CN107919962B - Internet of things equipment registration and authentication method - Google Patents

Internet of things equipment registration and authentication method Download PDF

Info

Publication number
CN107919962B
CN107919962B CN201711407995.3A CN201711407995A CN107919962B CN 107919962 B CN107919962 B CN 107919962B CN 201711407995 A CN201711407995 A CN 201711407995A CN 107919962 B CN107919962 B CN 107919962B
Authority
CN
China
Prior art keywords
control terminal
internet
things equipment
private key
things
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711407995.3A
Other languages
Chinese (zh)
Other versions
CN107919962A (en
Inventor
张超
宁晓魁
胡永亮
杨爱蓉
姚铸
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Certification Technology (Chongqing) Co.,Ltd.
Original Assignee
Guomin Authentication Technology Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guomin Authentication Technology Beijing Co ltd filed Critical Guomin Authentication Technology Beijing Co ltd
Priority to CN201711407995.3A priority Critical patent/CN107919962B/en
Publication of CN107919962A publication Critical patent/CN107919962A/en
Application granted granted Critical
Publication of CN107919962B publication Critical patent/CN107919962B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a method for registering and authenticating Internet of things equipment, which comprises the following steps: selecting a licensed network access device as a control terminal of the Internet of things device in advance, wherein the control terminal and the Internet of things device have a matched manufacturer public key and a manufacturer private key; the control terminal and the Internet of things equipment establish a direct connection safety communication link; after the Internet of things equipment enters a registration mode, the control terminal and the Internet of things equipment utilize a manufacturer public key and a manufacturer private key to perform identity registration binding. The safety of the Internet of things equipment can be effectively improved by using the method and the system.

