and the mapping relations of the second encryption parameter, whether inquiry includes air purifier pair The second encryption parameter answered.
In this example, comprising the following two kinds situation:
The first situation:First server is determined in first server not comprising the corresponding second encryption ginseng of air purifier Number, now, illustrates that air purifier did not generated the second encryption parameter for new equipment, i.e. first server for air purifier, Also just say, the encryption parameter when encryption parameter stored now in air purifier is Default Value, in this case, the One server cannot perform authentication for the terminal, then give tacit consent to failed authentication, and then generate dynamic encryption parameter for air purifier.
Second situation:First server can be inquired comprising corresponding second encryption parameter of the air purifier, but Using the second encryption parameter the mark of air purifier that carries in authentication request, configuration parameter are encrypted, generation is adopted It is different from the signing messages carried in authentication request with the signing messages after the encryption of the second encryption parameter, illustrate what terminal was used First encryption parameter the second encryption parameter that not first server is generated for target device.That is, what terminal was used First encryption parameter may not be the encryption parameter got from air purifier, or, the first encryption that terminal is used Parameter is the encryption parameter got from air purifier, but the encryption parameter that stored in air purifier and first service Corresponding second encryption parameter of the mark of the air purifier stored in device is different, therefore, first server it is determined that using First encryption parameter encryption after signing messages from using the second encryption parameter encryption after signing messages it is different after, Ke Yiwei Air purifier generates dynamic encryption parameter, is to further determine that terminal by the encryption parameter of modification air purifier The no control authority with air purifier.
In step S807, first server generates dynamic encryption parameter.
Wherein, how first server generates dynamic encryption parameter and specifically may refer to correlation technique, it should be noted that The dynamic encryption parameter that above-mentioned first server is generated specifically can arrange according between first server and air purifier Cipher mode determine, this is repeated no more.
In step S808, first server to second server sends dynamic encryption parameter.
When implementing, first server can send dynamic encryption parameter by RPC orders to second server.
In step S809, second server to air purifier sends dynamic encryption parameter.
When implementing, second server can send the dynamic encryption parameter by RPC orders to air purifier.
In step S810, air purifier is configured using dynamic encryption parameter.
Specifically, air purifier is after the dynamic encryption parameter for receiving second server transmission, it is possible to use should Dynamic encryption parameter is configured, i.e., replace original encryption parameter thereon using the dynamic encryption parameter.Wherein, purification of air How device is configured using dynamic encryption parameter specifically may refer to correlation technique, and this is repeated no more.
In step S811, air purifier to second server send configuration is responded.
Specifically, air purifier is sent to second server and is matched somebody with somebody after the completion of being configured using dynamic encryption parameter Response is put, to indicate that it carries out configuration and completes using dynamic encryption parameter to second server.When implementing, air is net Changing device can send the configuration response by RPC orders to second server.
In step S812, second server is to first server send configuration message.
Specifically, second server, can be to first service after the configuration response for receiving air purifier transmission Device send configuration message, to indicate that air purifier carries out configuration and completes using dynamic encryption parameter to first server. When implementing, second server can send the configuration message by RPC orders to first server.
In step S813, first server to terminal sends reconfiguration request.
Specifically, first server can send after the configuration message for receiving second server transmission to terminal Reconfiguration request, with instruction terminal authentication request is initiated again, so that terminal is after the reconfiguration request is received, can Device password method for authenticating is re-executed with triggering terminal, to authenticate to terminal again.
The device password method for authenticating that the disclosure is provided, during user configures to air purifier, second Server no longer needs to perform terminal the operation for authenticating, but the authentication request sent by first server receiving terminal, and According to the authentication request, terminal is authenticated, to judge whether terminal has the authority of control air purifier, and in authentication After success, the configuration parameter in the authentication request is preserved, so that first server is according to the configuration parameter, by second service Device control air purifier performs the instruction corresponding to the configuration parameter, to realize the intelligent Service of air purifier.Pass through This mode, during user configures to air purifier, script is performed by second server to be carried out to terminal The operation of authentication is converted into being performed by first server, meanwhile, the configuration parameter that script is stored by second server is by first Server is referred to script to determine whether to send control to air purifier according to configuration parameter storing from second server The operation of order is performed by first server, therefore, on the basis of realizing terminal is authenticated, reduce second service The expense of device.
Example two, first server fails to terminal authentication, and Fig. 9 is that the one kind for implementing to exemplify according to another exemplary sets The signaling process figure of standby code authentication method, as shown in figure 9, the method may comprise steps of:
In step S901, terminal receives the configuring request of user input.
In step S902, terminal to air purifier sends RPC orders.
In step S903, mark and salt value of the air purifier to terminal returning air clarifier.
In step S904, terminal generates authentication request according to mark, salt values, the configuration parameter of air purifier.
In step S905, terminal to first server sends authentication request.
