CN107682160B - Authentication method and device for production equipment and electronic equipment - Google Patents

Authentication method and device for production equipment and electronic equipment Download PDF

Info

Publication number
CN107682160B
CN107682160B CN201711044886.XA CN201711044886A CN107682160B CN 107682160 B CN107682160 B CN 107682160B CN 201711044886 A CN201711044886 A CN 201711044886A CN 107682160 B CN107682160 B CN 107682160B
Authority
CN
China
Prior art keywords
signature
data
request
authentication information
safety equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711044886.XA
Other languages
Chinese (zh)
Other versions
CN107682160A (en
Inventor
刘复鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Midea Group Co Ltd
Midea Smart Home Technology Co Ltd
Original Assignee
Midea Group Co Ltd
Midea Smart Home Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Midea Group Co Ltd, Midea Smart Home Technology Co Ltd filed Critical Midea Group Co Ltd
Priority to CN201711044886.XA priority Critical patent/CN107682160B/en
Publication of CN107682160A publication Critical patent/CN107682160A/en
Application granted granted Critical
Publication of CN107682160B publication Critical patent/CN107682160B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Abstract

The utility model discloses an authentication method and device for production equipment, electronic equipment and computer readable storage medium, which can show the legality of the production equipment connected with the safety equipment by the authentication of the safety equipment; the method comprises the following steps: sending a signature key pair generation request to the security device, and receiving a signature public key returned by the security device in response to the signature key pair generation request; initiating a signature request to a license server according to the signature public key and the identification information of the safety equipment; receiving issuing authentication information returned by the license server in response to the signature request, wherein the issuing authentication information is generated by the license server according to the signature public key and the identification information of the safety equipment; and checking the signing and issuing authentication information, and storing the signing and issuing authentication information to the safety equipment after the signing and issuing authentication information is successfully checked to finish the legality authentication of the production equipment connected with the safety equipment. According to the technical scheme, the off-line authentication of the production equipment is realized by means of the safety equipment.