Description

Internet of things equipment registration and authentication method
Technical Field
The invention relates to the technical field of Internet of things, in particular to a method for registering and authenticating equipment of the Internet of things.
Background
The internet of things equipment is more and more popular, so that the safety management of the internet of things equipment is more and more urgent.
The existing authentication means rely on a cloud terminal to verify a remote terminal more, and then the Internet of things equipment is controlled through the cloud terminal. In the method, a secure communication link between the cloud and the remote terminal needs to be established, and meanwhile, the communication link between the internet of things equipment and the cloud is safe and reliable by default. In the use environment of the user, the communication between the internet of things device and the cloud is not lackluster, and the traditional user name and password verification adopted by the cloud cannot protect the communication safety of the remote terminal and the internet of things device, so that the safety of the internet of things device is weak.
Disclosure of Invention
The invention provides a method for registering and authenticating equipment of the Internet of things, which solves the problem of weak safety of the equipment of the Internet of things in the prior art.
The invention provides an Internet of things equipment registration method, which comprises the following steps:
selecting a licensed network access device as a control terminal of the Internet of things device in advance, wherein the control terminal and the Internet of things device have a matched manufacturer public key and a manufacturer private key;
the control terminal and the Internet of things equipment establish a direct connection safety communication link;
after the Internet of things equipment enters a registration mode, the control terminal and the Internet of things equipment utilize a manufacturer public key and a manufacturer private key to perform identity registration binding.
Preferably, the identity registration and binding between the control terminal and the internet of things device by using a manufacturer public key and a manufacturer private key includes:
the control terminal sends a registration request to the Internet of things equipment;
the Internet of things equipment sends a challenge value to the control terminal or sends the challenge value and Internet of things equipment information;
after the control terminal receives the challenge value or the challenge value and the information of the Internet of things equipment, a control terminal public key and a control terminal private key are generated, and then private key signatures are carried out on the challenge value and the control terminal public key by using a manufacturer private key and are sent to the Internet of things equipment;
the Internet of things equipment checks the received private key signature information by using a manufacturer public key, and compares whether the challenge values are consistent after the check is successful;
if so, notifying the control terminal that the identity registration binding is successful.
Preferably, after the identity registration binding is successful, the registration method further includes:
the control terminal and the cloud end have a manufacturer public key and a manufacturer private key which are matched;
the control terminal utilizes a manufacturer private key to carry out private key signature on the Internet of things equipment information, the control terminal equipment information and the control terminal public key and sends the private key signature to the cloud end so as to carry out identity registration binding or synchronize identity registration binding information of the cloud end at the cloud end.
Preferably, after the identity registration binding is successful, the registration method further includes:
and the Internet of things equipment closes the registration mode after meeting the preset conditions.
Preferably, the control terminal has a biometric authentication function, and the registration method further includes:
before the control terminal private key is used, the control terminal performs biological characteristic authentication, and after the biological characteristic authentication is passed, the control terminal is allowed to use the control terminal private key.
Correspondingly, the invention also provides a direct connection authentication method for the Internet of things equipment, which comprises the following steps:
the method comprises the steps that a direct connection communication link is established between a control terminal and the Internet of things equipment, and a control terminal public key is stored in the Internet of things equipment;
the control terminal authenticates the Internet of things equipment by using a control terminal private key and a challenge value;
and after the authentication is passed, the control terminal sends an operation instruction message to the Internet of things equipment.
Preferably, the authenticating, by the control terminal, the internet of things device by using the control terminal private key and the challenge value includes:
the control terminal sends an authentication request to the Internet of things equipment;
after receiving the authentication request, the Internet of things equipment sends a challenge value to the control terminal;
the control terminal signs the challenge value by using a private key of the control terminal and then sends the challenge value to the Internet of things equipment;
the Internet of things equipment checks the signature of the private key signature information by using the public key of the control terminal, compares whether the challenge values are consistent after the signature is checked successfully, and informs the control terminal that the authentication is passed if the challenge values are consistent.
Correspondingly, the invention also provides a remote authentication method for the equipment of the Internet of things, which comprises the following steps:
the Internet of things equipment and the cloud end respectively store control terminal public keys, and the control terminal, the Internet of things equipment and the cloud end are in communication connection with each other;
the control terminal authenticates at the cloud through the private key signature information of the control terminal;
after the cloud passes the authentication, sending private key signature information of the control terminal to the Internet of things equipment for signature verification;
the Internet of things equipment informs the cloud of successful signature verification after successful signature verification;
the cloud end informs the control terminal of successful signature verification;
and the control terminal sends an operation instruction message to the Internet of things equipment through the cloud after the signature verification is successful.
Preferably, the authentication of the control terminal at the cloud terminal through the private key signature information of the control terminal includes:
the control terminal sends an authentication request to the cloud;
after receiving the authentication request, the cloud sends a challenge value to the control terminal;
the control terminal signs the challenge value by using a private key of the control terminal and then sends the challenge value to the cloud;
the cloud terminal checks the signature of the private key signature information by using the public key of the control terminal, compares whether the challenge values are consistent after the signature is checked successfully, and if yes, the authentication is passed.
Preferably, after the control terminal successfully checks the signature, a private key signs the operation instruction message, and then the operation instruction message is sent to the internet of things device through the cloud.
