CN109361669A

CN109361669A - Identity identifying method, device and the equipment of communication equipment

Info

Publication number: CN109361669A
Application number: CN201811224648.1A
Authority: CN
Inventors: 巴勒色蒂莫西埃林; 于三龙; 甘图斯尤瑞
Original assignee: One Platinum Co Ltd
Current assignee: AiSiPaiKe (Shenzhen) Technology Co.,Ltd.
Priority date: 2018-10-19
Filing date: 2018-10-19
Publication date: 2019-02-19
Anticipated expiration: 2038-10-19
Also published as: CN109361669B

Abstract

The present invention relates to a kind of identity identifying method of communication equipment and devices, and the method comprising the steps of: obtaining the identification information of communication equipment to be certified；It is inquired from public key library according to identification information and the public key of the identification information match；Certification message is generated, certification message is encrypted using the public key to obtain encryption message；Encryption message is sent to communication equipment and triggers the communication equipment and is decrypted using the private key pair encryption message locally prestored；Obtain the decryption message sent after communication equipment decryption；Authentication is carried out to communication equipment according to decryption message and certification message, can accurately identify whether communication equipment is legal communication equipment, tradition is avoided to be difficult to accurately authenticate the defect of communication equipment identity by way of account number cipher password, communications security is improved, information data can be handled by the legitimate correspondence equipment.Also provide a kind of computer equipment, electronic key equipment, communication equipment identity authorization system and computer readable storage medium.

Description

Identity identifying method, device and the equipment of communication equipment

Technical field

The present invention relates to technical field of communication safety and comprising, identity identifying method, communication more particularly to a kind of communication equipment The identification authentication system of equipment, computer equipment, electronic key equipment, the identity authorization system of communication equipment and computer-readable Storage medium.

Background technique

With the fast development of information technology, a large amount of information data needs are stored in such as PC, mobile phone or service In the various terminal equipments such as device, these data usually pass through internet and carry out data transmission between each communication equipment and data Exchange carries out identification certification to the identity of the communication equipment, is beneficial to prevent before these data informations are accessed or are transmitted Illegality equipment avoids confidential information from being leaked the malicious access of information data.

In the conventional technology, communication equipment access host generally can be by being accessed the number being stored in the host by user It is believed that breath, before communication equipment accesses to data information, host usually may require that user passes through the communication equipment of access It inputs the passwords such as the account number cipher of setting to be authenticated, just allows user to information data after the completion of host is to the password authentication It accesses, however since the passwords such as the account number cipher of legitimate user are easy to be leaked, any use for knowing the password per family can The data information of host is accessed easily, it is difficult to be confirmed whether the identity of the user is legal, be easy to cause illegal user logical by this The problem of letter equipment intrusion host steals related data information, reduces communications security.

Summary of the invention

Based on this, it is necessary to for the problem that traditional technology communications security is relatively low, provide a kind of identity of communication equipment Authentication method, the identification authentication system of communication equipment, computer equipment, electronic key equipment, communication equipment authentication system System and computer readable storage medium.

In one embodiment, a kind of identity identifying method of communication equipment is provided, comprising steps of

Obtain the identification information of communication equipment to be certified；It is inquired from public key library according to the identification information and the mark Know the public key of information matches；

Certification message is generated, the certification message is encrypted using the public key to obtain encryption message；

The encryption message is sent to the communication equipment, for triggering the communication equipment using the private locally prestored The encryption message is decrypted in key；

Obtain the decryption message sent after the communication equipment decryption；

Authentication is carried out to the communication equipment according to the decryption message and certification message.

The identity identifying method of above-mentioned communication equipment obtains the identification information of communication equipment to be certified, according to the mark Information is inquired from public key library and the public key of the identification information match, is encrypted the certification message of generation using the public key Encryption message is obtained, and encryption message feedback is disappeared to communication equipment triggering communication equipment using the private key pair encryption locally prestored Breath is decrypted, the decryption message sent after receiving communication device decryption, according to the decryption message with certification message to described Communication equipment carries out authentication, and whether the communication equipment that this method can accurately identify access is legal communication equipment, is kept away Exempt from tradition to be difficult to accurately authenticate the defect of communication equipment identity by way of account number cipher password, improves communication security Property, and after determining the communication equipment that the communication equipment is legal access, the host for authentication can be by storage Data information opening accesses to the communication equipment, and user can be further by the legal communication equipment to the letter of storage Breath data, which are edited, transmitted or encrypts etc., to be handled.

In one embodiment, it further comprises the steps of:

Obtain the public key of the communication equipment；The public key is carried out described in Hash operation generation by hash algorithm The public key cryptographic Hash of communication equipment；The public key cryptographic Hash is set as to the identification information of the communication equipment.

In one embodiment, it further comprises the steps of:

Seed key is generated by quantum computer random；The public key of the communication equipment is generated using the seed key And the private key with public key pairing.

In one embodiment, it further comprises the steps of:

The private key of the communication equipment is stored in the safety chip of the communication equipment.

In one embodiment, the step of identification information for obtaining communication equipment to be certified includes:

The mark letter for obtaining the identification information being set on the communication equipment to be certified and being set as the communication equipment Breath；

Or

The step of identification information for obtaining communication equipment to be certified includes:

Receive identification information in the chip for being stored in the communication equipment that the communication equipment to be certified is sent simultaneously It is set as the identification information of the communication equipment.

Obtain the first identifier information being set on the communication equipment to be certified；Receive the communication equipment to be certified The second identifier information of transmission；Wherein, the second identifier information is stored in the chip of the communication equipment；By described first Identification information and second identifier information are compared；It, will be described if the first identifier information is identical with second identifier information First identifier information or second identifier authentification of message are set as the identification information.

In one embodiment, before the identification information for obtaining communication equipment to be certified the step of, further includes:

It establishes and communicates to connect by WiFi, bluetooth or usb communication mode and the communication equipment to be certified.

In one embodiment, described that communication equipment progress identity is recognized with certification message according to the decryption message The step of card includes:

The decryption message is compared with certification message；If the decryption message is identical as certification message, authenticate The communication equipment is legal communication equipment；Otherwise determine that the communication equipment is illegal communication equipment.

In one embodiment, the communication equipment to be certified is the electronic key equipment for data encryption.

In one embodiment, a kind of identity identifying method of communication equipment is also provided, comprising steps of

The identification information that local communication device is sent to certification terminal, is looked into from public key library for triggering the certification terminal Ask the public key with the identification information match；Certification message is generated, the certification message encrypt using the public key To encryption message；

Receive the encryption message that the certification terminal is sent；

The encryption message is decrypted using the private key locally prestored to obtain decryption message；

The decryption message is sent to the certification terminal, for triggering the certification terminal according to the decryption message Authentication is carried out to the local communication device with certification message.

The identity identifying method of above-mentioned communication equipment sends the identification information of local communication device, triggering to certification terminal Certification terminal is inquired from public key library and the public key of the identification information match, and is carried out using the public key to the certification message Encryption obtains encryption message, receives the encryption message and the encryption message is decrypted using the private key locally prestored, will Decryption message after decryption is sent to the certification terminal triggering authentication terminal according to decryption message and certification message to local communication Equipment carries out authentication, and this method enables certification terminal to accurately identify whether the local communication device of access is legal Communication equipment avoids tradition and is difficult to accurately authenticate the defect of communication equipment identity by way of account number cipher password, improves Communications security, and certification after determining the communication equipment that local communication device is legal access, for authentication The data information of storage can be opened and be accessed to the local communication device by terminal, and user can be further legal by this Communication equipment the processing such as edited, transmitted or encrypted to the information data of storage.

In one embodiment, it further comprises the steps of:

Obtain the public key of the local communication device；Hash operation generation is carried out to the public key by hash algorithm The public key cryptographic Hash of the local communication device；The public key cryptographic Hash is set as to the identification information of the local communication device.

In one embodiment, it further comprises the steps of:

Seed key is generated by quantum computer random；The local communication device is generated using the seed key Public key and the private key matched with the public key.

In one embodiment, the private key locally prestored is to be stored in the safety chip of the local communication device Private key.

In one embodiment, the identification information includes the identification information on the local communication device or storage Identification information in the chip of the local communication device.

In one embodiment, the identification information include first identifier information on the local communication device and The second identifier information being stored in the chip of the local communication device；

Described the step of sending the identification information of local communication device to certification terminal includes: to send to the certification terminal The first identifier information and second identifier information mark the first identifier information and second for triggering the certification terminal Know information to be compared；If the first identifier information is identical with second identifier information, by the first identifier information or Two identification informations authenticate the identification information for being set as the local communication device.

In one embodiment, before described the step of sending the identification information of local communication device to certification terminal, Further include:

It is established and is communicated to connect by the communication mode of WiFi, bluetooth or USB and the certification terminal.

In one embodiment, the decryption message be further used for triggering the certification terminal by the decryption message with Certification message is compared；If the decryption message is identical as certification message, it is legal for authenticating the local communication device Communication equipment；Otherwise determine that the local communication device is illegal communication equipment.

In one embodiment, the local communication device is the electronic key equipment for data encryption.

In one embodiment, a kind of identification authentication system of communication equipment is provided, comprising:

Pubic-Key search module, for obtaining the identification information of communication equipment to be certified；According to the identification information from public affairs The public key with the identification information match is inquired in key library；

Encrypting module encrypts the certification message using the public key for generating certification message Message；

First sending module is set for the encryption message to be sent to the communication equipment for triggering the communication It is standby that the encryption message is decrypted using the private key locally prestored；

Module is obtained, for obtaining the decryption message sent after the communication equipment decryption；

First authentication module is recognized for carrying out identity to the communication equipment with certification message according to the decryption message Card.

In one embodiment, a kind of identification authentication system of communication equipment is additionally provided, comprising:

Second sending module described is recognized for sending the identification information of local communication device to certification terminal for triggering Card terminal is inquired and the public key of the identification information match from public key library；Certification message is generated, using the public key to described Certification message is encrypted to obtain encryption message；

Receiving module, the encryption message sent for receiving the certification terminal；

Deciphering module obtains decryption message for the encryption message to be decrypted using the private key locally prestored；

Second authentication module, for the decryption message to be sent to the certification terminal, for triggering the certification eventually End carries out authentication to the local communication device according to the decryption message and certification message.

In one embodiment, a kind of computer equipment is provided, including memory, processor and storage are on a memory And the computer program that can be run on a processor, the processor realize that as above any one is real when executing the computer program The step of applying the identity identifying method of communication equipment described in example.

In one embodiment, it provides a kind of electronic key equipment, including memory, processor and is stored in memory Computer program that is upper and can running on a processor, the processor realize as above any one when executing the computer program The step of identity identifying method of communication equipment described in embodiment.

In one embodiment, a kind of identity authorization system of communication equipment is provided, including described in embodiment as above Computer equipment and electronic key equipment.

In one embodiment, the quantity of the electronic key equipment is at least two；Wherein, each electronic key The private key that the local of equipment prestores is identical private key.

In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, it is described The step of the identity identifying method of communication equipment described in as above any one embodiment is realized when computer program is executed by processor Suddenly.

The authentication of the identification authentication system, computer equipment, electronic key equipment, communication equipment of above-mentioned communication equipment System and computer readable storage medium enable certification terminal to accurately identify whether the communication equipment of access is legal lead to Believe equipment, avoids tradition and be difficult to accurately authenticate the defect of communication equipment identity by way of account number cipher password, improve Communications security, and the certification terminal after determining the communication equipment that the communication equipment is legal access, for authentication The data information of storage can be opened and be accessed to the communication equipment, user can further be set by the legal communication It is standby the information data of storage is edited, transmitted or encrypt etc. handle.

Detailed description of the invention

Fig. 1 is the applied environment figure of the identity identifying method of communication equipment in one embodiment；

Fig. 2 is the flow diagram of the identity identifying method of communication equipment in one embodiment；

Fig. 3 is the structural block diagram of the identification authentication system of communication equipment in one embodiment；

Fig. 4 is the flow diagram of the identity identifying method of communication equipment in another embodiment；

Fig. 5 is the structural block diagram of the identification authentication system of communication equipment in another embodiment；

Fig. 6 is the internal structure chart of computer equipment in one embodiment；

Fig. 7 is the internal structure chart of computer equipment in another embodiment；

Fig. 8 is the internal structure chart of electronic key equipment in one embodiment；

Fig. 9 is the structural schematic diagram of the identity authorization system of communication equipment in one embodiment.

Specific embodiment

In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the present invention, not For limiting the present invention.It should be noted that term involved in the embodiment of the present invention " first second " be only be difference class As object, do not represent the particular sorted for object, it is possible to understand that ground, " first second " can be mutual in the case where permission Change specific sequence or precedence.It should be understood that the object that " first second " is distinguished is interchangeable under appropriate circumstances, so that The embodiment of the present invention described herein can be performed in other sequences than those illustrated or described herein.

The identity identifying method of communication equipment provided by the invention can be applied in application environment as shown in Figure 1, figure 1 is the applied environment figure of the identity identifying method of communication equipment in one embodiment.Wherein, communication equipment 100 can be with certification Terminal 200 establishes communication connection by a variety of communication connection modes, such as can pass through the communication mode of WiFi, bluetooth or USB Communication equipment 100 and certification terminal 200 are established into communication connection, certification terminal 200 can pass through the number of acquisition communication equipment 100 Verify whether communication equipment 100 is legal communication equipment it is believed that ceasing and sending the modes such as verification information to communication equipment 100, It can be to the data information of the communication equipment open storage in the case where the communication equipment 100 is legal communication equipment.Its In, communication equipment 100 refers to the equipment with communication capacities such as data information transfers, may include tablet computer 110, a number The equipment such as word assistant 120, smart phone 130 or the electronic key equipment for data encryption, certification terminal 200 refer to there is number It is believed that the terminal device of breath storage and data transmission capabilities, which can be carried out the communication equipment 100 of access Certification can be realized by the server cluster of the either multiple server compositions of PC, independent server.

In one embodiment, a kind of identity identifying method of communication equipment is provided, is applied in Fig. 1 in this way It is illustrated for certification terminal 200, as shown in Fig. 2, Fig. 2 is the stream of the identity identifying method of communication equipment in one embodiment The identity identifying method of journey schematic diagram, the communication equipment may include steps of:

Step S101 obtains the identification information of communication equipment to be certified；It is inquired from public key library according to the identification information With the public key of identification information match.

Wherein, communication equipment to be certified refers to for establishing communication connection and access registrar terminal with certification terminal 200 The equipment of the data information of 200 storages may include tablet computer 110 as shown in Figure 1, personal digital assistant 120, intelligent hand The equipment such as machine 130 or electronic key equipment for data encryption, the identification information of communication equipment, which refers to, to be set in advance for the communication The identification information of standby authorized appropriation can be the authorization by certification terminal 200 for carrying out unique identification to the communication equipment Communication equipment distribution be used for the public and private key pair of the communication equipment authentication, and the public key of the communication equipment can be deposited It stores up in the public key library of certification terminal 200, which can recorde the public key of the communication equipment of multiple authorizations, and each communication is set Standby public key can be corresponded with the identification information of distribution, and the identification information according to communication equipment to be certified can be from certification Corresponding public key is extracted in the public key library of terminal 200.

Before the data information of 100 access registrar terminal 200 of communication equipment storage, terminal 200 is authenticated to communication equipment 100 identity is authenticated, and the identification information of the available communication equipment 100 to be certified of terminal 200 is authenticated, according to the mark Knowledge information is obtained from the public key library locally prestored and the public key of the identification information match, such as certification terminal 200 can basis Identification information indexes out public key corresponding with the identification information from public key library.

Step S102 generates certification message, is encrypted to obtain encryption message to certification message using the public key.

In this step, terminal 200 is authenticated after the public key of acquisition and the identification information match of communication equipment to be certified, Certification message is generated, is mainly used for authenticating the identity of communication equipment, in order to guarantee the accuracy and safety of authentication Property, which can be the random number that certification terminal 200 generates.Authenticate the setting with the communication using acquisition of terminal 200 The public key of standby identification information match is encrypted the certification message of generation to obtain encryption message, since the encryption message passes through Distribute to what the public key of the communication equipment was encrypted, it could be to this with the equipment of the secret of the public key match so only possessing Encryption message be decrypted, and other equipment in the case where not knowing the secret with the public key match can not to encryption message into Row decryption, to ensure that the safety in the authentication procedures to the communication equipment.

Step S103, by encryption message to communication equipment.

This step authenticates terminal 200 and is sent to communication equipment 100 to be certified for message is encrypted, so that communication equipment 100 The encryption message is decrypted using the private key locally prestored to obtain decryption message；Wherein, the local of communication equipment 100 The private key prestored refers to when authorizing to the communication equipment 100, the private key with public key pairing of distribution, 100 benefit of communication equipment Certification terminal 200 can be decrypted by the message of the public key encryption matched with the private key, be obtained accurately with the private key When solving confidential information, however receiving the encryption message of certification terminal 200 due to illegality equipment, the sheet with public key pairing can not be known Ground is stored in the private key in communication equipment 100, also can not just be decrypted to encryption message, ensure that and recognize communication equipment identity The safety of card.

Step S104 obtains the decryption message sent after communication equipment decryption.

This step is mainly to authenticate terminal 200 to obtain the decryption message sent after communication equipment 100 is decrypted；Wherein, in order to Prevent in message transmitting procedure leakage decryption message, communication equipment 100 can use the public key of certification terminal 200 to decrypting To decryption message encrypted after be sent to certification terminal 200, certification terminal 200 using certification terminal itself private key decrypt It can obtain decryption message.

Step S105 carries out authentication to the communication equipment according to decryption message and certification message.

This step is mainly to authenticate terminal 200 after receiving communication equipment 100 and decrypting obtained decryption message, according to life At certification message and the decryption message authentication communication equipment 100 identity.Typically, since the communication of only legal authorization Equipment could to certification terminal 200 encryption message be decrypted correctly, it is possible to will certification message and the decryption message into Whether row compares, be legal communication equipment according to the result judgement communication equipment 100 of comparison.

For example, certification message and the decryption message can be compared, if certification message is identical as the decryption message, Certification communication equipment 100 be legal communication equipment, if certification message and the decryption message it is not identical, determine communication equipment 100 be illegal communication equipment.It is not limited to certification message it should be noted that certification message is identical as decryption message and is somebody's turn to do Decryption message belongs to identical information or data, as long as determining certification message and the decryption message according to certain ad hoc rules Belong to same message.

The identity identifying method of the communication equipment of above-described embodiment obtains the identification information of communication equipment to be certified, root Inquired from public key library according to the identification information with the public key of the identification information match, the certification message of generation is carried out using public key Encryption obtains encryption message, and will encryption message feedback to communication equipment triggering communication equipment using the private key locally prestored to adding Close message is decrypted, the decryption message sent after receiving communication device decryption, according to decryption message and certification message to communication Equipment carries out authentication, and whether the communication equipment that this method can accurately identify access is legal communication equipment, is avoided Tradition is difficult to accurately authenticate the defect of communication equipment identity by way of account number cipher password, improves communications security, and And after determining the communication equipment that the communication equipment is legal access, the host for authentication can believe the data of storage Breath opening accesses to the communication equipment, and user can be further by the legal communication equipment to the information data of storage The processing such as edited, transmitted or encrypted.

In one embodiment, further include following steps:

Obtain the public key of communication equipment；The public key that Hash operation generates communication equipment is carried out to the public key by hash algorithm Cryptographic Hash；The public key cryptographic Hash is set as to the identification information of communication equipment.

The present embodiment mainly before carrying out authentication to communication equipment 100, utilizes the public key setting of communication equipment The identification information of the communication equipment.Public and private key pair can be distributed for multiple communication equipments 100 in advance by certification terminal 200, It is mainly used for carrying out authorization identifying to each communication equipment 100, certification terminal 200 is by hash algorithm to each communication equipment The public keys of 100 distribution carry out Hash operations, generate the corresponding public key cryptographic Hash of each communication equipment 100, and by the public key Hash Value is set as the identification information of corresponding communication device.

Such as the public key of communication equipment 100 can be greatly shortened using hash algorithm by authenticating terminal 200 is 24 Position character.Since the identification information of communication equipment is obtained by carrying out Hash operation to public key, i.e., identification information is that this is logical Believe the cryptographic Hash of the public key of equipment, and cryptographic Hash refer to using hash algorithm will made of one section of arbitrarily long source data transformation it is solid The data value of measured length, in the case where even 1 bit change occurs for source data, cryptographic Hash corresponding with the source data can also be sent out The cryptographic Hash of communication equipment public key is set as the identification information of communication equipment 100 by changing, the technical solution of the present embodiment, so that It is that index finds out correspondence from public key library with the cryptographic Hash of communication equipment public key after authenticating the acquisition of terminal 200 identification information Public key also improve the public key for obtaining communication equipment 100 while guaranteeing that the public key of communication equipment 100 is not revised Accuracy can prevent the communication equipment of any hacker legal to palming off when authenticating terminal 200 by WiFi or linking bluetooth Communication equipment can also effectively avoid malware attacks of the USB link to certification terminal 200 when, and the communication equipment is public The cryptographic Hash of key can disclose, since the communication equipment of personation can not know the private key of legal communication equipment 100, even if hacker The cryptographic Hash for being aware of the communication equipment public key is also unable to complete the pairing of certification message, sets to further ensure to communication The safety of standby authentication.

In one embodiment, can also include the following steps:

Seed key is generated by quantum computer random；Using the seed key generate communication equipment public key and with The private key of public key pairing.

It is that each communication equipment 100 generates public and private key pair that the present embodiment, which mainly passes through quantum computer, authenticates terminal 200 can be that communication equipment 100 generates a seed key by quantum computer random, generate public affairs by this seed key Private key pair, the i.e. public key of generation communication equipment 100 and the private key with public key pairing.The present embodiment is raw by quantum techniques At random number be true random number, and the random degree of the random number is very high, and having no rule can say, thus using the random number as Seed key generates the public and private key pair of communication equipment 100, ensure that the uniqueness of key pair, generates compared to using pseudo random number The security certification system of device can further increase the authentication safety to the communication equipment 100 for being linked into certification terminal 200 Property.

In one embodiment, further, can also include the following steps:

The private key of communication equipment is stored in the safety chip of the communication equipment.

The present embodiment can be after each communication equipment 100 generates corresponding private key, by the private by certification terminal 200 Key is stored in the safety chip of each communication equipment 100, which is equipped with independent storage unit, is mainly used for storing Private key, since the private key is stored in this hardware of safety chip, that is to say, that the private key of communication equipment 100 is firmly deposited In the safety chip for storing up communication equipment 100, the communication equipment 100 will not be left, and be stored in the private key in safety chip to be By encryption, it is broken that the technical solution of the present embodiment carries out reverse-engineering after hacker can be effectively prevent to obtain communication equipment 100 The private key for solving communication equipment 100 further improves the authentication peace to the communication equipment 100 for being linked into certification terminal 200 Quan Xing.

In one embodiment, further, the identification information of the acquisition communication equipment to be certified in step S101 Step may include:

Obtain the identification information that the identification information being set on communication equipment to be certified is set as the communication equipment.

In the present embodiment, the identification information of communication equipment 100 to be certified can be engraved in the surface of communication equipment 100 such as Case surface, communication equipment 100 are held user and can be passed through the identification information for 100 case surface of communication equipment that this is set to The input equipment such as keyboard for authenticating terminal 200 are input in certification terminal 200, and certification terminal 200 can receive the communication of input The identification information of 100 case surface of equipment, and the identification information is set as to the identification information of the communication equipment.

The present embodiment certification the available communication equipment 100 of terminal 200 hold user input be set to communication equipment 100 The identification information of case surface, which can be the public key of communication equipment 100, and the number of characters of public key generally compares It is more, so the cryptographic Hash of the public key of communication equipment 100 can also be set as identification information, to shorten the number of characters of user's input, The technical solution of the embodiment can guarantee to improve authentication efficiency while the identification authentication security to communication equipment 100.

It receives the identification information being stored in the chip of the communication equipment that communication equipment to be certified is sent and is set as this The identification information of communication equipment.

The present embodiment is mainly to authenticate terminal 200 to obtain the identification information that communication equipment 100 is sent, wherein mark letter Breath is the identification information that is stored in the chip of the communication equipment 100, and the present embodiment is by the identification information storage of communication equipment 100 In the chips, it can effectively avoid hacker from getting the identification information of the communication equipment 100 easily, further improve identity and recognize The safety of card, and the program is also improved compared to the technological means for entering identification information into certification terminal 200 manually Authentication efficiency.Moreover, the identification information being stored in the chip of communication equipment 100 be usually communication equipment 100 public key or The corresponding public key cryptographic Hash of the public key, so even if hacker gets the identification information of communication equipment 100, it also can not be with certification eventually The pairing of certification message is completed at end 200, ensure that the authentication safety to the communication equipment 100 for being linked into certification terminal 200 Property.

Obtain the first identifier information being set on communication equipment to be certified；Receive what the communication equipment to be certified was sent Second identifier information；First identifier information and second identifier information are compared；If first identifier information and second identifier letter Manner of breathing is same, then first identifier information or second identifier authentification of message is set as identification information.

The present embodiment is mainly to authenticate terminal 200 to obtain the first identifier information being set on communication equipment 100 to be certified And the second identifier information that communication equipment 100 is sent, and the first identifier information and second identifier information are compared, root The identification information of communication equipment 100 is determined according to comparison result.

Wherein, first identifier information can be the identification information in the case surface of communication equipment 100, second identifier Information is the identification information being stored in the chip of the communication equipment, and first identifier information and second identifier information can be logical The public key of letter equipment 100 or public key cryptographic Hash corresponding with the public key.

The present embodiment, certification terminal 200 can receive communication equipment 100 hold user input be set to communication equipment First identifier information in 100 case surface, can also obtain the transmission of communication equipment 100 is stored in the communication equipment 100 Second identifier information in chip, first identifier information and second identifier information are compared, if first identifier information and Two identification informations are identical, then first identifier information or second identifier information are set as to the identification information of communication equipment 100, needed Bright, first identifier information is identical with second identifier information, is not limited to first identifier information and second identifier information category In identical information or data, as long as determining that first identifier information and second identifier information belong to according to certain ad hoc rules Same identification information.

The technical solution of the present embodiment believes the mark of communication equipment 100 by first identifier information and second identifier information Breath carries out re-authentication, under the case where first identifier information and second identifier information match, by first identifier information or Second identifier information is set as the identification information of communication equipment 100, avoids the identification information of communication equipment 100 from being tampered and causes to authenticate The defect of security of system is conducive to be further ensured that the identification authentication security and accuracy to communication equipment 100.

In one embodiment, the step of identification information of acquisition communication equipment to be certified in step s101 it Before, can also include:

The present embodiment is mainly to carry out legitimacy certification in identity of the certification terminal 200 to communication equipment 100 to be certified, It establishes and communicates to connect with the communication equipment 100, interacted for carrying out preliminary data information with communication equipment 100, number here It is believed that breath refers to the required data information when the identity to communication equipment 100 carries out legitimacy certification, such as communication equipment 100 identification information etc..

In the present embodiment, communication equipment 100 may include PC, tablet computer, smart phone and be used for data The communication equipments such as the electronic key equipment of encryption, wherein PC, tablet computer or smart mobile phone generally pass through WiFi or indigo plant Tooth etc. wirelessly communicates connection type and certification terminal 200 is established and communicated to connect, and usually utilizes USB interface for electronic key equipment It is communicatively coupled with certification terminal 200.

The technical solution of the present embodiment enables certification terminal 200 to treat by communication modes such as WiFi, bluetooth or USB The communication equipment 100 of certification establishes communication connection, that is to say, that certification terminal 200 can be logical by WiFi, bluetooth or USB etc. Letter mode authenticates the identity of communication equipment 100, communication equipment 100 by the communication modes such as WiFi, bluetooth or USB with Certification terminal 200 establishes the safety that can ensure that the data information of certification terminal 200 when communication connection, and applicability is wide.

In one embodiment, a kind of identification authentication system of communication equipment is provided, is an implementation with reference to Fig. 3, Fig. 3 The structural block diagram of the identification authentication system of communication equipment in example, the identification authentication system of the communication equipment may include: that public key is looked into Module 101, encrypting module 102 are ask, the first sending module 103 obtains module 104 and the first authentication module 105；Wherein,

Pubic-Key search module 101, for obtaining the identification information of communication equipment to be certified；According to identification information from public key The public key with identification information match is inquired in library；

Encrypting module 102 encrypts certification message using public key to obtain encryption message for generating certification message；

First sending module 103 is sent to communication equipment for that will encrypt message, for triggering communication equipment using locally The private key pair encryption message prestored is decrypted；

Module 104 is obtained, for obtaining the decryption message sent after communication equipment decryption；

First authentication module 105, for carrying out authentication to communication equipment according to decryption message and certification message.

The identification authentication system of the communication equipment of above-described embodiment enables certification terminal to accurately identify the communication of access Whether equipment is legal communication equipment, avoids tradition and is difficult to accurately authenticate communication equipment by way of account number cipher password The defect of identity improves communications security, and after determining the communication equipment that the communication equipment is legal access, is used for body The data information of storage can be opened and be accessed to the communication equipment by the certification terminal of part certification, and user can further lead to It crosses the legal communication equipment and the processing such as is edited, transmitted or encrypted to the information data of storage.

In one embodiment, the identification authentication system of communication equipment, further includes:

Public key acquisition unit, for obtaining the public key of communication equipment；Hash operation unit, for passing through hash algorithm to public affairs Key carries out the public key cryptographic Hash that Hash operation generates communication equipment；Flag unit, for public key cryptographic Hash to be set as communicating The identification information of equipment.

Seed generation unit, for generating seed key by quantum computer random；Public and private key generation unit, is used for The private key for generating the public key of communication equipment using seed key and being matched with public key.

Secret key storing unit, for the private key of communication equipment to be stored in the safety chip of communication equipment.

In one embodiment, Pubic-Key search module 101 is further used for:

Obtain the identification information being set on communication equipment to be certified and the identification information for being set as the communication equipment.

In one embodiment, Pubic-Key search module 101 is further used for:

It receives the identification information being stored in the chip of communication equipment that communication equipment to be certified is sent and is set as this and lead to Believe the identification information of equipment.

In one embodiment, Pubic-Key search module 101 is further used for:

Obtain the first identifier information being set on communication equipment to be certified；Receive that communication equipment to be certified sends the Two identification informations；Wherein, second identifier information is stored in the chip of communication equipment；First identifier information and second identifier are believed Breath is compared；If first identifier information is identical with second identifier information, first identifier information or second identifier information are recognized Card is set as identification information.

Unit is communicated to connect, for communicating by WiFi, bluetooth or usb communication mode with communication equipment foundation to be certified Connection.

In one embodiment, the first authentication module 105, is further used for:

Decryption message is compared with certification message；If it is identical as certification message to decrypt message, communication equipment is authenticated For legal communication equipment；Otherwise determine that communication equipment is illegal communication equipment.

In one embodiment, communication equipment to be certified is the electronic key equipment for data encryption.

The specific of identification authentication system about communication equipment limits the identity that may refer to above for communication equipment The restriction of authentication method, in the technical characteristic and its advantages of the embodiment elaboration of the identity identifying method of above-mentioned communication equipment Suitable for the embodiment of the identity authorization system of communication equipment, details are not described herein.The authentication of above-mentioned communication equipment Modules in device can be realized fully or partially through software, hardware and combinations thereof.Above-mentioned each module can be with hardware shape Formula is embedded in or independently of in the processor in computer equipment, can also be stored in depositing in computer equipment in a software form In reservoir, the corresponding operation of the above modules is executed in order to which processor calls.

In one embodiment, a kind of identity identifying method of communication equipment is also provided, is applied in this way below such as Communication equipment 100 shown in FIG. 1 is illustrated, and is the authentication side of communication equipment in another embodiment with reference to Fig. 4, Fig. 4 The identity identifying method of the flow diagram of method, the communication equipment may include steps of:

S401 sends the identification information of local communication device to certification terminal, for triggering authentication terminal from public key library The public key of inquiry and identification information match；Certification message is generated, certification message is encrypted using public key to obtain encryption message.

In this step, communication equipment 100 can send local communication device, that is, communication equipment 100 to certification terminal 200 The identification information of itself；Wherein, communication equipment 100 can refer to recognizes for establishing to communicate to connect and access with certification terminal 200 The equipment to be certified for demonstrate,proving the data information that terminal 200 stores, may include tablet computer 110 as shown in Figure 1, individual digital The equipment such as assistant 120, smart phone 130 or the electronic key equipment for data encryption, the mark letter of communication equipment 100 itself Breath refer in advance be 100 authorized appropriation of communication equipment identification information, for authenticate terminal 200 to the communication equipment 100 into Row unique identification.

The device manufacturer of communication equipment 100 can for the authorization communication equipment 100 distribution for the communication equipment into The public and private key pair of row authentication, the public and private key authenticate terminal to can store in the public key library of certification terminal 200 200 public key library can recorde the public key of the communication equipment of multiple authorizations, and the public key of each communication equipment 100 can be with distribution Identification information corresponds, and the identification information of itself is sent to certification terminal 200 by communication equipment 100, triggers the certification terminal 200 extract the public key with the identification information match from public key library.Such as it can be with triggering authentication terminal 200 according to communication equipment 100 identification information indexes out public key corresponding with the identification information from public key library.

It authenticates terminal 200 obtaining with after the public key of the identification information match of communication equipment 100, a certification can be generated and disappear Breath, which is mainly used for authenticating the identity of communication equipment 100, in order to guarantee the accuracy and peace of authentication Quan Xing, the certification message can be the random number that certification terminal 200 generates.

Certification terminal 200 is disappeared the certification of generation using acquisition and the public key of the identification information match of communication equipment 100 Breath is encrypted to obtain encryption message, since the encryption message is encrypted by distributing to the public key of the communication equipment 100 , so the encryption message could be decrypted correctly with the equipment of the secret of the public key match by only possessing, and other set It is standby encryption message to be decrypted in the case where not knowing the secret with the public key match, to ensure that communication Safety in the authentication procedures of equipment 100.

S402 receives the encryption message that certification terminal is sent.

In this step, communication equipment 100 can receive what certification terminal 200 was sent with communication modes such as WiFi, bluetooth or USB Encrypt message.

S403 is decrypted to obtain decryption message using the private key pair encryption message locally prestored.

Wherein, after communication equipment 100 receives the encryption message that certification terminal 200 is sent, communication equipment 100 can use this The private key that ground prestores is decrypted the encryption message to obtain decryption message, wherein what the local of communication equipment 100 prestored When private key refers to that the device manufacturer such as the communication equipment 100 carries out device authorization to the communication equipment 100, distribution and public key The private key of pairing, communication equipment 100 can pass through the public key encryption that matches with the private key to certification terminal 200 using the private key Message is decrypted correctly, and obtains accurately solving confidential information, however since the encryption that illegality equipment receives certification terminal 200 disappears When breath, the private key being locally stored in communication equipment 100 with public key pairing can not be known, also encryption message can not just be carried out Decryption, ensure that the safety to communication equipment authentication.

Decryption message is sent to certification terminal, for triggering authentication terminal according to decryption message and certification message by S404 Authentication is carried out to local communication device.

This step is mainly that the decryption message that decryption obtains is sent to certification terminal 200 by communication equipment 100, in order to anti- Only the leakage decryption message in message transmitting procedure, the public key that communication equipment 100 can use certification terminal 200 obtain decryption Decryption message encrypted after be sent to certification terminal 200, certification terminal 200 obtain decryption message after, can use certification The private key decryption of terminal 200 itself can obtain decryption message, and certification terminal 200 can be according to the certification message and the solution of generation The identity of close message authentication communication equipment 100, typically, since the communication equipment of only legal authorization could be to certification terminal 200 encryption message is decrypted correctly, so certification terminal 200 certification message and the decryption message can be compared, It whether is legal communication equipment according to the result judgement communication equipment 100 of comparison.

For example, certification terminal 200 certification message and the decryption message can be compared, if certification message and the decryption Message is identical, and it is legal communication equipment that certification terminal 200, which then authenticates communication equipment 100, if certification message and the decryption message Not identical, certification terminal 200 then determines that communication equipment 100 is illegal communication equipment.It should be noted that certification message and solution Close message is identical to be not limited to certification message and the decryption message belongs to identical information or data, as long as according to certain Ad hoc rules determines that certification message and the decryption message belong to same message.

The identity identifying method of the communication equipment of above-described embodiment sends the mark letter of local communication device to certification terminal Breath, triggering authentication terminal is inquired from public key library and the public key of identification information match, and is carried out using the public key to certification message Encryption obtains encryption message, receives the encryption message and is decrypted using the private key pair encryption message locally prestored, will be decrypted Decryption message afterwards is sent to the certification terminal triggering authentication terminal according to decryption message and certification message to local communication device Authentication is carried out, this method enables certification terminal to accurately identify whether the local communication device of access is legal communication Equipment avoids tradition and is difficult to accurately authenticate the defect of communication equipment identity by way of account number cipher password, improves logical Believe safety, and the certification terminal after determining the communication equipment that local communication device is legal access, for authentication It can be accessed to the local communication device by the data information of storage is open, user can be further legal logical by this Letter equipment, which is edited the information data of storage, transmitted or encrypt etc., to be handled.

In one embodiment, can also include the following steps:

Obtain the public key of local communication device；Hash operation is carried out to public key by hash algorithm and generates local communication device Public key cryptographic Hash；Public key cryptographic Hash is set as to the identification information of local communication device.

The present embodiment is mainly before certification terminal 200 carries out authentication to communication equipment 100, communication equipment 100 Utilize the public key setting identification information of local communication device, that is, communication equipment 100 itself.

It in advance can be that multiple communication equipments 100 distribute public and private key pair by the device manufacturer of communication equipment 100, it is main It is used to carry out each communication equipment 100 authorization identifying, and the public key for distributing each communication equipment 100 using hash algorithm Hash operation is carried out, generates the corresponding public key cryptographic Hash of each communication equipment 100, and the public key cryptographic Hash is set as respective communication The identification information of equipment 100.

Such as hash algorithm can be used by the public key of communication equipment 100 significantly in the device manufacturer of communication equipment 100 It shorten to 24 characters.Since the identification information of communication equipment is obtained by carrying out Hash operation to public key, i.e., mark is believed Breath is the cryptographic Hash of the public key of the communication equipment, and cryptographic Hash is referred to and converted one section of arbitrarily long source data using hash algorithm Made of regular length data value, source data occur even 1 bit change in the case where, Hash corresponding with the source data Value can also change.

The cryptographic Hash of communication equipment public key is set as the identification information of communication equipment 100 by the technical solution of the present embodiment, is made It must authenticate after terminal 200 obtains the identification information, be that index is found out from public key library pair with the cryptographic Hash of communication equipment public key The public key answered also improves the public key for obtaining communication equipment 100 while guaranteeing that the public key of communication equipment 100 is not revised Accuracy, it is legal to palm off when can prevent the communication equipment of any hacker by WiFi or linking bluetooth to certification terminal 200 Communication equipment, can also effectively avoid malware attacks of the USB link to certification terminal 200 when, and the communication equipment The cryptographic Hash of public key can disclose, since the communication equipment of personation can not know the private key of legal communication equipment 100, even if black The cryptographic Hash that visitor is aware of the communication equipment public key is also unable to complete the pairing of certification message, to further ensure to communication The safety of the authentication of equipment.

In one embodiment, can also include the following steps:

It is that each communication equipment 100 generates public and private key pair, communication equipment that the present embodiment, which mainly utilizes quantum computer, 100 device manufacturer can be that communication equipment 100 generates a seed key by quantum computer random, pass through this seed Key generates public and private key pair, i.e. the public key of generation communication equipment 100 and the private key with public key pairing.

The scheme of the present embodiment is true random number by the random number that quantum techniques generate, and the random degree of the random number Very high, having no rule can say, so generating the public and private key pair of communication equipment 100 using the random number as seed key, guarantee The uniqueness of key pair can be further increased to being linked into compared to the security certification system for using pseudo-random number generator Authenticate the identification authentication security of the communication equipment 100 of terminal 200.

In one embodiment, further, the private key locally prestored is the safety chip for being stored in local communication device In private key.

The present embodiment is mainly that the private key of itself is stored in the safety chip of the communication equipment by communication equipment 100.This The private key can be stored in each communication equipment 100 certainly after generating corresponding private key for each communication equipment 100 by embodiment In the safety chip of body, which is equipped with independent storage unit, is mainly used for storing private key, since the private key is stored in In this hardware of safety chip, that is to say, that the private key of communication equipment 100 is firmly stored the safe core of communication equipment 100 In piece, the communication equipment 100 will not be left, and being stored in the private key in safety chip is by encryption, therefore this implementation The technical solution of example carries out the private that reverse-engineering cracks communication equipment 100 after hacker can be effectively prevent to obtain communication equipment 100 Key further improves the identification authentication security to the communication equipment 100 for being linked into certification terminal 200.

In one embodiment, further, identification information includes the identification information on local communication device or deposits Store up the identification information in the chip of the local communication device.

In the present embodiment, the identification information of communication equipment 100 itself can be to be engraved in the surface of the communication equipment 100 such as Case surface.

Communication equipment 100 is held user and can be passed through the identification information for 100 case surface of communication equipment that this is set to The input equipment such as keyboard for authenticating terminal 200 are input in certification terminal 200, and certification terminal 200 can receive the communication of input The identification information of 100 case surface of equipment, and the identification information is set as to the identification information of the communication equipment.

Certification the available communication equipment 100 of terminal 200 hold user input be set to 100 case surface of communication equipment Identification information, which can be the public key of communication equipment 100, and the number of characters of public key generally compare it is more, so The cryptographic Hash of the public key of communication equipment 100 can be set as identification information, to shorten the number of characters of user's input, the program can Guarantee to improve authentication efficiency while the identification authentication security to communication equipment 100.

In the present embodiment, the identification information of communication equipment 100 itself may be the core for being stored in the local communication device Identification information in piece.

It authenticates terminal 200 and obtains the identification information that communication equipment 100 is sent, wherein the identification information is to be stored in this to lead to Believe equipment 100 chip in identification information, the program by the identification information storage of communication equipment 100 in the chips, Neng Gouyou Effect avoids hacker from getting the identification information of the communication equipment 100 easily, further improves the safety of authentication, and The program also improves authentication efficiency compared to the technological means for entering identification information into certification terminal 200 manually.Moreover, The identification information being stored in the chip of communication equipment 100 is usually the public key or the corresponding public affairs of the public key of communication equipment 100 Key cryptographic Hash, so also can not complete to authenticate with certification terminal 200 even if hacker gets the identification information of communication equipment 100 The pairing of message ensure that the identification authentication security to the communication equipment 100 for being linked into certification terminal 200.

In one embodiment, identification information includes the first identifier information on local communication device and is stored in this Second identifier information in the chip of local communication device；

In step S101 to certification terminal send local communication device identification information the step of may include:

First identifier information and second identifier information are sent to certification terminal, believes first identifier for triggering authentication terminal Breath and second identifier information are compared；If first identifier information is identical with second identifier information, by first identifier information or Second identifier authentification of message is set as the identification information of local communication device.

In the present embodiment, first identifier information can be the identification information in the case surface of communication equipment 100, the Two identification informations are the identification information being stored in the chip of the communication equipment, and first identifier information and second identifier information all may be used Be communication equipment 100 public key or public key cryptographic Hash corresponding with the public key.

The present embodiment, communication equipment 100 hold user can by authenticate terminal 200 input equipment to certification terminal 200 send first identifier information and second identifier information, and certification terminal 200 can receive first identifier information and second identifier Information, and first identifier information and second identifier information are compared, if first identifier information is identical with second identifier information, First identifier information or second identifier information are then set as to the identification information of communication equipment 100, it should be noted that first identifier Information is identical with second identifier information, is not limited to first identifier information and second identifier information belongs to identical information Or data, as long as determining that first identifier information and second identifier information belong to same identification information i.e. according to certain ad hoc rules It can.

The technical solution communication equipment 100 of the present embodiment sends first identifier information and second identifier to certification terminal 200 Information triggering authentication terminal 200 carries out re-authentication to the identification information of communication equipment 100, marks in first identifier information and second Know under the case where information matches, first identifier information or second identifier information be set as to the identification information of communication equipment 100, It avoids the identification information of communication equipment 100 from being tampered the defect for causing Verification System safety, is conducive to be further ensured that logical Believe the identification authentication security and accuracy of equipment 100.

In one embodiment, before the identification information to certification terminal transmission local communication device of step S101, May include:

It establishes and communicates to connect by WiFi, bluetooth or usb communication mode and certification terminal.

The present embodiment is mainly before the data letter of 100 access registrar terminal 200 of communication equipment, with certification terminal 200 Communication connection is established, is interacted for carrying out preliminary data information with certification terminal 200, data information here, which refers to, to be authenticated Required data information when carrying out legitimacy certification to the identity of communication equipment 100 of terminal 200, such as communication equipment 100 Identification information etc..

In one embodiment, a kind of identification authentication system of communication equipment is provided, is another reality with reference to Fig. 5, Fig. 5 The structural block diagram of the identification authentication system of communication equipment in example is applied, the identification authentication system of the communication equipment may include: second Sending module 401, receiving module 402, deciphering module 403 and the second authentication module 404；Wherein,

Second sending module 401 is used for triggering authentication for sending the identification information of local communication device to certification terminal Terminal is inquired and the public key of identification information match from public key library；Certification message is generated, certification message is added using public key It is close to obtain encryption message；

Receiving module 402, the encryption message sent for receiving certification terminal；

Deciphering module 403 obtains decryption message for being decrypted using the private key pair encryption message locally prestored；

Second authentication module 404 is sent to certification terminal for that will decrypt message, for triggering authentication terminal according to decryption Message and certification message carry out authentication to local communication device.

In one embodiment, the identification authentication system of communication equipment can also include:

Public key acquisition module, for obtaining the public key of local communication device；Hash operation module, for passing through hash algorithm The public key cryptographic Hash that Hash operation generates local communication device is carried out to public key；Flag module is used for public key cryptographic Hash It is set as the identification information of local communication device.

Seed generation module, for generating seed key by quantum computer random；Public and private key generation module, for benefit The private key for being generated the public key of communication equipment with the seed key and being matched with the public key.

In one embodiment, the private key locally prestored is the private key being stored in the safety chip of local communication device.

In one embodiment, identification information includes the identification information on local communication device or is stored in the local Identification information in the chip of communication equipment.

In one embodiment, identification information includes the first identifier information on local communication device and is stored in this Second identifier information in the chip of local communication device.

Second sending module 401 is further used for: sending first identifier information and second identifier information to certification terminal, uses First identifier information and second identifier information are compared in triggering authentication terminal；If first identifier information and second identifier letter Manner of breathing is same, then first identifier information or second identifier authentification of message are set as to the identification information of local communication device.

Communication connection module, for establishing and communicating to connect by WiFi, bluetooth or usb communication mode and certification terminal.

In one embodiment, decryption message be further used for: triggering authentication terminal will decrypt message and certification message into Row compares；If it is identical as certification message to decrypt message, authenticating local communication device is legal communication equipment；Otherwise determine this Ground communication equipment is illegal communication equipment.

In one embodiment, local communication device is the electronic key equipment for data encryption.

The identity identifying method of communication equipment provided in an embodiment of the present invention can be applied in following application scenarios, make Obtain the communication security that can guarantee equipment in each scene.

In practical applications, each equipment is each equipped with a public key and paired private key, passes through the public key encryption Data can only can just decrypt the encrypted data with the private key of pairing.Assuming that equipment A and equipment B are communicated, Then equipment A and equipment B can give respective public key to other side respectively, i.e. public key A is sent to equipment B by equipment A, and equipment B will Public key B is sent to equipment B.When equipment A and equipment B receive other side's public key, need first to confirm whether the public key is pair The public key of side, i.e. equipment A need to confirm whether the public key received is public key B, and equipment B then needs to confirm that the public key received is No is that public key A can be led to by the public key encryption information with other side once the public key that confirmation receives is the public key of other side Letter.

Confirm whether the public key that receives is that the process of legal public key can correspond to recognize the equipment for sending public key The process of card is described in detail the verification process so that equipment A authenticates the public key received as an example:

The identification information for the equipment B that the available equipment to be certified of equipment A is sent, which can be sets set on this The public key cryptographic Hash of the case surface of standby B, equipment A can according to the public key cryptographic Hash from local public key library match query Public key B, and one section of complicated certification message is generated, the certification message is encrypted using public key B, obtains encryption message, Then the encryption message is issued into equipment to be certified.At this time, it is assumed that equipment to be certified is equipment B, then equipment B can pass through its private Key B is decrypted to obtain decryption message to the encryption message and is sent to equipment A, so that equipment A completes certification.But if to Authenticating device is hacked equipment H, and what is sent to equipment A is the public key cryptographic Hash of equipment B, then since hacked equipment H does not have The private key B of equipment B, so hacked equipment H will be unable to be decrypted correctly the encryption message, to be unable to get certification letter Breath, is also unable to complete certification, and equipment A would not also carry out any data communication with hacked equipment H, hacked equipment H also without Method intercepts any information of equipment A transmission, it is ensured that communication security.

In addition, the public key H of oneself can also be sent to equipment A and equipment B by hacked equipment H, but equipment A and equipment B It can find that the public key of public key H and untrusted devices, i.e. equipment A can be found that public key H not by similar mode It is the public key of equipment B, equipment B can be found that public key H is not the public key of equipment A, to not occur with hacked equipment H any Data communication, to ensure that the safety of communication.

In one embodiment, a kind of computer equipment is provided, which can be server, internal junction Composition can be as shown in Figure 6.The computer equipment include by system bus connect processor, memory, network interface and Database.Wherein, the processor of the computer equipment is for providing calculating and control ability.The memory packet of the computer equipment Include non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program and data Library.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating Required data in the process flow for the identity identifying method that the database of machine equipment is used to store communication equipment.The computer The network interface of equipment is used to communicate with external terminal by network connection.With reality when the computer program is executed by processor The now identity identifying method of communication equipment described in any embodiment as above.

In one embodiment, a kind of computer equipment is provided, which can be terminal, internal structure Figure can be as shown in Figure 7.The computer equipment includes processor, the memory, network interface, display connected by system bus Screen and input unit.Wherein, the processor of the computer equipment is for providing calculating and control ability.The computer equipment is deposited Reservoir includes non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system and computer journey Sequence.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating The network interface of machine equipment is used to communicate with external terminal by network connection.When the computer program is executed by processor with Realize a kind of identity identifying method of communication equipment.The display screen of the computer equipment can be liquid crystal display or electronic ink Water display screen, the input unit of the computer equipment can be the touch layer covered on display screen, be also possible to computer equipment Key, trace ball or the Trackpad being arranged on shell can also be external keyboard, Trackpad or mouse etc..

In one embodiment, a kind of electronic key equipment is provided, internal structure chart can be as shown in figure 8, the electricity Sub-key equipment includes processor, the memory, communication interface connected by system bus.Wherein, the place of electronic key equipment It includes non-volatile memory medium, interior storage that device, which is managed, for offer calculating and control ability, the memory of the electronic key equipment Device, the non-volatile memory medium are stored with computer program, which is the computer in non-volatile memory medium The operation of program provides environment, and the communication interface of the electronic key equipment is used to communicate to connect with external terminal.The computer A kind of identity identifying method of communication equipment is realized when program is executed by processor.

It will be understood by those skilled in the art that structure shown in Fig. 6 to Fig. 8, only relevant to the present invention program The block diagram of part-structure, does not constitute the restriction for being applied to equipment as above to the present invention program, and specific equipment may include Than more or fewer components as shown in the figure, certain components are perhaps combined or with different component layouts.

In one embodiment, a kind of computer equipment is provided, including memory, processor and storage are on a memory And the computer program that can be run on a processor, processor perform the steps of when executing computer program

Obtain the identification information of communication equipment to be certified；It is inquired from public key library according to the identification information and identification information Matched public key；Certification message is generated, certification message is encrypted using the public key to obtain encryption message；Message will be encrypted extremely Communication equipment；Obtain the decryption message sent after communication equipment decryption；According to decryption message and certification message to the communication equipment Carry out authentication.

In one embodiment, it is also performed the steps of when processor executes computer program

In one embodiment, a kind of electronic key equipment is provided, can be used for encrypting data, including storage Device, processor and storage on a memory and the computer program that can run on a processor, processor execution computer program When perform the steps of

The identification information that local communication device is sent to certification terminal, inquire from public key library for triggering authentication terminal and The public key of identification information match；Certification message is generated, certification message is encrypted using public key to obtain encryption message；Reception is recognized Demonstrate,prove the encryption message that terminal is sent；It is decrypted to obtain decryption message using the private key pair encryption message locally prestored；It will decryption Message is sent to certification terminal, carries out body to local communication device according to decryption message and certification message for triggering authentication terminal Part certification.

The computer equipment and electronic key equipment of above-described embodiment enable certification terminal to accurately identify the logical of access Believe whether equipment such as electronic key equipment is legal communication equipment, avoids tradition and be difficult to by way of account number cipher password The defect of accurate certification communication equipment identity, improves communications security, and determining that the communication equipment is legal access After communication equipment, the certification terminal for authentication can open the data information of storage visits to the communication equipment It asks, user further can be edited to the information data of storage by the legal communication equipment, transmit or encrypt etc. Reason.

In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated Machine program performs the steps of when being executed by processor

In one embodiment, it is also performed the steps of when computer program is executed by processor

The computer readable storage medium of above-described embodiment enables certification terminal to accurately identify the communication equipment of access Whether it is legal communication equipment, avoids tradition and be difficult to accurately authenticate communication equipment identity by way of account number cipher password Defect, improve communications security, and after determining the communication equipment that the communication equipment is legal access, recognize for identity The data information of storage can be opened and be accessed to the communication equipment by the certification terminal of card, and user can be further by being somebody's turn to do Legal communication equipment such as is edited to the information data of storage, transmitted or is encrypted at the processing.

In one embodiment, a kind of identity authorization system of communication equipment is provided, is an implementation with reference to Fig. 9, Fig. 9 The structural schematic diagram of the identity authorization system of communication equipment in example, the identity authorization system of the communication equipment may include: as above The computer equipment 300 of any one embodiment, and the as above electronic key equipment 400 of any one embodiment；Wherein, it uses Family can be established by electronic key equipment 400 and computer equipment 300 and be communicated to connect, computer equipment 300 and electronic key Equipment 400 executes the identity identifying method of the communication equipment of any one embodiment as above, so that 300 pairs of computer equipment accesses The identity of electronic key equipment 400 authenticated, it is former to one of work of the identity authorization system of communication equipment below Reason is described in detail:

The first mark of electronic key equipment 400 held user and can will be engraved in the case surface of electronic key equipment 400 The public key cryptographic Hash for knowing information such as electronic key equipment 400 is input in computer equipment 300, and computer equipment 300 can obtain The public key cryptographic Hash of the second identifier information being stored in the chip of electronic key equipment 400 such as electronic key equipment 400 is taken, is counted Calculating machine equipment 300 can be compared with first identifier information and second identifier information, if first identifier information and second identifier Information is identical, and computer equipment 300 then sets first identifier information or second identifier information to the mark of electronic key equipment 400 Know information, computer equipment 300 can extract and the identification information from the public key library locally prestored according to the identification information The public key of matched electronic key equipment 400, and a certification message is generated at random, the public key using electronic key equipment 400 adds The close certification message obtains encryption message, encryption message is sent to electronic key equipment 400, electronic key equipment 400 utilizes It is being locally stored to be decrypted with public key pairing private key pair encryption message, decryption message is obtained, by the decryption message feedback To computer equipment 300, computer equipment 300 is compared message is decrypted with the certification message of generation, if decryption message with It is identical to authenticate message, then authenticating electronic key equipment 400 is legal communication equipment, and computer equipment 300 can be with open interior The data information electron key devices 400 of storage access.

In one embodiment, the quantity of electronic key equipment 400 is at least two.

In the present embodiment, the private key that the local of each electronic key equipment 400 prestores is identical private key, this technology Scheme provides at least two electronic key equipment 400 for user, prevents user in use electronic key equipment 400 to related data After being encrypted, due to electronic key equipment 400 loss and cause encryption data can not access or decrypt the case where, , can also be using other electronic key equipment of pairing to adding in the case that even if user loses one of electronic key equipment Close data access, and improve easy-to-use.

The identity authorization system of communication equipment provided by the above embodiment enables certification terminal to accurately identify access Whether communication equipment is legal communication equipment, avoids tradition and is difficult to accurately authenticate communication by way of account number cipher password The defect of equipment identities improves communications security, and after determining the communication equipment that the communication equipment is legal access, uses The data information of storage can be opened in the certification terminal of authentication and be accessed to the communication equipment, user can be into one Step is edited, transmitted or is encrypted to the information data of storage etc. by the legal communication equipment and handled.

Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, To any reference of memory, storage, database or other media used in each embodiment provided by the present invention, Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM (PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms, Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..

Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited In contradiction, all should be considered as described in this specification.

The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art It says, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to protection of the invention Range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.

Claims

1. a kind of identity identifying method of communication equipment, which is characterized in that comprising steps of

Obtain the identification information of communication equipment to be certified；It is inquired from public key library according to the identification information and is believed with the mark Cease matched public key；

The encryption message is sent to the communication equipment, for triggering the communication equipment using the private key pair locally prestored The encryption message is decrypted；

2. the identity identifying method of communication equipment according to claim 1, which is characterized in that further comprise the steps of:

Obtain the public key of the communication equipment；

The public key cryptographic Hash that Hash operation generates the communication equipment is carried out to the public key by hash algorithm；

The public key cryptographic Hash is set as to the identification information of the communication equipment.

3. the identity identifying method of communication equipment according to claim 1 or 2, which is characterized in that the acquisition is to be certified Communication equipment identification information the step of include:

Obtain the first identifier information being set on the communication equipment to be certified；

Receive the second identifier information that the communication equipment to be certified is sent；Wherein, the second identifier information is stored in institute It states in the chip of communication equipment；

The first identifier information and second identifier information are compared；

If the first identifier information is identical with second identifier information, the first identifier information or second identifier information are recognized Card is set as the identification information.

4. a kind of identity identifying method of communication equipment, which is characterized in that comprising steps of

The identification information that local communication device is sent to certification terminal, inquire for triggering the certification terminal from public key library and The public key of the identification information match；Certification message is generated, the certification message is encrypted using the public key and is added Close message；

Receive the encryption message that the certification terminal is sent；

The decryption message is sent to the certification terminal, for trigger the certification terminal according to the decryption message with recognize It demonstrate,proves message and authentication is carried out to the local communication device.

5. the identity identifying method of communication equipment according to claim 4, which is characterized in that further comprise the steps of:

Obtain the public key of the local communication device；

The public key cryptographic Hash that Hash operation generates the local communication device is carried out to the public key by hash algorithm；

The public key cryptographic Hash is set as to the identification information of the local communication device.

6. the identity identifying method of communication equipment according to claim 4 or 5, which is characterized in that the identification information packet Include the first identifier information being set on the local communication device and be stored in the chip of the local communication device second Identification information；

It is described to certification terminal send local communication device identification information the step of include:

The first identifier information and second identifier information are sent to the certification terminal, for triggering the certification terminal for institute It states first identifier information and second identifier information is compared；

If the first identifier information is identical with second identifier information, the first identifier information or second identifier information are recognized Card is set as the identification information of the local communication device.

7. a kind of identification authentication system of communication equipment characterized by comprising

Pubic-Key search module, for obtaining the identification information of communication equipment to be certified；According to the identification information from public key library The public key of middle inquiry and the identification information match；

Encrypting module encrypts the certification message using the public key to obtain encryption message for generating certification message；

First sending module, for the encryption message to be sent to the communication equipment, for triggering the communication equipment benefit The encryption message is decrypted with the private key locally prestored；

First authentication module, for carrying out authentication to the communication equipment according to the decryption message and certification message.

8. a kind of identification authentication system of communication equipment characterized by comprising

Second sending module, for sending the identification information of local communication device to certification terminal, for triggering the certification eventually Hold the public key inquired from public key library with the identification information match；Certification message is generated, using the public key to the certification Message is encrypted to obtain encryption message；

Second authentication module, for the decryption message to be sent to the certification terminal, for triggering the certification terminal root Authentication is carried out to the local communication device according to the decryption message and certification message.

9. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor Calculation machine program, which is characterized in that the processor is realized described in any one of claims 1 to 3 when executing the computer program Communication equipment identity identifying method the step of.

10. a kind of electronic key equipment, can run on a memory and on a processor including memory, processor and storage Computer program, which is characterized in that the processor realizes any one of claim 4 to 6 institute when executing the computer program The step of identity identifying method for the communication equipment stated.