Description

Authentication method and device for production equipment and electronic equipment
Technical Field
The present disclosure relates to the field of security technologies of internet of things, and in particular, to an authentication method and apparatus for a production device, an electronic device, and a computer-readable storage medium.
Background
A digital Certificate is an electronic file that is issued by a Certificate Authority (CA) and digitally signed by the CA, and contains the owner of the public key and information related to the public key. Digital certificates are closely related to public key cryptosystems. In the public key cryptosystem, each entity has a pair of keys that match each other: a public Key (public Key of Pubic Key) and a Private Key (Private Key). The public key is shared by a group of users for encrypting or verifying signatures, and the private key is known only to the certificate owner himself for decrypting or signing.
The existing digital certificate issuing process is as follows:
the equipment sends a request for applying a Digital Certificate to a CA server, wherein the request comprises a public key of the equipment and some related information (organization, product ID and the like) of the equipment, the CA server encrypts the public key of the equipment and the related information together by using a private key of the CA server to generate a Digital Certificate (Digital Certificate), and the Digital Certificate is issued to the equipment to indicate the validity of the identity of the equipment.
In the prior art, the identity legality of the equipment can be authenticated only in an online environment, the legality of the identity of the equipment is shown, and the legality of the identity of the equipment cannot be shown if the equipment is not networked to communicate with a CA server.
Disclosure of Invention
In order to solve the problem that the identity legality of equipment can only be authenticated in an online environment in the related art, the disclosure provides an authentication method for production equipment.
In one aspect, the present disclosure provides a method for authenticating a production device, where the method indicates, through authentication of a security device, the validity of the production device to which the security device is connected; the method is applied to a license server and comprises the following steps:
receiving a signature request sent by a connected intelligent terminal, wherein the signature request is generated by the intelligent terminal by sending a signature key pair to a safety device and is generated according to identification information of the safety device and a returned signature public key;
responding the signing request, and organizing the data to be signed by using a private key of the signing request to carry out signing to obtain signed data; the data to be signed comprises the license server public key, the signature public key and the identification information of the safety equipment;
generating issuing authentication information according to the signature data and the data to be signed, and sending the issuing authentication information to the intelligent terminal;
and the issuing authentication information is sent to trigger the intelligent terminal to check the issuing authentication information, and the issuing authentication information is stored to the safety equipment after the checking is successful, so that the legality authentication of the production equipment connected with the safety equipment is completed.
On the other hand, the present disclosure also provides an authentication method of a production device, which indicates the validity of the production device connected to the safety device through the authentication of the safety device; the method is applied to a license server and comprises the following steps:
receiving a signature request sent by a connected intelligent terminal, wherein the signature request is generated by the intelligent terminal by sending a signature key pair to a safety device and is generated according to identification information of the safety device and a returned signature public key;
responding the signing request, and organizing the data to be signed by using a private key of the signing request to carry out signing to obtain signed data; the data to be signed comprises the license server public key, the signature public key and the identification information of the safety equipment;
generating issuing authentication information according to the signature data and the data to be signed, and sending the issuing authentication information to the intelligent terminal;
and the issuing authentication information is sent to trigger the intelligent terminal to check the issuing authentication information, and the issuing authentication information is stored to the safety equipment after the checking is successful, so that the legality authentication of the production equipment connected with the safety equipment is completed.
Further, the present disclosure provides an authentication apparatus for a production device, where the apparatus indicates the validity of a production device connected to a safety device through authentication of the safety device; the device comprises:
the key request module is used for sending a signature key pair generation request to the security equipment and receiving a signature public key returned by the security equipment responding to the signature key pair generation request;
the signature request module is used for initiating a signature request to a license server according to the signature public key and the identification information of the safety equipment;
the certification receiving module is used for receiving the issuing certification information returned by the license server in response to the signature request, wherein the issuing certification information is generated by the license server according to the signature public key and the identification information of the safety equipment;
and the signature checking and storing module is used for checking the signature of the issuing authentication information, storing the issuing authentication information to the safety equipment after the signature checking is successful, and finishing the legality authentication of the production equipment connected with the safety equipment.
Furthermore, the present disclosure provides another authentication apparatus for a production device, where the apparatus indicates the validity of the production device connected to the safety device through authentication of the safety device; the apparatus is applied to a license server, and the apparatus includes:
the signature request receiving module is used for receiving a signature request sent by the connected intelligent terminal, wherein the signature request is generated by the intelligent terminal by sending a signature key pair to the safety equipment and according to the identification information of the safety equipment and the returned signature public key;
