Summary of the invention
Based on this, it is necessary to for the problem that traditional technology communications security is relatively low, provide a kind of identity of communication equipment
Authentication method, the identification authentication system of communication equipment, computer equipment, electronic key equipment, communication equipment authentication system
System and computer readable storage medium.
In one embodiment, a kind of identity identifying method of communication equipment is provided, comprising steps of
Obtain the identification information of communication equipment to be certified;It is inquired from public key library according to the identification information and the mark
Know the public key of information matches;
Certification message is generated, the certification message is encrypted using the public key to obtain encryption message;
The encryption message is sent to the communication equipment, for triggering the communication equipment using the private locally prestored
The encryption message is decrypted in key;
Obtain the decryption message sent after the communication equipment decryption;
Authentication is carried out to the communication equipment according to the decryption message and certification message.
The identity identifying method of above-mentioned communication equipment obtains the identification information of communication equipment to be certified, according to the mark
Information is inquired from public key library and the public key of the identification information match, is encrypted the certification message of generation using the public key
Encryption message is obtained, and encryption message feedback is disappeared to communication equipment triggering communication equipment using the private key pair encryption locally prestored
Breath is decrypted, the decryption message sent after receiving communication device decryption, according to the decryption message with certification message to described
Communication equipment carries out authentication, and whether the communication equipment that this method can accurately identify access is legal communication equipment, is kept away
Exempt from tradition to be difficult to accurately authenticate the defect of communication equipment identity by way of account number cipher password, improves communication security
Property, and after determining the communication equipment that the communication equipment is legal access, the host for authentication can be by storage
Data information opening accesses to the communication equipment, and user can be further by the legal communication equipment to the letter of storage
Breath data, which are edited, transmitted or encrypts etc., to be handled.
In one embodiment, it further comprises the steps of:
Obtain the public key of the communication equipment;The public key is carried out described in Hash operation generation by hash algorithm
The public key cryptographic Hash of communication equipment;The public key cryptographic Hash is set as to the identification information of the communication equipment.
In one embodiment, it further comprises the steps of:
Seed key is generated by quantum computer random;The public key of the communication equipment is generated using the seed key
And the private key with public key pairing.
In one embodiment, it further comprises the steps of:
The private key of the communication equipment is stored in the safety chip of the communication equipment.
In one embodiment, the step of identification information for obtaining communication equipment to be certified includes:
The mark letter for obtaining the identification information being set on the communication equipment to be certified and being set as the communication equipment
Breath;
Or
The step of identification information for obtaining communication equipment to be certified includes:
Receive identification information in the chip for being stored in the communication equipment that the communication equipment to be certified is sent simultaneously
It is set as the identification information of the communication equipment.
In one embodiment, the step of identification information for obtaining communication equipment to be certified includes:
Obtain the first identifier information being set on the communication equipment to be certified;Receive the communication equipment to be certified
The second identifier information of transmission;Wherein, the second identifier information is stored in the chip of the communication equipment;By described first
Identification information and second identifier information are compared;It, will be described if the first identifier information is identical with second identifier information
First identifier information or second identifier authentification of message are set as the identification information.
In one embodiment, before the identification information for obtaining communication equipment to be certified the step of, further includes:
It establishes and communicates to connect by WiFi, bluetooth or usb communication mode and the communication equipment to be certified.
In one embodiment, described that communication equipment progress identity is recognized with certification message according to the decryption message
The step of card includes:
The decryption message is compared with certification message;If the decryption message is identical as certification message, authenticate
The communication equipment is legal communication equipment;Otherwise determine that the communication equipment is illegal communication equipment.
In one embodiment, the communication equipment to be certified is the electronic key equipment for data encryption.
In one embodiment, a kind of identity identifying method of communication equipment is also provided, comprising steps of
The identification information that local communication device is sent to certification terminal, is looked into from public key library for triggering the certification terminal
Ask the public key with the identification information match;Certification message is generated, the certification message encrypt using the public key
To encryption message;
Receive the encryption message that the certification terminal is sent;
The encryption message is decrypted using the private key locally prestored to obtain decryption message;
The decryption message is sent to the certification terminal, for triggering the certification terminal according to the decryption message
Authentication is carried out to the local communication device with certification message.
The identity identifying method of above-mentioned communication equipment sends the identification information of local communication device, triggering to certification terminal
Certification terminal is inquired from public key library and the public key of the identification information match, and is carried out using the public key to the certification message
Encryption obtains encryption message, receives the encryption message and the encryption message is decrypted using the private key locally prestored, will
Decryption message after decryption is sent to the certification terminal triggering authentication terminal according to decryption message and certification message to local communication
Equipment carries out authentication, and this method enables certification terminal to accurately identify whether the local communication device of access is legal
Communication equipment avoids tradition and is difficult to accurately authenticate the defect of communication equipment identity by way of account number cipher password, improves
Communications security, and certification after determining the communication equipment that local communication device is legal access, for authentication
The data information of storage can be opened and be accessed to the local communication device by terminal, and user can be further legal by this
Communication equipment the processing such as edited, transmitted or encrypted to the information data of storage.
In one embodiment, it further comprises the steps of:
Obtain the public key of the local communication device;Hash operation generation is carried out to the public key by hash algorithm
The public key cryptographic Hash of the local communication device;The public key cryptographic Hash is set as to the identification information of the local communication device.
In one embodiment, it further comprises the steps of:
Seed key is generated by quantum computer random;The local communication device is generated using the seed key
Public key and the private key matched with the public key.
In one embodiment, the private key locally prestored is to be stored in the safety chip of the local communication device
Private key.
In one embodiment, the identification information includes the identification information on the local communication device or storage
Identification information in the chip of the local communication device.
In one embodiment, the identification information include first identifier information on the local communication device and
The second identifier information being stored in the chip of the local communication device;
Described the step of sending the identification information of local communication device to certification terminal includes: to send to the certification terminal
The first identifier information and second identifier information mark the first identifier information and second for triggering the certification terminal
Know information to be compared;If the first identifier information is identical with second identifier information, by the first identifier information or
Two identification informations authenticate the identification information for being set as the local communication device.
In one embodiment, before described the step of sending the identification information of local communication device to certification terminal,
Further include:
It is established and is communicated to connect by the communication mode of WiFi, bluetooth or USB and the certification terminal.
In one embodiment, the decryption message be further used for triggering the certification terminal by the decryption message with
Certification message is compared;If the decryption message is identical as certification message, it is legal for authenticating the local communication device
Communication equipment;Otherwise determine that the local communication device is illegal communication equipment.
In one embodiment, the local communication device is the electronic key equipment for data encryption.
In one embodiment, a kind of identification authentication system of communication equipment is provided, comprising:
Pubic-Key search module, for obtaining the identification information of communication equipment to be certified;According to the identification information from public affairs
The public key with the identification information match is inquired in key library;
Encrypting module encrypts the certification message using the public key for generating certification message
Message;
First sending module is set for the encryption message to be sent to the communication equipment for triggering the communication
It is standby that the encryption message is decrypted using the private key locally prestored;
Module is obtained, for obtaining the decryption message sent after the communication equipment decryption;
First authentication module is recognized for carrying out identity to the communication equipment with certification message according to the decryption message
Card.
In one embodiment, a kind of identification authentication system of communication equipment is additionally provided, comprising:
Second sending module described is recognized for sending the identification information of local communication device to certification terminal for triggering
Card terminal is inquired and the public key of the identification information match from public key library;Certification message is generated, using the public key to described
Certification message is encrypted to obtain encryption message;
Receiving module, the encryption message sent for receiving the certification terminal;
Deciphering module obtains decryption message for the encryption message to be decrypted using the private key locally prestored;
Second authentication module, for the decryption message to be sent to the certification terminal, for triggering the certification eventually
End carries out authentication to the local communication device according to the decryption message and certification message.
In one embodiment, a kind of computer equipment is provided, including memory, processor and storage are on a memory
And the computer program that can be run on a processor, the processor realize that as above any one is real when executing the computer program
The step of applying the identity identifying method of communication equipment described in example.