Wherein, above-mentioned S901-S905 specifically may refer to the description of above-mentioned S801-S805, and this is repeated no more.
In step S906, first server is authenticated according to authentication request.
Specifically, first server, can be according to air purifier after the authentication request for receiving terminal transmission Mark, in the mark of its equipment for storing and the mapping relations of the second encryption parameter, whether inquiry includes air purifier pair The second encryption parameter answered.
In the present embodiment, first server can be inquired comprising corresponding second encryption parameter of the air purifier, And the mark of the air purifier of carrying, configuration parameter in authentication request are encrypted using the second encryption parameter, generation It is identical with the signing messages carried in authentication request using the signing messages after the encryption of the second encryption parameter, illustrate that terminal is used The first encryption parameter, i.e., the encryption parameter for getting from target device is exactly first server for target device configuration Dynamic encryption parameter.Accordingly, it is determined that terminal has the control authority of target device, i.e., to terminal authentication success.Now, the first clothes Business device can store the configuration parameter sent with authentication request so that first server can according to the configuration parameter, The air purifier is controlled by second server and performs instruction corresponding to the configuration parameter, to realize the intelligence of air purifier Energyization is serviced.For example:When above-mentioned configuration parameter is that air quality index is more than 300, air purifier is opened, then first server , when air quality index is more than 300, can be opened by second server automatic control air purifier according to the configuration-direct The service of opening, without user's manually opened air purifier again, improves the experience of user.
In step s 907, first server sends authentication success response to terminal.
Specifically, first server is after to terminal authentication success, and to terminal authentication success response is returned, instruction terminal its Authenticate successfully, while the authentication success response also has to terminal indicates the effect that configuration parameter has been preserved, so that user is logical Cross configuration that terminal can timely know that it is air purifier whether success.
The device password method for authenticating that the disclosure is provided, during user configures to air purifier, second Server no longer needs to perform terminal the operation for authenticating, but the authentication request sent by first server receiving terminal, and According to the authentication request, terminal is authenticated, to judge whether terminal has the authority of control air purifier, and in authentication After success, the configuration parameter in the authentication request is preserved, so that first server is according to the configuration parameter, by second service Device control air purifier performs the instruction corresponding to the configuration parameter, to realize the intelligent Service of air purifier.Pass through This mode, during user configures to air purifier, script is performed by second server to be carried out to terminal The operation of authentication is converted into being performed by first server, meanwhile, the configuration parameter that script is stored by second server is by first Server is referred to script to determine whether to send control to air purifier according to configuration parameter storing from second server The operation of order is performed by first server, therefore, on the basis of realizing terminal is authenticated, reduce second service The expense of device.
It is following for disclosure device embodiment, can be used for performing method of disclosure embodiment.For disclosure device reality The details not disclosed in example is applied, method of disclosure embodiment is refer to.
Figure 10 is a kind of block diagram of the server according to an exemplary embodiment, and as shown in Figure 10, the server can Think first server, the first server can include:
Acquisition module 11, is configured to obtain the authentication request that terminal sends, and authentication request includes:The mark of target device Know and using the signing messages after the encryption of the first encryption parameter;
Authentication module 12, is configured to be authenticated according to authentication request;
Generation module 13, is configured to, when authentication module authentication 12 fails, generate dynamic encryption parameter;
First sending module 14, is configured to for dynamic encryption parameter to be sent to second server, so that second clothes Business device is updated according to the dynamic encryption parameter to the first encryption parameter of the target device.
The server that the disclosure is provided, when the server is first server, the acquisition module of server is getting After the authentication request that terminal sends, the authentication module of server can according to the mark of the target device in the authentication request and Using the signing messages after encryption parameter encryption, terminal is authenticated, the generation module of server can be in authentication module pair It is that target device generates the dynamic encryption parameter for replacing encryption parameter, so that first of server when terminal authentication fails Module is sent to be sent to target device by second server.In this way, it is right script to be performed by second server The operation that terminal is authenticated is converted into being performed by first server, therefore, on the basis of realizing terminal authenticated, Reduce the expense of second server.
Optionally, in a kind of implementation of the disclosure, above-mentioned authentication module 12 is configured to according to target device Whether mark, corresponding second encryption parameter of target device is included in inquiry first server;Then in this case, above-mentioned generation Module 13, is configured in authentication module 12 determines first server not comprising corresponding second encryption parameter of target device When, generate dynamic encryption parameter.