The invention provides a method for registering and authenticating equipment of the Internet of things, which comprises the following steps: selecting a licensed network access device as a control terminal of the Internet of things device in advance, wherein the control terminal and the Internet of things device have a matched manufacturer public key and a manufacturer private key; the control terminal and the Internet of things equipment establish a direct connection safety communication link; after the Internet of things equipment enters a registration mode, the control terminal and the Internet of things equipment utilize a manufacturer public key and a manufacturer private key to perform identity registration binding. Because the control terminal is the device allowing network access, the networking security of the control terminal is higher, and the control terminal and the internet of things device have the paired manufacturer public key and manufacturer private key, after a direct connection secure communication link is established between the control terminal and the internet of things device, the control terminal can use the manufacturer public key and the manufacturer private key to perform identity registration binding on the internet of things device so as to ensure the security of the internet of things device.
Further, in the method for registering internet of things provided by the embodiment of the present invention, the control terminal and the internet of things device establish a direct connection secure communication link, and then the control terminal performs private key signature on the challenge value and the control terminal public key by using the vendor private key and sends the challenge value and the control terminal public key to the internet of things device for identity registration and binding, and a user name and password registration manner is not required, and the security is higher.
Furthermore, the method for registering the internet of things device provided by the embodiment of the invention can also perform identity registration binding at the cloud end so as to facilitate subsequent remote control, and in addition, if the internet of things device is already identity registration bound at the cloud end, the cloud end synchronizes identity registration binding information through data synchronization, so that the related information stored at the cloud end is the latest information, and the security of the internet of things device is improved.
Further, in the method for authenticating the internet of things device provided by the embodiment of the present invention, after the identity registration binding is successful, the registration method further includes: the Internet of things equipment closes the registration mode after meeting preset conditions, for example, the registration mode is closed by braking after a set time length is reached. Therefore, the registration mode can be started only when the user wants to perform control terminal identity registration binding, and the registration mode is not started at other moments, so that the safety degree of the Internet of things equipment can be effectively improved. In addition, the function of automatically closing the registration mode after the preset condition is met can be set, so that the condition that the user forgets to close the registration mode and is exposed in an unsafe environment can be avoided.
Further, in the internet of things device authentication method provided in the embodiment of the present invention, the control terminal has a biometric authentication function, and the registration method further includes: before the control terminal private key is used, the control terminal performs biological characteristic authentication, and after the biological characteristic authentication is passed, the control terminal is allowed to use the control terminal private key. For example, the control terminal is a mobile phone with a fingerprint authentication function, so that user identity authentication can be performed before the mobile phone needs to use the control terminal private key for signature, and when the fingerprint authentication passes, at least the user is indicated to want to use the control terminal private key for corresponding operation, so that the use safety of the private key can be effectively improved, and the safety of the internet of things equipment is further improved.
Further, the method for directly connecting authentication of the internet of things equipment, provided by the embodiment of the invention, provides a method for improving the security of the internet of things equipment in a direct connection authentication mode, wherein after a communication link is established between the control terminal and the internet of things equipment, the internet of things equipment is authenticated by using a control terminal private key and a challenge value, so that the security of the internet of things equipment is improved.
Furthermore, in the remote authentication method for the internet of things device provided by the embodiment of the invention, firstly, the control terminal authenticates at the cloud through the private key signature information of the control terminal, and after the authentication is passed, the private key signature information of the control terminal is sent to the internet of things device through the cloud for signature verification so as to ensure the safety and reliability of the information received by the internet of things device, thereby effectively improving the safety of the internet of things device.
Drawings
In order to more clearly illustrate the embodiments of the present application or technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings can be obtained by those skilled in the art according to the drawings.
Fig. 1 is a first flowchart of a method for registering an internet of things device according to an embodiment of the present invention;
fig. 2 is a second flowchart of a method for registering an internet of things device according to an embodiment of the present invention;
fig. 3 is a first flowchart of a method for directly connecting and authenticating devices in the internet of things according to an embodiment of the present invention;
fig. 4 is a second flowchart of a method for directly connecting and authenticating devices in the internet of things according to an embodiment of the present invention;
fig. 5 is a first flowchart of a remote authentication method for internet of things devices according to an embodiment of the present invention;
fig. 6 is a second flowchart of a remote authentication method for internet of things devices according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar parameters or elements having the same or similar functions throughout. The embodiments described below with reference to the drawings are illustrative only and should not be construed as limiting the invention.
The invention provides a method for registering and authenticating Internet of things equipment, which adopts the security authentication capability of a control terminal, wherein in the registration stage, the control terminal is directly connected with the Internet of things equipment offline, the control terminal generates a control terminal public and private key and a control terminal private key in a security domain, the control terminal public and private direct connection is sent to the Internet of things equipment, and the control terminal private key is stored in the security domain of the control terminal. And if cloud connection is needed in the later stage, the control terminal sends the control terminal public key and the Internet of things equipment information to the cloud for storage.
After the registration is completed, the operation instruction message can be sent to the Internet of things equipment through the cloud or direct connection by using a control terminal private key signature generated before the operation instruction message is sent to the Internet of things equipment, then the control terminal public key is used for checking the signature, and the safe reliability of connection can be ensured after the signature is checked successfully, so that the Internet of things equipment can be safely controlled.
