CN106817697A - A kind of methods, devices and systems for device authentication - Google Patents
A kind of methods, devices and systems for device authentication Download PDFInfo
- Publication number
- CN106817697A CN106817697A CN201510869188.8A CN201510869188A CN106817697A CN 106817697 A CN106817697 A CN 106817697A CN 201510869188 A CN201510869188 A CN 201510869188A CN 106817697 A CN106817697 A CN 106817697A
- Authority
- CN
- China
- Prior art keywords
- safety code
- authentication
- response
- access
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000000605 extraction Methods 0.000 claims abstract description 8
- 239000000284 extract Substances 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 abstract description 27
- 230000002457 bidirectional effect Effects 0.000 abstract description 8
- 230000003993 interaction Effects 0.000 abstract description 3
- 238000001514 detection method Methods 0.000 description 2
- 235000013410 fast food Nutrition 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of methods, devices and systems for device authentication, it is related to Internet technical field.Method therein includes:Access request is sent to access device when access device is logged in, is authenticated so that access device sends to authentication platform the device identification of itself and access request, wherein access request includes ID;After the safety code for receiving access device transmission, the safety code that has preserved of extraction, wherein, access device after the certification success response for receiving authentication platform transmission, the safety code that forwarding certification success response includes;Judge whether the safety code for receiving and the safety code for having preserved are identical;If the safety code for receiving is identical with the safety code for having preserved, access device is logged in.Therefore, it is possible to when user completes online request, be that user establishes safe network environment, and bidirectional safe certification is realized by primary information interaction so that internet security is higher.
Description
Technical field
The present invention relates to Internet technical field, more particularly to a kind of side for device authentication
Method, device and system.
Background technology
Wireless WIFI accesses are more next because its good access convenience and SM are obtained
More widely apply, especially Public place for example fast food restaurant, coffee-house, hotel, market,
The regions such as shopping mall, colleges and universities, scenic spot apply more and more, and in these regions, user's movement is eventually
End can be accessed conveniently by WIFI and obtain network access capacity, and WIFI services are carried
Donor can also reach popularization corporate image and product, lifting by providing WIFI access services
Brand recognition, improve service level and strengthen the purposes such as client's viscosity.
At present, the authentication mode of more universal business public WiFi is based on Web
The mode of Portal/Web certifications:Mainly WiFi access devices are redirected or forwarding user please
Authentication platform, platform matching Certified Devices List or checking token is asked to return to response, WiFi
Equipment is filtered according to authentication result to user access request, so as to realize network access authentication.So
And there is also very big potential safety hazard while public WiFi offers free nets:Media report
A lot of fishing WiFi, cause the stolen event of user profile, finance, all illustrate that public WiFi is deposited
In very big safety problem, key issue be user cannot confirm public's WiFi equipment whether be
Credible equipment, it is impossible to realize secure internet connection.
The content of the invention
The technical problem to be solved in the present invention be user cannot confirm public's WiFi equipment whether be
Credible equipment.
According to an aspect of the present invention, a kind of method for device authentication is proposed, including:Stepping on
Access request is sent to access device during record access device, so that access device is by the equipment of itself
Mark and access request send to authentication platform and are authenticated, and wherein access request includes user
Mark;After the safety code for receiving access device transmission, the safety code that extraction has been preserved, its
In, access device receive authentication platform transmission certification success response after, forwarding certification into
The safety code that work(response includes;Whether the safety code that receives of judgement and the safety code for having preserved
It is identical;If the safety code for receiving is identical with the safety code for having preserved, access device is logged in.
Further, if the safety code for receiving is differed with the safety code for having preserved, judge
Access device is non-trusted device.
Further, registration request is sent to authentication platform when user's registration is carried out, to recognize
Card platform issues ID and safety code;Rung in the registration request for receiving authentication platform transmission
Ying Hou, extracts ID and safety code and is stored from registration request response.
According to another aspect of the present invention, it is also proposed that a kind of method for device authentication, including:
After the access request that user terminal sends is received, access request and the device identification of itself are sent out
Authentication platform is delivered to, so that authentication platform is authenticated to access request and device identification, wherein
Access request includes ID;After the authentication response for receiving authentication platform transmission, sentence
Whether disconnected authentication response is certification success response;If authentication response is certification success response, will
The safety code that certification success response includes is transmitted to user terminal, so that user terminal is to safety
Code is verified.
Further, if authentication response is authentication failure response, certification is sent to user terminal
Failed message.
Further, registration request is sent to authentication platform when being registered, so that certification is flat
Platform issues device identification;After the registration request response for receiving authentication platform transmission, from registration
Device identification is extracted in request response and stored.
According to another aspect of the present invention, it is also proposed that a kind of user terminal for device authentication,
Including:Request transmitting unit, asks for sending to access to access device when access device is logged in
Ask, carried out so that access device sends to authentication platform the device identification of itself and access request
Certification, wherein access request include ID;Safety code receiving unit, for receiving
After the safety code sent to access device, the safety code that extraction has been preserved, wherein, access device
After the certification success response for receiving authentication platform transmission, forwarding certification success response includes
Safety code;Safety code judging unit, for the safety code for judging to receive and the peace for having preserved
Whether all-key is identical, network connection unit, for the judged result according to safety code judging unit,
If the safety code for receiving is identical with the safety code for having preserved, access device is logged in.
Further, network connection unit is used for the judged result according to safety code judging unit,
If the safety code for receiving is differed with the safety code for having preserved, judge access device for can not
Letter equipment.
Further, endpoint registration unit, for being sent out to authentication platform when user's registration is carried out
Registration request is sent, so that authentication platform issues ID and safety code, is put down certification is received
After the registration request response that platform sends, ID and safety are extracted from registration request response
Code is simultaneously stored.
According to another aspect of the present invention, it is also proposed that a kind of access device for device authentication,
Including:Request reception unit, for after the access request that user terminal sends is received, will connect
Enter request and the device identification of itself is sent to authentication platform, so that authentication platform is to access request
It is authenticated with device identification, wherein access request includes ID;Response receiving unit,
Authentication response for receiving authentication platform transmission;Response judging unit, for judging certification
Whether response is certification success response;Message sending unit, for according to response judging unit
Judged result, if authentication response is certification success response, certification success response is included
Safety code is transmitted to user terminal, so that user terminal is verified to safety code.
Further, message sending unit is used for the judged result according to response judging unit, if
Authentication response is authentication failure response, then send authentification failure message to user terminal.
Further, access device registering unit, for being sent out to authentication platform when being registered
Registration request is sent, so that authentication platform issues device identification, authentication platform transmission is being received
After registration request response, extract device identification from registration request response and stored.
According to another aspect of the present invention, it is also proposed that a kind of system for device authentication, including
Authentication platform, any of the above-described user terminal and any of the above-described access device;Authentication platform is used
In when the device identification of itself of access device transmission and access request is received, to equipment mark
Know and access request is authenticated, wherein access request includes ID;If certification success,
Then to institute's access device return authentication success response and safety code;If certification is unsuccessful, to connecing
Enter equipment return authentication failure response.
Further, authentication platform is when the registration request of user terminal is received, to user's end
End sends ID and safety code.
Further, authentication platform is used for when the registration request of access device is received, to connecing
Enter equipment and send device identification.
Compared with prior art, user terminal of the present invention sends certification request to access device, connects
Enter equipment equipment of itself mark and certification request are sent to authentication platform and be authenticated, and forward
The safety code of authentication platform, user terminal is by comparing the safety code of access device return and having protected
Have whether safety code is identical, and then judge the true and false of access device, interacted by primary information
Bidirectional safe certification is realized, user can be made on the premise of security of network environment is predicted
Using network, solve the problems, such as that user security is surfed the Net.
By referring to the drawings to the detailed description of exemplary embodiment of the invention, the present invention
Further feature and its advantage will be made apparent from.
Brief description of the drawings
Constitute the Description of Drawings embodiments of the invention of a part for specification, and together with saying
Bright book is used to explain principle of the invention together.
Referring to the drawings, according to following detailed description, the present invention can be more clearly understood from,
Wherein:
Fig. 1 is schematic flow sheet of the present invention for one embodiment of the method for device authentication.
Fig. 2 is that the present invention illustrates for the flow of another embodiment of the method for device authentication
Figure.