the signature request response module is used for responding the signature request and organizing the data to be signed by using a private key of the signature request response module to carry out signature so as to obtain signature data; the data to be signed comprises the license server public key, the signature public key and the identification information of the safety equipment;
the authentication information sending module is used for generating issuing authentication information according to the signature data and the data to be signed and sending the issuing authentication information to the intelligent terminal;
and the issuing authentication information is sent to trigger the intelligent terminal to check the issuing authentication information, and the issuing authentication information is stored to the safety equipment after the checking is successful, so that the legality authentication of the production equipment connected with the safety equipment is completed.
Furthermore, the present disclosure also provides an electronic device, including:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to perform the authentication method of the production apparatus described above.
Further, the present disclosure also provides a computer-readable storage medium storing a computer program executable by a processor to perform the authentication method of the production apparatus.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
according to the scheme provided by the above exemplary embodiment of the present disclosure, with the aid of the security device, the validity of the production device connected to the security device is indicated by authenticating the security device, and even in an offline state of the production device, the issuing authentication information can be stored in the security device by authenticating the security device, so that the production device connected to the security device can also obtain the issuing authentication information in the security device to indicate the validity of the production device. The defect that the legality authentication of the production equipment can be completed only when the production equipment is in a networking state in the prior art is overcome.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
FIG. 1 is a schematic illustration of an implementation environment according to the present disclosure;
FIG. 2 is a block diagram illustrating an apparatus in accordance with an exemplary embodiment;
FIG. 3 is a flow chart illustrating a method of authentication of a production device in accordance with an exemplary embodiment;
FIG. 4 is a flowchart of step 310 of the corresponding embodiment of FIG. 3;
FIG. 5 is a detailed flow diagram illustrating a method of authentication of a production facility in accordance with one illustrative embodiment;
FIG. 6 is a flowchart of step 330 of the corresponding embodiment of FIG. 3;
FIG. 7 is a flowchart of step 340 of the corresponding embodiment of FIG. 3;
FIG. 8 is a flow chart illustrating a method of authentication of a production device in accordance with another exemplary embodiment;
FIG. 9 is a block diagram illustrating an authentication device of a production facility in accordance with an exemplary embodiment;
FIG. 10 is a detailed block diagram of a key request module in a corresponding embodiment of FIG. 9;
fig. 11 is a block diagram illustrating an authentication device of a production facility according to another exemplary embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
FIG. 1 is a schematic illustration of an implementation environment according to the present disclosure. The implementation environment includes: a security device 110, a smart terminal 120, and a license server 130. The license server is a Certificate Authority (CA) server.
The association between the intelligent terminal 120 and the license server 130 includes the network association and/or protocol of hardware and the data association between the two. The secure device 110 and the intelligent terminal 120 are connected by a USB connection or a wireless (such as Bluetooth, 4G, wifi). For example, the smart terminal 120 may be a computer, and the secure device 110 may be directly plugged into a host computer through a USB interface to connect with the smart terminal 120, so as to complete authentication of the secure device 110. After the authentication of the secure device 110 is completed, the secure device 110 may be connected to the production device, so that the production device to which the secure device 110 is connected may be regarded as a device trusted by the CA server, and the legitimacy of the production device may be indicated.
Fig. 2 is a block diagram illustrating an apparatus 200 according to an example embodiment. For example, the apparatus 200 may be the smart terminal 120 in the implementation environment shown in FIG. 1. The intelligent terminal 120 may be, for example, a laptop computer or a desktop computer.
Referring to fig. 2, the apparatus 200 may include one or more of the following components: a processing component 202, a memory 204, a power component 206, a multimedia component 208, an audio component 210, a sensor component 214, and a communication component 216.
The processing component 202 generally controls overall operation of the device 200, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations, among others. The processing components 202 may include one or more processors 218 to execute instructions to perform all or a portion of the steps of the methods described below. Further, the processing component 202 can include one or more modules that facilitate interaction between the processing component 202 and other components. For example, the processing component 202 can include a multimedia module to facilitate interaction between the multimedia component 208 and the processing component 202.
The memory 204 is configured to store various types of data to support operations at the apparatus 200. Examples of such data include instructions for any application or method operating on the apparatus 200. The Memory 204 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically erasable Programmable Read-Only Memory (EEPROM), erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk. Also stored in memory 204 are one or more modules configured to be executed by the one or more processors 218 to perform all or a portion of the steps of any of the methods described below in fig. 3-7.
The power supply component 206 provides power to the various components of the device 200. The power components 206 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 200.
The multimedia component 208 includes a screen that provides an output interface between the device 200 and the user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a touch panel. If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. The screen may further include an Organic Light Emitting Display (OLED for short).
The audio component 210 is configured to output and/or input audio signals. For example, the audio component 210 includes a Microphone (MIC) configured to receive external audio signals when the device 200 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may further be stored in the memory 204 or transmitted via the communication component 216. In some embodiments, audio component 210 also includes a speaker for outputting audio signals.
The sensor component 214 includes one or more sensors for providing various aspects of status assessment for the device 200. For example, the sensor assembly 214 may detect an open/closed state of the device 200, the relative positioning of the components, the sensor assembly 214 may also detect a change in position of the device 200 or a component of the device 200, and a change in temperature of the device 200. In some embodiments, the sensor assembly 214 may also include a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 216 is configured to facilitate wired or wireless communication between the apparatus 200 and other devices. The device 200 may access a WIreless network based on a communication standard, such as WiFi (WIreless-Fidelity). In an exemplary embodiment, the communication component 216 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 216 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, Infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, bluetooth technology, and other technologies.
In an exemplary embodiment, the apparatus 200 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital signal processors, digital signal processing devices, programmable logic devices, field programmable gate arrays, controllers, microcontrollers, microprocessors or other electronic components for performing the methods described below.
FIG. 3 is a flow chart illustrating a method of authentication of a production device according to an exemplary embodiment. The scope of application and the execution subject of the authentication method of the production apparatus, for example, the method is used for the smart terminal 120 of the implementation environment shown in fig. 1. It should be noted that the authentication method of the production device indicates the validity of the production device connected to the security device 110 by authenticating the security device 110, so that the validity of the production device can be indicated even when the production device is in an offline state. As shown in fig. 3, the authentication method of the production device may be performed by the smart terminal 120, and may include the following steps.
In step 310, a signature key pair generation request is sent to the secure device, and a signature public key returned by the secure device in response to the signature key pair generation request is received;
it should be noted that, in the prior art, the validity authentication of the production equipment must be performed by the production equipment to the CA server in a state of networking the production equipment, and if the production equipment is offline, the production equipment cannot communicate with the CA server, and thus the validity authentication of the production equipment cannot be completed. The safety of the internet of things is more and more severe, and at present, the main protection is embodied in the filtration of network data, and the processes of production management and certificate issuing are not embodied.
The present exemplary embodiment makes the secure device 110 a device trusted by the CA server through authentication of the secure device 110, so that the production device to which the secure device 110 is connected can be regarded as a device authenticated by the CA server. Specifically, the secure device 110 may be a USB KEY (hardware device with a USB interface), and an issuing client is installed in the intelligent terminal 120, and the issuing client may perform authentication on the secure device 110 by using the method provided in the exemplary embodiment of the present disclosure, so as to indicate the validity of the production device connected to the secure device 110.
As shown in fig. 4, step 310 specifically includes:
in step 311, a signing key pair generation request is sent to the secure device, and the secure device is triggered to generate a signing key pair;
in step 312, the public signature key of the signature key pair returned by the secure device is received.
As shown in fig. 5, the smart terminal 120 sends an ECC256 (indicating that a key with a length of 256 bits is generated by using an ECC encryption algorithm) signing key pair generation request to the secure device 110 (see step 1 in fig. 5), and the secure device 110 generates a signing key pair after receiving the signing key pair generation request. Wherein the signing key pair comprises a public and a private signing key of the secure device 110. The secure device 110 returns the public signature key (U _ public key) therein to the smart device 120 (see step 2 in fig. 5).
In step 320, a signature request is sent to a license server according to the signature public key and the identification information of the secure device;
as shown in fig. 5, the smart terminal 120 organizes the public key (U _ PublicKey) and the vendor ID (i.e., the identification information of the secure device 110) of the secure device 110, and initiates a signature request to the CA server (i.e., the license server 130) (see step 3 in fig. 5).
In step 330, receiving the issuing authentication information returned by the license server in response to the signature request, wherein the issuing authentication information is generated by the license server according to the signature public key and the identification information of the security device;
as shown in fig. 6, step 330 specifically includes:
in step 331, the sending of the signing request triggers the license server to organize data to be signed by using its own private key to perform signing, so as to obtain signed data; the data to be signed comprises the license server public key, the signature public key and identification information of the safety equipment;
as shown in fig. 5, after the CA server receives the signature request, the organization data to be signed (U _ PreSignData) is signed (i.e. encrypted) by using the CA server private key, so as to obtain the signature data (U _ SignData) (see step 4 in fig. 5). The data to be signed U _ PreSignData is Version | VID | U _ PublicKey | S _ PublicKey. Version represents the Version number of the CA server and can be read directly. VID represents identification information (e.g., vendor ID) of the secure device 110, U _ public key represents the signature public key of the secure device, and S _ public key represents the CA server public key. It should be noted that, the encryption and decryption methods that may be involved in the present disclosure all belong to the prior art, and the present disclosure does not limit this.
In step 332, the issuing authentication information generated by the license server according to the signature data and the data to be signed is received.
Specifically, the CA server combines the signature data (U _ SignData) and the data to be signed (U _ PreSignData) to generate the issuance authentication information (U _ AuthInfo ═ U _ PreSignData | U _ SignData). The issuing authentication information can be formed by splicing the data to be signed and the signature data. As shown in fig. 5, the CA server issues the issuing authentication information to the intelligent terminal 120, and the intelligent terminal 120 receives the issuing authentication information (see step 5 in fig. 5).
In step 340, the signing and issuing authentication information is checked, and after the signing and issuing authentication information is successfully checked, the signing and issuing authentication information is stored in the safety equipment, so that the legality authentication of the production equipment connected with the safety equipment is completed.
As shown in fig. 5, after receiving the issuing authentication information, the smart terminal 120 checks the issuing authentication information (see step 6 in fig. 5). The signature verification is to decrypt and then compare the plaintext. After the signature verification is successful, the issuing authentication information is sent to the security device 110 (see step 7 in fig. 5), and the security device 110 stores the security authentication information (see step 8 in fig. 5).
Specifically, as shown in fig. 7, the step 340 specifically includes:
in step 341, decrypting the issuing authentication information according to the public key of the license server to obtain decrypted data;
since the signature data is encrypted by the private key of the CA server, the signature data is decrypted by the public key of the CA server to obtain decrypted data.
In step 342, comparing the decrypted data with the data to be signed; if the verification result is consistent with the verification result, the verification result shows that the signature is successful, and the issuing authentication information is stored in the safety equipment.
By comparing the decrypted data with the data to be signed, if the comparison is consistent, it indicates that the secure device 110 has been authenticated by the CA server, and the issued authentication information may be stored as a digital certificate to the secure device 110.
After the above authentication of the secure device 110, the secure device is a device trusted by the CA server. So that production equipment connected to the safety equipment can also be considered legal.
In the production link, the signature verification can be performed on the signature authentication information stored in the security device 110 to obtain the public key of the CA server, and the public key of the CA server is burned into the production device which needs to be connected to the internet of things cloud, so that the production device can perform key agreement with the cloud server to be connected to the corresponding cloud server.
The prior art must be in a production equipment networking state, so that the CA server can complete the legality authentication of the production equipment. According to the scheme provided by the above exemplary embodiment of the present disclosure, by means of the security device 110, the validity of the production device connected to the security device 110 is indicated by authenticating the security device 110, and even in an offline state of the production device, the issuing authentication information can be stored in the security device 110 by authenticating the security device 110, so that the production device connected to the security device 110 can also obtain the issuing authentication information in the security device to indicate the validity of the production device.
As shown in fig. 8, another exemplary embodiment of the present disclosure also provides an authentication method of a production apparatus, which is applied to a license server 130, that is, a CA server in the above-described exemplary embodiment. The method indicates the legality of production equipment connected with the safety equipment through the authentication of the safety equipment; the method may be performed by a CA server, and may specifically include the following steps.
In step 810, receiving a signature request sent by the connected intelligent terminal, wherein the signature request is generated by the intelligent terminal by sending a signature key pair to the security device and is generated according to the identification information of the security device and the returned signature public key;
specifically, the smart terminal 120 triggers the secure device 110 to generate the signing key pair by sending a signing key pair generation request to the secure device 110. Wherein, the signature key pair comprises a signature public key and a private key. The secure device 110 returns the public signature key to the smart device 120. The intelligent terminal 120 organizes the identification information (e.g., vendor ID) and public signature key of the secure device to send a signature request to the CA server, which receives the signature request.
In step 820, responding to the signing request, organizing the data to be signed by using a private key of the signing request to carry out signing, and obtaining signed data; the data to be signed comprises the license server public key, the signature public key and the identification information of the safety equipment;
specifically, the CA server, in response to the signature request, organizes the data to be signed (U _ PreSignData ═ Version | VID | U _ PublicKey | S _ PublicKey) by signing (i.e., encrypting) the data to be signed with the CA server private key, to obtain the signed data (U _ SignData). Version represents the Version number of the CA server and can be read directly. VID represents identification information (e.g., vendor ID) of the secure device 110, U _ public key represents the signature public key of the secure device, and S _ public key represents the CA server public key.
In step 830, generating issuing authentication information according to the signature data and the data to be signed, and sending the issuing authentication information to the intelligent terminal;
specifically, the CA server may generate the issuance authentication information (U _ AuthInfo ═ U _ PreSignData | U _ SignData) by concatenating the signature data (U _ SignData) and the data to be signed (U _ PreSignData), and then issue the issuance authentication information to the intelligent terminal 120.
In step 840, the issuing authentication information is sent to trigger the intelligent terminal to check the issuing authentication information, and the issuing authentication information is stored in the safety equipment after the checking is successful, so as to complete the validity authentication of the production equipment connected with the safety equipment.
Specifically, after receiving the signing authentication information, the intelligent terminal 120 checks the signing authentication information (i.e., decrypts and compares the plaintext), and after the signing authentication is successful, stores the signing authentication information to the security device 110, so that the security device 110 is a device trusted by the CA server, and indicates that the production device connected to the security device 110 is legal, thereby completing the authentication of the production device.