Figure 11 is a kind of block diagram of the server for implementing to exemplify according to another exemplary, as shown in figure 11, further, If above-mentioned authentication module 12, the mark according to target device is configured to, whether target device is included in inquiry first server Corresponding second encryption parameter, and it is determined that in first server comprising target device corresponding second encryption parameter when, according to Second encryption parameter, generates using the signing messages after the encryption of the second encryption parameter, then on the basis of block diagram shown in Figure 10, this One server can also include:Second sending module 15;
Then determine using the signing messages after the encryption of the first encryption parameter and using the second encryption parameter in authentication module 12 When signing messages after encryption is identical, the second sending module 15 is configured to send authentication success response to terminal.In authentication mould Block 12 is determined using the signing messages after the encryption of the first encryption parameter and using the signing messages after the encryption of the second encryption parameter not Meanwhile, generation module 13 is configurable to generate dynamic encryption parameter.
The server that the disclosure is provided, when the server is first server, the acquisition module of server is getting After the authentication request that terminal sends, the authentication module of server can according to the mark of the target device in the authentication request and Using the signing messages after encryption parameter encryption, terminal is authenticated, the second sending module of server can be in authentication mould Block is to during terminal authentication success, to terminal authentication success response being sent;The generation module of server can be in authentication module to end It is that target device generates the dynamic encryption parameter for replacing encryption parameter during the failed authentication of end, so that the first transmission of server Module can be sent to target device by second server.In this way, will be performed to end by second server originally The operation that authenticated of end is converted into being performed by first server, therefore, on the basis of realizing terminal authenticated, drop The low expense of second server.
Figure 12 is a kind of block diagram of the server for implementing to exemplify according to another exemplary, as shown in figure 12, further, On the basis of above-described embodiment, on the basis of block diagram shown in Figure 10, when the server is first server, the first service Device can also include:
Receiver module 16, be configured to the first sending module 14 by dynamic encryption parameter be sent to second server it Afterwards, the configuration message that second server sends is received, configuration message is used to represent that target device adopts dynamic encryption parameter configuration Success;
3rd sending module 17, is configured to send reconfiguration request to terminal according to configuration message, and reconfiguration request is used Authentication request is initiated again in instruction terminal.
The server that the disclosure is provided, when the server is first server, the receiver module of server is being received Second server is returned target device and is successfully configured after message using dynamic encryption parameter configuration, the 3rd transmission of server Module can send reconfiguration request to terminal, authentication request be initiated again with instruction terminal, so that terminal can be from mesh Dynamic encryption parameter is got in marking device, and reuses the dynamic encryption parameter, to first server authentication request is sent, And then first server is authenticated again to terminal, it is ensured that first server to the accuracy of terminal authentication with Successful.
Figure 13 is a kind of block diagram of the server for implementing to exemplify according to another exemplary, as shown in figure 13, the server Can be second server, the second server can include:
First receiver module 21, is configured to receive the corresponding dynamic encryption ginseng of target device that first server sends Number;
First sending module 22, is configured to for dynamic encryption parameter to be sent to target device.
The server that the disclosure is provided, when the server is second server, the first receiver module of server can be with After first server carries out failed authentication to terminal, the corresponding dynamic encryption ginseng of target device that first server sends is received Number, the dynamic encryption parameter can be sent to target device by the first sending module of server so that target device is according to making With dynamic encryption parameter replacement encryption parameter thereon, so that the mirror that first server sends in subsequently received terminal After power request, it can be determined that whether entrained signing messages is to be given birth to using dynamic encryption parameter in the follow-up authentication request for sending Into, and then cause first server to can determine whether terminal has from target device the power for obtaining dynamic encryption parameter Limit, so that first server can determine whether terminal has the authority of control targe equipment, i.e. whether terminal authenticates into Work(.In this way, script is performed the operation for authenticating terminal by second server to be converted into by first server Perform, therefore, on the basis of realizing terminal is authenticated, reduce the expense of second server.
Figure 14 is a kind of block diagram of the server for implementing to exemplify according to another exemplary, as shown in figure 14, further, On the basis of above-described embodiment, on the basis of block diagram shown in Figure 13, the second server can also include:
Second receiver module 23, be configured to the first sending module 22 by dynamic encryption parameter be sent to target device it Afterwards, receive target device send configuration response, configuration response be used for target device using dynamic encryption parameter configuration into Work(;
Second sending module 24, is configured to according to configuration response, to first server send configuration message, configures message Dynamic encryption parameter configuration success is adopted for target device.
The server that the disclosure is provided, when the server is second server, the second receiver module of server is the One sending module is sent to dynamic encryption parameter after target device, receives the configuration response that target device sends, so that The second sending module for obtaining server can be to first server send configuration message, so that first server can be according to this Configuration message, determines target device using dynamic encryption parameter configuration success, so that first server can be sent out to terminal Send reconfiguration request, authentication request initiated with instruction terminal again so that terminal can get from target device it is dynamic State encryption parameter, and the dynamic encryption parameter is reused, authentication request is sent to first server, and then cause first service Device can be authenticated again to terminal, it is ensured that accuracy and successful of the first server to terminal authentication.
Figure 15 is a kind of block diagram of the terminal according to an exemplary embodiment, and as shown in figure 15, the terminal can be wrapped Include:
First acquisition module 31, is configured to from target device obtain the mark and the first encryption parameter of target device;
First sending module 32, is configured to send authentication request to first server, and authentication request includes:Target sets Standby mark and using the signing messages after the encryption of the first encryption parameter;
First receiver module 33, is configured to receive the reconfiguration request that first server sends, and reconfiguration request is used for Instruction terminal initiates authentication request again;
Second acquisition module 34, is configured to obtain the mark and dynamic encryption of target device from target device again Parameter;
Second sending module 35, is configured to send authentication request to first server again, again to first server The authentication request of transmission includes:Again from target device obtain target device mark and using dynamic encryption parameter Signing messages after encryption.
The terminal that the disclosure is provided, the first sending module of terminal can be obtained based on the first acquisition module from target device The mark of the target device for arriving and the first encryption parameter generate authentication request, and send authentication request to first server, from And first server is caused when failing to terminal authentication, the first receiver module of terminal can receive first server transmission Reconfiguration request, authentication request is initiated with instruction terminal again so that the second acquisition module of terminal can again from Target device obtains the mark and dynamic encryption parameter of target device, and then so that the second sending module of terminal can be with base Authentication request is generated in the mark and dynamic encryption parameter of target device, is authenticated to first server request again.By this The mode of kind, script is performed the operation authenticated to terminal by second server and is converted into being performed by first server, therefore, On the basis of realizing terminal is authenticated, the expense of second server is reduced.
Figure 16 is a kind of block diagram of the server 1600 according to an exemplary embodiment.The server 1600 can be by It is provided as first server.With reference to Figure 16, server 1600 includes process assembly 1622, and it is further included at one or more Reason device, and the memory resource by representated by memory 1632, for storage can by the instruction of the execution of process assembly 1622, Such as application program.In memory 1632 store application program can include it is one or more each correspond to one The module of group instruction.Additionally, process assembly 1622 is configured to execute instruction, to perform the said equipment code authentication method.
The method includes:
The authentication request that terminal sends is obtained, authentication request includes:The mark of target device and using first encryption Signing messages after parameter encryption;
Authenticated according to authentication request;
When the authentication fails, dynamic encryption parameter is generated;
Dynamic encryption parameter is sent into second server, so that second server sets according to dynamic encryption parameters on target The first standby encryption parameter is updated.
Optionally, authenticated according to authentication request, including:
According to the mark of target device, whether comprising the corresponding second encryption ginseng of target device in inquiry first server Number;
When the authentication fails, dynamic encryption parameter is generated, including:
When the second encryption parameter corresponding not comprising target device in first server, dynamic encryption parameter is generated.
Optionally, authenticated according to authentication request, including:
According to the mark of target device, whether comprising the corresponding second encryption ginseng of target device in inquiry first server Number;
When the second encryption parameter corresponding comprising target device in first server, according to the second encryption parameter, generate Using the signing messages after the encryption of the second encryption parameter;
Signing messages after first server determines is encrypted using the first encryption parameter and added using the second encryption parameter When signing messages after close is identical, to terminal authentication success response is sent;
When the authentication fails, dynamic encryption parameter is generated, including:
Signing messages after first server determines is encrypted using the first encryption parameter and added using the second encryption parameter When signing messages after close is different, dynamic encryption parameter is generated.
Further, dynamic encryption parameter is sent to after second server, is also included:
The configuration message that second server sends is received, configuration message is used for target device and adopts dynamic encryption parameter Configuration successful;
Reconfiguration request is sent to terminal according to configuration message, reconfiguration request initiates authentication again for instruction terminal please Ask.
Server 1600 can also include that a power supply module 1626 is configured to the power management of execute server 1600, One wired or wireless network interface 1650 is configured to for server 1600 to be connected to network, and an input and output (I/O) Interface 1658.Server 1600 can be operated based on the operating system for being stored in memory 1632, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM or similar.
Figure 17 is a kind of block diagram of the server 1700 according to an exemplary embodiment.For example, server 1700 can To be provided as second server.With reference to Figure 17, server 1700 includes process assembly 1722, and it further includes one or many Individual processor, and the memory resource by representated by memory 1732, can be by the execution of process assembly 1722 for storage Instruction, such as application program.The application program stored in memory 1732 can include that one or more each is right The module of Ying Yuyi groups instruction.Additionally, process assembly 1722 is configured to execute instruction, to perform the said equipment code authentication side Method.
The method includes:
Receive the corresponding dynamic encryption parameter of target device that first server sends after to target device failed authentication;
Dynamic encryption parameter is sent into target device.
Further, dynamic encryption parameter is sent to after target device, is also included:
The configuration response that target device sends is received, configuration response is matched somebody with somebody for target device using dynamic encryption parameter It is set to work(;
According to configuration response, to first server send configuration message, configuration message is used for target device using dynamic State encryption parameter configuration successful.
Server 1700 can also include that a power supply module 1726 is configured to the power management of execute server 1700, One wired or wireless network interface 1750 is configured to for server 1700 to be connected to network, and an input and output (I/O) Interface 1758.Server 1700 can be operated based on the operating system for being stored in memory 1732, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM or similar.
Figure 18 is a kind of block diagram of the terminal 1800 according to an exemplary embodiment.For example, terminal 1800 can be Mobile phone, computer, digital broadcast terminal, messaging devices, game console, tablet device, Medical Devices, body-building sets It is standby, personal digital assistant etc..
With reference to Figure 18, terminal 1800 can include following one or more assemblies:Process assembly 1802, memory 1804, Power supply module 1806, multimedia groupware 1808, audio-frequency assembly 1810, the interface 1812 of input/output (I/O), sensor cluster 1814, and communication component 1816.
The integrated operation of the usual control terminal 1800 of process assembly 1802, such as with display, call, data communication, The associated operation of camera operation and record operation.Process assembly 1802 can include one or more processors 1820 to perform Instruction, to complete all or part of step of above-mentioned method.Additionally, process assembly 1802 can include one or more moulds Block, the interaction being easy between process assembly 1802 and other assemblies.For example, process assembly 1802 can include multi-media module, To facilitate the interaction between multimedia groupware 1808 and process assembly 1802.
Memory 1804 is configured to store various types of data to support the operation in terminal 1800.These data Example include in terminal 1800 operate any application program or method instruction, contact data, telephone book data, Message, picture, video etc..Memory 1804 can by any kind of volatibility or non-volatile memory device or they Combination realizes, such as static RAM (SRAM), Electrically Erasable Read Only Memory (EEPROM), it is erasable can Program read-only memory (EPROM), programmable read only memory (PROM), read-only storage (ROM), magnetic memory, flash memory Reservoir, disk or CD.
Power supply module 1806 provides electric power for the various assemblies of terminal 1800.Power supply module 1806 can include power management System, one or more power supplys, and other generate, manage and distribute the component that electric power is associated with for terminal 1800.
Multimedia groupware 1808 is included in the touching display screen of one output interface of offer between terminal 1800 and user. In certain embodiments, touching display screen can include liquid crystal display (LCD) and touch panel (TP).If screen includes touching Panel is touched, screen may be implemented as touch-screen, to receive the input signal from user.Touch panel includes one or more Touch sensor is with the gesture on sensing touch, slip and touch panel.Touch sensor can not only sensing touch or slip The border of action, but also the detection duration related to touch or slide and pressure.In certain embodiments, many matchmakers Body component 1808 includes a front-facing camera and/or post-positioned pick-up head.When terminal 1800 is in operator scheme, such as screening-mode Or during video mode, front-facing camera and/or post-positioned pick-up head can receive outside multi-medium data.Each front-facing camera Can be a fixed optical lens system or with focusing and optical zoom capabilities with post-positioned pick-up head.
Audio-frequency assembly 1810 is configured to output and/or input audio signal.For example, audio-frequency assembly 1810 includes a wheat Gram wind (MIC), when terminal 1800 is in operator scheme, such as call model, logging mode and speech recognition mode, microphone quilt It is configured to receive external audio signal.The audio signal for being received can be further stored in memory 1804 or via communication Component 1816 sends.In certain embodiments, audio-frequency assembly 1810 also includes a loudspeaker, for exports audio signal.
I/O interfaces 1812 are that interface, above-mentioned peripheral interface module are provided between process assembly 1802 and peripheral interface module Can be keyboard, click wheel, button etc..These buttons may include but be not limited to:Main bar button, volume button, start button and Locking press button.
Sensor cluster 1814 includes one or more sensors, and the state for providing various aspects for terminal 1800 is commented Estimate.For example, sensor cluster 1814 can detect the opening/closed mode of terminal 1800, such as relative positioning of component, group Part is the display and keypad of terminal 1800, and sensor cluster 1814 can be with 1,800 1 groups of detection terminal 1800 or terminal The position of part changes, and user is presence or absence of with what terminal 1800 was contacted, the orientation of terminal 1800 or acceleration/deceleration and terminal 1800 temperature change.Sensor cluster 1814 can include proximity transducer, be configured to connect without any physics The presence of object nearby is detected when tactile.Sensor cluster 1814 can also include optical sensor, and such as CMOS or ccd image are sensed Device, for used in imaging applications.In certain embodiments, the sensor cluster 1814 can also include acceleration sensing Device, gyro sensor, Magnetic Sensor, pressure sensor or temperature sensor.