Fig. 3 is that the present invention illustrates for the flow of the further embodiment of the method for device authentication
Figure.
Fig. 4 is structural representation of the present invention for one embodiment of the user terminal of device authentication
Figure.
Fig. 5 is structural representation of the present invention for one embodiment of the access device of device authentication
Figure.
Fig. 6 is structural representation of the present invention for one embodiment of the system of device authentication.
Specific embodiment
Describe various exemplary embodiments of the invention in detail now with reference to accompanying drawing.It should be noted that
Arrive:Unless specifically stated otherwise, the part and the phase of step for otherwise illustrating in these embodiments
Arrangement, numerical expression and numerical value are not limited the scope of the invention.
Simultaneously, it should be appreciated that for the ease of description, the chi of the various pieces shown in accompanying drawing
Very little is not to be drawn according to actual proportionate relationship.
Be to the description only actually of at least one exemplary embodiment below it is illustrative, certainly
Not as to the present invention and its application or any limitation for using.
May not make in detail for technology, method and apparatus known to person of ordinary skill in the relevant
It is thin to discuss, but in the appropriate case, the technology, method and apparatus should be considered as authorizing to be said
A part for bright book.
In all examples shown here and discussion, any occurrence should be construed as merely
Exemplary, not as limitation.Therefore, the other examples of exemplary embodiment can have
There are different values.
It should be noted that:Similar label and letter represents similar terms in following accompanying drawing, therefore,
Once being defined in a certain Xiang Yi accompanying drawing, then it need not be carried out in subsequent accompanying drawing
It is discussed further.
To make the object, technical solutions and advantages of the present invention become more apparent, below in conjunction with tool
Body embodiment, and referring to the drawings, the present invention is described in more detail.
Fig. 1 is schematic flow sheet of the present invention for one embodiment of the method for device authentication.
User terminal performs following operation in the embodiment:
In step 110, access request is sent to access device when access device is logged in, so as to
The device identification of itself and access request are sent to authentication platform and are authenticated by access device.
Access request includes ID, client public key information, and wherein ID can be
Encryption ID.
Before this step, user terminal and access device are registered to authentication platform respectively,
Authentication platform sends ID, safety code to user terminal, and equipment mark is sent to access device
Know.
Receiving device identification, ID and the client public key information of access device transmission
Afterwards, authentication platform is compared by device identification, ID and client public key information,
If comparing successfully, safety code is sent to user terminal by access device.
In step 120, after the safety code for receiving access device transmission, what extraction had been preserved
Safety code.
Wherein, access device is forwarded after the certification success response for receiving authentication platform transmission
The safety code that certification success response includes.The safety code for having preserved is user terminal to certification
When platform is registered, the safety code sent by authentication platform.The safety code for receiving can be encryption
Safety code, user terminal is first decrypted to safety code.
In step 130, judge whether the safety code for receiving and the safety code for having preserved are identical.
If the safety code for receiving is identical with the safety code for having preserved, step 140 is performed, if receiving
To safety code differed with the safety code for having preserved, then perform step 150.
In step 140, access device is logged in.Hereafter other steps of the present embodiment are no longer performed.
If certification success, it is safe that can prompt the user with network connection.
In step 150, judge that access device is non-trusted device.
Now, illustrate that network there may be potential safety hazard.
In this embodiment, the present invention is connect by being sent to access device when access device is logged in
Enter request, so that access device sends to authentication platform the device identification of itself and access request
It is authenticated, after the safety code for receiving access device transmission, the safety code that extraction has been preserved,
If the safety code for receiving is identical with the safety code for having preserved, access device can be logged in.Cause
This, can be that user establishes safe network environment when user completes online request, and
Interacted by primary information and realize bidirectional safe certification so that internet security is higher.
Fig. 2 is that the present invention illustrates for the flow of another embodiment of the method for device authentication
Figure.Access device performs following operation in the embodiment:
In step 210, after the access request that user terminal sends is received, by access request and
The device identification of itself is sent to authentication platform, so that authentication platform is to access request and equipment mark
Knowledge is authenticated.Wherein access request includes ID, can also believe including client public key
Breath, ID therein can be encryption ID.
Before this step, user terminal and access device are registered to authentication platform respectively,
Authentication platform sends ID, safety code to user terminal, and equipment mark is sent to access device
Know.
In step 220, after the authentication response for receiving authentication platform transmission, judge that certification rings
Should whether be certification success response, if authentication response is certification success response, perform step
230, if authentication response is authentication failure response, perform step 240.
Authentication platform is receiving the device identification of access device transmission, ID and user public affairs
After key information, device identification, ID and client public key information are compared, if comparing
Success, then send the safety code of certification success response and user terminal to access device, otherwise,
Return authentication failure response.
In step 230, the safety code that certification success response includes is transmitted to user terminal,
So that user terminal is verified to safety code.
In step 240, authentification failure message is sent to user terminal.
In this embodiment, after the access request by reception user terminal transmission of the invention,
Access request and the device identification of itself are sent to authentication platform, so that authentication platform is to accessing
Request and device identification are authenticated;After the authentication response for receiving authentication platform transmission, sentence
Whether disconnected authentication response is certification success response;If authentication response is certification success response, will
The safety code that certification success response includes is transmitted to user terminal, so that user terminal is to safety
Code is verified.The safety code that user's detection access device is returned, judges that access device is true and false,
Make user that network is used on the premise of security of network environment is predicted, solve on user security
The problem of net, and bidirectional safe certification is realized by primary information interaction so that network security
Property is higher.
Fig. 3 is that the present invention illustrates for the flow of the further embodiment of the method for device authentication
Figure.The method is comprised the following steps:
In step 310, user terminal sends user's registration and asks to authentication platform, authentication platform
Encryption user identity information is returned to user terminal.Meanwhile, authentication platform and user terminal all can
Preserve user identity information.Wherein user encryption identification information can include ID, user
Safety code.
In step 320, access device sends facility registration and asks to authentication platform, authentication platform
To access device returning equipment identification information.Meanwhile, authentication platform and access device can all be preserved
Equipment identification information.
Step 310 and step 320 in no particular order order.
In step 330, user terminal carries encryption ID, client public key information and connects
Enter equipment.
In step 340, access device carries the device identification of itself and encryption ID, uses
Family public key information asks certification to authentication platform.
In step 350, authentication platform is decrypted certification.
In step 360, authentication platform is responded to access device return authentication, wherein, if certification
Platform authentication success, then return authentication success response then returns to user security code, if recognizing simultaneously
Card platform authentication fails, then return authentication failure response.
In step 370, user security code is returned to user terminal by access device.
In step 380, user terminal decrypted user safety code, and enter with safety code has been stored in
Row is compared, and judges that access device is true and false, if networking.
If certification success, points out secure connection network, if failure, illustrates that network may be deposited
In potential safety hazard.
In this embodiment, user terminal carries ID, the connection of client public key information and accesses
Equipment, access device Portable device mark, user information request authentication platform carries out user and steps on
Record certification;Access device receives authentication result and the user security code that authentication platform is returned, concurrently
Send safety code to client, user terminal compares safety code, carries out access device internet security
Certification.The present invention is interacted by primary information and realizes bidirectional safe certification, by two-way authentication
The security of network can be improved.It is user's foundation i.e. while user's online request is completed
The network environment of safety.Also, access device AP safe procedures of the present invention are simply easily disposed,
It is low to accessing device hardware requirement.
In addition, present invention could apply to medium and small trade company's business WiFi, helping to strengthen terminal
User service is experienced, it is ensured that Internet Security etc..Can solve the problem that the WiFi of society's common concern now
Internet Security problem, strengthens User reliability, lifts brand image.
Fig. 4 is structural representation of the present invention for one embodiment of the user terminal of device authentication
Figure.The user terminal includes subscription client, and user can initiate wireless network using client
Connection and certification request.It is single that the user terminal includes that request transmitting unit 410, safety code is received
Unit 420, safety code judging unit 430 and network connection unit 440.
Request transmitting unit 410 is used to send to access to access device when access device is logged in ask
Ask, carried out so that access device sends to authentication platform the device identification of itself and access request
Certification.
Access request includes ID, client public key information, and wherein ID can be
Encryption ID.
User terminal can also include endpoint registration unit 450, for when user's registration is carried out
Registration request is sent to authentication platform, so that authentication platform issues ID and safety code,
After receiving the registration request response of authentication platform transmission, use is extracted from registration request response
Family identifies and safety code and is stored.
Safety code receiving unit 420 is used for after the safety code for receiving access device transmission, carries
Take the safety code for having preserved.
Wherein, access device is forwarded after the certification success response for receiving authentication platform transmission
The safety code that certification success response includes.The safety code for having preserved is user terminal again to certification
When platform is registered, the safety code sent by authentication platform.The safety code for receiving can be encryption
Safety code, user terminal is first decrypted to safety code.
Safety code judging unit 430 is used to judge the safety code for receiving with the safety code for having preserved
It is whether identical.
Network connection unit 440 is used for the judged result according to safety code judging unit 430, if
The safety code for receiving is identical with the safety code for having preserved, then log in access device, if receiving
Safety code differed with the safety code for having preserved, then judge that access device is non-trusted device.
In this embodiment, the present invention is connect by being sent to access device when access device is logged in
Enter request, so that access device sends to authentication platform the device identification of itself and access request
It is authenticated, after the safety code for receiving access device transmission, the safety code that extraction has been preserved,
If the safety code for receiving is identical with the safety code for having preserved, access device can be logged in.Cause
This, can be that user establishes safe network environment when user completes online request, and
Interacted by primary information and realize bidirectional safe certification so that internet security is higher.
Fig. 5 is structural representation of the present invention for one embodiment of the access device of device authentication
Figure.The access device can be AP equipment, for the Access Control of user network service request and
Forwarding.The access device includes that request reception unit 510, response receiving unit 520, response are sentenced
Disconnected unit 530 and message sending unit 540.
After request reception unit 510 is used to receive the access request that user terminal sends, will access
Request and the device identification of itself are sent to authentication platform, so as to authentication platform to access request and
Device identification is authenticated.Wherein access request includes ID, can also include user
Public key information, ID therein can be encryption ID.
Access device can also include access device registering unit 550, for when being registered
Registration request is sent to authentication platform, so that authentication platform issues device identification, is recognized receiving
After the registration request response that card platform sends, device identification is extracted simultaneously from registration request response
Stored.
Response receiving unit 520 is used to receive the authentication response of authentication platform transmission.
Response judging unit 530 is used to judge whether authentication response is certification success response.
Message sending unit 540 is used for the judged result according to response judging unit 530, if recognizing
Card response is certification success response, then the safety code that certification success response includes is transmitted into use
Family terminal, so that user terminal is verified to safety code.If authentication response rings for authentification failure
Should, then send authentification failure message to user terminal.
In this embodiment, after the access request by reception user terminal transmission of the invention,
Access request and the device identification of itself are sent to authentication platform, so that authentication platform is to accessing
Request and device identification are authenticated;After the authentication response for receiving authentication platform transmission, sentence
Whether disconnected authentication response is certification success response;If authentication response is certification success response, will
The safety code that certification success response includes is transmitted to user terminal, so that user terminal is to safety
Code is verified.The safety code that user's detection access device is returned, judges that access device is true and false,
Make user that network is used on the premise of security of network environment is predicted, solve on user security
The problem of net, and bidirectional safe certification is realized by primary information interaction so that network security
Property is higher.Also, access device AP safe procedures of the present invention are simply easily disposed, access is set
Standby hardware requirement is low.
Fig. 6 is structural representation of the present invention for one embodiment of the system of device authentication.
The system includes user terminal 610, access device 620 and authentication platform 630.
User terminal 610 includes subscription client, and user can initiate wireless network using client
Network is connected and certification request, and the function of unit therein is referring to described in Fig. 4.
Access device 620 can be AP equipment, for user network service request Access Control
And forwarding, the function of unit therein is referring to described in Fig. 5.
Authentication platform 630 is used to receive user's registration and checking request, and result is returned.Tool
Body is to receive the device identification of itself of the transmission of access device 620 and during access request, right
Device identification and access request are authenticated, and wherein access request includes ID;If recognizing
Demonstrate,prove successfully, then to the return authentication success response of institute's access device 620 and safety code;If certification is not
Success, then to the return authentication failure response of access device 620.
Authentication platform 630 is additionally operable to when the registration request of user terminal 610 is received, Xiang Yong
Family terminal 610 sends ID and safety code, please in the registration for receiving access device 620
When asking, device identification is sent to access device 620.
In an embodiment of the present invention, user terminal carries ID, client public key information and connects
Access device is connect, access device Portable device mark, user information request authentication platform is carried out
User log-in authentication;Access device receives authentication result and the user security code that authentication platform is returned,
And safety code is sent to client, user terminal compares safety code, carries out access device network peace
Full property certification.The present invention is interacted by primary information and realizes bidirectional safe certification, by two-way
Certification can improve the security of network.It is user i.e. while user's online request is completed
Establish safe network environment.Also, access device AP safe procedures of the present invention are simply easy
Deployment, it is low to accessing device hardware requirement.
In addition, present invention could apply to medium and small trade company's business WiFi, helping to strengthen terminal
User service is experienced, it is ensured that Internet Security etc..Can solve the problem that the WiFi of society's common concern now
Internet Security problem, strengthens User reliability, lifts brand image.
So far, the present invention is described in detail.In order to avoid covering design of the invention, do not have
It is described some details known in the field.Those skilled in the art as described above,
Completely it can be appreciated how implementing technical scheme disclosed herein.
The method of the present invention and device may be achieved in many ways.For example, can be by soft
Part, hardware, firmware or software, hardware, any combinations of firmware realize side of the invention
Method and device.The said sequence of the step of for methods described is merely to illustrate, sheet
The step of method of invention, is not limited to order described in detail above, unless otherwise especially
Explanation.Additionally, in certain embodiments, also the present invention can be embodied as into record in recording medium
In program, these programs include for realizing the machine readable instructions of the method according to the invention.
Thus, the present invention also covering storage is situated between for performing the record of the program of the method according to the invention
Matter.
Although being described in detail to some specific embodiments of the invention by example,
But it should be appreciated by those skilled in the art, above example merely to illustrating, without
It is to limit the scope of the present invention.It should be appreciated by those skilled in the art can not depart from
In the case of scope and spirit of the present invention, above example is modified.Model of the invention
Enclose and be defined by the following claims.
Claims (15)
1. a kind of method for device authentication, it is characterised in that including:
Access request is sent to the access device when access device is logged in, so as to the access
The device identification of itself and the access request are sent to authentication platform and are authenticated by equipment, its
Described in access request include ID;
After the safety code that the access device sends is received, the safety code that extraction has been preserved,
Wherein, the access device is after the certification success response that the authentication platform sends is received,
The safety code for forwarding the certification success response to include;
Judge whether the safety code for receiving and the safety code for having preserved are identical;
If the safety code for receiving is identical with the safety code for having preserved, logs in the access and set
It is standby.
2. method according to claim 1, it is characterised in that
If the safety code for receiving is differed with the safety code for having preserved, judge that the access sets
Standby is non-trusted device.
3. method according to claim 1, it is characterised in that also include:
Registration request is sent to the authentication platform when user's registration is carried out, so as to the certification
Platform issues ID and safety code;
After the registration request response that the authentication platform sends is received, from the registration request
ID and safety code are extracted in response and is stored.
4. a kind of method for device authentication, it is characterised in that including:
After the access request that user terminal sends is received, by the access request and itself set
Standby mark is sent to authentication platform, so that the authentication platform is to the access request and equipment mark
Knowledge is authenticated, wherein the access request includes ID;
After the authentication response that the authentication platform sends is received, judge that the authentication response is
No is certification success response;
If the authentication response is certification success response, the certification success response is included
Safety code be transmitted to user terminal, so that user terminal is verified to safety code.
5. method according to claim 4, it is characterised in that
If the authentication response is authentication failure response, sends authentification failure to user terminal and disappear
Breath.
6. method according to claim 4, it is characterised in that also include:
Registration request is sent to the authentication platform when being registered, so as to the authentication platform
Issue device identification;
After the registration request response that the authentication platform sends is received, from the registration request
Device identification is extracted in response and is stored.
7. a kind of user terminal for device authentication, it is characterised in that including:
Request transmitting unit, accesses for being sent to the access device when access device is logged in
Request, recognizes so that the access device sends to described the device identification of itself and access request
Card platform is authenticated, wherein the access request includes ID;
Safety code receiving unit, for after the safety code that the access device sends is received,
The safety code that extraction has been preserved, wherein, the access device is receiving the authentication platform hair
After the certification success response sent, the safety code for forwarding the certification success response to include;
Safety code judging unit, be for the judgement safety code for receiving and the safety code for having preserved
It is no identical,
Network connection unit, for the judged result according to the safety code judging unit, if connecing
The safety code for receiving is identical with the safety code for having preserved, then log in the access device.
8. user terminal according to claim 7, it is characterised in that
The network connection unit is used for the judged result according to the safety code judging unit, if
The safety code for receiving is differed with the safety code for having preserved, then judge the access device for not
Credible equipment.
9. user terminal according to claim 7, it is characterised in that also include:
Endpoint registration unit, registers for being sent to the authentication platform when user's registration is carried out
Request, so that the authentication platform issues ID and safety code, is receiving the certification
After the registration request response that platform sends, ID is extracted from registration request response
With safety code and stored.
10. a kind of access device for device authentication, it is characterised in that including:
Request reception unit, for after the access request that user terminal sends is received, by described in
Access request and the device identification of itself are sent to authentication platform, so that the authentication platform is to institute
State access request and device identification is authenticated, wherein the access request includes ID;
Response receiving unit, for receiving the authentication response that the authentication platform sends;
Response judging unit, for judging whether the authentication response is certification success response;
Message sending unit, for the judged result according to the response judging unit, if described
Authentication response is certification success response, then the safety code for including the certification success response turns
User terminal is issued, so that user terminal is verified to safety code.
11. access devices according to claim 10, it is characterised in that
The message sending unit is used for the judged result according to the response judging unit, if institute
Authentication response is stated for authentication failure response, then sends authentification failure message to user terminal.
12. access devices according to claim 10, it is characterised in that
Access device registering unit, registers for being sent to the authentication platform when being registered
Request, so that the authentication platform issues device identification, sends the authentication platform is received
Registration request response after, extract device identification and deposited from registration request response
Storage.
13. a kind of systems for device authentication, it is characterised in that including authentication platform, power
Profit requires that any described user terminals of 8-11 and any described accesses of claim 12-14 set
It is standby;
The authentication platform is used to receive the equipment mark of itself that the access device sends
Know during with access request, the device identification and access request are authenticated, wherein described connect
Entering request includes ID;If certification success, to institute's access device return authentication success
Response and safety code;If certification is unsuccessful, to the access device return authentication failure response.
14. device authentication systems according to claim 13, it is characterised in that
The authentication platform when the registration request of the user terminal is received, to the user
Terminal sends ID and safety code.
15. device authentication systems according to claim 13, it is characterised in that
The authentication platform is used for when the registration request of the access device is received, to described
Access device sends device identification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510869188.8A CN106817697B (en) | 2015-12-02 | 2015-12-02 | A kind of methods, devices and systems for equipment certification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510869188.8A CN106817697B (en) | 2015-12-02 | 2015-12-02 | A kind of methods, devices and systems for equipment certification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106817697A true CN106817697A (en) | 2017-06-09 |
| CN106817697B CN106817697B (en) | 2019-06-07 |
Family
ID=59109030