The following is an embodiment of the apparatus of the present disclosure, which may be used to execute an embodiment of the authentication method of the production device executed by the above-mentioned smart terminal 120 of the present disclosure. For details not disclosed in the embodiments of the apparatus of the present disclosure, please refer to the embodiments of the authentication method of the production apparatus of the present disclosure.
Fig. 9 is a block diagram illustrating an authentication apparatus of a manufacturing device according to an exemplary embodiment, which may be used in the smart terminal 120 of the implementation environment shown in fig. 1 to perform all or part of the steps of the authentication method of the manufacturing device shown in any one of fig. 3 to 7. The device indicates the validity of the production equipment connected with the safety equipment through the authentication of the safety equipment, as shown in fig. 9, the authentication device includes but is not limited to: a key request module 910, a signature request module 920, an authentication receiving module 930, and a signature verification storage module 940;
a key request module 910, configured to send a request for generating a signature key pair to the secure device, and receive a public signature key returned by the secure device in response to the request for generating the signature key pair;
a signature request module 920, configured to initiate a signature request to a license server according to the signature public key and the identification information of the secure device;
an authentication receiving module 930, configured to receive issuance authentication information returned by the license server in response to the signature request, where the issuance authentication information is generated by the license server according to the signature public key and the identification information of the security device;
and the signature checking and storing module 940 is used for checking the signature of the issuing authentication information, storing the issuing authentication information to the safety equipment after the signature checking is successful, and completing the legality authentication of the production equipment connected with the safety equipment.
The implementation process of the functions and actions of each module in the device is specifically described in the implementation process of the corresponding step in the authentication method of the production equipment, and is not described herein again.
The key request module 910 may be, for example, one of the physical structure communication components 216 of fig. 2.
The signature request module 920, the authentication receiving module 930, and the signature verification storage module 940 may also be functional modules, and are configured to execute corresponding steps in the authentication method for the production device. It is understood that these modules may be implemented in hardware, software, or a combination of both. When implemented in hardware, these modules may be implemented as one or more hardware modules, such as one or more application specific integrated circuits. When implemented in software, the modules may be implemented as one or more computer programs executing on one or more processors, such as the programs stored in memory 204 and executed by processor 218 of FIG. 2.
Optionally, as shown in fig. 10, the key request module 910 includes:
a request sending unit 911, configured to send a signing key pair generation request to the secure device, and trigger the secure device to generate a signing key pair;
a public key receiving unit 912, configured to receive the public signature key in the signature key pair returned by the secure device.
Fig. 11 is a block diagram illustrating an authentication apparatus of a production device, which may be used in the license server 130 of the implementation environment shown in fig. 1, to perform steps of the authentication method of the production device shown in fig. 8, according to another exemplary embodiment. The device indicates the validity of the production equipment connected to the security device 110 through the authentication of the security device 110, as shown in fig. 11, the authentication device of the production equipment includes but is not limited to: a signature request receiving module 1110, a signature request responding module 1120, and an authentication information transmitting module 1130.
A signature request receiving module 1110, configured to receive a signature request sent by a connected smart terminal, where the signature request is generated by the smart terminal by sending a signature key pair to a security device and according to identification information of the security device and a returned signature public key;
a signature request response module 1120, configured to respond to the signature request, organize data to be signed by using a private key of the signature request to perform signature, so as to obtain signature data; the data to be signed comprises the license server public key, the signature public key and the identification information of the safety equipment;
the authentication information sending module 1130 is configured to generate issuing authentication information according to the signature data and the data to be signed, and send the issuing authentication information to the intelligent terminal;
and the issuing authentication information is sent to trigger the intelligent terminal to check the issuing authentication information, and the issuing authentication information is stored to the safety equipment after the checking is successful, so that the legality authentication of the production equipment connected with the safety equipment is completed.
The detailed implementation process of the functions and actions of each module in the apparatus is shown in fig. 8 and the implementation process of the corresponding steps in the authentication method of the production device, which are not described herein again.
Optionally, the present disclosure further provides an electronic device, which may be used in the intelligent terminal 110 in the implementation environment shown in fig. 1 to execute all or part of the steps of the authentication method for the production device shown in any one of fig. 3 to 7. The electronic device may be used in the license server 130 in the implementation environment shown in fig. 1 to execute the method of authenticating the production device shown in fig. 8. The electronic device includes:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to execute the authentication method of the production apparatus described in the above exemplary embodiment.
The specific manner in which the processor of the electronic device performs the operations in this embodiment has been described in detail in the embodiment related to the authentication method of the production device, and will not be elaborated upon here.
In an exemplary embodiment, a storage medium is also provided that is a computer-readable storage medium, such as may be transitory and non-transitory computer-readable storage media, including instructions. The storage medium stores a computer program executable by the processor 218 of the apparatus 200 to perform the above-described authentication method of the production equipment.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

Claims (9)

1. The authentication method of the production equipment is characterized in that the method indicates the legality of the production equipment connected with the safety equipment through the authentication of the safety equipment; the method comprises the following steps:
sending a signature key pair generation request to the security device, and receiving a signature public key returned by the security device in response to the signature key pair generation request;
initiating a signature request to a license server according to the signature public key and the identification information of the safety equipment, and triggering the license server to organize data to be signed by using a private key thereof for signature to obtain signature data, wherein the data to be signed comprises the license server public key, the signature public key and the identification information of the safety equipment;
receiving the issuing authentication information generated by the license server according to the signature data and the data to be signed;
and checking the issuing authentication information, and storing the issuing authentication information to the safety equipment after the checking is successful, so as to complete the legality authentication of the production equipment connected with the safety equipment.
2. The method of claim 1, wherein the sending a signing key pair generation request to a secure device and receiving a public signing key returned by the secure device in response to the signing key pair generation request comprises:
sending a signature key pair generation request to the security device, and triggering the security device to generate a signature key pair;
and receiving a signature public key in the signature key pair returned by the security device.
3. The method of claim 1, wherein the verifying the issuance authentication information, and storing the issuance authentication information to the security device after the verification is successful comprises:
decrypting the issuing authentication information according to the public key of the license server to obtain decrypted data;
comparing the decrypted data with the data to be signed; if the verification result is consistent with the verification result, the verification result shows that the signature is successful, and the issuing authentication information is stored in the safety equipment.
4. The authentication method of the production equipment is characterized in that the method indicates the legality of the production equipment connected with the safety equipment through the authentication of the safety equipment; the method is applied to a license server and comprises the following steps:
receiving a signature request sent by a connected intelligent terminal, wherein the signature request is generated by the intelligent terminal by sending a signature key pair to a safety device and is generated according to identification information of the safety device and a returned signature public key;
responding the signing request, and organizing the data to be signed by using a private key of the signing request to carry out signing to obtain signed data; the data to be signed comprises the license server public key, the signature public key and the identification information of the safety equipment;
generating issuing authentication information according to the signature data and the data to be signed, and sending the issuing authentication information to the intelligent terminal;
and the issuing authentication information is sent to trigger the intelligent terminal to check the issuing authentication information, and the issuing authentication information is stored to the safety equipment after the checking is successful, so that the legality authentication of the production equipment connected with the safety equipment is completed.
5. An authentication device of production equipment is characterized in that the device indicates the legality of the production equipment connected with the safety equipment through authentication of the safety equipment; the device comprises:
the key request module is used for sending a signature key pair generation request to the security equipment and receiving a signature public key returned by the security equipment responding to the signature key pair generation request;
the signature request module is used for initiating a signature request to a license server according to the signature public key and the identification information of the safety equipment, and triggering the license server to organize data to be signed by using a private key thereof to carry out signature to obtain signature data, wherein the data to be signed comprises the license server public key, the signature public key and the identification information of the safety equipment;
the certification receiving module is used for receiving the signing certification information generated by the license server according to the signature data and the data to be signed;
and the signature checking and storing module is used for checking the signature of the issuing authentication information, storing the issuing authentication information to the safety equipment after the signature checking is successful, and finishing the legality authentication of the production equipment connected with the safety equipment.
6. The apparatus of claim 5, wherein the key request module comprises:
a request sending unit, configured to send a signing key pair generation request to the secure device, and trigger the secure device to generate a signing key pair;
and the public key receiving unit is used for receiving the signature public key in the signature key pair returned by the security device.
7. An authentication device of production equipment is characterized in that the device indicates the legality of the production equipment connected with the safety equipment through authentication of the safety equipment; the apparatus is applied to a license server, and the apparatus includes:
the signature request receiving module is used for receiving a signature request sent by the connected intelligent terminal, wherein the signature request is generated by the intelligent terminal by sending a signature key pair to the safety equipment and according to the identification information of the safety equipment and the returned signature public key;
the signature request response module is used for responding the signature request and organizing the data to be signed by using a private key of the signature request response module to carry out signature so as to obtain signature data; the data to be signed comprises the license server public key, the signature public key and the identification information of the safety equipment;
the authentication information sending module is used for generating issuing authentication information according to the signature data and the data to be signed and sending the issuing authentication information to the intelligent terminal;
and the issuing authentication information is sent to trigger the intelligent terminal to check the issuing authentication information, and the issuing authentication information is stored to the safety equipment after the checking is successful, so that the legality authentication of the production equipment connected with the safety equipment is completed.
8. An electronic device, characterized in that the electronic device comprises:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to perform the method of authenticating a production device of any one of claims 1-5.
9. A computer-readable storage medium characterized in that a computer program is stored, the computer program being executable by a processor to perform the authentication method of a production apparatus according to any one of claims 1 to 5.
CN201711044886.XA 2017-10-31 2017-10-31 Authentication method and device for production equipment and electronic equipment Active CN107682160B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711044886.XA CN107682160B (en) 2017-10-31 2017-10-31 Authentication method and device for production equipment and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711044886.XA CN107682160B (en) 2017-10-31 2017-10-31 Authentication method and device for production equipment and electronic equipment

Publications (2)

Publication Number Publication Date
CN107682160A CN107682160A (en) 2018-02-09
CN107682160B true CN107682160B (en) 2020-08-28

Family

ID=61142940

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711044886.XA Active CN107682160B (en) 2017-10-31 2017-10-31 Authentication method and device for production equipment and electronic equipment

Country Status (1)

Country Link
CN (1) CN107682160B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110324283B (en) * 2018-03-30 2021-08-06 中移(苏州)软件技术有限公司 Permission method, device and system based on asymmetric encryption
CN110247884B (en) * 2018-11-21 2023-05-19 浙江大华技术股份有限公司 Method, device and system for updating certificate and computer readable storage medium
CN109902450B (en) * 2019-03-14 2023-01-24 成都安恒信息技术有限公司 Method for off-line permission issuing management
CN111680334B (en) * 2020-06-11 2023-05-09 深圳市网心科技有限公司 Disk security access method, device, equipment and medium
CN111949967A (en) * 2020-08-31 2020-11-17 Oppo广东移动通信有限公司 Equipment authentication method and device, electronic equipment, server and storage medium
CN113609213B (en) * 2021-07-01 2024-02-13 深圳数字电视国家工程实验室股份有限公司 Method, system, device and storage medium for synchronizing device keys
CN115987636B (en) * 2022-12-22 2023-07-18 北京深盾科技股份有限公司 Information security implementation method, device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420413A (en) * 2007-10-25 2009-04-29 华为技术有限公司 Session cipher negotiating method, network system, authentication server and network appliance
CN101567780A (en) * 2009-03-20 2009-10-28 武汉理工大学 Key management and recovery method for encrypted digital certificate
CN101778102A (en) * 2009-12-31 2010-07-14 卓望数码技术(深圳)有限公司 Safety authentication method of sensor, sensor and authentication system thereof
CN101938520A (en) * 2010-09-07 2011-01-05 中兴通讯股份有限公司 Mobile terminal signature-based remote payment system and method
CN107196922A (en) * 2017-05-03 2017-09-22 国民认证科技(北京)有限公司 Identity identifying method, user equipment and server

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8078876B2 (en) * 2007-04-30 2011-12-13 Intel Corporation Apparatus and method for direct anonymous attestation from bilinear maps

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420413A (en) * 2007-10-25 2009-04-29 华为技术有限公司 Session cipher negotiating method, network system, authentication server and network appliance
CN101567780A (en) * 2009-03-20 2009-10-28 武汉理工大学 Key management and recovery method for encrypted digital certificate
CN101778102A (en) * 2009-12-31 2010-07-14 卓望数码技术(深圳)有限公司 Safety authentication method of sensor, sensor and authentication system thereof
CN101938520A (en) * 2010-09-07 2011-01-05 中兴通讯股份有限公司 Mobile terminal signature-based remote payment system and method
CN107196922A (en) * 2017-05-03 2017-09-22 国民认证科技(北京)有限公司 Identity identifying method, user equipment and server

Also Published As

Publication number Publication date
CN107682160A (en) 2018-02-09

Similar Documents

Publication Publication Date Title
CN107682160B (en) Authentication method and device for production equipment and electronic equipment
US11276051B2 (en) Systems and methods for convenient and secure mobile transactions
US20210406882A1 (en) Systems and methods for secure communication
EP2999189B1 (en) Network authentication method for secure electronic transactions
US11657392B2 (en) On-boarding server for remotely authorizing use of a terminal
CN107743067B (en) Method, system, terminal and storage medium for issuing digital certificate
US10931464B2 (en) Communication system, hardware security module, terminal device, communication method, and program
EP3206329B1 (en) Security check method, device, terminal and server
CN106936588B (en) Hosting method, device and system of hardware control lock
CN108683674A (en) Verification method, device, terminal and the computer readable storage medium of door lock communication
CN110838919B (en) Communication method, storage method, operation method and device
CN113378119A (en) Software authorization method, device, equipment and storage medium
CN111431840B (en) Security processing method and device, computer equipment and readable storage medium
JP6378424B1 (en) User authentication method with enhanced integrity and security
US10313132B2 (en) Method and system for importing and exporting configurations
CN115242471A (en) Information transmission method and device, electronic equipment and computer readable storage medium
KR20190108888A (en) Electronic device and certification method in electronic device
TW201935357A (en) Method and system for electrical transaction
EP3373182B1 (en) Method and system for importing and exporting configurations
KR101813069B1 (en) Financial service proving method using keylock
CN117749384A (en) Collaborative signature security opening method and system based on client device matching
KR20140126636A (en) Security apparatus for financial service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant