CN109379335B - Equipment checking method, system and storage medium - Google Patents

Equipment checking method, system and storage medium Download PDF

Info

Publication number
CN109379335B
CN109379335B CN201811072345.2A CN201811072345A CN109379335B CN 109379335 B CN109379335 B CN 109379335B CN 201811072345 A CN201811072345 A CN 201811072345A CN 109379335 B CN109379335 B CN 109379335B
Authority
CN
China
Prior art keywords
quantity signal
test quantity
management platform
portable monitoring
signed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811072345.2A
Other languages
Chinese (zh)
Other versions
CN109379335A (en
Inventor
林凡
成杰
张秋镇
张振华
杨峰
李盛阳
敬代波
周芳华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GCI Science and Technology Co Ltd
Original Assignee
GCI Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GCI Science and Technology Co Ltd filed Critical GCI Science and Technology Co Ltd
Priority to CN201811072345.2A priority Critical patent/CN109379335B/en
Publication of CN109379335A publication Critical patent/CN109379335A/en
Application granted granted Critical
Publication of CN109379335B publication Critical patent/CN109379335B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B17/00Monitoring; Testing
    • H04B17/30Monitoring; Testing of propagation channels
    • H04B17/309Measuring or estimating channel quality parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B17/00Monitoring; Testing
    • H04B17/30Monitoring; Testing of propagation channels
    • H04B17/309Measuring or estimating channel quality parameters
    • H04B17/318Received signal strength
    • H04B17/327Received signal code power [RSCP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B17/00Monitoring; Testing
    • H04B17/30Monitoring; Testing of propagation channels
    • H04B17/309Measuring or estimating channel quality parameters
    • H04B17/336Signal-to-interference ratio [SIR] or carrier-to-interference ratio [CIR]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a device checking method, which comprises the following steps: the management platform performs network layer authentication and physical layer authentication on the portable monitoring equipment according to the received authentication information; the authentication information is stored in a portable monitoring device label and is sent to the management platform through the portable monitoring device; the portable monitoring equipment encrypts and signs the information to be transmitted according to the authentication information and sends the signed information to be transmitted to an authentication server; and the authentication server verifies the signature of the received information to be transmitted so as to complete equipment verification. The equipment verification system disclosed by the invention can effectively solve the problems that the prior art can effectively solve the problems of single verification mode and lower safety in the prior art. The embodiment of the invention also discloses a device checking method and a storage medium.

Description

Equipment checking method, system and storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a device verification method, system, and storage medium.
Background
At present, wearable intelligent equipment is widely applied to the fields of military national defense, environmental monitoring, medical health, industrial and high-risk fields, such as data monitoring, and the application value and scientific research value of the wearable intelligent equipment are highly concerned by countries in the world.
In the prior art, a method for implementing device verification includes: a software update verification method for a vehicle, a mobile device associated with the vehicle for verification of the software update, the mobile device receiving information including an encryption key, the vehicle's software update using the encryption key, providing a user interface requesting a user to verify installation of the software update, providing the encryption key to the vehicle to allow the vehicle to decrypt the update in response to receiving the user's verification; the update authentication server transmits the software update encrypted by the encryption key to the vehicle, and transmits the encryption key to the mobile device in response to the request.
The inventor finds that the following technical problems exist in the prior art in the process of implementing the invention: the device is verified only by the encryption key, resulting in a single verification mode and lower security.
Disclosure of Invention
The embodiment of the invention provides a device checking method, a device checking system and a storage medium, which can effectively solve the problems of single checking mode and low safety in the prior art.
The embodiment of the invention provides an equipment checking method, which comprises the following steps:
the management platform performs network layer authentication and physical layer authentication on the portable monitoring equipment according to the received authentication information; the authentication information is stored in a portable monitoring device tag and is sent to the management platform through the portable monitoring device;
the portable monitoring equipment encrypts and signs the information to be transmitted according to the authentication information and sends the signed information to be transmitted to an authentication server;
and the authentication server verifies the received signature of the information to be transmitted so as to complete equipment verification.
As an improvement of the above, the authentication information includes: one or more combinations of equipment identity authentication parameters, equipment identity certificates, encrypted public keys and encrypted private keys;
the identity authentication parameters and the identity certificate are set according to initial information preset by the authentication server.
As an improvement of the above scheme, the network layer authentication includes the following steps:
the management platform receives a management platform certificate distributed by the authentication server and the identity authentication parameter, the identity certificate and the encrypted public key of the portable equipment label sent by the portable monitoring equipment;
the management platform generates a first test quantity signal according to the current channel parameter, signs the first test quantity signal and generates a first signed test quantity signal; wherein the current channel parameters comprise signal power of the transceiver and noise intensity of the channel;
the management platform sends the one-time signed first test quantity signal and the management platform certificate to the portable monitoring device, so that the portable monitoring device authenticates the received one-time signed first test quantity signal and the management platform certificate;
the portable monitoring device requests an encryption public key and an encryption private key from a portable monitoring device label;
the portable monitoring equipment signs the first test quantity signal with the primary signature through the encrypted public key, generates a first test quantity signal with a secondary signature, and sends the first test quantity signal with the secondary signature to the management platform.
As an improvement of the above scheme, the physical layer authentication includes the following steps:
the management platform generates a second test quantity signal according to the current channel parameter, signs the second test quantity signal and generates a once signed second test quantity signal;
the management platform sending the once signed second test quantity signal to the portable supervisory device to cause the portable supervisory device to authenticate the received once signed second test quantity signal;
the portable monitoring equipment signs the first-signed second test quantity signal according to the encrypted private key to generate a second-signed second test quantity signal;
the portable monitoring equipment sends the secondary signature second test quantity signal and an equipment identity certificate to the management platform;
and the management platform authenticates the secondary signature second test quantity signal and the equipment identity certificate.
As an improvement of the above scheme, the sending, by the management platform, the once signed first test quantity signal to the portable supervisory device specifically includes:
and the management platform continuously sends the same one-time signature first test quantity signal to the portable monitoring equipment.
As an improvement of the above scheme, the sending, by the management platform, the once signed second test quantity signal to the portable supervisory device specifically includes:
and the management platform continuously sends the same one-time signature second test quantity signal to the portable monitoring equipment.
As an improvement of the above scheme, the signing, by the portable monitoring device, of the first signed second test quantity signal according to the encryption private key to generate a second signed second test quantity signal specifically includes:
and the portable monitoring equipment carries out double signature on the primary signature second test quantity signal according to the encryption private key to generate a secondary signature second test quantity signal.
As an improvement of the above scheme, the encrypting and signing, by the portable monitoring device, the information to be transmitted according to the authentication information specifically includes:
extracting the abstract of the information to be transmitted through a Hash function;
encrypting the abstract according to the encryption public key;
and signing the information to be transmitted according to the identity authentication parameters.
Correspondingly, the embodiment of the invention provides an equipment checking system, which comprises portable monitoring equipment, a portable monitoring equipment label, an authentication server and a management platform;
the portable monitoring equipment tag is used for storing authentication information;
the portable monitoring equipment is used for encrypting and signing the information to be transmitted according to the authentication information and sending the signed information to be transmitted to an authentication server;
the management platform is used for carrying out network layer authentication and physical layer authentication on the portable monitoring equipment according to the received authentication information;
and the authentication server is used for verifying the received signature of the information to be transmitted so as to complete equipment verification.
The third embodiment of the present invention provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, and when the computer program runs, a device where the computer-readable storage medium is located is controlled to execute the device verification method according to the third embodiment of the present invention.
Compared with the prior art, the equipment checking method, the equipment checking system and the storage medium provided by the embodiment of the invention have the following beneficial effects:
when the management platform is added into the portable monitoring equipment, the identity of the portable monitoring equipment is verified, and the signature of the transmitted information is verified, so that the expandability and the updating efficiency of equipment verification are improved; multiple identity verification can be automatically realized, and the information safety and reliability performance is greatly improved; the verification safety is improved by combining the certificate, the identity authentication parameters and the secret key for verification; the authentication information is stored in the portable monitoring equipment label and is not easy to be tampered; the stability of the channel in the verification process is ensured by verifying the test quantity signal signature depending on the current channel parameter.
Drawings
Fig. 1 is a schematic flowchart of an apparatus verification method according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of an apparatus verification system according to a second embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a schematic flow chart of an apparatus verification method provided in an embodiment of the present invention includes:
s101, the management platform performs network layer authentication and physical layer authentication on the portable monitoring equipment according to the received authentication information; the authentication information is stored in a portable monitoring device label and is sent to the management platform through the portable monitoring device;
s102, encrypting and signing the information to be transmitted according to the authentication information by the portable monitoring equipment, and sending the signed information to be transmitted to an authentication server;
s103, the authentication server verifies the signature of the received information to be transmitted so as to complete equipment verification.
Further, for step S101, the authentication information includes: one or more combinations of equipment identity authentication parameters, equipment identity certificates, encrypted public keys and encrypted private keys; the identity authentication parameters and the identity certificate are set according to initial information preset by an authentication server.
Preferably, the initial information preset by the authentication server is encrypted and stored in advance in the manufacturing process of the chip to obtain the portable device tag, so that the information in the tag cannot be modified in the normal use process of a user, and the authentication information in the portable device tag is ensured to be difficult to tamper.
Further, for step S101, the network layer authentication includes the following steps: the management platform receives a management platform certificate distributed by the authentication server and an identity authentication parameter, an identity certificate and an encrypted public key of a portable equipment label sent by the portable monitoring equipment; the management platform generates a first test quantity signal according to the current channel parameter, signs the first test quantity signal and generates a first signed test quantity signal; the current channel parameters comprise the signal power of the transceiver and the noise intensity of the channel; the management platform sends the once signed first test quantity signal and the management platform certificate to the portable monitoring equipment, so that the portable monitoring equipment authenticates the received once signed first test quantity signal and the management platform certificate; the portable monitoring equipment requests an encryption public key and an encryption private key from a portable monitoring equipment label; the portable monitoring equipment signs the first test quantity signal of the primary signature through the encryption public key, generates a first test quantity signal of the secondary signature, and sends the first test quantity signal of the secondary signature to the management platform.
Further, for step S101, the physical layer authentication includes the following steps: the management platform generates a second test quantity signal according to the current channel parameter, signs the second test quantity signal and generates a first-signed second test quantity signal; the management platform sends the once signed second test quantity signal to the portable monitoring equipment, so that the portable monitoring equipment authenticates the received once signed second test quantity signal; the portable monitoring equipment signs the first-signed second test quantity signal according to the encryption private key to generate a second-signed second test quantity signal; the portable monitoring equipment sends a secondary signature second test quantity signal and an equipment identity certificate to the management platform; and the management platform authenticates the secondary signature second test quantity signal and the equipment identity certificate.
Further, the management platform sends a signature first test quantity signal to the portable monitoring device, and specifically includes: the management platform continuously sends the same signed first test quantity signal to the portable supervisory device.
Further, the management platform sends a signature second test quantity signal to the portable monitoring device, and specifically includes: the management platform continuously sends the same signed second test quantity signal to the portable supervisory device.
Preferably, in the process, the management platform issues several identical first and second test quantity signals r1, r2, respectively, to the portable supervisory device in succession, depending on the current channel parameters.
The channel parameters comprise the signal power of the transceiver of the system and the noise intensity of the channel, the test signal is set as an impact-imitating signal, and the test signal with extremely short duration and enough signal intensity compared with the noise signal intensity is sent under the hardware condition of the current system. Because of the characteristics of the impulse signal, the signal received by the receiving end is the impulse response. Under the normal use state, the shock response has no drastic change, and once the shock response exceeds the limit range in any attack caused by damage or interference channels, the system judges that the current channel has unsafe factors. Therefore, any attack caused by damage or interference to the channel will change the signal of the test quantity, so that correct response can not be obtained, thereby ensuring that the system is in a safe state and eliminating channel attack.
Further, the portable monitoring device signs the first signed second test quantity signal according to the encryption private key, generates a second signed second test quantity signal, and specifically includes: and the portable monitoring equipment carries out double signature on the first-signed second test quantity signal according to the encryption private key to generate a second-signed second test quantity signal.
Further, the portable monitoring device encrypts and signs the information to be transmitted according to the authentication information, and the method specifically includes: extracting the abstract of the information to be transmitted through a Hash function; encrypting the abstract according to the encryption public key; and signing the information to be transmitted according to the identity authentication parameters.
The authentication server verifies the signature of the transmitted information, and if the verification is successful, the information is confirmed not to be tampered, so that the safety of information transmission is guaranteed.
Preferably, steps S101, S102 and S103 may be described as follows:
Cert(P)={(Kp,P)}KAS
R→REQ→NSP:Setup,Cert(R),KR
NSP→REQ:Sign(NSP,r1),Cert(NSP)
R→REQ:KR -1
REQ→NSP:Sign(R,r1)
NSP→REQ:r2
REQ→NSP:Sign(R,r2),Sign(REQ,Sign(R,r2)),Cert(REQ)
Sign(P,X)=(X,{H(X)}KP)
r, REQ, NSP and AS are a portable device label, a portable monitoring device, a management platform and an authentication server respectively; h (X) is a message digest obtained for the message X by means of a Hash function. KPIs a public key, KP -1Is a private key; x belongs to P: node P owns message X, { X } KPEncrypting the message X for the node P by using a public key; (X, Y) represents a concatenation of message X and message Y; cert (P) is an electronic certificate of node P; sign (P, X) is the signature of the node P on the message X; setup is a public parameter in the authentication process; r1 is a one-time signature first test quantity signal, and r2 is a one-time signature second test quantity signal; wherein, the node P can be replaced by any one of R, REQ, NSP and AS.
Referring to fig. 2, which is a schematic structural diagram of an apparatus verification system provided in the second embodiment of the present invention, an apparatus verification system provided in the second embodiment of the present invention adopts an apparatus verification method provided in the first embodiment of the present invention, and the system includes a portable monitoring apparatus 201, a portable monitoring apparatus tag 202, an authentication server 203 and a management platform 204;
a portable supervisory device tag 202 for storing authentication information;
the portable monitoring device 201 is used for encrypting and signing the information to be transmitted according to the authentication information, and sending the signed information to be transmitted to the authentication server 203;
the management platform 204 is used for performing network layer authentication and physical layer authentication on the portable monitoring device 201 according to the received authentication information;
and the authentication server 203 is configured to verify a signature of the received information to be transmitted, so as to complete device verification.
Further, the authentication information includes: one or more combinations of equipment identity authentication parameters, equipment identity certificates, encrypted public keys and encrypted private keys; the identity authentication parameters and the identity certificate are set according to initial information preset by the authentication server 203.
Further, the network layer authentication comprises the following steps: the management platform 204 receives the management platform 204 certificate distributed by the authentication server 203 and the identity authentication parameter, the identity certificate and the encrypted public key of the portable device tag sent by the portable supervisory device 201; the management platform 204 generates a first test quantity signal according to the current channel parameter, signs the first test quantity signal, and generates a first signed test quantity signal; the current channel parameters comprise the signal power of the transceiver and the noise intensity of the channel; the management platform 204 sends the once signed first test quantity signal and the management platform 204 certificate to the portable supervising device 201, so that the portable supervising device 201 authenticates the received once signed first test quantity signal and the management platform 204 certificate; the portable supervising device 201 requests the portable supervising device tag 202 for an encrypted public key and an encrypted private key; the portable monitoring device 201 signs the first once signed test quantity signal through the encrypted public key, generates a second time signed first test quantity signal, and sends the second time signed first test quantity signal to the management platform 204.
Further, the physical layer authentication comprises the following steps: the management platform 204 generates a second test quantity signal according to the current channel parameter, signs the second test quantity signal, and generates a once signed second test quantity signal; the management platform 204 sends the once signed second test quantity signal to the portable supervising device 201, so that the portable supervising device 201 authenticates the received once signed second test quantity signal; the portable monitoring device 201 signs the first signed second test quantity signal according to the encryption private key to generate a second signed second test quantity signal; the portable monitoring device 201 sends a secondary signature second test quantity signal and a device identity certificate to the management platform 204; the management platform 204 authenticates the twice signed second test quantity signal and the device identity certificate.
Further, the management platform 204 sends a signature first test quantity signal to the portable monitoring device 201, specifically including: the management platform 204 continuously sends the same signed first test quantity signal to the portable supervising device 201.
Further, the management platform 204 sends a signed second test quantity signal to the portable monitoring device 201, specifically including: the management platform 204 continuously sends the same signed second test quantity signal to the portable supervising device 201.
Further, the portable monitoring device 201 signs the first signed second test quantity signal according to the encryption private key, and generates a second signed second test quantity signal, which specifically includes: the portable monitoring device 201 performs double signature on the first signed second test quantity signal according to the encryption private key, and generates a second signed second test quantity signal.
Further, the portable monitoring device 201 encrypts and signs the information to be transmitted according to the authentication information, and specifically includes: extracting the abstract of the information to be transmitted through a Hash function; encrypting the abstract according to the encryption public key; and signing the information to be transmitted according to the identity authentication parameters.
A third embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a communication information protection method.
Illustratively, the computer program may be partitioned into one or more modules/units that are stored in the memory and executed by the processor to implement the invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program in the communication information protection apparatus/terminal device.
The above embodiments are similar to the corresponding embodiments in the device verification method of the present invention, and are not described herein again.
Compared with the prior art, the equipment checking method, the equipment checking system and the storage medium provided by the embodiment of the invention have the following beneficial effects:
when the management platform is added into the portable monitoring equipment, the identity of the portable monitoring equipment is verified, and the signature of the transmitted information is verified, so that the expandability and the updating efficiency of equipment verification are improved; multiple identity verification can be automatically realized, and the information safety and reliability performance is greatly improved; the verification safety is improved by combining the certificate, the identity authentication parameters and the secret key for verification; the authentication information is stored in the portable monitoring equipment label and is not easy to be tampered; the stability of the channel in the verification process is ensured by verifying the test quantity signal signature depending on the current channel parameter.
It should be noted that the above-described device embodiments are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. In addition, in the drawings of the embodiment of the apparatus provided by the present invention, the connection relationship between the modules indicates that there is a communication connection between them, and may be specifically implemented as one or more communication buses or signal lines. One of ordinary skill in the art can understand and implement it without inventive effort.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.

Claims (8)

1. An apparatus verification method, comprising:
the management platform performs network layer authentication and physical layer authentication on the portable monitoring equipment according to the received authentication information; the authentication information is stored in a portable monitoring device tag and is sent to the management platform through the portable monitoring device;
the portable monitoring equipment encrypts and signs the information to be transmitted according to the authentication information and sends the signed information to be transmitted to an authentication server;
the authentication server verifies the received signature of the information to be transmitted so as to complete equipment verification;
wherein the network layer authentication comprises the steps of:
the management platform receives a management platform certificate distributed by the authentication server and the identity authentication parameter, the identity certificate and the encrypted public key of the portable equipment label sent by the portable monitoring equipment;
the management platform generates a first test quantity signal according to the current channel parameter, signs the first test quantity signal and generates a first signed test quantity signal; wherein the current channel parameters comprise signal power of the transceiver and noise intensity of the channel;
the management platform sends the one-time signed first test quantity signal and the management platform certificate to the portable monitoring device, so that the portable monitoring device authenticates the received one-time signed first test quantity signal and the management platform certificate;
the portable monitoring device requests an encryption public key and an encryption private key from a portable monitoring device label;
the portable monitoring equipment signs the first test quantity signal with the primary signature through the encrypted public key to generate a first test quantity signal with a secondary signature, and sends the first test quantity signal with the secondary signature to the management platform;
the physical layer authentication comprises the following steps:
the management platform generates a second test quantity signal according to the current channel parameter, signs the second test quantity signal and generates a once signed second test quantity signal;
the management platform sending the once signed second test quantity signal to the portable supervisory device to cause the portable supervisory device to authenticate the received once signed second test quantity signal;
the portable monitoring equipment signs the first-signed second test quantity signal according to the encrypted private key to generate a second-signed second test quantity signal;
the portable monitoring equipment sends the secondary signature second test quantity signal and an equipment identity certificate to the management platform;
and the management platform authenticates the secondary signature second test quantity signal and the equipment identity certificate.
2. The device verification method of claim 1, wherein the authentication information comprises: one or more combinations of equipment identity authentication parameters, equipment identity certificates, encrypted public keys and encrypted private keys;
the identity authentication parameters and the identity certificate are set according to initial information preset by the authentication server.
3. The device verification method according to claim 1, wherein the sending, by the management platform, the once-signed first test quantity signal to the portable supervisory device specifically includes:
and the management platform continuously sends the same one-time signature first test quantity signal to the portable monitoring equipment.
4. The device verification method according to claim 1, wherein the sending, by the management platform, the once-signed second test quantity signal to the portable supervisory device specifically includes:
and the management platform continuously sends the same one-time signature second test quantity signal to the portable monitoring equipment.
5. The device verification method according to claim 3, wherein the portable monitoring device signs the primary signed second test quantity signal according to the encryption private key to generate a secondary signed second test quantity signal, specifically comprising:
and the portable monitoring equipment carries out double signature on the primary signature second test quantity signal according to the encryption private key to generate a secondary signature second test quantity signal.
6. The device verification method according to claim 2, wherein the portable monitoring device encrypts and signs the information to be transmitted according to the authentication information, and specifically includes:
extracting the abstract of the information to be transmitted through a Hash function;
encrypting the abstract according to the encryption public key;
and signing the information to be transmitted according to the identity authentication parameters.
7. An equipment checking system is characterized in that the system comprises a portable monitoring device, a portable monitoring device label, an authentication server and a management platform;
the portable monitoring equipment tag is used for storing authentication information;
the portable monitoring equipment is used for encrypting and signing the information to be transmitted according to the authentication information and sending the signed information to be transmitted to an authentication server;
the management platform is used for carrying out network layer authentication and physical layer authentication on the portable monitoring equipment according to the received authentication information;
the authentication server is used for verifying the received signature of the information to be transmitted so as to complete equipment verification;
wherein the network layer authentication comprises the steps of:
the management platform receives a management platform certificate distributed by the authentication server and the identity authentication parameter, the identity certificate and the encrypted public key of the portable equipment label sent by the portable monitoring equipment;
the management platform generates a first test quantity signal according to the current channel parameter, signs the first test quantity signal and generates a first signed test quantity signal; wherein the current channel parameters comprise signal power of the transceiver and noise intensity of the channel;
the management platform sends the one-time signed first test quantity signal and the management platform certificate to the portable monitoring device, so that the portable monitoring device authenticates the received one-time signed first test quantity signal and the management platform certificate;
the portable monitoring device requests an encryption public key and an encryption private key from a portable monitoring device label;
the portable monitoring equipment signs the first test quantity signal with the primary signature through the encrypted public key to generate a first test quantity signal with a secondary signature, and sends the first test quantity signal with the secondary signature to the management platform;
the physical layer authentication comprises the following steps:
the management platform generates a second test quantity signal according to the current channel parameter, signs the second test quantity signal and generates a once signed second test quantity signal;
the management platform sending the once signed second test quantity signal to the portable supervisory device to cause the portable supervisory device to authenticate the received once signed second test quantity signal;
the portable monitoring equipment signs the first-signed second test quantity signal according to the encrypted private key to generate a second-signed second test quantity signal;
the portable monitoring equipment sends the secondary signature second test quantity signal and an equipment identity certificate to the management platform;
and the management platform authenticates the secondary signature second test quantity signal and the equipment identity certificate.
8. A computer-readable storage medium, comprising a stored computer program, wherein the computer program, when executed, controls an apparatus in which the computer-readable storage medium is located to perform an apparatus verification method according to any one of claims 1 to 6.
CN201811072345.2A 2018-09-14 2018-09-14 Equipment checking method, system and storage medium Active CN109379335B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811072345.2A CN109379335B (en) 2018-09-14 2018-09-14 Equipment checking method, system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811072345.2A CN109379335B (en) 2018-09-14 2018-09-14 Equipment checking method, system and storage medium

Publications (2)

Publication Number Publication Date
CN109379335A CN109379335A (en) 2019-02-22
CN109379335B true CN109379335B (en) 2021-04-09

Family

ID=65405253

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811072345.2A Active CN109379335B (en) 2018-09-14 2018-09-14 Equipment checking method, system and storage medium

Country Status (1)

Country Link
CN (1) CN109379335B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110995869B (en) * 2019-12-23 2022-11-11 杭州雷数科技有限公司 Machine data collection method, device, equipment and medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106327184A (en) * 2016-08-22 2017-01-11 中国科学院信息工程研究所 Intelligent mobile terminal payment system and intelligent mobile terminal payment method based on safe hardware isolation
CN107294900A (en) * 2016-03-30 2017-10-24 阿里巴巴集团控股有限公司 Identity registration method and apparatus based on biological characteristic

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10938570B2 (en) * 2016-02-08 2021-03-02 Intel Corporation Technologies for remote attestation
US11283625B2 (en) * 2016-10-14 2022-03-22 Cable Television Laboratories, Inc. Systems and methods for bootstrapping ecosystem certificate issuance

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107294900A (en) * 2016-03-30 2017-10-24 阿里巴巴集团控股有限公司 Identity registration method and apparatus based on biological characteristic
CN106327184A (en) * 2016-08-22 2017-01-11 中国科学院信息工程研究所 Intelligent mobile terminal payment system and intelligent mobile terminal payment method based on safe hardware isolation

Also Published As

Publication number Publication date
CN109379335A (en) 2019-02-22

Similar Documents

Publication Publication Date Title
CN108064440B (en) FIDO authentication method, device and system based on block chain
CN110336774B (en) Mixed encryption and decryption method, equipment and system
CN107358441B (en) Payment verification method and system, mobile device and security authentication device
CN105790938B (en) Safe unit key generation system and method based on credible performing environment
CN109361508B (en) Data transmission method, electronic device and computer readable storage medium
CN105162772A (en) IoT equipment authentication and key agreement method and device
CN110189442A (en) Authentication method and device
CN106161024B (en) USB control chip-level USB equipment credibility authentication method and system thereof
CN108683674A (en) Verification method, device, terminal and the computer readable storage medium of door lock communication
CN104202170B (en) A kind of identity authorization system and method based on mark
CN112118106B (en) Lightweight end-to-end secure communication authentication method based on identification password
CN105635062A (en) Network access equipment verification method and device
CN109618334A (en) Control method and relevant device
CN109831311A (en) A kind of server validation method, system, user terminal and readable storage medium storing program for executing
CN109698746A (en) Negotiate the method and system of the sub-key of generation bound device based on master key
CN111698263B (en) Beidou satellite navigation data transmission method and system
CN105610872B (en) Internet-of-things terminal encryption method and internet-of-things terminal encryption device
CN106789845A (en) A kind of method of network data security transmission
CN111212026A (en) Data processing method and device based on block chain and computer equipment
CN103873257A (en) Secrete key updating, digital signature and signature verification method and device
CN109379335B (en) Equipment checking method, system and storage medium
CN108199851A (en) A kind of data safe transmission method, apparatus and system
CN204028917U (en) A kind of Bluetooth encryption device and application for network payment
CN114297597B (en) Account management method, system, equipment and computer readable storage medium
CN104796892A (en) WLAN (wireless local area network) authentication method based on NFC (near field communication)

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant