CN109361669B

CN109361669B - Identity authentication method, device and equipment of communication equipment

Info

Publication number: CN109361669B
Application number: CN201811224648.1A
Authority: CN
Inventors: 巴勒色蒂莫西埃林; 于三龙; 甘图斯尤瑞
Original assignee: Shenzhen Shufen Technology Co ltd
Current assignee: AiSiPaiKe (Shenzhen) Technology Co.,Ltd.
Priority date: 2018-10-19
Filing date: 2018-10-19
Publication date: 2022-03-18
Anticipated expiration: 2038-10-19
Also published as: CN109361669A

Abstract

The invention relates to an identity authentication method and device of communication equipment, wherein the method comprises the following steps: acquiring identification information of communication equipment to be authenticated; inquiring a public key matched with the identification information from a public key library according to the identification information; generating an authentication message, and encrypting the authentication message by using the public key to obtain an encrypted message; sending the encrypted message to the communication equipment to trigger the communication equipment to decrypt the encrypted message by using a local prestored private key; acquiring a decryption message sent by the communication equipment after decryption; the identity authentication is carried out on the communication equipment according to the decryption message and the authentication message, whether the communication equipment is legal or not can be accurately identified, the defect that the identity of the communication equipment is difficult to accurately authenticate in the traditional mode of account number password is overcome, the communication safety is improved, and the information data can be processed through the legal communication equipment. A computer device, an electronic key device, an identity authentication system of a communication device and a computer-readable storage medium are also provided.

Description

Identity authentication method, device and equipment of communication equipment

Technical Field

The present invention relates to the field of communication security technologies, and in particular, to an identity authentication method for a communication device, an identity authentication apparatus for a communication device, a computer device, an electronic key device, an identity authentication system for a communication device, and a computer-readable storage medium.

Background

With the rapid development of information technology, a large amount of information data needs to be stored in various terminal devices such as a personal computer, a mobile phone or a server, and the data is generally transmitted and exchanged between various communication devices through the internet, and before the data information is accessed or transmitted, the identity of the communication device is identified and authenticated, so that malicious access to the information data by illegal devices is prevented, and confidential information is prevented from being leaked.

In the conventional technology, a user generally accesses a host to access data information stored in the host by accessing a communication device, before the communication device accesses the data information, the host usually requires the user to input a set password such as an account password through the accessed communication device for authentication, and after the host completes the password authentication, the user is allowed to access the information data, however, since the password such as the account password of a legal user is easily leaked, any user knowing the password can easily access the data information of the host, it is difficult to confirm whether the identity of the user is legal, which easily causes the problem that an illegal user intrudes the host to steal related data information by means of the communication device, and communication security is reduced.

Disclosure of Invention

In view of the above, it is necessary to provide an identity authentication method for a communication device, an identity authentication apparatus for a communication device, a computer device, an electronic key device, an identity authentication system for a communication device, and a computer-readable storage medium, in order to solve the problem of low communication security in the conventional technology.

In one embodiment, there is provided an identity authentication method of a communication device, including the steps of:

acquiring identification information of communication equipment to be authenticated; inquiring a public key matched with the identification information from a public key library according to the identification information;

generating an authentication message, and encrypting the authentication message by using the public key to obtain an encrypted message;

sending the encrypted message to the communication equipment, and triggering the communication equipment to decrypt the encrypted message by using a local pre-stored private key;

acquiring a decryption message sent by the communication equipment after decryption;

and performing identity authentication on the communication equipment according to the decryption message and the authentication message.

The identity authentication method of the communication equipment obtains the identification information of the communication equipment to be authenticated, inquires a public key matched with the identification information from a public key library according to the identification information, encrypts the generated authentication information by using the public key to obtain an encrypted message, feeds the encrypted message back to the communication equipment to trigger the communication equipment to decrypt the encrypted message by using a locally prestored private key, receives a decrypted message sent by the communication equipment after decrypting, and authenticates the identity of the communication equipment according to the decrypted message and the authentication message, can accurately identify whether the accessed communication equipment is legal or not, avoids the defect that the identity of the communication equipment is difficult to be accurately authenticated by the traditional mode of an account password, improves the communication safety, and after the communication equipment is determined to be the legally accessed communication equipment, a host used for identity authentication can open the stored data information to the communication equipment for access, the user can further edit, transmit or encrypt the stored information data through the legal communication device.

In one embodiment, the method further comprises the steps of:

obtaining the public key of the communication device; carrying out Hash operation on the public key through a Hash algorithm to generate a public key Hash value of the communication equipment; and setting the public key hash value as the identification information of the communication equipment.

In one embodiment, the method further comprises the steps of:

randomly generating a seed key through a quantum computer; and generating a public key of the communication device and a private key paired with the public key by using the seed key.

In one embodiment, the method further comprises the steps of:

storing the private key of the communication device in a secure chip of the communication device.

In one embodiment, the step of obtaining the identification information of the communication device to be authenticated includes:

acquiring identification information arranged on the communication equipment to be authenticated and setting the identification information as the identification information of the communication equipment;

or

The step of obtaining the identification information of the communication device to be authenticated comprises:

and receiving the identification information which is sent by the communication equipment to be authenticated and stored in the chip of the communication equipment, and setting the identification information as the identification information of the communication equipment.

acquiring first identification information arranged on the communication equipment to be authenticated; receiving second identification information sent by the communication equipment to be authenticated; wherein the second identification information is stored in a chip of the communication device; comparing the first identification information with the second identification information; and if the first identification information is the same as the second identification information, setting the first identification information or the second identification information as the identification information.

In one embodiment, before the step of obtaining the identification information of the communication device to be authenticated, the method further includes:

and establishing communication connection with the communication equipment to be authenticated in a WiFi, Bluetooth or USB communication mode.

In one embodiment, the step of authenticating the communication device according to the decryption message and the authentication message comprises:

comparing the decryption message with an authentication message; if the decryption message is the same as the authentication message, authenticating the communication equipment as legal communication equipment; otherwise, the communication equipment is judged to be illegal communication equipment.

In one embodiment, the communication device to be authenticated is an electronic key device for data encryption.

In one embodiment, there is also provided an identity authentication method of a communication device, including the steps of:

sending identification information of local communication equipment to an authentication terminal, wherein the identification information is used for triggering the authentication terminal to inquire a public key matched with the identification information from a public key library; generating an authentication message, and encrypting the authentication message by using the public key to obtain an encrypted message;

receiving the encrypted message sent by the authentication terminal;

decrypting the encrypted message by using a private key prestored locally to obtain a decrypted message;

and sending the decryption message to the authentication terminal for triggering the authentication terminal to carry out identity authentication on the local communication equipment according to the decryption message and the authentication message.

The identity authentication method of the communication equipment comprises the steps of sending identification information of local communication equipment to an authentication terminal, triggering the authentication terminal to inquire a public key matched with the identification information from a public key library, encrypting the authentication information by using the public key to obtain an encrypted message, receiving the encrypted message, decrypting the encrypted message by using a local pre-stored private key, sending the decrypted message to the authentication terminal to trigger the authentication terminal to carry out identity authentication on the local communication equipment according to the decrypted message and the authentication message, and ensuring that the authentication terminal can accurately identify whether the accessed local communication equipment is legal communication equipment or not, thereby avoiding the defect that the identity of the communication equipment is difficult to be accurately authenticated by a traditional mode of account number password, improving the communication safety, and after the local communication equipment is determined to be the legally accessed communication equipment, the authentication terminal for identity authentication can open the stored data information to the local communication equipment for access, and the user can further edit, transmit or encrypt the stored information data through the legal communication equipment.

In one embodiment, the method further comprises the steps of:

obtaining the public key of the local communication device; carrying out Hash operation on the public key through a Hash algorithm to generate a public key Hash value of the local communication equipment; and setting the public key hash value as the identification information of the local communication equipment.

In one embodiment, the method further comprises the steps of:

randomly generating a seed key through a quantum computer; and generating a public key of the local communication device and a private key paired with the public key by using the seed key.

In one embodiment, the local pre-stored private key is a private key stored in a secure chip of the local communication device.

In one embodiment, the identification information includes identification information provided on the local communication device or identification information stored in a chip of the local communication device.

In one embodiment, the identification information includes first identification information provided on the local communication device and second identification information stored in a chip of the local communication device;

the step of sending the identification information of the local communication device to the authentication terminal includes: sending the first identification information and the second identification information to the authentication terminal for triggering the authentication terminal to compare the first identification information with the second identification information; and if the first identification information is the same as the second identification information, setting the first identification information or the second identification information as the identification information of the local communication equipment.

In one embodiment, before the step of sending the identification information of the local communication device to the authentication terminal, the method further includes:

and establishing communication connection with the authentication terminal through a WiFi, Bluetooth or USB communication mode.

In one embodiment, the decryption message is further used to trigger the authentication terminal to compare the decryption message with an authentication message; if the decryption message is the same as the authentication message, authenticating the local communication equipment as legal communication equipment; otherwise, the local communication equipment is judged to be illegal communication equipment.

In one embodiment, the local communication device is an electronic key device for data encryption.

In one embodiment, an identity authentication apparatus of a communication device is provided, including:

the public key inquiry module is used for acquiring the identification information of the communication equipment to be authenticated; inquiring a public key matched with the identification information from a public key library according to the identification information;

the encryption module is used for generating an authentication message and encrypting the authentication message by using the public key to obtain an encrypted message;

the first sending module is used for sending the encrypted message to the communication equipment and triggering the communication equipment to decrypt the encrypted message by using a local pre-stored private key;

the acquisition module is used for acquiring a decryption message sent by the communication equipment after decryption;

and the first authentication module is used for authenticating the identity of the communication equipment according to the decryption message and the authentication message.

In one embodiment, an identity authentication apparatus of a communication device is further provided, including:

the second sending module is used for sending the identification information of the local communication equipment to the authentication terminal and triggering the authentication terminal to inquire the public key matched with the identification information from the public key library; generating an authentication message, and encrypting the authentication message by using the public key to obtain an encrypted message;

the receiving module is used for receiving the encrypted message sent by the authentication terminal;

the decryption module is used for decrypting the encrypted message by using a local pre-stored private key to obtain a decrypted message;

and the second authentication module is used for sending the decryption message to the authentication terminal and triggering the authentication terminal to carry out identity authentication on the local communication equipment according to the decryption message and the authentication message.

In one embodiment, a computer device is provided, which includes a memory, a processor and a computer program stored on the memory and executable on the processor, and when the processor executes the computer program, the steps of the identity authentication method of the communication device according to any one of the above embodiments are implemented.

In one embodiment, there is provided an electronic key device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method for authenticating an identity of a communication device as described in any one of the above embodiments when executing the computer program.

In one embodiment, an identity authentication system of a communication device is provided, which includes the computer device and the electronic key device as described in the above embodiments.

In one embodiment, the number of the electronic key devices is at least two; and the local pre-stored private keys of the electronic key devices are the same private key.

In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method of authentication of an identity of a communication device according to any of the above embodiments.

The identity authentication device of the communication equipment, the computer equipment, the electronic key equipment, the identity authentication system of the communication equipment and the computer readable storage medium enable the authentication terminal to accurately identify whether the accessed communication equipment is legal or not, the defect that the identity of the communication equipment is difficult to accurately authenticate in the traditional mode of an account password is overcome, the communication safety is improved, after the communication equipment is determined to be the legal access communication equipment, the authentication terminal for identity authentication can open the stored data information to the communication equipment for access, and a user can further edit, transmit or encrypt the stored information data through the legal communication equipment.

Drawings

FIG. 1 is a diagram of an embodiment of an application environment of a method for authenticating an identity of a communication device;

FIG. 2 is a flow diagram illustrating a method for authenticating an identity of a communication device in one embodiment;

fig. 3 is a block diagram showing the structure of an authentication apparatus of a communication device according to an embodiment;

fig. 4 is a flowchart illustrating an identity authentication method of a communication device according to another embodiment;

fig. 5 is a block diagram showing the structure of an identity authentication apparatus of a communication device in another embodiment;

FIG. 6 is a diagram illustrating an internal structure of a computer device according to an embodiment;

FIG. 7 is a diagram showing an internal structure of a computer device in another embodiment;

FIG. 8 is a diagram of the internal structure of the electronic key device in one embodiment;

fig. 9 is a schematic structural diagram of an identity authentication system of a communication device in one embodiment.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. It should be noted that the term "first \ second" referred to in the embodiments of the present invention is only used for distinguishing similar objects, and does not represent a specific ordering for the objects, and it should be understood that "first \ second" may exchange a specific order or sequence order if allowed. It should be understood that "first \ second" distinct objects may be interchanged under appropriate circumstances such that embodiments of the invention described herein may be practiced in sequences other than those illustrated or described herein.

The identity authentication method of the communication device provided by the present invention can be applied to the application environment shown in fig. 1, and fig. 1 is an application environment diagram of the identity authentication method of the communication device in an embodiment. The communication device 100 and the authentication terminal 200 may establish communication connection through a plurality of communication connection manners, for example, the communication device 100 and the authentication terminal 200 may establish communication connection through a WiFi, a bluetooth or a USB communication manner, the authentication terminal 200 may verify whether the communication device 100 is a legitimate communication device by acquiring data information of the communication device 100 and sending verification information to the communication device 100, and may open stored data information to the communication device in a case where the communication device 100 is a legitimate communication device. The communication device 100 is a device having communication capabilities such as data information transmission, and may include a tablet computer 110, a personal digital assistant 120, a smart phone 130, or an electronic key device for data encryption, and the authentication terminal 200 is a terminal device having data information storage and data transmission capabilities, and the authentication terminal 200 may authenticate the accessed communication device 100, and may be implemented by a personal computer, an independent server, or a server cluster formed by a plurality of servers.

In an embodiment, an identity authentication method of a communication device is provided, which is described by taking an example that the method is applied to the authentication terminal 200 in fig. 1, as shown in fig. 2, fig. 2 is a schematic flow chart of the identity authentication method of the communication device in an embodiment, and the identity authentication method of the communication device may include the following steps:

step S101, obtaining identification information of communication equipment to be authenticated; and inquiring the public key matched with the identification information from the public key library according to the identification information.

Wherein, the communication device to be authenticated refers to a device for establishing a communication connection with the authentication terminal 200 and accessing the data information stored by the authentication terminal 200, may include devices such as the tablet computer 110, the personal digital assistant 120, the smart phone 130 or the electronic key device for data encryption shown in fig. 1, the identification information of the communication device refers to the identification information that is distributed for the communication device authorization in advance, for uniquely identifying the communication device, a public-private key pair for authentication of the communication device may be assigned to the authorized communication device through the authentication terminal 200, and the public key of the communication device may be stored in a public key repository of the authentication terminal 200, the public key library may record public keys of a plurality of authorized communication devices, the public key of each communication device may correspond to the allocated identification information one to one, and a corresponding public key may be extracted from the public key library of the authentication terminal 200 according to the identification information of the communication device to be authenticated.

Before the communication device 100 accesses the data information stored in the authentication terminal 200, the authentication terminal 200 authenticates the identity of the communication device 100, the authentication terminal 200 may obtain the identification information of the communication device 100 to be authenticated, and obtain the public key matched with the identification information from a locally pre-stored public key library according to the identification information, for example, the authentication terminal 200 may retrieve the public key corresponding to the identification information from the public key library according to the identification information.

Step S102, generating an authentication message, and encrypting the authentication message by using the public key to obtain an encrypted message.

In this step, the authentication terminal 200 generates an authentication message after acquiring the public key matched with the identification information of the communication device to be authenticated, which is mainly used for authenticating the identity of the communication device, and in order to ensure the accuracy and security of the identity authentication, the authentication message may be a random number generated by the authentication terminal 200. The authentication terminal 200 encrypts the generated authentication message by using the acquired public key matched with the identification information of the communication device to obtain an encrypted message, and since the encrypted message is encrypted by the public key allocated to the communication device, only the device having the privacy matched with the public key can decrypt the encrypted message, and other devices cannot decrypt the encrypted message without knowing the privacy matched with the public key, thereby ensuring the security in the identity authentication process of the communication device.

Step S103, the encrypted message is sent to the communication device.

In this step, the authentication terminal 200 sends the encrypted message to the communication device 100 to be authenticated, so that the communication device 100 decrypts the encrypted message by using a local pre-stored private key to obtain a decrypted message; the local pre-stored private key of the communication device 100 is a private key which is allocated to be paired with a public key when the communication device 100 is authorized, and the communication device 100 can decrypt the message encrypted by the public key paired with the private key of the authentication terminal 200 by using the private key to obtain accurate decryption information, however, when the illegal device receives the encrypted message of the authentication terminal 200, the private key which is locally stored in the communication device 100 and is paired with the public key cannot be known, the encrypted message cannot be decrypted, and the security of the identity authentication of the communication device is ensured.

And step S104, acquiring the decryption message sent by the communication equipment after decryption.

The authentication terminal 200 mainly obtains the decryption message sent by the communication device 100 after decryption; in order to prevent the decrypted message from being leaked in the information transmission process, the communication device 100 may encrypt the decrypted message with the public key of the authentication terminal 200 and then transmit the encrypted message to the authentication terminal 200, and the authentication terminal 200 may decrypt the decrypted message with the private key of the authentication terminal itself to obtain the decrypted message.

And step S105, authenticating the identity of the communication equipment according to the decryption message and the authentication message.

The present step is mainly that the authentication terminal 200 authenticates the identity of the communication device 100 according to the generated authentication message and the decrypted message after receiving the decrypted message obtained by the decryption of the communication device 100. Generally, only the authorized communication device can correctly decrypt the encrypted message of the authentication terminal 200, and therefore, the authentication message and the decrypted message can be compared, and whether or not the communication device 100 is a valid communication device can be determined based on the result of the comparison.

For example, the authentication message and the decryption message may be compared, and if the authentication message is the same as the decryption message, the communication device 100 is authenticated as a valid communication device, and if the authentication message is not the same as the decryption message, the communication device 100 is determined as an invalid communication device. It should be noted that the authentication message and the decryption message are the same, and the authentication message and the decryption message are not limited to information or data that is the same as the authentication message and the decryption message, and may be determined to belong to the same message according to a certain specific rule.

The identity authentication method of the communication device in the above embodiment obtains the identification information of the communication device to be authenticated, queries the public key matched with the identification information from the public key library according to the identification information, encrypts the generated authentication message by using the public key to obtain the encrypted message, feeds the encrypted message back to the communication device to trigger the communication device to decrypt the encrypted message by using the locally pre-stored private key, receives the decrypted message sent by the communication device after decrypting, and authenticates the identity of the communication device according to the decrypted message and the authentication message, the method can accurately identify whether the accessed communication device is a legal communication device, avoids the defect that the identity of the communication device is difficult to be accurately authenticated by the traditional method of account password, improves the communication security, and after the communication device is determined to be the legally accessed communication device, the host for identity authentication can open the stored data information to the communication device for access, the user can further edit, transmit or encrypt the stored information data through the legal communication device.

In one embodiment, the method further comprises the following steps:

acquiring a public key of the communication equipment; carrying out Hash operation on the public key through a Hash algorithm to generate a public key Hash value of the communication equipment; the public key hash value is set as identification information of the communication device.

The embodiment mainly sets the identification information of the communication device by using the public key of the communication device before the identity authentication of the communication device 100. Public and private key pairs can be pre-allocated to the communication devices 100 through the authentication terminal 200, and are mainly used for performing authorization authentication on each communication device 100, the authentication terminal 200 performs hash operation on the public key allocated to each communication device 100 through a hash algorithm to generate a public key hash value corresponding to each communication device 100, and the public key hash value is set as identification information of the corresponding communication device.

The public key of the communication device 100 can be greatly shortened to 24-bit characters by the authentication terminal 200 using a hash algorithm, for example. Since the identification information of the communication device is obtained by performing hash operation on the public key, that is, the identification information is a hash value of the public key of the communication device, and the hash value is a data value of a fixed length obtained by transforming a segment of source data of any length by using a hash algorithm, and the hash value corresponding to the source data changes even when the source data changes by 1 bit, the technical solution of this embodiment sets the hash value of the public key of the communication device as the identification information of the communication device 100, so that after the authentication terminal 200 acquires the identification information, the corresponding public key is searched from the public key library by using the hash value of the public key of the communication device as an index, and the accuracy of acquiring the public key of the communication device 100 is improved while the public key of the communication device 100 is not deleted and changed, and it is possible to prevent any hacker communication device from being counterfeited when the communication device is linked to the authentication terminal 200 via WiFi or bluetooth, malicious software attack when the USB is linked to the authentication terminal 200 can be effectively avoided, the hash value of the public key of the communication equipment can be published, and as the fake communication equipment cannot know the private key of the legal communication equipment 100, even if a hacker knows the hash value of the public key of the communication equipment, pairing of the authentication information cannot be completed, so that the security of identity authentication of the communication equipment is further ensured.

In one embodiment, the method may further include the steps of:

randomly generating a seed key through a quantum computer; a public key of the communication device and a private key paired with the public key are generated using the seed key.

In this embodiment, a public-private key pair is mainly generated for each communication device 100 by a quantum computer, and the authentication terminal 200 may randomly generate a seed key for the communication device 100 by the quantum computer, and generate the public-private key pair by the seed key, that is, generate a public key of the communication device 100 and a private key paired with the public key. In this embodiment, the random number generated by the quantum technology is a true random number, and the random number has a high degree of randomness and is irregular, so that the public and private key pair of the communication device 100 is generated by using the random number as a seed key, the uniqueness of the key pair is ensured, and compared with a security authentication system using a pseudo random number generator, the security of the identity authentication of the communication device 100 accessing to the authentication terminal 200 can be further improved.

In one embodiment, the method further comprises the following steps:

a private key of a communication device is stored in a secure chip of the communication device.

In this embodiment, after the authentication terminal 200 generates the corresponding private key for each communication device 100, the private key is stored in the security chip of each communication device 100, the security chip is provided with an independent storage unit and is mainly used for storing the private key, because the private key is stored in the security chip, that is, the private key of the communication device 100 is firmly stored in the security chip of the communication device 100 and does not leave the communication device 100, and the private key stored in the security chip is encrypted, the technical solution of this embodiment can effectively prevent a hacker from performing reverse engineering to break the private key of the communication device 100 after obtaining the communication device 100, and further improves the security of the identity authentication of the communication device 100 accessing the authentication terminal 200.

In one embodiment, the step of acquiring the identification information of the communication device to be authenticated in step S101 may further include:

and acquiring identification information arranged on the communication equipment to be authenticated and setting the identification information as the identification information of the communication equipment.

In this embodiment, the identification information of the communication device 100 to be authenticated may be engraved on a surface of the communication device 100, such as a surface of a housing, the holding user of the communication device 100 may input the identification information of the housing surface of the communication device 100 provided on the authentication terminal 200 through an input device of the authentication terminal 200, such as a keyboard, and the authentication terminal 200 may receive the input identification information of the housing surface of the communication device 100 and set the identification information as the identification information of the communication device.

The authentication terminal 200 of this embodiment can acquire the identification information, which is held by the communication device 100 and is input by the user and disposed on the surface of the housing of the communication device 100, where the identification information may be a public key of the communication device 100, and the number of characters of the public key is generally large, so that the hash value of the public key of the communication device 100 may also be set as the identification information to shorten the number of characters input by the user.

and receiving the identification information stored in the chip of the communication equipment and sent by the communication equipment to be authenticated, and setting the identification information as the identification information of the communication equipment.

The embodiment mainly includes that the authentication terminal 200 acquires the identification information sent by the communication device 100, where the identification information is identification information stored in a chip of the communication device 100, and the embodiment stores the identification information of the communication device 100 in the chip, so that a hacker can be effectively prevented from easily acquiring the identification information of the communication device 100, and the security of identity authentication is further improved. Moreover, the identification information stored in the chip of the communication device 100 is usually the public key of the communication device 100 or the hash value of the public key corresponding to the public key, so even if a hacker acquires the identification information of the communication device 100, the hacker cannot complete the pairing of the authentication message with the authentication terminal 200, and the identity authentication security of the communication device 100 accessing the authentication terminal 200 is ensured.

acquiring first identification information arranged on communication equipment to be authenticated; receiving second identification information sent by the communication equipment to be authenticated; comparing the first identification information with the second identification information; and if the first identification information is the same as the second identification information, the first identification information or the second identification information is authenticated to be set as identification information.

The present embodiment mainly includes that the authentication terminal 200 acquires first identification information provided on the communication device 100 to be authenticated and second identification information sent by the communication device 100, compares the first identification information with the second identification information, and determines the identification information of the communication device 100 according to a comparison result.

The first identification information may be identification information provided on a surface of a housing of the communication device 100, the second identification information may be identification information stored in a chip of the communication device, and both the first identification information and the second identification information may be a public key of the communication device 100 or a hash value of the public key corresponding to the public key.

In this embodiment, the authentication terminal 200 may receive first identification information, which is input by a user and is located on a surface of a housing of the communication device 100, may further obtain second identification information, which is stored in a chip of the communication device 100 and sent by the communication device 100, compare the first identification information with the second identification information, and if the first identification information is the same as the second identification information, set the first identification information or the second identification information as the identification information of the communication device 100, where it should be noted that the first identification information is the same as the second identification information, and the first identification information and the second identification information are not limited to being information or data that is completely the same, and it is only necessary to determine that the first identification information and the second identification information belong to the same identification information according to a certain specific rule.

In the technical scheme of this embodiment, the identification information of the communication device 100 is secondarily authenticated through the first identification information and the second identification information, and under the condition that the first identification information is matched with the second identification information, the first identification information or the second identification information is set as the identification information of the communication device 100, so that the defect that the identification information of the communication device 100 is tampered to cause the security of the authentication system is avoided, and the security and the accuracy of the identity authentication of the communication device 100 are further ensured.

In one embodiment, before the step of acquiring the identification information of the communication device to be authenticated in step S101, the method may further include:

The present embodiment mainly performs validity authentication on the identity of the communication device 100 to be authenticated at the authentication terminal 200, establishes a communication connection with the communication device 100, and is used for performing preliminary data information interaction with the communication device 100, where the data information refers to data information required when performing validity authentication on the identity of the communication device 100, for example, identification information of the communication device 100.

In this embodiment, the communication device 100 may include a personal computer, a tablet computer, a smart phone, and an electronic key device for data encryption, wherein the personal computer, the tablet computer, or the smart phone generally establishes a communication connection with the authentication terminal 200 through a wireless communication connection manner such as WiFi or bluetooth, and the electronic key device generally performs a communication connection with the authentication terminal 200 through a USB interface.

According to the technical scheme of the embodiment, the authentication terminal 200 can establish communication connection with the communication device 100 to be authenticated through communication modes such as WiFi, bluetooth or USB, that is, the authentication terminal 200 can authenticate the identity of the communication device 100 through communication modes such as WiFi, bluetooth or USB, and when the communication device 100 establishes communication connection with the authentication terminal 200 through communication modes such as WiFi, bluetooth or USB, the security of the data information of the authentication terminal 200 can be ensured, so that the applicability is wide.

In an embodiment, an identity authentication apparatus of a communication device is provided, referring to fig. 3, fig. 3 is a block diagram of a structure of the identity authentication apparatus of the communication device in an embodiment, and the identity authentication apparatus of the communication device may include: a public key query module 101, an encryption module 102, a first sending module 103, an acquisition module 104 and a first authentication module 105; wherein,

a public key query module 101, configured to obtain identification information of a communication device to be authenticated; inquiring a public key matched with the identification information from a public key library according to the identification information;

the encryption module 102 is configured to generate an authentication message, and encrypt the authentication message by using a public key to obtain an encrypted message;

a first sending module 103, configured to send the encrypted message to the communication device, and configured to trigger the communication device to decrypt the encrypted message by using a local pre-stored private key;

an obtaining module 104, configured to obtain a decryption message sent by the communication device after decryption;

and a first authentication module 105, configured to authenticate the communication device according to the decrypted message and the authentication message.

The identity authentication device of the communication equipment in the embodiment enables the authentication terminal to accurately identify whether the accessed communication equipment is legal communication equipment, avoids the defect that the identity of the communication equipment is difficult to accurately authenticate in the traditional mode of an account password, improves the communication security, and after the communication equipment is determined to be the legal access communication equipment, the authentication terminal for identity authentication can open the stored data information to the communication equipment for access, and a user can further edit, transmit or encrypt the stored information data through the legal communication equipment.

In one embodiment, the identity authentication apparatus of a communication device further includes:

a public key obtaining unit, configured to obtain a public key of the communication device; the Hash operation unit is used for carrying out Hash operation on the public key through a Hash algorithm to generate a public key Hash value of the communication equipment; and the identification setting unit is used for setting the public key hash value as the identification information of the communication equipment.

the seed generation unit is used for randomly generating a seed key through a quantum computer; and the public and private key generating unit is used for generating a public key of the communication equipment and a private key matched with the public key by using the seed key.

and the private key storage unit is used for storing the private key of the communication equipment in a security chip of the communication equipment.

In one embodiment, the public key query module 101 is further configured to:

and receiving the identification information stored in the chip of the communication equipment and sent by the communication equipment to be authenticated and setting the identification information as the identification information of the communication equipment.

In one embodiment, the public key query module 101 is further configured to:

acquiring first identification information arranged on communication equipment to be authenticated; receiving second identification information sent by the communication equipment to be authenticated; wherein the second identification information is stored in a chip of the communication device; comparing the first identification information with the second identification information; and if the first identification information is the same as the second identification information, the first identification information or the second identification information is authenticated to be set as identification information.

and the communication connection unit is used for establishing communication connection with the communication equipment to be authenticated in a WiFi, Bluetooth or USB communication mode.

In one embodiment, the first authentication module 105 is further configured to:

comparing the decrypted message with the authentication message; if the decryption message is the same as the authentication message, authenticating the communication equipment as legal communication equipment; otherwise, the communication equipment is judged to be illegal communication equipment.

For specific limitations of the identity authentication apparatus of the communication device, reference may be made to the above limitations of the identity authentication method of the communication device, and technical features and advantages thereof described in the above embodiments of the identity authentication method of the communication device are all applicable to the embodiments of the identity authentication system of the communication device, and are not described herein again. The modules in the identity authentication device of the communication equipment can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.

In an embodiment, an identity authentication method of a communication device is further provided, which is described below as being applied to the communication device 100 shown in fig. 1, with reference to fig. 4, where fig. 4 is a schematic flow chart of an identity authentication method of a communication device in another embodiment, where the identity authentication method of a communication device may include the following steps:

s401, sending identification information of the local communication equipment to the authentication terminal, and triggering the authentication terminal to inquire a public key matched with the identification information from a public key library; and generating an authentication message, and encrypting the authentication message by using the public key to obtain an encrypted message.

In this step, the communication device 100 can transmit the identification information of the local communication device, i.e., the communication device 100 itself, to the authentication terminal 200; the communication device 100 may be a device to be authenticated, which is used to establish a communication connection with the authentication terminal 200 and access data information stored in the authentication terminal 200, and may include devices such as a tablet computer 110, a personal digital assistant 120, a smart phone 130, or an electronic key device used for data encryption shown in fig. 1, where the identification information of the communication device 100 itself is identification information that is pre-authorized and allocated for the communication device 100, and is used for the authentication terminal 200 to uniquely identify the communication device 100.

The device manufacturer of the communication device 100 may allocate a public-private key pair for performing identity authentication on the authorized communication device 100 to the authorized communication device 100, where the public-private key pair may be stored in a public key library of the authentication terminal 200, the public key library of the authentication terminal 200 may record public keys of a plurality of authorized communication devices, the public key of each communication device 100 may correspond to the allocated identification information one to one, and the communication device 100 sends its own identification information to the authentication terminal 200, and triggers the authentication terminal 200 to extract a public key matching the identification information from the public key library. For example, the authentication terminal 200 may be triggered to index a public key corresponding to the identification information from a public key repository according to the identification information of the communication device 100.

After acquiring the public key matched with the identification information of the communication device 100, the authentication terminal 200 may generate an authentication message, where the authentication message is mainly used to authenticate the identity of the communication device 100, and in order to ensure the accuracy and security of identity authentication, the authentication message may be a random number generated by the authentication terminal 200.

The authentication terminal 200 encrypts the generated authentication message by using the acquired public key matching the identification information of the communication device 100 to obtain an encrypted message, and since the encrypted message is encrypted by the public key allocated to the communication device 100, only the device having the privacy matching the public key can correctly decrypt the encrypted message, and other devices cannot decrypt the encrypted message without knowing the privacy matching the public key, thereby ensuring the security in the authentication process of the communication device 100.

S402, receiving the encrypted message sent by the authentication terminal.

In this step, the communication device 100 may receive the encrypted message sent by the authentication terminal 200 in a communication manner such as WiFi, bluetooth, or USB.

And S403, decrypting the encrypted message by using a local pre-stored private key to obtain a decrypted message.

After the communication device 100 receives the encrypted message sent by the authentication terminal 200, the communication device 100 may decrypt the encrypted message by using a locally pre-stored private key to obtain a decrypted message, where the locally pre-stored private key of the communication device 100 refers to a private key paired with a public key that is allocated when a device manufacturer of the communication device 100 performs device authorization on the communication device 100, and the communication device 100 can correctly decrypt the message encrypted by the authentication terminal 200 through the public key paired with the private key by using the private key to obtain accurate decrypted information, however, when an illegal device receives the encrypted message of the authentication terminal 200, the private key locally stored in the communication device 100 paired with the public key cannot be known, and thus the encrypted message cannot be decrypted, and the security of identity authentication of the communication device is ensured.

S404, the decryption message is sent to the authentication terminal, and the authentication terminal is triggered to perform identity authentication on the local communication equipment according to the decryption message and the authentication message.

The present step is mainly that the communication device 100 sends the decrypted message to the authentication terminal 200, in order to prevent the decrypted message from leaking in the information transmission process, the communication device 100 may encrypt the decrypted message by using the public key of the authentication terminal 200 and then send the encrypted message to the authentication terminal 200, after the authentication terminal 200 obtains the decrypted message, the decrypted message may be obtained by using the private key of the authentication terminal 200 to decrypt, the authentication terminal 200 may authenticate the identity of the communication device 100 according to the generated authentication message and the decrypted message, generally, because only the communication device authorized legally can correctly decrypt the encrypted message of the authentication terminal 200, the authentication terminal 200 may compare the authentication message with the decrypted message, and determine whether the communication device 100 is a legal communication device according to the comparison result.

For example, the authentication terminal 200 may compare the authentication message with the decryption message, and if the authentication message is the same as the decryption message, the authentication terminal 200 authenticates the communication device 100 as a legitimate communication device, and if the authentication message is not the same as the decryption message, the authentication terminal 200 determines that the communication device 100 is an illegitimate communication device. It should be noted that the authentication message and the decryption message are the same, and the authentication message and the decryption message are not limited to information or data that is the same as the authentication message and the decryption message, and may be determined to belong to the same message according to a certain specific rule.

The identity authentication method of the communication device in the above embodiment, sending the identification information of the local communication device to the authentication terminal, triggering the authentication terminal to query the public key matched with the identification information from the public key library, and encrypting the authentication message by using the public key to obtain the encrypted message, receiving the encrypted message and decrypting the encrypted message by using the local pre-stored private key, sending the decrypted message to the authentication terminal to trigger the authentication terminal to perform the identity authentication on the local communication device according to the decrypted message and the authentication message, so that the authentication terminal can accurately identify whether the accessed local communication device is a legal communication device, thereby avoiding the defect that the identity of the communication device is difficult to be accurately authenticated by the traditional method of account number password, improving the communication security, and after determining that the local communication device is a legally accessed communication device, the authentication terminal for identity authentication can open the stored data information to the local communication equipment for access, and the user can further edit, transmit or encrypt the stored information data through the legal communication equipment.

In one embodiment, the method may further include the steps of:

acquiring a public key of local communication equipment; carrying out Hash operation on the public key through a Hash algorithm to generate a public key Hash value of the local communication equipment; and setting the public key hash value as the identification information of the local communication equipment.

In this embodiment, before the authentication terminal 200 performs identity authentication on the communication device 100, the communication device 100 sets identification information using a public key of a local communication device, that is, the communication device 100 itself.

Public and private key pairs may be allocated to the plurality of communication devices 100 in advance by the device manufacturer of the communication device 100, and are mainly used to perform authorization authentication on each communication device 100, perform hash operation on the public key allocated to each communication device 100 by using a hash algorithm, generate a public key hash value corresponding to each communication device 100, and set the public key hash value as identification information of the corresponding communication device 100.

For example, a device manufacturer of the communication device 100 may use a hashing algorithm to substantially shorten the public key of the communication device 100 to 24-bit characters. Since the identification information of the communication device is obtained by performing a hash operation on the public key, that is, the identification information is a hash value of the public key of the communication device, and the hash value is a data value of a fixed length obtained by converting a piece of source data of an arbitrary length by using a hash algorithm, the hash value corresponding to the source data changes even if the source data changes by 1 bit.

The technical solution of the present embodiment sets the hash value of the communication device public key as the identification information of the communication device 100, after the authentication terminal 200 acquires the identification information, the corresponding public key is searched from the public key library by using the hash value of the public key of the communication device as an index, the accuracy of obtaining the public key of the communication device 100 is improved while ensuring that the public key of the communication device 100 is not deleted, any communication device of a hacker is prevented from being counterfeited as a legal communication device when being linked to the authentication terminal 200 through WiFi or bluetooth, malicious software attack when the USB is linked to the authentication terminal 200 can be effectively avoided, and the hash value of the communication device public key can be disclosed, since a counterfeit communication device cannot know the private key of the legitimate communication device 100, even if a hacker knows the hash value of the public key of the communication device, the pairing of the authentication message cannot be completed, so that the security of identity authentication of the communication device is further ensured.

In one embodiment, the method may further include the steps of:

In this embodiment, a quantum computer is mainly used to generate a public-private key pair for each communication device 100, and a device manufacturer of the communication device 100 may randomly generate a seed key for the communication device 100 through the quantum computer, and generate the public-private key pair through the seed key, that is, generate a public key of the communication device 100 and a private key paired with the public key.

In the scheme of this embodiment, the random number generated by the quantum technology is a true random number, and the random number has a high degree of randomness, which is irregular, so that the public-private key pair of the communication device 100 is generated by using the random number as a seed key, the uniqueness of the key pair is ensured, and compared with a security authentication system using a pseudo random number generator, the security of the identity authentication of the communication device 100 accessed to the authentication terminal 200 can be further improved.

The present embodiment is mainly that the communication device 100 stores its own private key in the security chip of the communication device. The present embodiment may generate a corresponding private key for each communication device 100, and store the private key in a security chip of each communication device 100, where the security chip is provided with an independent storage unit and is mainly used for storing the private key, and because the private key is stored in the security chip, that is, the private key of the communication device 100 is firmly stored in the security chip of the communication device 100 and does not leave the communication device 100, and the private key stored in the security chip is encrypted, the technical solution of the present embodiment can effectively prevent a hacker from performing reverse engineering to break the private key of the communication device 100 after obtaining the communication device 100, and further improve the security of the identity authentication of the communication device 100 accessing the authentication terminal 200.

In one embodiment, the identification information further includes identification information provided on the local communication device or identification information stored in a chip of the local communication device.

In this embodiment, the identification information of the communication device 100 itself may be engraved on a surface of the communication device 100, such as a housing surface.

The holding user of the communication device 100 can input the identification information of the set housing surface of the communication device 100 into the authentication terminal 200 through an input device such as a keyboard of the authentication terminal 200, and the authentication terminal 200 can receive the input identification information of the housing surface of the communication device 100 and set the identification information as the identification information of the communication device.

The authentication terminal 200 may acquire identification information, which is provided on the surface of the housing of the communication device 100 and is input by the user, of the communication device 100, where the identification information may be a public key of the communication device 100, and the number of characters of the public key is generally large, so that the hash value of the public key of the communication device 100 may also be set as the identification information to shorten the number of characters input by the user, and this scheme may improve authentication efficiency while ensuring security of identity authentication for the communication device 100.

In this embodiment, the identification information of the communication device 100 itself may also be identification information stored in a chip of the local communication device.

The authentication terminal 200 obtains the identification information sent by the communication device 100, wherein the identification information is the identification information stored in the chip of the communication device 100, and the scheme stores the identification information of the communication device 100 in the chip, so that a hacker can be effectively prevented from easily obtaining the identification information of the communication device 100, and the security of identity authentication is further improved, and compared with a technical means of manually inputting the identification information into the authentication terminal 200, the scheme also improves the authentication efficiency. Moreover, the identification information stored in the chip of the communication device 100 is usually the public key of the communication device 100 or the hash value of the public key corresponding to the public key, so even if a hacker acquires the identification information of the communication device 100, the hacker cannot complete the pairing of the authentication message with the authentication terminal 200, and the identity authentication security of the communication device 100 accessing the authentication terminal 200 is ensured.

the step of sending the identification information of the local communication device to the authentication terminal in step S101 may include:

sending the first identification information and the second identification information to the authentication terminal for triggering the authentication terminal to compare the first identification information with the second identification information; and if the first identification information is the same as the second identification information, setting the first identification information or the second identification information as the identification information of the local communication equipment.

In this embodiment, the first identification information may be identification information provided on a surface of a housing of the communication device 100, the second identification information may be identification information stored in a chip of the communication device, and both the first identification information and the second identification information may be a public key of the communication device 100 or a hash value of the public key corresponding to the public key.

In this embodiment, a holding user of the communication device 100 may send the first identification information and the second identification information to the authentication terminal 200 through an input device of the authentication terminal 200, the authentication terminal 200 may receive the first identification information and the second identification information, compare the first identification information with the second identification information, if the first identification information is the same as the second identification information, set the first identification information or the second identification information as the identification information of the communication device 100, it should be noted that the first identification information is the same as the second identification information, and it is not limited that the first identification information and the second identification information belong to the same information or data, and it is only required to determine that the first identification information and the second identification information belong to the same identification information according to a certain specific rule.

According to the technical scheme of the embodiment, the communication device 100 sends the first identification information and the second identification information to the authentication terminal 200 to trigger the authentication terminal 200 to perform secondary authentication on the identification information of the communication device 100, and under the condition that the first identification information is matched with the second identification information, the first identification information or the second identification information is set as the identification information of the communication device 100, so that the defect that the identification information of the communication device 100 is tampered to cause the security of an authentication system is avoided, and the security and the accuracy of identity authentication on the communication device 100 are further ensured.

In one embodiment, before sending the identification information of the local communication device to the authentication terminal in step S101, the method may include:

The present embodiment is mainly configured to establish a communication connection with the authentication terminal 200 before the communication device 100 accesses the data information of the authentication terminal 200, so as to perform preliminary data information interaction with the authentication terminal 200, where the data information refers to data information required when the authentication terminal 200 performs validity authentication on the identity of the communication device 100, such as identification information of the communication device 100.

In an embodiment, an identity authentication apparatus of a communication device is provided, referring to fig. 5, fig. 5 is a block diagram of a structure of the identity authentication apparatus of the communication device in another embodiment, and the identity authentication apparatus of the communication device may include: a second sending module 401, a receiving module 402, a decryption module 403 and a second authentication module 404; wherein,

a second sending module 401, configured to send identification information of the local communication device to the authentication terminal, and configured to trigger the authentication terminal to query, from the public key library, a public key matched with the identification information; generating an authentication message, and encrypting the authentication message by using a public key to obtain an encrypted message;

a receiving module 402, configured to receive an encrypted message sent by an authentication terminal;

a decryption module 403, configured to decrypt the encrypted message by using a locally pre-stored private key to obtain a decrypted message;

and the second authentication module 404 is configured to send the decryption message to the authentication terminal, and is configured to trigger the authentication terminal to perform identity authentication on the local communication device according to the decryption message and the authentication message.

In one embodiment, the identity authentication apparatus of a communication device may further include:

the public key acquisition module is used for acquiring a public key of the local communication equipment; the hash operation module is used for carrying out hash operation on the public key through a hash algorithm to generate a public key hash value of the local communication equipment; and the identification setting module is used for setting the public key hash value as the identification information of the local communication equipment.

the seed generation module is used for randomly generating a seed key through a quantum computer; and the public and private key generation module is used for generating a public key of the communication equipment and a private key matched with the public key by using the seed key.

In one embodiment, the locally pre-stored private key is a private key stored in a secure chip of the local communication device.

In one embodiment, the identification information includes first identification information provided on the local communication device and second identification information stored in a chip of the local communication device.

The second sending module 401 is further configured to: sending the first identification information and the second identification information to the authentication terminal for triggering the authentication terminal to compare the first identification information with the second identification information; and if the first identification information is the same as the second identification information, setting the first identification information or the second identification information as the identification information of the local communication equipment.

and the communication connection module is used for establishing communication connection with the authentication terminal through a WiFi, Bluetooth or USB communication mode.

In one embodiment, the decryption message is further for: triggering the authentication terminal to compare the decryption message with the authentication message; if the decryption message is the same as the authentication message, authenticating the local communication equipment as legal communication equipment; otherwise, the local communication equipment is judged to be illegal communication equipment.

The identity authentication method of the communication equipment provided by the embodiment of the invention can be applied to the following application scenes, so that the communication safety of the equipment can be ensured in each scene.

In practical application, each device is configured with a public key and a private key paired with the public key, and data encrypted by the public key can be decrypted only by the paired private key. Assuming that the device a and the device B need to communicate, the device a and the device B may respectively give their respective public keys to each other, that is, the device a sends the public key a to the device B, and the device B sends the public key B to the device B. When both the device a and the device B receive the public key of the other party, it needs to first confirm whether the public key is the public key of the other party, that is, the device a needs to confirm whether the received public key is the public key B, the device B needs to confirm whether the received public key is the public key a, and once the received public key is confirmed to be the public key of the other party, the device a can communicate with the other party through the public key encryption information.

The process of determining whether the received public key is a legal public key may correspond to a process of authenticating a device that transmits the public key, and the authentication process will be described in detail by taking the authentication of the received public key by device a as an example:

the device a may obtain identification information of the device B sent by the device to be authenticated, where the identification information may be a public key hash value set on a shell surface of the device B, and the device a may query a matched public key B from a local public key library according to the public key hash value and generate a complicated authentication message, encrypt the authentication message using the public key B to obtain an encrypted message, and then send the encrypted message to the device to be authenticated. At this time, assuming that the device to be authenticated is device B, device B can decrypt the encrypted message through its private key B to obtain a decrypted message, and send the decrypted message to device a, so that device a completes authentication. However, if the device to be authenticated is the hacking device H and the public key hash value of the device B is sent to the device a, since the hacking device H does not have the private key B of the device B, the hacking device H cannot correctly decrypt the encrypted message, and thus cannot obtain the authentication information, and cannot complete the authentication, the device a cannot perform any data communication with the hacking device H, and the hacking device H cannot eavesdrop any information sent by the device a, thereby ensuring the communication security.

In addition, the hacker device H may also send its own public key H to the device a and the device B, but both the device a and the device B may discover that the public key H is not a public key of the trusted device in a similar manner, that is, the device a may discover that the public key H is not a public key of the device B, and the device B may discover that the public key H is not a public key of the device a, so that no data communication occurs with the hacker device H, thereby ensuring the security of communication.

In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 6. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing data required in the processing flow of the identity authentication method of the communication device. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement the method of authenticating an identity of a communication device as described in any of the embodiments above.

In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 7. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of identity authentication of a communication device. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.

In one embodiment, an electronic key device is provided, the internal structure of which can be as shown in fig. 8, and the electronic key device comprises a processor, a memory and a communication interface which are connected through a system bus. The processor of the electronic key device is used for providing calculation and control capabilities, the memory of the electronic key device comprises a nonvolatile storage medium and an internal memory, the nonvolatile storage medium stores a computer program, the internal memory provides an environment for running the computer program in the nonvolatile storage medium, and the communication interface of the electronic key device is used for being in communication connection with an external terminal. The computer program is executed by a processor to implement a method of identity authentication of a communication device.

It will be appreciated by those skilled in the art that the configurations shown in fig. 6 to 8 are only block diagrams of partial configurations relevant to the inventive arrangements, and do not constitute a limitation on the applications of the inventive arrangements to the above-described devices, and a particular device may include more or less components than those shown in the figures, or some components may be combined, or have a different arrangement of components.

In one embodiment, a computer device is provided, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:

acquiring identification information of communication equipment to be authenticated; inquiring a public key matched with the identification information from a public key library according to the identification information; generating an authentication message, and encrypting the authentication message by using the public key to obtain an encrypted message; sending the encrypted message to the communication device; acquiring a decryption message sent by the communication equipment after decryption; and authenticating the identity of the communication equipment according to the decryption message and the authentication message.

In one embodiment, the processor, when executing the computer program, further performs the steps of:

In one embodiment, an electronic key device is provided that can be used to encrypt data, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:

sending identification information of the local communication equipment to the authentication terminal, wherein the identification information is used for triggering the authentication terminal to inquire a public key matched with the identification information from a public key library; generating an authentication message, and encrypting the authentication message by using a public key to obtain an encrypted message; receiving an encrypted message sent by an authentication terminal; decrypting the encrypted message by using a private key prestored locally to obtain a decrypted message; and sending the decryption message to the authentication terminal for triggering the authentication terminal to carry out identity authentication on the local communication equipment according to the decryption message and the authentication message.

The computer device and the electronic key device of the embodiment enable the authentication terminal to accurately identify whether an accessed communication device such as an electronic key device is a legal communication device, avoid the defect that the identity of the communication device is difficult to be accurately authenticated through a traditional mode of an account password, improve the communication security, and after the communication device is determined to be the legal access communication device, the authentication terminal for identity authentication can open the stored data information to the communication device for access, and a user can further edit, transmit or encrypt the stored information data through the legal communication device.

In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:

In one embodiment, the computer program when executed by the processor further performs the steps of:

The computer-readable storage medium of the above embodiment enables the authentication terminal to accurately identify whether the accessed communication device is a legal communication device, thereby avoiding the defect that it is difficult to accurately authenticate the identity of the communication device in the traditional manner of an account password, improving the communication security, and after determining that the communication device is a legal access communication device, the authentication terminal for identity authentication can open the stored data information to the communication device for access, and the user can further edit, transmit or encrypt the stored information data through the legal communication device.

In an embodiment, an identity authentication system of a communication device is provided, referring to fig. 9, where fig. 9 is a schematic structural diagram of the identity authentication system of the communication device in an embodiment, and the identity authentication system of the communication device may include: the computer device 300 according to any one of the above embodiments, and the electronic key device 400 according to any one of the above embodiments; wherein, a user can establish a communication connection with the computer device 300 through the electronic key device 400, the computer device 300 and the electronic key device 400 execute the identity authentication method of the communication device according to any one of the above embodiments, so that the computer device 300 authenticates the identity of the accessed electronic key device 400, and one of the working principles of the identity authentication system of the communication device is described in detail below:

a holding user of the electronic key device 400 can input first identification information engraved on the surface of the shell of the electronic key device 400, such as a public key hash value of the electronic key device 400, into the computer device 300, the computer device 300 can obtain second identification information stored in a chip of the electronic key device 400, such as a public key hash value of the electronic key device 400, the computer device 300 can compare the first identification information with the second identification information, if the first identification information is the same as the second identification information, the computer device 300 sets the first identification information or the second identification information as the identification information of the electronic key device 400, the computer device 300 can extract a public key of the electronic key device 400 matching the identification information from a locally pre-stored public key library according to the identification information and randomly generate an authentication message, and encrypt the authentication message by using the public key of the electronic key device 400 to obtain an encrypted message, the encrypted message is sent to the electronic key device 400, the electronic key device 400 decrypts the encrypted message by using a locally stored private key paired with the public key to obtain a decrypted message, the decrypted message is fed back to the computer device 300, the computer device 300 compares the decrypted message with the generated authentication message, if the decrypted message is the same as the authentication message, the electronic key device 400 is authenticated as a legal communication device, and the computer device 300 can open the data information stored inside to the electronic key device 400 for access.

In one embodiment, the number of electronic key devices 400 is at least two.

In this embodiment, the local pre-stored private keys of the electronic key devices 400 are the same private key, and this technical solution provides at least two electronic key devices 400 for the user, so as to prevent the situation that the encrypted data cannot be accessed or decrypted due to the loss of the electronic key devices 400 after the user uses the electronic key devices 400 to encrypt the related data, and even if the user loses one of the electronic key devices, the user can access the encrypted data by using the other electronic key devices that are paired, thereby improving the convenience in use.

The identity authentication system of the communication device provided in the above embodiment enables the authentication terminal to accurately identify whether the accessed communication device is a legal communication device, thereby avoiding the defect that it is difficult to accurately authenticate the identity of the communication device in a traditional manner of using an account password, and improving the communication security.

It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, databases, or other media used in embodiments provided herein may include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).

The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.

The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims

1. An identity authentication method of communication equipment is characterized in that the method is applied to an authentication terminal and comprises the following steps:

generating a public key for a communication device and a hash value of the public key; the public key and the hash value of the public key have a corresponding relation;

sending the hash value of the public key to the communication equipment so that the communication equipment takes the hash value of the public key as the identification information of the communication equipment;

when the communication equipment is to be subjected to identity authentication, acquiring first identification information which is input by a user and is arranged on the surface of a shell of the communication equipment, and receiving second identification information sent by the communication equipment; wherein the second identification information is stored in a chip of the communication device;

comparing the first identification information with the second identification information;

if the first identification information is the same as the second identification information, the first identification information or the second identification information is used as a hash value of the public key, and the public key is inquired by using the hash value of the public key and the corresponding relation;

sending the encrypted message to the communication equipment, and triggering the communication equipment to decrypt the encrypted message by using a private key prestored in the communication equipment;

2. The method of claim 1, wherein the hash value of the public key is generated by:

obtaining the public key of the communication device;

and carrying out Hash operation on the public key through a Hash algorithm to generate a Hash value of the public key.

3. An identity authentication method of a communication device, which is applied to the communication device, comprises the following steps:

acquiring a hash value of a public key generated by an authentication terminal, and taking the hash value of the public key as identification information of a home terminal; the public key is generated by the authentication terminal aiming at the local terminal, and the public key and the hash value of the public key have a corresponding relation;

sending first identification information arranged on the surface of a shell of the local terminal and second identification information stored in a chip of the local terminal to the authentication terminal; the first identification information and the second identification information are used for triggering the authentication terminal to determine that the first identification information and the second identification information are the same, then the first identification information or the second identification information is used as a hash value of the public key, and the public key is inquired by using the hash value of the public key and the corresponding relation;

receiving an encrypted message sent by the authentication terminal; the encrypted message is obtained by encrypting the authentication message by the authentication terminal by using the public key after the authentication message is generated;

decrypting the encrypted message by using a private key prestored in the local terminal to obtain a decrypted message;

and sending the decryption message to the authentication terminal for triggering the authentication terminal to carry out identity authentication on the local terminal according to the decryption message and the authentication message.

4. The identity authentication method of claim 3, wherein the hash value of the public key is generated by the authentication terminal performing a hash operation on the public key through a hash algorithm.

5. An identity authentication device of a communication device, which is applied to an authentication terminal, comprises:

the public key inquiry module is used for generating a public key aiming at the communication equipment and a hash value of the public key; sending the hash value of the public key to the communication equipment so that the communication equipment takes the hash value of the public key as the identification information of the communication equipment; when the communication equipment is to be subjected to identity authentication, acquiring first identification information which is input by a user and is arranged on the surface of a shell of the communication equipment, and receiving second identification information sent by the communication equipment; comparing the first identification information with the second identification information; if the first identification information and the second identification information are the same, taking the first identification information or the second identification information as a hash value of the public key, and inquiring the public key by using the hash value and the corresponding relation of the public key; the public key and the hash value of the public key have a corresponding relation; the second identification information is stored in a chip of the communication device;

the first sending module is used for sending the encrypted message to the communication equipment and triggering the communication equipment to decrypt the encrypted message by using a private key prestored in the communication equipment;

6. The apparatus for authenticating identity of a communication device according to claim 5, further comprising:

a public key obtaining unit configured to obtain the public key of the communication device;

and the Hash operation unit is used for carrying out Hash operation on the public key through a Hash algorithm to generate a public key Hash value of the communication equipment.

7. An identity authentication device of a communication device, applied to the communication device, comprising:

the second sending module is used for acquiring the hash value of the public key generated by the authentication terminal and taking the hash value of the public key as the identification information of the terminal; sending first identification information arranged on the surface of a shell of the local terminal and second identification information stored in a chip of the local terminal to the authentication terminal; the public key is generated by the authentication terminal aiming at the local terminal, and the public key and the hash value of the public key have a corresponding relation; the first identification information and the second identification information are used for triggering the authentication terminal to determine that the first identification information and the second identification information are the same, then the first identification information or the second identification information is used as a hash value of the public key, and the public key is inquired by using the hash value of the public key and the corresponding relation;

the receiving module is used for receiving the encrypted message sent by the authentication terminal; the encrypted message is obtained by encrypting the authentication message by the authentication terminal by using the public key after the authentication message is generated;

the decryption module is used for decrypting the encrypted message by using a private key prestored in the local terminal to obtain a decrypted message;

and the second authentication module is used for sending the decryption message to the authentication terminal and triggering the authentication terminal to carry out identity authentication on the home terminal according to the decryption message and the authentication message.

8. The apparatus according to claim 7, wherein the hash value of the public key is generated by the authentication terminal performing a hash operation on the public key through a hash algorithm.

9. A computer arrangement comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor, when executing the computer program, carries out the steps of the method of authentication of a communication device according to any of claims 1 to 2.

10. An electronic key device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the method for authenticating an identity of a communication device according to any one of claims 3 to 4 when executing the computer program.