In addition, in the registration and use process, the existing biological characteristic authentication function in the mobile phone can be used for authorizing the use of the private key signature of the control terminal, and the private key is allowed to be used for signing the operation only when the biological characteristic authentication passes.
In order to better understand the technical scheme and technical effect of the present invention, the following detailed description will be made on specific embodiments with reference to a flow diagram. As shown in fig. 1, according to a first flowchart of a method for registering a device of the internet of things provided by the embodiment of the present invention, the method may include the following steps:
and step S01, selecting the allowed network access equipment as a control terminal of the Internet of things equipment in advance, wherein the control terminal and the Internet of things equipment have a matched manufacturer public key and a manufacturer private key.
In this embodiment, the licensed network device provides the functionality necessary for implementing the access protocol by the user. The network access permission equipment can convert voice, text, data and image information into electric signals or electromagnetic signals to be transmitted, and restore the received electric signals or electromagnetic signals into the original voice, text, data and image information. Specifically, the control terminal may be a telephone, a telegraph, a mobile phone, a data terminal, a tablet computer, a microcomputer, a facsimile machine, a television, an office automation system, a computer system, or the like.
Preferably, the control terminal is a smart mobile phone (smart phone), which has passed 3C authentication, SRMC authentication, CTA authentication, and the like, and the control terminal and the internet of things device have a paired manufacturer public key and manufacturer private key, and the manufacturer may be an association, hua yi, millet, zhongxing, and the like, for example, the hua shi smart phone has a hua yi mobile phone public key and a mobile phone private key configured in hua yi, and the hua shi mobile phone public key is sent to a mobile service manufacturer, a manufacturer corresponding to the upstream and the downstream, and a partner manufacturer, so that the mobile phone communicates with the devices of these manufacturers. Therefore, the communication safety between the mobile phone and the Internet of things equipment and the cloud can be guaranteed to a certain extent.
And step S02, the control terminal and the Internet of things equipment establish a direct connection safety communication link.
Specifically, the control terminal can be connected through a hard wire, or a bluetooth, a WiFi, and other wireless direct connection secure communication links, such as a local area network, and the direct connection secure communication links ensure the security and reliability of the control terminal when registering on the internet of things device.
Step S03, after the Internet of things equipment enters the registration mode, the control terminal and the Internet of things equipment use the manufacturer public key and the manufacturer private key to perform identity registration binding.
Specifically, identity registration binding may be performed through information such as a challenge value, a user name, and the like. The software of the internet of things device is provided with a mode selection function, for example, a registration mode, a working mode, a sleep mode, etc., which are not listed herein, wherein when the registration mode is started, other devices are allowed to register on the internet of things device in which the registration mode is started, when the registration mode is closed, the registration is prohibited, and the operation in the registration process is also interrupted.
The invention provides an Internet of things equipment registration method, which comprises the following steps: selecting a licensed network access device as a control terminal of the Internet of things device in advance, wherein the control terminal and the Internet of things device have a matched manufacturer public key and a manufacturer private key; the control terminal and the Internet of things equipment establish a direct connection safety communication link; after the Internet of things equipment enters a registration mode, the control terminal and the Internet of things equipment utilize a manufacturer public key and a manufacturer private key to perform identity registration binding. Because the control terminal is the network access permission device, the networking security of the control terminal is higher, and the control terminal and the Internet of things device have the paired manufacturer public key and manufacturer private key, after a direct connection secure communication link is established between the control terminal and the Internet of things device, the manufacturer public key and the manufacturer private key can be used for identity registration and binding so as to ensure the security of the device.
As shown in fig. 2, the second flowchart of the method for registering a device in the internet of things according to the embodiment of the present invention is shown, and identity registration binding can be completed through the flowchart. The identity registration and binding of the control terminal and the Internet of things equipment by using a manufacturer public key and a manufacturer private key comprises the following steps:
step a, the control terminal sends a registration request to the Internet of things equipment. For example, a registration request message is sent.
And b, the Internet of things equipment sends a challenge value to the control terminal or sends the challenge value and the Internet of things equipment information.
The challenge value is a random number generated by the internet of things equipment, and the random number is used for subsequent authentication of the internet of things equipment: whether the device requesting registration is a device that has previously sent a registration request may be determined based on the challenge value if there are multiple devices requesting registration. The internet of things equipment information can be equipment hardware information, for example, unique hardware information such as an MAC address and a CPU number, and the internet of things equipment information can be used for subsequent registration binding at the cloud end, or updating registration binding information at the cloud end and the like.
And c, after the control terminal receives the challenge value or the challenge value and the information of the Internet of things equipment, generating a control terminal public key and a control terminal private key, and then carrying out private key signature on the challenge value and the control terminal public key by using a manufacturer private key and sending the private key signature to the Internet of things equipment. Therefore, the Internet of things equipment can obtain the control terminal public key generated by the control terminal, so that the Internet of things equipment can conveniently carry out encryption communication with the control terminal by using the control terminal public key.
And d, the Internet of things equipment checks the received private key signature information by using the public key of the manufacturer, and compares whether the challenge values are consistent after the check is successful. Because the manufacturer public key of the control terminal is stored in the internet of things device, the received private key signature information can be verified and signed through the manufacturer public key, and when the verification is successful, information such as a challenge value in the private key signature information and the control terminal public key can be obtained. And then comparing the challenge value obtained after the signature verification with the challenge value previously sent to the control terminal, and if the challenge value is consistent with the challenge value, indicating that the identity of the control equipment is correct and the registration binding is successful. It should be noted that there may be many-to-one registration binding situations, for example, if multiple control terminals request registration binding on the same internet of things device, the challenge value may also be used to distinguish the control terminals: different control terminals receive the unique challenge value, and each control terminal indicates the identity of the control terminal when carrying out private key signature on the challenge value, so that confusion caused during registration is avoided.
And e, if so, informing the control terminal that the identity registration binding is successful.
In another embodiment, in order to facilitate the subsequent control terminal to perform remote control on the internet of things device, identity registration and binding need to be performed on the cloud, and for the internet of things device that has been registered in the cloud, data update needs to be performed on registration information in the cloud, specifically, after identity registration binding is successful, the registration method further includes:
and f, the control terminal and the cloud end have a manufacturer public key and a manufacturer private key which are matched. For example, a manufacturer of the control terminal may send a manufacturer public key to the cloud in advance so that the cloud stores the manufacturer public key, and performs subsequent identity authentication or synchronous registration of binding information.
And g, the control terminal utilizes a manufacturer private key to carry out private key signature on the Internet of things equipment information, the control terminal equipment information and the control terminal public key and sends the private key signature to the cloud so as to carry out identity registration binding at the cloud or synchronize identity registration binding information of the cloud. Specifically, if the cloud end does not have relevant registration information of the internet of things equipment, registering and binding the internet of things equipment information and the control terminal equipment information, and storing a corresponding control terminal public key; and if the cloud end has the relevant registration information of the Internet of things equipment, synchronizing the identity registration binding information of the cloud end.
In addition, in order to improve the security of the internet of things device, the registration mode may be closed when the registration is completed or a set condition is met, and specifically, after the identity registration binding is successful, the registration method further includes: and the Internet of things equipment closes the registration mode after meeting the preset conditions. Wherein the preset condition includes, but is not limited to, any one or more of the following: the user manually closes the registration mode, the registration mode is opened and exceeds a set threshold, the internet of things sends registration completion information, the internet of things sends the registration completion information and exceeds a set time length, and the registration completion information are not listed one by one, so that the fact that the internet of things equipment is registered and bound with other equipment under the condition that the internet of things equipment is not intended by the user can be effectively avoided.
In other embodiments, the control terminal has a biometric authentication function, and the registration method further includes: before the control terminal private key is used, the control terminal performs biological characteristic authentication, and after the biological characteristic authentication is passed, the control terminal is allowed to use the control terminal private key.
The biometric authentication includes, but is not limited to, any one or more of the following: fingerprint authentication, voiceprint password authentication, iris authentication, facial feature authentication, and the like. Accordingly, in order to implement the above-mentioned biometric authentication, the control terminal should be provided with corresponding sensors, such as a pressure sensor, a camera, a microphone, etc., and corresponding authentication software, which will not be described in detail herein.
In a preferred embodiment, the control terminal is a mobile phone with fingerprint authentication function. Before the control terminal needs to use the private key signature function, fingerprint authentication needs to be performed, for example, before using the private key signature function, a prompt box pops up: and requesting to perform fingerprint authentication, and allowing the control terminal to use a private key of the control terminal to perform private key signature after the fingerprint authentication is successful.
In the embodiment of the invention, a specific method for identity registration and binding of the control terminal on the Internet of things equipment and the cloud is provided, which is beneficial to improving the safety of the Internet of things equipment.
Fig. 3 is a first flowchart of a direct connection authentication method for devices of the internet of things according to an embodiment of the present invention.
In this embodiment, the method for directly connecting and authenticating the internet of things device includes:
and step S31, the control terminal and the Internet of things equipment establish a direct connection communication link, and the Internet of things equipment stores a control terminal public key.
Specifically, the control terminal may establish the direct connection communication link through a hard-wired connection or a wireless manner such as bluetooth or WiFi, and in the registration process of the internet of things device, the control terminal has sent the control terminal public key to the internet of things device.
And step S32, the control terminal authenticates on the Internet of things equipment by using a control terminal private key and the challenge value.
It should be noted that, as in the registration procedure, the control terminal may have a biometric authentication function, and the direct connection authentication method further includes: before the control terminal private key is used, the control terminal performs biological characteristic authentication, and after the biological characteristic authentication is passed, the control terminal is allowed to use the control terminal private key. Preferably, the control terminal is a mobile phone having a fingerprint authentication function.
And step S33, after the authentication is passed, the control terminal sends an operation instruction message to the Internet of things equipment.
Specifically, the private key signature of the operation instruction message can be performed by using a manufacturer private key and sent to the internet of things device, the private key signature of the operation instruction message can also be performed by using a control terminal private key and sent to the internet of things device, and certainly, the operation instruction message can also be directly sent when a secure communication link is established to ensure connection and information transmission security.
In the embodiment of the invention, the direct connection authentication method of the Internet of things equipment is provided, so that the safety of the Internet of things equipment can be effectively guaranteed.
Fig. 4 is a second flowchart of a direct connection authentication method for devices of the internet of things according to an embodiment of the present invention.
In this embodiment, a specific method for directly connecting and authenticating an internet of things device is provided, where the authenticating, by the control terminal, the internet of things device by using a control terminal private key and a challenge value includes:
step a, the control terminal sends an authentication request to the Internet of things equipment.
And b, after receiving the authentication request, the Internet of things equipment sends a challenge value to the control terminal. The challenge value may be a random number randomly generated by the internet of things device.
And c, the control terminal signs the challenge value by using a private key of the control terminal and then sends the challenge value to the Internet of things equipment.
And d, the Internet of things equipment checks the signature of the private key signature information by using the public key of the control terminal, compares whether the challenge values are consistent or not after the signature is checked successfully, and informs the control terminal that the authentication is passed if the challenge values are consistent.
Fig. 5 is a first flowchart of a remote authentication method for internet of things devices according to an embodiment of the present invention.
In this implementation, the remote authentication method for the internet of things device may include:
step S51, the Internet of things equipment and the cloud end respectively store control terminal public keys, and the control terminal, the Internet of things equipment and the cloud end are in communication connection with each other.
Specifically, in the registration process described above, the control terminal sends the generated control terminal public keys to the internet of things device and the cloud, so that the internet of things device and the cloud store the control terminal public keys respectively; in addition, the control terminal, the Internet of things equipment and the cloud are in communication connection with each other.
And step S52, the control terminal authenticates at the cloud terminal through the private key signature information of the control terminal. For example, the control terminal sends the private key signature information of the control terminal to the cloud, the cloud checks the signature of the private key signature information by using the stored public key of the control terminal, and if the private key signature information can be correctly decrypted, the authentication is passed. Of course, whether the content in the private key signature information is correct or not can be further verified, and the authentication is passed when the content is correct.
And step S53, after the cloud passes the authentication, sending the private key signature information of the control terminal to the Internet of things equipment for signature verification. Specifically, the cloud sends the received private key signature information of the control terminal to the internet of things device after the signature verification is successful, the internet of things device verifies the signature of the private key signature information by using the stored public key of the control terminal, and if the private key signature information can be correctly decrypted, the signature verification is successful.
And step S54, the Internet of things equipment informs the cloud of successful signature verification after successful signature verification.
And step S55, the cloud end informs the control terminal that the signature verification is successful.
And step S56, the control terminal sends an operation instruction message to the Internet of things equipment through the cloud after the signature verification is successful.
It should be noted that, when the control terminal sends the operation instruction message to the internet of things device, one round of authentication and signature verification may be performed every time the operation instruction message is sent, or one round of authentication and signature verification may be performed after a period of time, or one round of authentication and signature verification may be performed after the cloud or the internet of things device is restarted, which is not limited herein. In a specific embodiment, after the control terminal successfully checks the signature, a private key signs the operation instruction message, and then the operation instruction message is sent to the internet of things device through the cloud.
It should be noted that, as in the registration procedure, the control terminal may have a biometric authentication function, and the direct connection authentication method further includes: before the control terminal private key is used, the control terminal performs biological characteristic authentication, and after the biological characteristic authentication is passed, the control terminal is allowed to use the control terminal private key. Preferably, the control terminal is a mobile phone having a fingerprint authentication function.
In this embodiment, control terminal carries out the authentication back at the high in the clouds, is tested the sign by the high in the clouds on thing networking device again, just can carry out the distal end by control terminal to thing networking device and control after testing the sign success, can effectively ensure thing networking device's security.
Fig. 6 is a second flowchart of a remote authentication method for internet of things devices according to an embodiment of the present invention.
In this embodiment, the authentication of the control terminal at the cloud terminal through the private key signature information of the control terminal includes:
step a, the control terminal sends an authentication request to the cloud.
And b, after receiving the authentication request, the cloud sends a challenge value to the control terminal. The challenge value may be a random number randomly generated by the cloud.
And c, the control terminal signs the challenge value by using a private key of the control terminal and then sends the challenge value to the cloud.
And d, the cloud checks the signature of the private key signature information by using the public key of the control terminal, and compares whether the challenge values are consistent or not after the signature is checked successfully, if so, the authentication is passed.
Other steps are the same as the above embodiment and will not be described in detail here.
Correspondingly, the invention also provides the internet of things corresponding to the method for registering and authenticating the equipment of the internet of things, and the internet of things can comprise:
control terminal and high in the clouds of intercommunication connection, control terminal and thing networking device are connected or the communication is connected in order directly to link the security communication, control terminal with thing networking device has the firm public key of the firm that pairs and firm private key, control terminal has control terminal public key and control terminal private key, thing networking device with the high in the clouds storage has the control terminal public key.
The Internet of things equipment is used for carrying out identity registration binding on the control terminal and authenticating private key signature information of the control terminal, and the control terminal is connected with the Internet of things equipment after passing authentication so as to send an operation instruction message.
The cloud end is used for carrying out identity registration binding and identity registration binding information updating on the control terminal and the Internet of things equipment by utilizing a manufacturer public key and a manufacturer private key, and forwarding an authentication result, private key signature information, an operation instruction message and the like.
In one implementation, the control terminal has a biometric authentication function, the control terminal performs biometric authentication before using the control terminal private key, and allows the control terminal private key to be used after the biometric authentication is passed. Preferably, the control terminal is a mobile phone having a fingerprint authentication function.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. It will be appreciated by those skilled in the art that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions in a system for multi-operator remote manipulation of a single operator according to embodiments of the present invention. The present invention may also be embodied as apparatus or system programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from a website on the internet, provided on a carrier signal, or provided in any other form.

Claims (7)

1. An Internet of things equipment registration method is characterized by comprising the following steps:
selecting a licensed network access device as a control terminal of the Internet of things device in advance, wherein the control terminal and the Internet of things device have a matched manufacturer public key and a manufacturer private key;
the control terminal and the Internet of things equipment establish a direct connection safety communication link;
after the Internet of things equipment enters a registration mode, the control terminal and the Internet of things equipment perform identity registration binding by using a manufacturer public key and a manufacturer private key;
the control terminal and the internet of things equipment utilize a manufacturer public key and a manufacturer private key to perform identity registration binding, and the identity registration binding comprises the following steps:
the control terminal sends a registration request to the Internet of things equipment;
the Internet of things equipment sends a challenge value to the control terminal or sends the challenge value and Internet of things equipment information;
after the control terminal receives the challenge value or the challenge value and the information of the Internet of things equipment, a control terminal public key and a control terminal private key are generated, and then private key signatures are carried out on the challenge value and the control terminal public key by using a manufacturer private key and are sent to the Internet of things equipment;
the Internet of things equipment checks the received private key signature information by using a manufacturer public key, and compares whether the challenge values are consistent after the check is successful;
if yes, the control terminal is informed that the identity registration binding is successful;
wherein the challenge value is a random number generated by the internet of things device, and the random number is used for subsequent authentication of the internet of things device: whether the device requesting registration is a device that has previously sent a registration request may be determined based on the challenge value if there are multiple devices requesting registration.
2. The registration method according to claim 1, wherein after the identity registration binding is successful, the registration method further comprises:
the control terminal and the cloud end have a manufacturer public key and a manufacturer private key which are matched;
the control terminal utilizes a manufacturer private key to carry out private key signature on the Internet of things equipment information, the control terminal equipment information and the control terminal public key and sends the private key signature to the cloud end so as to carry out identity registration binding or synchronize identity registration binding information of the cloud end at the cloud end.
3. The registration method according to claim 1, wherein after the identity registration binding is successful, the registration method further comprises:
and the Internet of things equipment closes the registration mode after meeting the preset conditions.
4. The registration method according to any one of claims 1 to 3, wherein the control terminal has a biometric authentication function, the registration method further comprising:
before the control terminal private key is used, the control terminal performs biological characteristic authentication, and after the biological characteristic authentication is passed, the control terminal is allowed to use the control terminal private key.
5. An Internet of things equipment direct connection authentication method is characterized by comprising the following steps:
the method comprises the steps that a direct connection communication link is established between a control terminal and the Internet of things equipment, and a control terminal public key is stored in the Internet of things equipment;
the control terminal authenticates the Internet of things equipment by using a control terminal private key and a challenge value;
after the authentication is passed, the control terminal sends an operation instruction message to the Internet of things equipment;
the control terminal utilizes a control terminal private key and a challenge value to authenticate the Internet of things equipment, and the authentication comprises the following steps:
the control terminal sends an authentication request to the Internet of things equipment;
after receiving the authentication request, the Internet of things equipment sends a challenge value to the control terminal;
the control terminal signs the challenge value by using a private key of the control terminal and then sends the challenge value to the Internet of things equipment;
the Internet of things equipment checks the signature of the private key signature information by using the public key of the control terminal, compares whether the challenge values are consistent after the signature is successfully checked, and if so, informs the control terminal that the authentication is passed;
wherein the challenge value is a random number generated by the internet of things device, and the random number is used for subsequent authentication of the internet of things device: whether the device requesting registration is a device that has previously sent a registration request may be determined based on the challenge value if there are multiple devices requesting registration.
6. A remote authentication method for Internet of things equipment is characterized by comprising the following steps:
the Internet of things equipment and the cloud end respectively store control terminal public keys, and the control terminal, the Internet of things equipment and the cloud end are in communication connection with each other;
the control terminal authenticates at the cloud through the private key signature information of the control terminal;
after the cloud passes the authentication, sending private key signature information of the control terminal to the Internet of things equipment for signature verification;
the Internet of things equipment informs the cloud of successful signature verification after successful signature verification;
the cloud end informs the control terminal of successful signature verification;
the control terminal sends an operation instruction message to the Internet of things equipment through the cloud after the signature verification is successful;
the control terminal authenticates in the cloud through the control terminal private key signature information, and the authentication comprises the following steps:
the control terminal sends an authentication request to the cloud;
after receiving the authentication request, the cloud sends a challenge value to the control terminal;
the control terminal signs the challenge value by using a private key of the control terminal and then sends the challenge value to the cloud;
the cloud checks the signature of the private key signature information by using the public key of the control terminal, compares whether the challenge values are consistent after the signature is checked successfully, and if so, passes the authentication;
wherein the challenge value is a random number generated by the internet of things device, and the random number is used for subsequent authentication of the internet of things device: whether the device requesting registration is a device that has previously sent a registration request may be determined based on the challenge value if there are multiple devices requesting registration.
7. The remote authentication method according to claim 6, wherein after the control terminal successfully verifies the signature, a private key signs the operation instruction packet, and then the operation instruction packet is sent to the internet of things device through the cloud.
CN201711407995.3A 2017-12-22 2017-12-22 Internet of things equipment registration and authentication method Active CN107919962B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711407995.3A CN107919962B (en) 2017-12-22 2017-12-22 Internet of things equipment registration and authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711407995.3A CN107919962B (en) 2017-12-22 2017-12-22 Internet of things equipment registration and authentication method

Publications (2)

Publication Number Publication Date
CN107919962A CN107919962A (en) 2018-04-17
CN107919962B true CN107919962B (en) 2021-01-15

Family

ID=61894005

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711407995.3A Active CN107919962B (en) 2017-12-22 2017-12-22 Internet of things equipment registration and authentication method

Country Status (1)

Country Link
CN (1) CN107919962B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109787769A (en) * 2018-12-25 2019-05-21 深圳市安信认证系统有限公司 Offline authentication method, user terminal and the device end of internet of things equipment
CN110011985A (en) 2019-03-19 2019-07-12 阿里巴巴集团控股有限公司 For operating the method and system of internet of things equipment
CN111049799B (en) 2019-11-13 2022-01-21 华为终端有限公司 Control method, device and system
CN111541534B (en) * 2020-04-14 2023-10-24 全链通有限公司 Control method, equipment and storage medium of terminal of Internet of things
WO2022006493A1 (en) 2020-07-02 2022-01-06 Cal-Chip Electronics Specialty Products, Inc. Connected secure key redistribution system and method
CN111835779B (en) * 2020-07-20 2023-04-18 安徽华速达电子科技有限公司 Authentication method for equipment access platform
JP2023554555A (en) * 2020-12-09 2023-12-27 デヴィオ,インコーポレイテッド Network identity
CN112788150A (en) * 2021-01-25 2021-05-11 广东电网有限责任公司惠州供电局 Registration method, terminal device, block chain management screen platform and storage medium
CN113596030B (en) * 2021-07-29 2023-10-17 深圳Tcl新技术有限公司 Equipment network distribution method and device, storage medium and electronic equipment
CN114244520B (en) * 2021-12-02 2024-07-16 浙商银行股份有限公司 Block chain-based method, system and equipment for admitting Internet of things equipment

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7836306B2 (en) * 2005-06-29 2010-11-16 Microsoft Corporation Establishing secure mutual trust using an insecure password
DE102011118565A1 (en) * 2011-11-15 2013-05-16 Giesecke & Devrient Gmbh Smart home device, smart home control unit, smart home system and method for integrating a smart home device into a smart home system
CN103729945B (en) * 2013-03-15 2015-11-18 福建联迪商用设备有限公司 A kind of method and system of secure download terminal master key
CN105553932A (en) * 2015-11-30 2016-05-04 青岛海尔智能家电科技有限公司 Method, device and system of remote control safety binding of intelligent home appliance
CN105989488B (en) * 2016-03-18 2020-02-21 李明 Payment method and system
CN106130982B (en) * 2016-06-28 2019-07-12 北京万协通信息技术有限公司 Intelligent household appliance remote control method based on PKI system
CN106059869B (en) * 2016-07-26 2019-06-18 北京握奇智能科技有限公司 A kind of internet of things intelligent household equipment safety control method and system
CN106533669B (en) * 2016-11-15 2018-07-13 百度在线网络技术(北京)有限公司 The methods, devices and systems of equipment identification
CN106790156B (en) * 2016-12-29 2020-12-22 海尔优家智能科技(北京)有限公司 Intelligent device binding method and device
CN107426160B (en) * 2017-05-05 2020-04-14 深圳市文鼎创软件有限公司 Control method, system and terminal of smart home, FIDO server and safety equipment
CN107070667B (en) * 2017-06-07 2020-08-04 国民认证科技(北京)有限公司 Identity authentication method

Also Published As

Publication number Publication date
CN107919962A (en) 2018-04-17

Similar Documents

Publication Publication Date Title
CN107919962B (en) Internet of things equipment registration and authentication method
CN109359691B (en) Identity verification method and system based on block chain
CN109729523B (en) Terminal networking authentication method and device
WO2018127081A1 (en) Method and system for obtaining encryption key
EP3668120B1 (en) Hearing device with service mode and related method
CN107888603B (en) Internet of things intelligent equipment registration and authentication method and Internet of things
US11206496B2 (en) Hearing device with service mode and related method
US9154483B1 (en) Secure device configuration
CN110189442A (en) Authentication method and device
CN113099443A (en) Equipment authentication method, device, equipment and system
CN107995148B (en) File tamper-proofing method, system, terminal and trusted cloud platform
CN111031540B (en) Wireless network connection method and computer storage medium
CN109361681B (en) Method, device and equipment for authenticating national secret certificate
KR20190033380A (en) Authenticating a networked camera using a certificate having device binding information
US20240073020A1 (en) Digital key pairing method, pairing system, and vehicle
JP2020078067A5 (en)
CN110838919B (en) Communication method, storage method, operation method and device
CN114449512A (en) Vehicle-end secure communication method and device
CN108134675B (en) SDN network-based control and data plane equipment and authentication method and system thereof
TW201717084A (en) System and method for app certification
CN106599619A (en) Verification method and device
CN113596823B (en) Slice network protection method and device
CN106535179B (en) WDS authentication method and system
CN107360573B (en) Terminal access method and device
CN106549768A (en) A kind of method and system of time type plug-in authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: Part 4-5, No. 789 Jingwei Avenue, Shiyou Road Street, Yuzhong District, Chongqing 400042

Patentee after: National Certification Technology (Chongqing) Co.,Ltd.

Address before: 100080 No.303, 3 / F, digital media building, No.7 Shangdi Information Road, Haidian District, Beijing

Patentee before: GUOMIN AUTHENTICATION TECHNOLOGY (BEIJING) CO.,LTD.