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510869188.8A Active CN106817697B (en) | 2015-12-02 | 2015-12-02 | A kind of methods, devices and systems for equipment certification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106817697B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108696509A (en) * | 2018-04-11 | 2018-10-23 | 海信集团有限公司 | A kind of access processing method and device of terminal |
| WO2022100356A1 (en) * | 2020-11-12 | 2022-05-19 | 华为技术有限公司 | Identity authentication system, method and apparatus, device, and computer readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101577909A (en) * | 2008-05-05 | 2009-11-11 | 大唐移动通信设备有限公司 | Method, system and device for acquiring trust type of non-3GPP access system |
| CN101621801A (en) * | 2009-08-11 | 2010-01-06 | 深圳华为通信技术有限公司 | Method, system, server and terminal for authenticating wireless local area network |
| CN101677440A (en) * | 2008-09-18 | 2010-03-24 | 华为技术有限公司 | Method, system and safe gateway of access point authentication |
| CN103686721A (en) * | 2012-09-10 | 2014-03-26 | 中国移动通信集团公司 | WLAN (wireless local area network) network authentication method and system |
| US20140245410A1 (en) * | 2009-04-07 | 2014-08-28 | Togewa Holding Ag | Method and system for authenticating a network node in a uam-based wlan network |
-
2015
- 2015-12-02 CN CN201510869188.8A patent/CN106817697B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101577909A (en) * | 2008-05-05 | 2009-11-11 | 大唐移动通信设备有限公司 | Method, system and device for acquiring trust type of non-3GPP access system |
| CN101677440A (en) * | 2008-09-18 | 2010-03-24 | 华为技术有限公司 | Method, system and safe gateway of access point authentication |
| US20140245410A1 (en) * | 2009-04-07 | 2014-08-28 | Togewa Holding Ag | Method and system for authenticating a network node in a uam-based wlan network |
| CN101621801A (en) * | 2009-08-11 | 2010-01-06 | 深圳华为通信技术有限公司 | Method, system, server and terminal for authenticating wireless local area network |
| CN103686721A (en) * | 2012-09-10 | 2014-03-26 | 中国移动通信集团公司 | WLAN (wireless local area network) network authentication method and system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108696509A (en) * | 2018-04-11 | 2018-10-23 | 海信集团有限公司 | A kind of access processing method and device of terminal |
| CN108696509B (en) * | 2018-04-11 | 2020-09-11 | 海信集团有限公司 | Access processing method and device for terminal |
| WO2022100356A1 (en) * | 2020-11-12 | 2022-05-19 | 华为技术有限公司 | Identity authentication system, method and apparatus, device, and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106817697B (en) | 2019-06-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11373181B2 (en) | System and method for verifying identity information using a social networking application | |
| US10848484B2 (en) | Auto-user registration and unlocking of a computing device | |
| CN103975615B (en) | It is logged in the log-on message automatically generated via near-field communication | |
| CN107070945B (en) | Identity login method and equipment | |
| US20160014104A1 (en) | Device-Pairing by Reading an Address Provided in Device-Readable Form | |
| US20160086158A1 (en) | Payment verification method, apparatus and system | |
| US20210168611A1 (en) | Method for securely sharing a url | |
| CN104618315B (en) | A kind of method, apparatus and system of verification information push and Information Authentication | |
| CN108055253A (en) | Software login verification method, device and system | |
| CN104077689A (en) | Information verification method, relevant device and system | |
| CN103856332A (en) | Implementation method of one-to-multiple account mapping binding of convenient and rapid multi-screen multi-factor WEB identity authentication | |
| US9001977B1 (en) | Telephone-based user authentication | |
| CN103916400B (en) | A kind of user account management method and system | |
| WO2017177691A1 (en) | Portal authentication method and system | |
| KR20150026587A (en) | Apparatus, method and computer readable recording medium for providing notification of log-in from new equipments | |
| CN106161475A (en) | The implementation method of subscription authentication and device | |
| CN106559785A (en) | Authentication method, equipment and system and access device and terminal | |
| CN104837134A (en) | Web authentication user registration method, device and system | |
| CN106817697A (en) | A kind of methods, devices and systems for device authentication | |
| CN107707560A (en) | Authentication method, system, network access equipment and Portal server | |
| KR101133167B1 (en) | Method and apparatus for user verifing process with enhanced security | |
| KR20130077682A (en) | Recording medium, method and system for log-in confirmation use of smart phone | |
| KR20150122387A (en) | Automatic login system and method that use short message service for member | |
| KR101980828B1 (en) | Authentication method and apparatus for sharing login ID | |
| JP2011192129A (en) | Log-in authentication system using portable telephone terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170609 Assignee: Tianyiyun Technology Co.,Ltd. Assignor: CHINA TELECOM Corp.,Ltd. Contract record no.: X2024110000040 Denomination of invention: A method, device, and system for device authentication Granted publication date: 20190607 License type: Common License Record date: 20240914 |