In one embodiment, it provides a kind of electronic key equipment, including memory, processor and is stored in memory
Computer program that is upper and can running on a processor, the processor realize as above any one when executing the computer program
The step of identity identifying method of communication equipment described in embodiment.
In one embodiment, a kind of identity authorization system of communication equipment is provided, including described in embodiment as above
Computer equipment and electronic key equipment.
In one embodiment, the quantity of the electronic key equipment is at least two;Wherein, each electronic key
The private key that the local of equipment prestores is identical private key.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, it is described
The step of the identity identifying method of communication equipment described in as above any one embodiment is realized when computer program is executed by processor
Suddenly.
The authentication of the identification authentication system, computer equipment, electronic key equipment, communication equipment of above-mentioned communication equipment
System and computer readable storage medium enable certification terminal to accurately identify whether the communication equipment of access is legal lead to
Believe equipment, avoids tradition and be difficult to accurately authenticate the defect of communication equipment identity by way of account number cipher password, improve
Communications security, and the certification terminal after determining the communication equipment that the communication equipment is legal access, for authentication
The data information of storage can be opened and be accessed to the communication equipment, user can further be set by the legal communication
It is standby the information data of storage is edited, transmitted or encrypt etc. handle.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the present invention, not
For limiting the present invention.It should be noted that term involved in the embodiment of the present invention " first second " be only be difference class
As object, do not represent the particular sorted for object, it is possible to understand that ground, " first second " can be mutual in the case where permission
Change specific sequence or precedence.It should be understood that the object that " first second " is distinguished is interchangeable under appropriate circumstances, so that
The embodiment of the present invention described herein can be performed in other sequences than those illustrated or described herein.
The identity identifying method of communication equipment provided by the invention can be applied in application environment as shown in Figure 1, figure
1 is the applied environment figure of the identity identifying method of communication equipment in one embodiment.Wherein, communication equipment 100 can be with certification
Terminal 200 establishes communication connection by a variety of communication connection modes, such as can pass through the communication mode of WiFi, bluetooth or USB
Communication equipment 100 and certification terminal 200 are established into communication connection, certification terminal 200 can pass through the number of acquisition communication equipment 100
Verify whether communication equipment 100 is legal communication equipment it is believed that ceasing and sending the modes such as verification information to communication equipment 100,
It can be to the data information of the communication equipment open storage in the case where the communication equipment 100 is legal communication equipment.Its
In, communication equipment 100 refers to the equipment with communication capacities such as data information transfers, may include tablet computer 110, a number
The equipment such as word assistant 120, smart phone 130 or the electronic key equipment for data encryption, certification terminal 200 refer to there is number
It is believed that the terminal device of breath storage and data transmission capabilities, which can be carried out the communication equipment 100 of access
Certification can be realized by the server cluster of the either multiple server compositions of PC, independent server.
In one embodiment, a kind of identity identifying method of communication equipment is provided, is applied in Fig. 1 in this way
It is illustrated for certification terminal 200, as shown in Fig. 2, Fig. 2 is the stream of the identity identifying method of communication equipment in one embodiment
The identity identifying method of journey schematic diagram, the communication equipment may include steps of:
Step S101 obtains the identification information of communication equipment to be certified;It is inquired from public key library according to the identification information
With the public key of identification information match.
Wherein, communication equipment to be certified refers to for establishing communication connection and access registrar terminal with certification terminal 200
The equipment of the data information of 200 storages may include tablet computer 110 as shown in Figure 1, personal digital assistant 120, intelligent hand
The equipment such as machine 130 or electronic key equipment for data encryption, the identification information of communication equipment, which refers to, to be set in advance for the communication
The identification information of standby authorized appropriation can be the authorization by certification terminal 200 for carrying out unique identification to the communication equipment
Communication equipment distribution be used for the public and private key pair of the communication equipment authentication, and the public key of the communication equipment can be deposited
It stores up in the public key library of certification terminal 200, which can recorde the public key of the communication equipment of multiple authorizations, and each communication is set
Standby public key can be corresponded with the identification information of distribution, and the identification information according to communication equipment to be certified can be from certification
Corresponding public key is extracted in the public key library of terminal 200.
Before the data information of 100 access registrar terminal 200 of communication equipment storage, terminal 200 is authenticated to communication equipment
100 identity is authenticated, and the identification information of the available communication equipment 100 to be certified of terminal 200 is authenticated, according to the mark
Knowledge information is obtained from the public key library locally prestored and the public key of the identification information match, such as certification terminal 200 can basis
Identification information indexes out public key corresponding with the identification information from public key library.
Step S102 generates certification message, is encrypted to obtain encryption message to certification message using the public key.
In this step, terminal 200 is authenticated after the public key of acquisition and the identification information match of communication equipment to be certified,
Certification message is generated, is mainly used for authenticating the identity of communication equipment, in order to guarantee the accuracy and safety of authentication
Property, which can be the random number that certification terminal 200 generates.Authenticate the setting with the communication using acquisition of terminal 200
The public key of standby identification information match is encrypted the certification message of generation to obtain encryption message, since the encryption message passes through
Distribute to what the public key of the communication equipment was encrypted, it could be to this with the equipment of the secret of the public key match so only possessing
Encryption message be decrypted, and other equipment in the case where not knowing the secret with the public key match can not to encryption message into
Row decryption, to ensure that the safety in the authentication procedures to the communication equipment.
Step S103, by encryption message to communication equipment.
This step authenticates terminal 200 and is sent to communication equipment 100 to be certified for message is encrypted, so that communication equipment 100
The encryption message is decrypted using the private key locally prestored to obtain decryption message;Wherein, the local of communication equipment 100
The private key prestored refers to when authorizing to the communication equipment 100, the private key with public key pairing of distribution, 100 benefit of communication equipment
Certification terminal 200 can be decrypted by the message of the public key encryption matched with the private key, be obtained accurately with the private key
When solving confidential information, however receiving the encryption message of certification terminal 200 due to illegality equipment, the sheet with public key pairing can not be known
Ground is stored in the private key in communication equipment 100, also can not just be decrypted to encryption message, ensure that and recognize communication equipment identity
The safety of card.
Step S104 obtains the decryption message sent after communication equipment decryption.
This step is mainly to authenticate terminal 200 to obtain the decryption message sent after communication equipment 100 is decrypted;Wherein, in order to
Prevent in message transmitting procedure leakage decryption message, communication equipment 100 can use the public key of certification terminal 200 to decrypting
To decryption message encrypted after be sent to certification terminal 200, certification terminal 200 using certification terminal itself private key decrypt
It can obtain decryption message.
Step S105 carries out authentication to the communication equipment according to decryption message and certification message.
This step is mainly to authenticate terminal 200 after receiving communication equipment 100 and decrypting obtained decryption message, according to life
At certification message and the decryption message authentication communication equipment 100 identity.Typically, since the communication of only legal authorization
Equipment could to certification terminal 200 encryption message be decrypted correctly, it is possible to will certification message and the decryption message into
Whether row compares, be legal communication equipment according to the result judgement communication equipment 100 of comparison.
For example, certification message and the decryption message can be compared, if certification message is identical as the decryption message,
Certification communication equipment 100 be legal communication equipment, if certification message and the decryption message it is not identical, determine communication equipment
100 be illegal communication equipment.It is not limited to certification message it should be noted that certification message is identical as decryption message and is somebody's turn to do
Decryption message belongs to identical information or data, as long as determining certification message and the decryption message according to certain ad hoc rules
Belong to same message.
The identity identifying method of the communication equipment of above-described embodiment obtains the identification information of communication equipment to be certified, root
Inquired from public key library according to the identification information with the public key of the identification information match, the certification message of generation is carried out using public key
Encryption obtains encryption message, and will encryption message feedback to communication equipment triggering communication equipment using the private key locally prestored to adding
Close message is decrypted, the decryption message sent after receiving communication device decryption, according to decryption message and certification message to communication
Equipment carries out authentication, and whether the communication equipment that this method can accurately identify access is legal communication equipment, is avoided
Tradition is difficult to accurately authenticate the defect of communication equipment identity by way of account number cipher password, improves communications security, and
And after determining the communication equipment that the communication equipment is legal access, the host for authentication can believe the data of storage
Breath opening accesses to the communication equipment, and user can be further by the legal communication equipment to the information data of storage
The processing such as edited, transmitted or encrypted.
In one embodiment, further include following steps:
Obtain the public key of communication equipment;The public key that Hash operation generates communication equipment is carried out to the public key by hash algorithm
Cryptographic Hash;The public key cryptographic Hash is set as to the identification information of communication equipment.
The present embodiment mainly before carrying out authentication to communication equipment 100, utilizes the public key setting of communication equipment
The identification information of the communication equipment.Public and private key pair can be distributed for multiple communication equipments 100 in advance by certification terminal 200,
It is mainly used for carrying out authorization identifying to each communication equipment 100, certification terminal 200 is by hash algorithm to each communication equipment
The public keys of 100 distribution carry out Hash operations, generate the corresponding public key cryptographic Hash of each communication equipment 100, and by the public key Hash
Value is set as the identification information of corresponding communication device.
Such as the public key of communication equipment 100 can be greatly shortened using hash algorithm by authenticating terminal 200 is 24
Position character.Since the identification information of communication equipment is obtained by carrying out Hash operation to public key, i.e., identification information is that this is logical
Believe the cryptographic Hash of the public key of equipment, and cryptographic Hash refer to using hash algorithm will made of one section of arbitrarily long source data transformation it is solid
The data value of measured length, in the case where even 1 bit change occurs for source data, cryptographic Hash corresponding with the source data can also be sent out
The cryptographic Hash of communication equipment public key is set as the identification information of communication equipment 100 by changing, the technical solution of the present embodiment, so that
It is that index finds out correspondence from public key library with the cryptographic Hash of communication equipment public key after authenticating the acquisition of terminal 200 identification information
Public key also improve the public key for obtaining communication equipment 100 while guaranteeing that the public key of communication equipment 100 is not revised
Accuracy can prevent the communication equipment of any hacker legal to palming off when authenticating terminal 200 by WiFi or linking bluetooth
Communication equipment can also effectively avoid malware attacks of the USB link to certification terminal 200 when, and the communication equipment is public
The cryptographic Hash of key can disclose, since the communication equipment of personation can not know the private key of legal communication equipment 100, even if hacker
The cryptographic Hash for being aware of the communication equipment public key is also unable to complete the pairing of certification message, sets to further ensure to communication
The safety of standby authentication.
In one embodiment, can also include the following steps:
Seed key is generated by quantum computer random;Using the seed key generate communication equipment public key and with
The private key of public key pairing.
It is that each communication equipment 100 generates public and private key pair that the present embodiment, which mainly passes through quantum computer, authenticates terminal
200 can be that communication equipment 100 generates a seed key by quantum computer random, generate public affairs by this seed key
Private key pair, the i.e. public key of generation communication equipment 100 and the private key with public key pairing.The present embodiment is raw by quantum techniques
At random number be true random number, and the random degree of the random number is very high, and having no rule can say, thus using the random number as
Seed key generates the public and private key pair of communication equipment 100, ensure that the uniqueness of key pair, generates compared to using pseudo random number
The security certification system of device can further increase the authentication safety to the communication equipment 100 for being linked into certification terminal 200
Property.
In one embodiment, further, can also include the following steps:
The private key of communication equipment is stored in the safety chip of the communication equipment.
The present embodiment can be after each communication equipment 100 generates corresponding private key, by the private by certification terminal 200
Key is stored in the safety chip of each communication equipment 100, which is equipped with independent storage unit, is mainly used for storing
Private key, since the private key is stored in this hardware of safety chip, that is to say, that the private key of communication equipment 100 is firmly deposited
In the safety chip for storing up communication equipment 100, the communication equipment 100 will not be left, and be stored in the private key in safety chip to be
By encryption, it is broken that the technical solution of the present embodiment carries out reverse-engineering after hacker can be effectively prevent to obtain communication equipment 100
The private key for solving communication equipment 100 further improves the authentication peace to the communication equipment 100 for being linked into certification terminal 200
Quan Xing.
In one embodiment, further, the identification information of the acquisition communication equipment to be certified in step S101
Step may include:
Obtain the identification information that the identification information being set on communication equipment to be certified is set as the communication equipment.
In the present embodiment, the identification information of communication equipment 100 to be certified can be engraved in the surface of communication equipment 100 such as
Case surface, communication equipment 100 are held user and can be passed through the identification information for 100 case surface of communication equipment that this is set to
The input equipment such as keyboard for authenticating terminal 200 are input in certification terminal 200, and certification terminal 200 can receive the communication of input
The identification information of 100 case surface of equipment, and the identification information is set as to the identification information of the communication equipment.
The present embodiment certification the available communication equipment 100 of terminal 200 hold user input be set to communication equipment 100
The identification information of case surface, which can be the public key of communication equipment 100, and the number of characters of public key generally compares
It is more, so the cryptographic Hash of the public key of communication equipment 100 can also be set as identification information, to shorten the number of characters of user's input,
The technical solution of the embodiment can guarantee to improve authentication efficiency while the identification authentication security to communication equipment 100.
In one embodiment, further, the identification information of the acquisition communication equipment to be certified in step S101
Step may include:
It receives the identification information being stored in the chip of the communication equipment that communication equipment to be certified is sent and is set as this
The identification information of communication equipment.
The present embodiment is mainly to authenticate terminal 200 to obtain the identification information that communication equipment 100 is sent, wherein mark letter
Breath is the identification information that is stored in the chip of the communication equipment 100, and the present embodiment is by the identification information storage of communication equipment 100
In the chips, it can effectively avoid hacker from getting the identification information of the communication equipment 100 easily, further improve identity and recognize
The safety of card, and the program is also improved compared to the technological means for entering identification information into certification terminal 200 manually
Authentication efficiency.Moreover, the identification information being stored in the chip of communication equipment 100 be usually communication equipment 100 public key or
The corresponding public key cryptographic Hash of the public key, so even if hacker gets the identification information of communication equipment 100, it also can not be with certification eventually
The pairing of certification message is completed at end 200, ensure that the authentication safety to the communication equipment 100 for being linked into certification terminal 200
Property.
In one embodiment, further, the identification information of the acquisition communication equipment to be certified in step S101
Step may include:
Obtain the first identifier information being set on communication equipment to be certified;Receive what the communication equipment to be certified was sent
Second identifier information;First identifier information and second identifier information are compared;If first identifier information and second identifier letter
Manner of breathing is same, then first identifier information or second identifier authentification of message is set as identification information.
The present embodiment is mainly to authenticate terminal 200 to obtain the first identifier information being set on communication equipment 100 to be certified
And the second identifier information that communication equipment 100 is sent, and the first identifier information and second identifier information are compared, root
The identification information of communication equipment 100 is determined according to comparison result.
Wherein, first identifier information can be the identification information in the case surface of communication equipment 100, second identifier
Information is the identification information being stored in the chip of the communication equipment, and first identifier information and second identifier information can be logical
The public key of letter equipment 100 or public key cryptographic Hash corresponding with the public key.
The present embodiment, certification terminal 200 can receive communication equipment 100 hold user input be set to communication equipment
First identifier information in 100 case surface, can also obtain the transmission of communication equipment 100 is stored in the communication equipment 100
Second identifier information in chip, first identifier information and second identifier information are compared, if first identifier information and
Two identification informations are identical, then first identifier information or second identifier information are set as to the identification information of communication equipment 100, needed
Bright, first identifier information is identical with second identifier information, is not limited to first identifier information and second identifier information category
In identical information or data, as long as determining that first identifier information and second identifier information belong to according to certain ad hoc rules
Same identification information.
The technical solution of the present embodiment believes the mark of communication equipment 100 by first identifier information and second identifier information
Breath carries out re-authentication, under the case where first identifier information and second identifier information match, by first identifier information or
Second identifier information is set as the identification information of communication equipment 100, avoids the identification information of communication equipment 100 from being tampered and causes to authenticate
The defect of security of system is conducive to be further ensured that the identification authentication security and accuracy to communication equipment 100.
In one embodiment, the step of identification information of acquisition communication equipment to be certified in step s101 it
Before, can also include:
It establishes and communicates to connect by WiFi, bluetooth or usb communication mode and the communication equipment to be certified.
The present embodiment is mainly to carry out legitimacy certification in identity of the certification terminal 200 to communication equipment 100 to be certified,
It establishes and communicates to connect with the communication equipment 100, interacted for carrying out preliminary data information with communication equipment 100, number here
It is believed that breath refers to the required data information when the identity to communication equipment 100 carries out legitimacy certification, such as communication equipment
100 identification information etc..
In the present embodiment, communication equipment 100 may include PC, tablet computer, smart phone and be used for data
The communication equipments such as the electronic key equipment of encryption, wherein PC, tablet computer or smart mobile phone generally pass through WiFi or indigo plant
Tooth etc. wirelessly communicates connection type and certification terminal 200 is established and communicated to connect, and usually utilizes USB interface for electronic key equipment
It is communicatively coupled with certification terminal 200.
The technical solution of the present embodiment enables certification terminal 200 to treat by communication modes such as WiFi, bluetooth or USB
The communication equipment 100 of certification establishes communication connection, that is to say, that certification terminal 200 can be logical by WiFi, bluetooth or USB etc.
Letter mode authenticates the identity of communication equipment 100, communication equipment 100 by the communication modes such as WiFi, bluetooth or USB with
Certification terminal 200 establishes the safety that can ensure that the data information of certification terminal 200 when communication connection, and applicability is wide.
In one embodiment, a kind of identification authentication system of communication equipment is provided, is an implementation with reference to Fig. 3, Fig. 3
The structural block diagram of the identification authentication system of communication equipment in example, the identification authentication system of the communication equipment may include: that public key is looked into
Module 101, encrypting module 102 are ask, the first sending module 103 obtains module 104 and the first authentication module 105;Wherein,
Pubic-Key search module 101, for obtaining the identification information of communication equipment to be certified;According to identification information from public key
The public key with identification information match is inquired in library;
Encrypting module 102 encrypts certification message using public key to obtain encryption message for generating certification message;
First sending module 103 is sent to communication equipment for that will encrypt message, for triggering communication equipment using locally
The private key pair encryption message prestored is decrypted;
Module 104 is obtained, for obtaining the decryption message sent after communication equipment decryption;
First authentication module 105, for carrying out authentication to communication equipment according to decryption message and certification message.
The identification authentication system of the communication equipment of above-described embodiment enables certification terminal to accurately identify the communication of access
Whether equipment is legal communication equipment, avoids tradition and is difficult to accurately authenticate communication equipment by way of account number cipher password
The defect of identity improves communications security, and after determining the communication equipment that the communication equipment is legal access, is used for body
The data information of storage can be opened and be accessed to the communication equipment by the certification terminal of part certification, and user can further lead to
It crosses the legal communication equipment and the processing such as is edited, transmitted or encrypted to the information data of storage.
In one embodiment, the identification authentication system of communication equipment, further includes:
Public key acquisition unit, for obtaining the public key of communication equipment;Hash operation unit, for passing through hash algorithm to public affairs
Key carries out the public key cryptographic Hash that Hash operation generates communication equipment;Flag unit, for public key cryptographic Hash to be set as communicating
The identification information of equipment.
In one embodiment, the identification authentication system of communication equipment, further includes:
Seed generation unit, for generating seed key by quantum computer random;Public and private key generation unit, is used for
The private key for generating the public key of communication equipment using seed key and being matched with public key.
In one embodiment, the identification authentication system of communication equipment, further includes:
Secret key storing unit, for the private key of communication equipment to be stored in the safety chip of communication equipment.
In one embodiment, Pubic-Key search module 101 is further used for:
Obtain the identification information being set on communication equipment to be certified and the identification information for being set as the communication equipment.
In one embodiment, Pubic-Key search module 101 is further used for:
It receives the identification information being stored in the chip of communication equipment that communication equipment to be certified is sent and is set as this and lead to
Believe the identification information of equipment.
In one embodiment, Pubic-Key search module 101 is further used for:
Obtain the first identifier information being set on communication equipment to be certified;Receive that communication equipment to be certified sends the
Two identification informations;Wherein, second identifier information is stored in the chip of communication equipment;First identifier information and second identifier are believed
Breath is compared;If first identifier information is identical with second identifier information, first identifier information or second identifier information are recognized
Card is set as identification information.
In one embodiment, the identification authentication system of communication equipment, further includes:
Unit is communicated to connect, for communicating by WiFi, bluetooth or usb communication mode with communication equipment foundation to be certified
Connection.
In one embodiment, the first authentication module 105, is further used for:
Decryption message is compared with certification message;If it is identical as certification message to decrypt message, communication equipment is authenticated
For legal communication equipment;Otherwise determine that communication equipment is illegal communication equipment.
In one embodiment, communication equipment to be certified is the electronic key equipment for data encryption.
The specific of identification authentication system about communication equipment limits the identity that may refer to above for communication equipment
The restriction of authentication method, in the technical characteristic and its advantages of the embodiment elaboration of the identity identifying method of above-mentioned communication equipment
Suitable for the embodiment of the identity authorization system of communication equipment, details are not described herein.The authentication of above-mentioned communication equipment
Modules in device can be realized fully or partially through software, hardware and combinations thereof.Above-mentioned each module can be with hardware shape
Formula is embedded in or independently of in the processor in computer equipment, can also be stored in depositing in computer equipment in a software form
In reservoir, the corresponding operation of the above modules is executed in order to which processor calls.
In one embodiment, a kind of identity identifying method of communication equipment is also provided, is applied in this way below such as
Communication equipment 100 shown in FIG. 1 is illustrated, and is the authentication side of communication equipment in another embodiment with reference to Fig. 4, Fig. 4
The identity identifying method of the flow diagram of method, the communication equipment may include steps of:
S401 sends the identification information of local communication device to certification terminal, for triggering authentication terminal from public key library
The public key of inquiry and identification information match;Certification message is generated, certification message is encrypted using public key to obtain encryption message.
In this step, communication equipment 100 can send local communication device, that is, communication equipment 100 to certification terminal 200
The identification information of itself;Wherein, communication equipment 100 can refer to recognizes for establishing to communicate to connect and access with certification terminal 200
The equipment to be certified for demonstrate,proving the data information that terminal 200 stores, may include tablet computer 110 as shown in Figure 1, individual digital
The equipment such as assistant 120, smart phone 130 or the electronic key equipment for data encryption, the mark letter of communication equipment 100 itself
Breath refer in advance be 100 authorized appropriation of communication equipment identification information, for authenticate terminal 200 to the communication equipment 100 into
Row unique identification.
The device manufacturer of communication equipment 100 can for the authorization communication equipment 100 distribution for the communication equipment into
The public and private key pair of row authentication, the public and private key authenticate terminal to can store in the public key library of certification terminal 200
200 public key library can recorde the public key of the communication equipment of multiple authorizations, and the public key of each communication equipment 100 can be with distribution
Identification information corresponds, and the identification information of itself is sent to certification terminal 200 by communication equipment 100, triggers the certification terminal
200 extract the public key with the identification information match from public key library.Such as it can be with triggering authentication terminal 200 according to communication equipment
100 identification information indexes out public key corresponding with the identification information from public key library.
It authenticates terminal 200 obtaining with after the public key of the identification information match of communication equipment 100, a certification can be generated and disappear
Breath, which is mainly used for authenticating the identity of communication equipment 100, in order to guarantee the accuracy and peace of authentication
Quan Xing, the certification message can be the random number that certification terminal 200 generates.
Certification terminal 200 is disappeared the certification of generation using acquisition and the public key of the identification information match of communication equipment 100
Breath is encrypted to obtain encryption message, since the encryption message is encrypted by distributing to the public key of the communication equipment 100
, so the encryption message could be decrypted correctly with the equipment of the secret of the public key match by only possessing, and other set
It is standby encryption message to be decrypted in the case where not knowing the secret with the public key match, to ensure that communication
Safety in the authentication procedures of equipment 100.
S402 receives the encryption message that certification terminal is sent.
In this step, communication equipment 100 can receive what certification terminal 200 was sent with communication modes such as WiFi, bluetooth or USB
Encrypt message.
S403 is decrypted to obtain decryption message using the private key pair encryption message locally prestored.
Wherein, after communication equipment 100 receives the encryption message that certification terminal 200 is sent, communication equipment 100 can use this
The private key that ground prestores is decrypted the encryption message to obtain decryption message, wherein what the local of communication equipment 100 prestored
When private key refers to that the device manufacturer such as the communication equipment 100 carries out device authorization to the communication equipment 100, distribution and public key
The private key of pairing, communication equipment 100 can pass through the public key encryption that matches with the private key to certification terminal 200 using the private key
Message is decrypted correctly, and obtains accurately solving confidential information, however since the encryption that illegality equipment receives certification terminal 200 disappears
When breath, the private key being locally stored in communication equipment 100 with public key pairing can not be known, also encryption message can not just be carried out
Decryption, ensure that the safety to communication equipment authentication.
Decryption message is sent to certification terminal, for triggering authentication terminal according to decryption message and certification message by S404
Authentication is carried out to local communication device.
This step is mainly that the decryption message that decryption obtains is sent to certification terminal 200 by communication equipment 100, in order to anti-
Only the leakage decryption message in message transmitting procedure, the public key that communication equipment 100 can use certification terminal 200 obtain decryption
Decryption message encrypted after be sent to certification terminal 200, certification terminal 200 obtain decryption message after, can use certification
The private key decryption of terminal 200 itself can obtain decryption message, and certification terminal 200 can be according to the certification message and the solution of generation
The identity of close message authentication communication equipment 100, typically, since the communication equipment of only legal authorization could be to certification terminal
200 encryption message is decrypted correctly, so certification terminal 200 certification message and the decryption message can be compared,
It whether is legal communication equipment according to the result judgement communication equipment 100 of comparison.
For example, certification terminal 200 certification message and the decryption message can be compared, if certification message and the decryption
Message is identical, and it is legal communication equipment that certification terminal 200, which then authenticates communication equipment 100, if certification message and the decryption message
Not identical, certification terminal 200 then determines that communication equipment 100 is illegal communication equipment.It should be noted that certification message and solution
Close message is identical to be not limited to certification message and the decryption message belongs to identical information or data, as long as according to certain
Ad hoc rules determines that certification message and the decryption message belong to same message.
The identity identifying method of the communication equipment of above-described embodiment sends the mark letter of local communication device to certification terminal
Breath, triggering authentication terminal is inquired from public key library and the public key of identification information match, and is carried out using the public key to certification message
Encryption obtains encryption message, receives the encryption message and is decrypted using the private key pair encryption message locally prestored, will be decrypted
Decryption message afterwards is sent to the certification terminal triggering authentication terminal according to decryption message and certification message to local communication device
Authentication is carried out, this method enables certification terminal to accurately identify whether the local communication device of access is legal communication
Equipment avoids tradition and is difficult to accurately authenticate the defect of communication equipment identity by way of account number cipher password, improves logical
Believe safety, and the certification terminal after determining the communication equipment that local communication device is legal access, for authentication
It can be accessed to the local communication device by the data information of storage is open, user can be further legal logical by this
Letter equipment, which is edited the information data of storage, transmitted or encrypt etc., to be handled.
In one embodiment, can also include the following steps:
Obtain the public key of local communication device;Hash operation is carried out to public key by hash algorithm and generates local communication device
Public key cryptographic Hash;Public key cryptographic Hash is set as to the identification information of local communication device.
The present embodiment is mainly before certification terminal 200 carries out authentication to communication equipment 100, communication equipment 100
Utilize the public key setting identification information of local communication device, that is, communication equipment 100 itself.
It in advance can be that multiple communication equipments 100 distribute public and private key pair by the device manufacturer of communication equipment 100, it is main
It is used to carry out each communication equipment 100 authorization identifying, and the public key for distributing each communication equipment 100 using hash algorithm
Hash operation is carried out, generates the corresponding public key cryptographic Hash of each communication equipment 100, and the public key cryptographic Hash is set as respective communication
The identification information of equipment 100.
Such as hash algorithm can be used by the public key of communication equipment 100 significantly in the device manufacturer of communication equipment 100
It shorten to 24 characters.Since the identification information of communication equipment is obtained by carrying out Hash operation to public key, i.e., mark is believed
Breath is the cryptographic Hash of the public key of the communication equipment, and cryptographic Hash is referred to and converted one section of arbitrarily long source data using hash algorithm
Made of regular length data value, source data occur even 1 bit change in the case where, Hash corresponding with the source data
Value can also change.
The cryptographic Hash of communication equipment public key is set as the identification information of communication equipment 100 by the technical solution of the present embodiment, is made
It must authenticate after terminal 200 obtains the identification information, be that index is found out from public key library pair with the cryptographic Hash of communication equipment public key
The public key answered also improves the public key for obtaining communication equipment 100 while guaranteeing that the public key of communication equipment 100 is not revised
Accuracy, it is legal to palm off when can prevent the communication equipment of any hacker by WiFi or linking bluetooth to certification terminal 200
Communication equipment, can also effectively avoid malware attacks of the USB link to certification terminal 200 when, and the communication equipment
The cryptographic Hash of public key can disclose, since the communication equipment of personation can not know the private key of legal communication equipment 100, even if black
The cryptographic Hash that visitor is aware of the communication equipment public key is also unable to complete the pairing of certification message, to further ensure to communication
The safety of the authentication of equipment.
In one embodiment, can also include the following steps:
Seed key is generated by quantum computer random;Using the seed key generate communication equipment public key and with
The private key of public key pairing.
It is that each communication equipment 100 generates public and private key pair, communication equipment that the present embodiment, which mainly utilizes quantum computer,
100 device manufacturer can be that communication equipment 100 generates a seed key by quantum computer random, pass through this seed
Key generates public and private key pair, i.e. the public key of generation communication equipment 100 and the private key with public key pairing.
The scheme of the present embodiment is true random number by the random number that quantum techniques generate, and the random degree of the random number
Very high, having no rule can say, so generating the public and private key pair of communication equipment 100 using the random number as seed key, guarantee
The uniqueness of key pair can be further increased to being linked into compared to the security certification system for using pseudo-random number generator
Authenticate the identification authentication security of the communication equipment 100 of terminal 200.
In one embodiment, further, the private key locally prestored is the safety chip for being stored in local communication device
In private key.
The present embodiment is mainly that the private key of itself is stored in the safety chip of the communication equipment by communication equipment 100.This
The private key can be stored in each communication equipment 100 certainly after generating corresponding private key for each communication equipment 100 by embodiment
In the safety chip of body, which is equipped with independent storage unit, is mainly used for storing private key, since the private key is stored in
In this hardware of safety chip, that is to say, that the private key of communication equipment 100 is firmly stored the safe core of communication equipment 100
In piece, the communication equipment 100 will not be left, and being stored in the private key in safety chip is by encryption, therefore this implementation
The technical solution of example carries out the private that reverse-engineering cracks communication equipment 100 after hacker can be effectively prevent to obtain communication equipment 100
Key further improves the identification authentication security to the communication equipment 100 for being linked into certification terminal 200.
In one embodiment, further, identification information includes the identification information on local communication device or deposits
Store up the identification information in the chip of the local communication device.
In the present embodiment, the identification information of communication equipment 100 itself can be to be engraved in the surface of the communication equipment 100 such as
Case surface.
Communication equipment 100 is held user and can be passed through the identification information for 100 case surface of communication equipment that this is set to
The input equipment such as keyboard for authenticating terminal 200 are input in certification terminal 200, and certification terminal 200 can receive the communication of input
The identification information of 100 case surface of equipment, and the identification information is set as to the identification information of the communication equipment.
Certification the available communication equipment 100 of terminal 200 hold user input be set to 100 case surface of communication equipment
Identification information, which can be the public key of communication equipment 100, and the number of characters of public key generally compare it is more, so
The cryptographic Hash of the public key of communication equipment 100 can be set as identification information, to shorten the number of characters of user's input, the program can
Guarantee to improve authentication efficiency while the identification authentication security to communication equipment 100.
In the present embodiment, the identification information of communication equipment 100 itself may be the core for being stored in the local communication device
Identification information in piece.
It authenticates terminal 200 and obtains the identification information that communication equipment 100 is sent, wherein the identification information is to be stored in this to lead to
Believe equipment 100 chip in identification information, the program by the identification information storage of communication equipment 100 in the chips, Neng Gouyou
Effect avoids hacker from getting the identification information of the communication equipment 100 easily, further improves the safety of authentication, and
The program also improves authentication efficiency compared to the technological means for entering identification information into certification terminal 200 manually.Moreover,
The identification information being stored in the chip of communication equipment 100 is usually the public key or the corresponding public affairs of the public key of communication equipment 100
Key cryptographic Hash, so also can not complete to authenticate with certification terminal 200 even if hacker gets the identification information of communication equipment 100
The pairing of message ensure that the identification authentication security to the communication equipment 100 for being linked into certification terminal 200.
In one embodiment, identification information includes the first identifier information on local communication device and is stored in this
Second identifier information in the chip of local communication device;
In step S101 to certification terminal send local communication device identification information the step of may include:
First identifier information and second identifier information are sent to certification terminal, believes first identifier for triggering authentication terminal
Breath and second identifier information are compared;If first identifier information is identical with second identifier information, by first identifier information or
Second identifier authentification of message is set as the identification information of local communication device.
In the present embodiment, first identifier information can be the identification information in the case surface of communication equipment 100, the
Two identification informations are the identification information being stored in the chip of the communication equipment, and first identifier information and second identifier information all may be used
Be communication equipment 100 public key or public key cryptographic Hash corresponding with the public key.
The present embodiment, communication equipment 100 hold user can by authenticate terminal 200 input equipment to certification terminal
200 send first identifier information and second identifier information, and certification terminal 200 can receive first identifier information and second identifier
Information, and first identifier information and second identifier information are compared, if first identifier information is identical with second identifier information,
First identifier information or second identifier information are then set as to the identification information of communication equipment 100, it should be noted that first identifier
Information is identical with second identifier information, is not limited to first identifier information and second identifier information belongs to identical information
Or data, as long as determining that first identifier information and second identifier information belong to same identification information i.e. according to certain ad hoc rules
It can.
The technical solution communication equipment 100 of the present embodiment sends first identifier information and second identifier to certification terminal 200
Information triggering authentication terminal 200 carries out re-authentication to the identification information of communication equipment 100, marks in first identifier information and second
Know under the case where information matches, first identifier information or second identifier information be set as to the identification information of communication equipment 100,
It avoids the identification information of communication equipment 100 from being tampered the defect for causing Verification System safety, is conducive to be further ensured that logical
Believe the identification authentication security and accuracy of equipment 100.
In one embodiment, before the identification information to certification terminal transmission local communication device of step S101,
May include:
It establishes and communicates to connect by WiFi, bluetooth or usb communication mode and certification terminal.
The present embodiment is mainly before the data letter of 100 access registrar terminal 200 of communication equipment, with certification terminal 200
Communication connection is established, is interacted for carrying out preliminary data information with certification terminal 200, data information here, which refers to, to be authenticated
Required data information when carrying out legitimacy certification to the identity of communication equipment 100 of terminal 200, such as communication equipment 100
Identification information etc..
In the present embodiment, communication equipment 100 may include PC, tablet computer, smart phone and be used for data
The communication equipments such as the electronic key equipment of encryption, wherein PC, tablet computer or smart mobile phone generally pass through WiFi or indigo plant
Tooth etc. wirelessly communicates connection type and certification terminal 200 is established and communicated to connect, and usually utilizes USB interface for electronic key equipment
It is communicatively coupled with certification terminal 200.
The technical solution of the present embodiment enables certification terminal 200 to treat by communication modes such as WiFi, bluetooth or USB
The communication equipment 100 of certification establishes communication connection, that is to say, that certification terminal 200 can be logical by WiFi, bluetooth or USB etc.
Letter mode authenticates the identity of communication equipment 100, communication equipment 100 by the communication modes such as WiFi, bluetooth or USB with
Certification terminal 200 establishes the safety that can ensure that the data information of certification terminal 200 when communication connection, and applicability is wide.
In one embodiment, a kind of identification authentication system of communication equipment is provided, is another reality with reference to Fig. 5, Fig. 5
The structural block diagram of the identification authentication system of communication equipment in example is applied, the identification authentication system of the communication equipment may include: second
Sending module 401, receiving module 402, deciphering module 403 and the second authentication module 404;Wherein,
Second sending module 401 is used for triggering authentication for sending the identification information of local communication device to certification terminal
Terminal is inquired and the public key of identification information match from public key library;Certification message is generated, certification message is added using public key
It is close to obtain encryption message;
Receiving module 402, the encryption message sent for receiving certification terminal;
Deciphering module 403 obtains decryption message for being decrypted using the private key pair encryption message locally prestored;
Second authentication module 404 is sent to certification terminal for that will decrypt message, for triggering authentication terminal according to decryption
Message and certification message carry out authentication to local communication device.
The identification authentication system of the communication equipment of above-described embodiment enables certification terminal to accurately identify the communication of access
Whether equipment is legal communication equipment, avoids tradition and is difficult to accurately authenticate communication equipment by way of account number cipher password
The defect of identity improves communications security, and after determining the communication equipment that the communication equipment is legal access, is used for body
The data information of storage can be opened and be accessed to the communication equipment by the certification terminal of part certification, and user can further lead to
It crosses the legal communication equipment and the processing such as is edited, transmitted or encrypted to the information data of storage.
In one embodiment, the identification authentication system of communication equipment can also include:
Public key acquisition module, for obtaining the public key of local communication device;Hash operation module, for passing through hash algorithm
The public key cryptographic Hash that Hash operation generates local communication device is carried out to public key;Flag module is used for public key cryptographic Hash
It is set as the identification information of local communication device.
In one embodiment, the identification authentication system of communication equipment can also include:
Seed generation module, for generating seed key by quantum computer random;Public and private key generation module, for benefit
The private key for being generated the public key of communication equipment with the seed key and being matched with the public key.
In one embodiment, the private key locally prestored is the private key being stored in the safety chip of local communication device.
In one embodiment, identification information includes the identification information on local communication device or is stored in the local
Identification information in the chip of communication equipment.
In one embodiment, identification information includes the first identifier information on local communication device and is stored in this
Second identifier information in the chip of local communication device.
Second sending module 401 is further used for: sending first identifier information and second identifier information to certification terminal, uses
First identifier information and second identifier information are compared in triggering authentication terminal;If first identifier information and second identifier letter
Manner of breathing is same, then first identifier information or second identifier authentification of message are set as to the identification information of local communication device.
In one embodiment, the identification authentication system of communication equipment can also include:
Communication connection module, for establishing and communicating to connect by WiFi, bluetooth or usb communication mode and certification terminal.
In one embodiment, decryption message be further used for: triggering authentication terminal will decrypt message and certification message into
Row compares;If it is identical as certification message to decrypt message, authenticating local communication device is legal communication equipment;Otherwise determine this
Ground communication equipment is illegal communication equipment.
In one embodiment, local communication device is the electronic key equipment for data encryption.
The specific of identification authentication system about communication equipment limits the identity that may refer to above for communication equipment
The restriction of authentication method, in the technical characteristic and its advantages of the embodiment elaboration of the identity identifying method of above-mentioned communication equipment
Suitable for the embodiment of the identity authorization system of communication equipment, details are not described herein.The authentication of above-mentioned communication equipment
Modules in device can be realized fully or partially through software, hardware and combinations thereof.Above-mentioned each module can be with hardware shape
Formula is embedded in or independently of in the processor in computer equipment, can also be stored in depositing in computer equipment in a software form
In reservoir, the corresponding operation of the above modules is executed in order to which processor calls.
The identity identifying method of communication equipment provided in an embodiment of the present invention can be applied in following application scenarios, make
Obtain the communication security that can guarantee equipment in each scene.
In practical applications, each equipment is each equipped with a public key and paired private key, passes through the public key encryption
Data can only can just decrypt the encrypted data with the private key of pairing.Assuming that equipment A and equipment B are communicated,
Then equipment A and equipment B can give respective public key to other side respectively, i.e. public key A is sent to equipment B by equipment A, and equipment B will
Public key B is sent to equipment B.When equipment A and equipment B receive other side's public key, need first to confirm whether the public key is pair
The public key of side, i.e. equipment A need to confirm whether the public key received is public key B, and equipment B then needs to confirm that the public key received is
No is that public key A can be led to by the public key encryption information with other side once the public key that confirmation receives is the public key of other side
Letter.
Confirm whether the public key that receives is that the process of legal public key can correspond to recognize the equipment for sending public key
The process of card is described in detail the verification process so that equipment A authenticates the public key received as an example:
The identification information for the equipment B that the available equipment to be certified of equipment A is sent, which can be sets set on this
The public key cryptographic Hash of the case surface of standby B, equipment A can according to the public key cryptographic Hash from local public key library match query
Public key B, and one section of complicated certification message is generated, the certification message is encrypted using public key B, obtains encryption message,
Then the encryption message is issued into equipment to be certified.At this time, it is assumed that equipment to be certified is equipment B, then equipment B can pass through its private
Key B is decrypted to obtain decryption message to the encryption message and is sent to equipment A, so that equipment A completes certification.But if to
Authenticating device is hacked equipment H, and what is sent to equipment A is the public key cryptographic Hash of equipment B, then since hacked equipment H does not have
The private key B of equipment B, so hacked equipment H will be unable to be decrypted correctly the encryption message, to be unable to get certification letter
Breath, is also unable to complete certification, and equipment A would not also carry out any data communication with hacked equipment H, hacked equipment H also without
Method intercepts any information of equipment A transmission, it is ensured that communication security.
In addition, the public key H of oneself can also be sent to equipment A and equipment B by hacked equipment H, but equipment A and equipment B
It can find that the public key of public key H and untrusted devices, i.e. equipment A can be found that public key H not by similar mode
It is the public key of equipment B, equipment B can be found that public key H is not the public key of equipment A, to not occur with hacked equipment H any
Data communication, to ensure that the safety of communication.
In one embodiment, a kind of computer equipment is provided, which can be server, internal junction
Composition can be as shown in Figure 6.The computer equipment include by system bus connect processor, memory, network interface and
Database.Wherein, the processor of the computer equipment is for providing calculating and control ability.The memory packet of the computer equipment
Include non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program and data
Library.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating
Required data in the process flow for the identity identifying method that the database of machine equipment is used to store communication equipment.The computer
The network interface of equipment is used to communicate with external terminal by network connection.With reality when the computer program is executed by processor
The now identity identifying method of communication equipment described in any embodiment as above.
In one embodiment, a kind of computer equipment is provided, which can be terminal, internal structure
Figure can be as shown in Figure 7.The computer equipment includes processor, the memory, network interface, display connected by system bus
Screen and input unit.Wherein, the processor of the computer equipment is for providing calculating and control ability.The computer equipment is deposited
Reservoir includes non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system and computer journey
Sequence.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating
The network interface of machine equipment is used to communicate with external terminal by network connection.When the computer program is executed by processor with
Realize a kind of identity identifying method of communication equipment.The display screen of the computer equipment can be liquid crystal display or electronic ink
Water display screen, the input unit of the computer equipment can be the touch layer covered on display screen, be also possible to computer equipment
Key, trace ball or the Trackpad being arranged on shell can also be external keyboard, Trackpad or mouse etc..
In one embodiment, a kind of electronic key equipment is provided, internal structure chart can be as shown in figure 8, the electricity
Sub-key equipment includes processor, the memory, communication interface connected by system bus.Wherein, the place of electronic key equipment
It includes non-volatile memory medium, interior storage that device, which is managed, for offer calculating and control ability, the memory of the electronic key equipment
Device, the non-volatile memory medium are stored with computer program, which is the computer in non-volatile memory medium
The operation of program provides environment, and the communication interface of the electronic key equipment is used to communicate to connect with external terminal.The computer
A kind of identity identifying method of communication equipment is realized when program is executed by processor.
It will be understood by those skilled in the art that structure shown in Fig. 6 to Fig. 8, only relevant to the present invention program
The block diagram of part-structure, does not constitute the restriction for being applied to equipment as above to the present invention program, and specific equipment may include
Than more or fewer components as shown in the figure, certain components are perhaps combined or with different component layouts.
In one embodiment, a kind of computer equipment is provided, including memory, processor and storage are on a memory
And the computer program that can be run on a processor, processor perform the steps of when executing computer program
Obtain the identification information of communication equipment to be certified;It is inquired from public key library according to the identification information and identification information
Matched public key;Certification message is generated, certification message is encrypted using the public key to obtain encryption message;Message will be encrypted extremely
Communication equipment;Obtain the decryption message sent after communication equipment decryption;According to decryption message and certification message to the communication equipment
Carry out authentication.
In one embodiment, it is also performed the steps of when processor executes computer program
Obtain the public key of communication equipment;The public key that Hash operation generates communication equipment is carried out to the public key by hash algorithm
Cryptographic Hash;The public key cryptographic Hash is set as to the identification information of communication equipment.
In one embodiment, it is also performed the steps of when processor executes computer program
Seed key is generated by quantum computer random;Using the seed key generate communication equipment public key and with
The private key of public key pairing.
In one embodiment, it is also performed the steps of when processor executes computer program
The private key of communication equipment is stored in the safety chip of the communication equipment.
In one embodiment, it is also performed the steps of when processor executes computer program
Obtain the identification information that the identification information being set on communication equipment to be certified is set as the communication equipment.
In one embodiment, it is also performed the steps of when processor executes computer program
It receives the identification information being stored in the chip of the communication equipment that communication equipment to be certified is sent and is set as this
The identification information of communication equipment.
In one embodiment, it is also performed the steps of when processor executes computer program
Obtain the first identifier information being set on communication equipment to be certified;Receive what the communication equipment to be certified was sent
Second identifier information;First identifier information and second identifier information are compared;If first identifier information and second identifier letter
Manner of breathing is same, then first identifier information or second identifier authentification of message is set as identification information.
In one embodiment, it is also performed the steps of when processor executes computer program
It establishes and communicates to connect by WiFi, bluetooth or usb communication mode and the communication equipment to be certified.
In one embodiment, a kind of electronic key equipment is provided, can be used for encrypting data, including storage
Device, processor and storage on a memory and the computer program that can run on a processor, processor execution computer program
When perform the steps of
The identification information that local communication device is sent to certification terminal, inquire from public key library for triggering authentication terminal and
The public key of identification information match;Certification message is generated, certification message is encrypted using public key to obtain encryption message;Reception is recognized
Demonstrate,prove the encryption message that terminal is sent;It is decrypted to obtain decryption message using the private key pair encryption message locally prestored;It will decryption
Message is sent to certification terminal, carries out body to local communication device according to decryption message and certification message for triggering authentication terminal
Part certification.
In one embodiment, it is also performed the steps of when processor executes computer program
Obtain the public key of local communication device;Hash operation is carried out to public key by hash algorithm and generates local communication device
Public key cryptographic Hash;Public key cryptographic Hash is set as to the identification information of local communication device.
In one embodiment, it is also performed the steps of when processor executes computer program
Seed key is generated by quantum computer random;Using the seed key generate communication equipment public key and with
The private key of public key pairing.
In one embodiment, it is also performed the steps of when processor executes computer program
First identifier information and second identifier information are sent to certification terminal, believes first identifier for triggering authentication terminal
Breath and second identifier information are compared;If first identifier information is identical with second identifier information, by first identifier information or
Second identifier authentification of message is set as the identification information of local communication device.
In one embodiment, it is also performed the steps of when processor executes computer program
It establishes and communicates to connect by WiFi, bluetooth or usb communication mode and certification terminal.
The computer equipment and electronic key equipment of above-described embodiment enable certification terminal to accurately identify the logical of access
Believe whether equipment such as electronic key equipment is legal communication equipment, avoids tradition and be difficult to by way of account number cipher password
The defect of accurate certification communication equipment identity, improves communications security, and determining that the communication equipment is legal access
After communication equipment, the certification terminal for authentication can open the data information of storage visits to the communication equipment
It asks, user further can be edited to the information data of storage by the legal communication equipment, transmit or encrypt etc.
Reason.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated
Machine program performs the steps of when being executed by processor
Obtain the identification information of communication equipment to be certified;It is inquired from public key library according to the identification information and identification information
Matched public key;Certification message is generated, certification message is encrypted using the public key to obtain encryption message;Message will be encrypted extremely
Communication equipment;Obtain the decryption message sent after communication equipment decryption;According to decryption message and certification message to the communication equipment
Carry out authentication.
In one embodiment, it is also performed the steps of when computer program is executed by processor
Obtain the public key of communication equipment;The public key that Hash operation generates communication equipment is carried out to the public key by hash algorithm
Cryptographic Hash;The public key cryptographic Hash is set as to the identification information of communication equipment.
In one embodiment, it is also performed the steps of when computer program is executed by processor
Seed key is generated by quantum computer random;Using the seed key generate communication equipment public key and with
The private key of public key pairing.
In one embodiment, it is also performed the steps of when computer program is executed by processor
The private key of communication equipment is stored in the safety chip of the communication equipment.
In one embodiment, it is also performed the steps of when computer program is executed by processor
Obtain the identification information that the identification information being set on communication equipment to be certified is set as the communication equipment.
In one embodiment, it is also performed the steps of when computer program is executed by processor
It receives the identification information being stored in the chip of the communication equipment that communication equipment to be certified is sent and is set as this
The identification information of communication equipment.
In one embodiment, it is also performed the steps of when computer program is executed by processor
Obtain the first identifier information being set on communication equipment to be certified;Receive what the communication equipment to be certified was sent
Second identifier information;First identifier information and second identifier information are compared;If first identifier information and second identifier letter
Manner of breathing is same, then first identifier information or second identifier authentification of message is set as identification information.
In one embodiment, it is also performed the steps of when computer program is executed by processor
It establishes and communicates to connect by WiFi, bluetooth or usb communication mode and the communication equipment to be certified.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated
Machine program performs the steps of when being executed by processor
The identification information that local communication device is sent to certification terminal, inquire from public key library for triggering authentication terminal and
The public key of identification information match;Certification message is generated, certification message is encrypted using public key to obtain encryption message;Reception is recognized
Demonstrate,prove the encryption message that terminal is sent;It is decrypted to obtain decryption message using the private key pair encryption message locally prestored;It will decryption
Message is sent to certification terminal, carries out body to local communication device according to decryption message and certification message for triggering authentication terminal
Part certification.
In one embodiment, it is also performed the steps of when computer program is executed by processor
Obtain the public key of local communication device;Hash operation is carried out to public key by hash algorithm and generates local communication device
Public key cryptographic Hash;Public key cryptographic Hash is set as to the identification information of local communication device.
In one embodiment, it is also performed the steps of when computer program is executed by processor
Seed key is generated by quantum computer random;Using the seed key generate communication equipment public key and with
The private key of public key pairing.
In one embodiment, it is also performed the steps of when computer program is executed by processor
First identifier information and second identifier information are sent to certification terminal, believes first identifier for triggering authentication terminal
Breath and second identifier information are compared;If first identifier information is identical with second identifier information, by first identifier information or
Second identifier authentification of message is set as the identification information of local communication device.
In one embodiment, it is also performed the steps of when computer program is executed by processor
It establishes and communicates to connect by WiFi, bluetooth or usb communication mode and certification terminal.
The computer readable storage medium of above-described embodiment enables certification terminal to accurately identify the communication equipment of access
Whether it is legal communication equipment, avoids tradition and be difficult to accurately authenticate communication equipment identity by way of account number cipher password
Defect, improve communications security, and after determining the communication equipment that the communication equipment is legal access, recognize for identity
The data information of storage can be opened and be accessed to the communication equipment by the certification terminal of card, and user can be further by being somebody's turn to do
Legal communication equipment such as is edited to the information data of storage, transmitted or is encrypted at the processing.
In one embodiment, a kind of identity authorization system of communication equipment is provided, is an implementation with reference to Fig. 9, Fig. 9
The structural schematic diagram of the identity authorization system of communication equipment in example, the identity authorization system of the communication equipment may include: as above
The computer equipment 300 of any one embodiment, and the as above electronic key equipment 400 of any one embodiment;Wherein, it uses
Family can be established by electronic key equipment 400 and computer equipment 300 and be communicated to connect, computer equipment 300 and electronic key
Equipment 400 executes the identity identifying method of the communication equipment of any one embodiment as above, so that 300 pairs of computer equipment accesses
The identity of electronic key equipment 400 authenticated, it is former to one of work of the identity authorization system of communication equipment below
Reason is described in detail:
The first mark of electronic key equipment 400 held user and can will be engraved in the case surface of electronic key equipment 400
The public key cryptographic Hash for knowing information such as electronic key equipment 400 is input in computer equipment 300, and computer equipment 300 can obtain
The public key cryptographic Hash of the second identifier information being stored in the chip of electronic key equipment 400 such as electronic key equipment 400 is taken, is counted
Calculating machine equipment 300 can be compared with first identifier information and second identifier information, if first identifier information and second identifier
Information is identical, and computer equipment 300 then sets first identifier information or second identifier information to the mark of electronic key equipment 400
Know information, computer equipment 300 can extract and the identification information from the public key library locally prestored according to the identification information
The public key of matched electronic key equipment 400, and a certification message is generated at random, the public key using electronic key equipment 400 adds
The close certification message obtains encryption message, encryption message is sent to electronic key equipment 400, electronic key equipment 400 utilizes
It is being locally stored to be decrypted with public key pairing private key pair encryption message, decryption message is obtained, by the decryption message feedback
To computer equipment 300, computer equipment 300 is compared message is decrypted with the certification message of generation, if decryption message with
It is identical to authenticate message, then authenticating electronic key equipment 400 is legal communication equipment, and computer equipment 300 can be with open interior
The data information electron key devices 400 of storage access.
In one embodiment, the quantity of electronic key equipment 400 is at least two.
In the present embodiment, the private key that the local of each electronic key equipment 400 prestores is identical private key, this technology
Scheme provides at least two electronic key equipment 400 for user, prevents user in use electronic key equipment 400 to related data
After being encrypted, due to electronic key equipment 400 loss and cause encryption data can not access or decrypt the case where,
, can also be using other electronic key equipment of pairing to adding in the case that even if user loses one of electronic key equipment
Close data access, and improve easy-to-use.
The identity authorization system of communication equipment provided by the above embodiment enables certification terminal to accurately identify access
Whether communication equipment is legal communication equipment, avoids tradition and is difficult to accurately authenticate communication by way of account number cipher password
The defect of equipment identities improves communications security, and after determining the communication equipment that the communication equipment is legal access, uses
The data information of storage can be opened in the certification terminal of authentication and be accessed to the communication equipment, user can be into one
Step is edited, transmitted or is encrypted to the information data of storage etc. by the legal communication equipment and handled.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer
In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein,
To any reference of memory, storage, database or other media used in each embodiment provided by the present invention,
Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM
(PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include
Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms,
Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing
Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM
(RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality
It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, all should be considered as described in this specification.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to protection of the invention
Range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.