Communication component 1816 is configured to facilitate the communication of wired or wireless way between terminal 1800 and other equipment.Eventually End 1800 can be accessed based on the wireless network of communication standard, such as WiFi, 2G or 3G, or combinations thereof.It is exemplary at one In embodiment, communication component 1816 receives the broadcast singal or broadcast correlation from external broadcasting management system via broadcast channel Information.In one exemplary embodiment, communication component 1816 also includes near-field communication (NFC) module, to promote junction service. For example, RF identification (RFID) technology, Infrared Data Association (IrDA) technology, ultra broadband (UWB) skill can be based in NFC module Art, bluetooth (BT) technology and other technologies are realizing.
In the exemplary embodiment, terminal 1800 can be by one or more application specific integrated circuits (ASIC), numeral Signal processor (DSP), digital signal processing appts (DSPD), PLD (PLD), field programmable gate array (FPGA), controller, microcontroller, microprocessor or other electronic components realizations, for performing said method.
In the exemplary embodiment, a kind of non-transitorycomputer readable storage medium including instruction, example are additionally provided Such as include the memory 1804 of instruction, above-mentioned instruction can be performed to complete said method by the processor 1820 of terminal 1800.Example Such as, non-transitorycomputer readable storage medium can be ROM, random access memory (RAM), CD-ROM, tape, floppy disk and Optical data storage devices etc..
A kind of non-transitorycomputer readable storage medium, when the instruction in storage medium is held by the processor of terminal 1800 During row so that terminal 1800 is able to carry out a kind of device password method for authenticating.
The method includes:
The mark and the first encryption parameter of target device are obtained from target device;
Authentication request is sent to first server, authentication request includes:The mark of target device and using first plus Signing messages after close parameter encryption;
Receive the reconfiguration request that first server sends after failed authentication;Reconfiguration request is used for instruction terminal again Initiate authentication request;
Again the mark and dynamic encryption parameter of target device are obtained from target device;
Again authentication request is sent to first server, the authentication request for sending to first server again includes:Weight The mark of the new target device obtained from target device and using the signing messages after the encryption of dynamic encryption parameter.
Those skilled in the art will readily occur to its of the disclosure after considering specification and putting into practice disclosure disclosed herein Its embodiment.The application is intended to any modification, purposes or the adaptations of the disclosure, these modifications, purposes or Person's adaptations follow the general principle of the disclosure and including the undocumented common knowledge in the art of the disclosure Or conventional techniques.Description and embodiments are considered only as exemplary, and the true scope of the disclosure and spirit are by following Claims are pointed out.
It should be appreciated that the disclosure is not limited to the precision architecture for being described above and being shown in the drawings, and And can without departing from the scope carry out various modifications and changes.The scope of the present disclosure is only limited by appending claims System.

Claims (17)

1. a kind of device password method for authenticating, is applied to first server, it is characterised in that include:
The authentication request that terminal sends is obtained, the authentication request includes:The mark of target device and using first encryption Signing messages after parameter encryption;
Authenticated according to the authentication request;
When the authentication fails, dynamic encryption parameter is generated;
The dynamic encryption parameter is sent into second server, so that the second server is according to the dynamic encryption parameter First encryption parameter of the target device is updated.
2. method according to claim 1, it is characterised in that described to be authenticated according to the authentication request, including:
According to the mark of the target device, inquire about in the first server whether include the target device corresponding second Encryption parameter;
It is described to generate dynamic encryption parameter when the authentication fails, including:
When the second encryption parameter corresponding not comprising the target device in the first server, dynamic encryption ginseng is generated Number.
3. method according to claim 1, it is characterised in that described to be authenticated according to the authentication request, including:
According to the mark of the target device, inquire about in the first server whether include the target device corresponding second Encryption parameter;
When the second encryption parameter corresponding comprising the target device in the first server, according to the described second encryption ginseng Number, generates using the signing messages after second encryption parameter encryption;
When the first server determine it is described adopt the first encryption parameter to encrypt after signing messages and described using described the When signing messages after the encryption of two encryption parameters is identical, to the terminal authentication success response is sent;
It is described to generate dynamic encryption parameter when the authentication fails, including:
When the first server determine it is described adopt the first encryption parameter to encrypt after signing messages and described using described the When signing messages after the encryption of two encryption parameters is different, dynamic encryption parameter is generated.
4. method according to claim 1, it is characterised in that described that the dynamic encryption parameter is sent into second service After device, also include:
The configuration message that the second server sends is received, the configuration message is used to indicate the target device using described Dynamic encryption parameter configuration success;
Reconfiguration request is sent to the terminal according to the configuration message, the reconfiguration request is used to indicate the terminal weight Newly initiate the authentication request.
5. a kind of device password method for authenticating, is applied to second server, it is characterised in that include:
Receive the corresponding dynamic encryption parameter of the target device that first server sends after to target device failed authentication;
The dynamic encryption parameter is sent into the target device.
6. method according to claim 5, it is characterised in that described that the dynamic encryption parameter is sent into the target After equipment, also include:
The configuration response that the target device sends is received, the configuration response is used to indicate the target device using described dynamic State encryption parameter configuration successful;
According to the configuration response, to the first server send configuration message, the configuration message is used to indicate the mesh Marking device adopts the dynamic encryption parameter configuration success.
7. a kind of device password method for authenticating, is applied to terminal, it is characterised in that include:
The mark and the first encryption parameter of target device are obtained from target device;
Authentication request is sent to first server, the authentication request includes:The mark of target device and using first plus Signing messages after close parameter encryption;
Receive the reconfiguration request that the first server sends after failed authentication;The reconfiguration request is described for indicating Terminal initiates the authentication request again;
Again the mark and dynamic encryption parameter of target device are obtained from the target device;
Again authentication request is sent to the first server, in the authentication request for sending to the first server again Including:Again from the target device obtain target device mark and using dynamic encryption parameter encryption after signature Information.
8. a kind of server, it is characterised in that the server is first server, the first server includes:
Acquisition module, is configured to obtain the authentication request that terminal sends, and the authentication request includes:The mark of target device Know and using the signing messages after the encryption of the first encryption parameter;
Authentication module, is configured to be authenticated according to the authentication request;
Generation module, is configured to, in the authentication module failed authentication, generate dynamic encryption parameter;
First sending module, is configured to for the dynamic encryption parameter to be sent to second server, so that the second service Device is updated according to the dynamic encryption parameter to the first encryption parameter of the target device.
9. server according to claim 8, it is characterised in that the authentication module, is configured to according to the target The mark of equipment, inquires about in the first server whether include corresponding second encryption parameter of the target device;
The generation module, is configured to not include the target device in the authentication module determines the first server During corresponding second encryption parameter, dynamic encryption parameter is generated.
10. server according to claim 8, it is characterised in that the authentication module, is configured to according to the target The mark of equipment, inquires about in the first server whether include corresponding second encryption parameter of the target device, and true In the fixed first server during the second encryption parameter corresponding comprising the target device, according to second encryption parameter, Generate using the signing messages after second encryption parameter encryption;
The generation module, be configured to the authentication module determine it is described adopt the first encryption parameter encryption after A.L.S. When ceasing different from the signing messages after the encryption using second encryption parameter, dynamic encryption parameter is generated;
The first server also includes:
Second sending module, be configured to the authentication module determine it is described adopt the first encryption parameter encryption after A.L.S. When ceasing identical with the signing messages after the encryption using second encryption parameter, send to authenticate to the terminal and successfully ring Should.
11. servers according to claim 8, it is characterised in that the first server also includes:
Receiver module, be configured to first sending module by the dynamic encryption parameter be sent to second server it Afterwards, the configuration message that the second server sends is received, the configuration message is used to represent the target device using described Dynamic encryption parameter configuration success;
3rd sending module, is configured to send reconfiguration request to the terminal according to the configuration message, described to reconfigure Ask for indicating that the terminal initiates the authentication request again.
12. a kind of servers, it is characterised in that the server is second server, the second server includes:
First receiver module, is configured to receive the corresponding dynamic encryption parameter of target device that first server sends;
First sending module, is configured to for the dynamic encryption parameter to be sent to the target device.
13. servers according to claim 12, it is characterised in that the second server also includes:
Second receiver module, is configured to the dynamic encryption parameter is sent into the target in first sending module and sets After standby, the configuration response that the target device sends is received, the configuration response is used to indicate that the target device adopts institute State dynamic encryption parameter configuration success;
Second sending module, is configured to according to the configuration response, described to match somebody with somebody to the first server send configuration message Message is put for indicating that the target device adopts the dynamic encryption parameter configuration success.
14. a kind of terminals, it is characterised in that include:
First acquisition module, is configured to from target device obtain the mark and the first encryption parameter of target device;
First sending module, is configured to send authentication request to first server, and the authentication request includes:Target device Mark and using the first encryption parameter encryption after signing messages;
First receiver module, is configured to receive the reconfiguration request that the first server sends, and the reconfiguration request is used The authentication request is initiated again in the instruction terminal;
Second acquisition module, is configured to obtain the mark and dynamic encryption ginseng of target device from the target device again Number;
Second sending module, is configured to send authentication request to the first server again, described again to described first The authentication request that server sends includes:The mark of the target device for obtaining from the target device again and employing are dynamic Signing messages after the encryption of state encryption parameter.
15. a kind of servers, it is characterised in that the server is first server, the first server includes:
Processor;
For storing the memory of the executable instruction of the processor;
Wherein, the processor is configured to:
The authentication request that terminal sends is obtained, the authentication request includes:The mark of target device and using first encryption Signing messages after parameter encryption;
Authenticated according to the authentication request;
When the authentication fails, dynamic encryption parameter is generated;
The dynamic encryption parameter is sent into second server, so that the second server is according to the dynamic encryption parameter First encryption parameter of the target device is updated.
16. a kind of servers, it is characterised in that the server is second server, the second server includes:
Processor;
For storing the memory of the executable instruction of the processor;
Wherein, the processor is configured to:
Receive the corresponding dynamic encryption parameter of the target device that first server sends after to target device failed authentication;
The dynamic encryption parameter is sent into the target device.
17. a kind of terminals, it is characterised in that the terminal includes:
Processor;
For storing the memory of the executable instruction of the processor;
Wherein, the processor is configured to:
The mark and the first encryption parameter of target device are obtained from target device;
Authentication request is sent to first server, the authentication request includes:The mark of target device and using first plus Signing messages after close parameter encryption;
Receive the reconfiguration request that the first server sends after failed authentication;The reconfiguration request is described for indicating Terminal initiates the authentication request again;
Again the mark and dynamic encryption parameter of target device are obtained from the target device;
Again authentication request is sent to the first server, in the authentication request for sending to the first server again Including:Again from the target device obtain target device mark and using dynamic encryption parameter encryption after signature Information.
CN201610931262.9A 2016-10-31 2016-10-31 Equipment password authentication method, server and terminal Active CN106656479B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610931262.9A CN106656479B (en) 2016-10-31 2016-10-31 Equipment password authentication method, server and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610931262.9A CN106656479B (en) 2016-10-31 2016-10-31 Equipment password authentication method, server and terminal

Publications (2)

Publication Number Publication Date
CN106656479A true CN106656479A (en) 2017-05-10
CN106656479B CN106656479B (en) 2020-08-04

Family

ID=58820281

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610931262.9A Active CN106656479B (en) 2016-10-31 2016-10-31 Equipment password authentication method, server and terminal

Country Status (1)

Country Link
CN (1) CN106656479B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108550366A (en) * 2018-04-24 2018-09-18 青岛海尔科技有限公司 A kind of control method of household electrical appliances, device, readable storage medium storing program for executing and equipment
CN109166199A (en) * 2018-07-06 2019-01-08 嘟嘟物联网(深圳)有限公司 A kind of generation method of password, device and equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101794420A (en) * 2009-12-31 2010-08-04 卓望数码技术(深圳)有限公司 Payment authentication method, terminal and system
CN105429960A (en) * 2015-10-29 2016-03-23 东莞酷派软件技术有限公司 Method and device for intelligent household terminal authentication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101794420A (en) * 2009-12-31 2010-08-04 卓望数码技术(深圳)有限公司 Payment authentication method, terminal and system
CN105429960A (en) * 2015-10-29 2016-03-23 东莞酷派软件技术有限公司 Method and device for intelligent household terminal authentication

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108550366A (en) * 2018-04-24 2018-09-18 青岛海尔科技有限公司 A kind of control method of household electrical appliances, device, readable storage medium storing program for executing and equipment
CN109166199A (en) * 2018-07-06 2019-01-08 嘟嘟物联网(深圳)有限公司 A kind of generation method of password, device and equipment
CN109166199B (en) * 2018-07-06 2021-02-23 嘟嘟物联网(深圳)有限公司 Password generation method, device and equipment

Also Published As

Publication number Publication date
CN106656479B (en) 2020-08-04

Similar Documents

Publication Publication Date Title
CN104159226B (en) Method for connecting network and device
CN107483715B (en) Method and system for communication between terminal and equipment, terminal and storage medium
RU2626659C1 (en) Method and equipment for device control
JP6310162B2 (en) Network connection method, apparatus, program, and recording medium
CN104869612A (en) Method and device for accessing network
US20170257893A1 (en) Communication systems and methods
KR102377724B1 (en) Device network configuration method and apparatus, and medium
CN104936304A (en) Intelligent equipment binding method, intelligent equipment, and server
CN109347828B (en) File Upload and Download method, apparatus, electronic equipment and storage medium
CN105282158A (en) Intelligent equipment networking method, routing equipment, intelligent equipment and system
CN105100190A (en) Methods, devices and system for managing control relation of account and device
CN104283876A (en) Operation authorization method and device
CN104765990A (en) Setting method and device for management account of intelligent device
CN104125067A (en) Account and token secret key binding method and device
CN103888290A (en) Configuration information recovery method and device
CN105228141A (en) A kind of methods, devices and systems set up network and connect
CN105791309A (en) Method, device and system for executing business processing
CN105162889A (en) Device finding method and apparatus
US11949938B2 (en) Techniques for authorizing controller devices
CN106452924A (en) Method and device for synchronizing wireless network configuration
CN105578557A (en) Routing information transmission method and device
CN105407070A (en) Logging-in authorization method and device
CN105282162A (en) Processing method and device for account management business
CN105530129B (en) Router resetting method and device
CN106611112A (en) Application program safe processing method, device and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant