CN109547205A - Authentication method and device, internet-of-things terminal - Google Patents
Authentication method and device, internet-of-things terminal Download PDFInfo
- Publication number
- CN109547205A CN109547205A CN201710865664.8A CN201710865664A CN109547205A CN 109547205 A CN109547205 A CN 109547205A CN 201710865664 A CN201710865664 A CN 201710865664A CN 109547205 A CN109547205 A CN 109547205A
- Authority
- CN
- China
- Prior art keywords
- internet
- things terminal
- public key
- signing messages
- certification request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
Abstract
The present invention discloses a kind of authentication method and device, internet-of-things terminal, is related to field of communication security.Wherein authentication device is after the first certification request for receiving internet-of-things terminal transmission, the internet-of-things terminal mark of the first signing messages and internet-of-things terminal is extracted from the first certification request, the public key that internet-of-things terminal is calculated using the internet-of-things terminal mark of internet-of-things terminal, authenticates the first signing messages according to public key.The present invention is by generating key using terminal iidentification, without realizing that key is exchanged by exchange certificate in advance, terminal is without the certificate for saving other terminals simultaneously, thus the safety of application layer authentication can be effectively improved, reduce the complexity of identifying procedure again, while also reducing the demand of terminal storage space.
Description
Technical field
The present invention relates to field of communication security, in particular to a kind of authentication method and device, internet-of-things terminal.
Background technique
Currently, when carrying out application layer communication between internet-of-things terminal and terminal, it is necessary to carry out mutual identity in advance
Certification.In traditional authentication mode, the safety of symmetric key encryption authentication mode is relatively low;Asymmetric-key encryption is recognized
Card is (such as: PKI (Public Key Infrastructure, Public Key Infrastructure)/CA (Certificate Authority, card
Book authorized organization) authentication mode) both sides must fulfil the exchange of certificate ahead of schedule, and certificate is stored in local, after just can be carried out
Continuous verification process.The complexity of identifying procedure is thereby increased, while also increasing the demand of terminal storage space.
Summary of the invention
The embodiment of the present invention provides a kind of authentication method and device, internet-of-things terminal.By being generated using terminal iidentification
Key, without realizing that key is exchanged by exchange certificate in advance, while terminal is without the certificate for saving other terminals,
Thus the complexity that identifying procedure can be effectively reduced reduces demand of the terminal to memory space.
According to an aspect of the present invention, a kind of authentication method is provided, comprising:
After the first certification request for receiving internet-of-things terminal transmission, the first signature is extracted from the first certification request
The internet-of-things terminal of information and internet-of-things terminal mark;
The public key of internet-of-things terminal is calculated using the internet-of-things terminal mark of internet-of-things terminal;
The first signing messages is authenticated according to public key.
In one embodiment, after the authentication has been successful, it is signed using the private key of itself, to generate the second A.L.S.
Breath;
The second certification request is sent to internet-of-things terminal, wherein including the second signing messages and itself in the second certification request
Internet-of-things terminal mark, so that internet-of-things terminal calculates public key using the internet-of-things terminal mark of itself, and according to calculating
Public key out authenticates the second signing messages.
In one embodiment, after being authenticated successfully to the first signing messages, the public key of internet-of-things terminal is deleted.
According to another aspect of the present invention, a kind of authentication method is provided, comprising:
It is signed using the private key of itself, to generate the first signing messages;
The first certification request is sent to internet-of-things terminal, wherein including the first signing messages and itself in the first certification request
Internet-of-things terminal mark, so that internet-of-things terminal calculates public key using the internet-of-things terminal mark of itself, and according to calculating
Public key out authenticates the first signing messages.
In one embodiment, after the second certification request for receiving internet-of-things terminal transmission, from the second certification request
In extract the internet-of-things terminal mark of the second signing messages and internet-of-things terminal;
The public key of internet-of-things terminal is calculated using the internet-of-things terminal mark of internet-of-things terminal;
The second signing messages is authenticated according to public key.
In one embodiment, after being authenticated successfully to the second signing messages, the public key of internet-of-things terminal is deleted.
According to another aspect of the present invention, a kind of authentication device is provided, comprising:
First extraction module, for first interface module receive internet-of-things terminal transmission the first certification request after,
The internet-of-things terminal mark of the first signing messages and internet-of-things terminal is extracted from the first certification request;
First public key computing module calculates the public affairs of internet-of-things terminal for the internet-of-things terminal mark using internet-of-things terminal
Key;
First authentication module, for being authenticated according to public key to the first signing messages.
In one embodiment, authentication device further include:
First signature blocks, for being signed using the private key of itself, with life after the first authentication module authenticates successfully
At the second signing messages;
First interface module also sends the second certification request to internet-of-things terminal, wherein including second in the second certification request
Signing messages and the internet-of-things terminal of itself identify, so that internet-of-things terminal calculates public affairs using the internet-of-things terminal mark of itself
Key, and the second signing messages is authenticated according to calculated public key.
In one embodiment, authentication device further include:
First removing module, for after the first authentication module authenticates successfully, the public key of internet-of-things terminal to be deleted.
According to another aspect of the present invention, a kind of authentication device is provided, comprising:
Memory, for storing instruction;
Processor, is coupled to memory, and processor is configured as realizing above-mentioned based on the instruction execution that memory stores
The method that one embodiment is related to.
According to another aspect of the present invention, a kind of authentication device is provided, comprising:
Second signature blocks, for being signed using the private key of itself, to generate the first signing messages;
Second interface module, for sending the first certification request to internet-of-things terminal, wherein including in the first certification request
First signing messages and the internet-of-things terminal of itself identify, and calculate so that internet-of-things terminal is identified using the internet-of-things terminal of itself
Public key out, and the first signing messages is authenticated according to calculated public key.
In one embodiment, authentication device further include:
Second extraction module, for second interface module receive internet-of-things terminal transmission the second certification request after,
The internet-of-things terminal mark of the second signing messages and internet-of-things terminal is extracted from the second certification request;
Second public key computing module calculates the public affairs of internet-of-things terminal for the internet-of-things terminal mark using internet-of-things terminal
Key;
Second authentication module, for being authenticated according to public key to the second signing messages.
In one embodiment, authentication device further include:
Second removing module, for after the second authentication module authenticates successfully, the public key of internet-of-things terminal to be deleted.
According to another aspect of the present invention, a kind of authentication device is provided, comprising:
Memory, for storing instruction;
Processor, is coupled to memory, and processor is configured as realizing above-mentioned based on the instruction execution that memory stores
The method that one embodiment is related to.
According to another aspect of the present invention, a kind of internet-of-things terminal is provided, which is characterized in that including any of the above-described embodiment
The authentication device being related to.
According to another aspect of the present invention, a kind of computer readable storage medium is provided, wherein computer-readable storage medium
Matter is stored with computer instruction, and the method that any of the above-described embodiment is related to is realized in instruction when being executed by processor.
By referring to the drawings to the detailed description of exemplary embodiment of the present invention, other feature of the invention and its
Advantage will become apparent.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art
To obtain other drawings based on these drawings.
Fig. 1 is the schematic diagram of authentication method one embodiment of the present invention.
Fig. 2 is the schematic diagram of another embodiment of authentication method of the present invention.
Fig. 3 is the schematic diagram of the another embodiment of authentication method of the present invention.
Fig. 4 is the schematic diagram of the another embodiment of authentication method of the present invention.
Fig. 5 is the schematic diagram of authentication device one embodiment of the present invention.
Fig. 6 is the schematic diagram of another embodiment of authentication device of the present invention.
Fig. 7 is the schematic diagram of the another embodiment of authentication device of the present invention.
Fig. 8 is the schematic diagram of the another embodiment of authentication device of the present invention.
Fig. 9 is the schematic diagram of the another embodiment of authentication device of the present invention.
Figure 10 is the schematic diagram of internet-of-things terminal one embodiment of the present invention.
Figure 11 is the schematic diagram of two-way authentication one embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Below
Description only actually at least one exemplary embodiment be it is illustrative, never as to the present invention and its application or make
Any restrictions.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise
Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Unless specifically stated otherwise, positioned opposite, the digital table of the component and step that otherwise illustrate in these embodiments
It is not limited the scope of the invention up to formula and numerical value.
Simultaneously, it should be appreciated that for ease of description, the size of various pieces shown in attached drawing is not according to reality
Proportionate relationship draw.
Technology, method and apparatus known to person of ordinary skill in the relevant may be not discussed in detail, but suitable
In the case of, the technology, method and apparatus should be considered as authorizing part of specification.
It is shown here and discuss all examples in, any occurrence should be construed as merely illustratively, without
It is as limitation.Therefore, the other examples of exemplary embodiment can have different values.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, then in subsequent attached drawing does not need that it is further discussed.
Fig. 1 is the schematic diagram of authentication method one embodiment of the present invention.Optionally, the method and step of the present embodiment can be by recognizing
Card device executes.Wherein, which carries out following processing after receiving the certification request that other internet-of-things terminals are sent:
Step 101, it after the first certification request for receiving internet-of-things terminal transmission, is extracted from the first certification request
The internet-of-things terminal of first signing messages and internet-of-things terminal mark.
Wherein, when being authenticated, internet-of-things terminal is signed using the private key of itself, to generate the first A.L.S.
Breath, and the first certification request is sent to counterpart terminal, wherein including the first signing messages and the Internet of Things in the first certification request
The internet-of-things terminal of terminal itself identifies.
For example, internet-of-things terminal mark can be for No. eSIM or other information for capableing of the unique identification internet-of-things terminal.
Step 102, the public key of internet-of-things terminal is calculated using the internet-of-things terminal mark of internet-of-things terminal.
Step 103, the first signing messages is authenticated according to public key.
Optionally, after the authentication has been successful, the public key for the internet-of-things terminal being calculated is deleted, to ensure system safety.
Based on the authentication method that the above embodiment of the present invention provides, by generating key using terminal iidentification, thus nothing
It need to realize that key is exchanged by exchanging certificate in advance, while terminal is without the certificate for saving other terminals, it thus can be effective
The complexity for reducing identifying procedure, reduces demand of the terminal to memory space.
Fig. 2 is the schematic diagram of another embodiment of authentication method of the present invention.Optionally, the method and step of the present embodiment can be by recognizing
Card device executes.Wherein, which carries out following processing after receiving the certification request that other internet-of-things terminals are sent:
Step 201, it after the first certification request for receiving internet-of-things terminal transmission, is extracted from the first certification request
The internet-of-things terminal of first signing messages and internet-of-things terminal mark.
Step 202, the public key of internet-of-things terminal is calculated using the internet-of-things terminal mark of internet-of-things terminal.
Step 203, the first signing messages is authenticated according to public key.
Step 204, after the authentication has been successful, signed using the private key of counterpart terminal itself, to generate the second A.L.S.
Breath.
Step 205, the second certification request is sent to internet-of-things terminal, wherein including the second A.L.S. in the second certification request
Breath and the internet-of-things terminal of itself identify, so that internet-of-things terminal calculates public key using the internet-of-things terminal mark of itself, and
The second signing messages is authenticated according to calculated public key.
Pass through secondary two-way authentication, it can be ensured that the legitimacy of certification both sides' identity.
Fig. 3 is the schematic diagram of the another embodiment of authentication method of the present invention.Optionally, the method and step of the present embodiment can be by recognizing
Card device executes.Wherein, which sends certification request when progress to be authenticated to other internet-of-things terminals in active
Lower column processing:
Step 301, it is signed using the private key of itself, to generate the first signing messages.
Step 302, the first certification request is sent to internet-of-things terminal, wherein including the first A.L.S. in the first certification request
Breath and the internet-of-things terminal of itself identify, so that internet-of-things terminal calculates public key using the internet-of-things terminal mark of itself, and
The first signing messages is authenticated according to calculated public key.
Wherein, the internet-of-things terminal mark of itself can for No. eSIM or it is other can the unique identification internet-of-things terminal from
The information of body.
Based on the authentication method that the above embodiment of the present invention provides, by generating key using terminal iidentification, thus nothing
It need to realize that key is exchanged by exchanging certificate in advance, while terminal is without the certificate for saving other terminals, it thus can be effective
The complexity for reducing identifying procedure, reduces demand of the terminal to memory space.
Fig. 4 is the schematic diagram of the another embodiment of authentication method of the present invention.Optionally, the method and step of the present embodiment can be by recognizing
Card device executes.Wherein, which sends certification request when progress to be authenticated to other internet-of-things terminals in active
Lower column processing:
Step 401, it is signed using the private key of itself, to generate the first signing messages.
Step 402, the first certification request is sent to internet-of-things terminal, wherein including the first A.L.S. in the first certification request
Breath and the internet-of-things terminal of itself identify, so that internet-of-things terminal calculates public key using the internet-of-things terminal mark of itself, and
The first signing messages is authenticated according to calculated public key.
Step 403, it after the second certification request for receiving internet-of-things terminal transmission, is extracted from the second certification request
The internet-of-things terminal of second signing messages and internet-of-things terminal mark.
Wherein, internet-of-things terminal sends the second certification request after the authentication has been successful, to realize secondary two-way authentication.
Step 404, the public key of internet-of-things terminal is calculated using the internet-of-things terminal mark of internet-of-things terminal.
Step 405, the second signing messages is authenticated according to public key.
Optionally, after being authenticated successfully to the second signing messages, the public key of internet-of-things terminal is deleted.To improve system
Safety.
Fig. 5 is the schematic diagram of authentication device one embodiment of the present invention.As shown in figure 5, the authentication device connects including first
Mouth mold block 51, the first extraction module 52, the first public key computing module 53 and the first authentication module 54.Wherein:
First extraction module 52 first interface module 51 receive internet-of-things terminal transmission the first certification request after, from
The internet-of-things terminal mark of the first signing messages and internet-of-things terminal is extracted in first certification request.
First public key computing module 53 calculates the public key of internet-of-things terminal using the internet-of-things terminal mark of internet-of-things terminal.
First authentication module 54 authenticates the first signing messages according to public key.
Based on the authentication device that the above embodiment of the present invention provides, by generating key using terminal iidentification, thus nothing
It need to realize that key is exchanged by exchanging certificate in advance, while terminal is without the certificate for saving other terminals, it thus can be effective
The complexity for reducing identifying procedure, reduces demand of the terminal to memory space.
Fig. 6 is the schematic diagram of another embodiment of authentication device of the present invention.Compared with embodiment illustrated in fig. 5, reality shown in Fig. 6
It applies in example, authentication device still further comprises the first signature blocks 55, for utilizing after the first authentication module 54 authenticates successfully
The private key of corresponding terminal itself is signed, to generate the second signing messages.
First interface module 51 also sends the second certification request to internet-of-things terminal, wherein including the in the second certification request
The internet-of-things terminal of two signing messages and corresponding terminal itself mark, so that internet-of-things terminal utilizes the internet-of-things terminal mark of itself
Knowledge calculates public key, and is authenticated according to calculated public key to the second signing messages.
Optionally, authentication device further includes the first removing module 56, is used for after the first authentication module 54 authenticates successfully, will
The public key of internet-of-things terminal is deleted, to improve security of system.
Fig. 7 is the schematic diagram of the another embodiment of authentication device of the present invention.As shown in fig. 7, the device includes 71 He of memory
Processor 72.Wherein:
For storing instruction, processor 72 is coupled to memory 71 to memory 71, and processor 72 is configured as based on storage
The instruction execution of device storage realizes the method that any embodiment is related in such as Fig. 1 or Fig. 2.
As shown in fig. 7, the device further includes communication interface 73, for carrying out information exchange with other equipment.Meanwhile the dress
Setting further includes bus 74, and processor 72, communication interface 73 and memory 71 complete mutual communication by bus 74.
Memory 71 may include high speed RAM memory, can also further include nonvolatile memory (non-volatile
Memory), a for example, at least magnetic disk storage.Memory 71 is also possible to memory array.Memory 71 is also possible to be divided
Block, and block can be combined into virtual volume by certain rule.
In addition, processor 72 can be a central processor CPU, or it can be application-specific integrated circuit ASIC
(Application Specific Integrated Circuit), or be arranged to implement the one of the embodiment of the present invention
A or multiple integrated circuits.
Fig. 8 is the schematic diagram of authentication device one embodiment of the present invention.As shown in figure 8, the authentication device includes the second label
Name module 81 and second interface module 82.Wherein:
Second signature blocks 81 are signed using the private key of corresponding terminal itself, to generate the first signing messages.
Second interface module 82 sends the first certification request to internet-of-things terminal, wherein including first in the first certification request
The internet-of-things terminal of signing messages and corresponding terminal itself mark, so that internet-of-things terminal is identified using the internet-of-things terminal of itself
Public key is calculated, and the first signing messages is authenticated according to calculated public key.
Fig. 9 is the schematic diagram of authentication device one embodiment of the present invention.Compared with embodiment illustrated in fig. 8, reality shown in Fig. 9
It applies in example, authentication device may also include the second extraction module 83, the second public key computing module 84 and the second authentication module 85.Its
In:
Second extraction module 83 second interface module 82 receive internet-of-things terminal transmission the second certification request after, from
The internet-of-things terminal mark of the second signing messages and internet-of-things terminal is extracted in second certification request.
Second public key computing module 84 calculates the public key of internet-of-things terminal using the internet-of-things terminal mark of internet-of-things terminal.
Second authentication module 85 authenticates the second signing messages according to public key.
Thus secondary two-way authentication can be realized.
Optionally, authentication device may also include the second removing module 86, be used for after the second authentication module 85 authenticates successfully,
The public key of internet-of-things terminal is deleted, so that it is guaranteed that security of system.
Similar with Fig. 7 in addition, a kind of authentication device is also disclosed in the application, which includes memory and processor,
Wherein for storing instruction, it is real that the processor coupled with memory is configured as the instruction execution stored based on memory to memory
The now method that any embodiment is related to such as in Fig. 3 or Fig. 4.
The invention further relates to a kind of computer readable storage mediums, and wherein computer-readable recording medium storage has computer
The method that any embodiment is related in such as Fig. 1-Fig. 4 is realized in instruction when instruction is executed by processor.
Figure 10 is the schematic diagram of internet-of-things terminal one embodiment of the present invention.As shown in Figure 10, in internet-of-things terminal 1001
Equipped with authentication device 1002.Wherein, the authentication device that authentication device 1002 can be related to for any embodiment in Fig. 5-Fig. 7, and/or
The authentication device that any embodiment is related in Fig. 8-Fig. 9.
Below by a specific example, the present invention will be described, as shown in figure 11.
For example, vehicle A and vehicle B in traveling go in the same direction on road in vehicle net scene, somewhere meet.
Vehicle A actively initiates the interaction with vehicle B, it is desirable to obtain front traffic information known to vehicle B.Wherein, it is provided in vehicle A
Internet-of-things terminal B as shown in Figure 10 is provided in internet-of-things terminal A as shown in Figure 10, vehicle B.
Step 1101, terminal A is signed with the private key of oneself, encapsulation certification message.
Step 1102, terminal A sends the first certification request for carrying that signing messages and terminal A are identified to terminal B.
Step 1103, terminal B extracts entrained signing messages and terminal A mark from the first certification request.
For example, terminal A mark can be No. eSIM of terminal A.
Step 1104, terminal B calculates the public key of terminal A using terminal A mark.
Step 1105, terminal B verifies (for example, can lead to the signing messages in the first certification message using the public key
Cross SM9 algorithm).
Step 1106, after the authentication has been successful, terminal B is signed with the private key of oneself, encapsulation certification message.
Step 1107, terminal B sends the second certification request for carrying that signing messages and terminal B are identified to terminal A.
Step 1108, terminal A extracts entrained signing messages and terminal B mark from the second certification request.
For example, terminal B mark can be No. eSIM of terminal B.
Step 1109, terminal A calculates the public key of terminal B using terminal B mark.
Step 1110, terminal A verifies (for example, can lead to the signing messages in the second certification message using the public key
Cross SM9 algorithm).
Step 1111, after being proved to be successful, terminal A and terminal B can realize information exchange.
Two automobiles that there is the present invention to configure as a result, can be real after being mutually authenticated other side's identity when meeting on road
The interaction of existing information, while the malicious attack of hacker can be effectively prevent.
By applying the present invention, by generating key using terminal iidentification, without by exchange certificate in advance with
Realize key exchange, while thus terminal can effectively improve the safety of application layer authentication without the certificate for saving other terminals
Property, and reduce the complexity of identifying procedure, while also reducing the demand of terminal storage space.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware
It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
Description of the invention is given for the purpose of illustration and description, and is not exhaustively or will be of the invention
It is limited to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.It selects and retouches
It states embodiment and is to more preferably illustrate the principle of the present invention and practical application, and those skilled in the art is enable to manage
The solution present invention is to design various embodiments suitable for specific applications with various modifications.
Claims (16)
1. a kind of authentication method characterized by comprising
After the first certification request for receiving internet-of-things terminal transmission, the first signature is extracted from first certification request
The internet-of-things terminal of information and internet-of-things terminal mark;
The public key of the internet-of-things terminal is calculated using the internet-of-things terminal mark of the internet-of-things terminal;
First signing messages is authenticated according to the public key.
2. the method according to claim 1, wherein further include:
It after described authenticate successfully, is signed using the private key of itself, to generate the second signing messages;
The second certification request is sent to the internet-of-things terminal, wherein including second A.L.S. in second certification request
Breath and the internet-of-things terminal of itself identify, so that internet-of-things terminal internet-of-things terminal mark of itself described in calculates
Public key, and second signing messages is authenticated according to calculated public key.
3. method according to claim 1 or 2, which is characterized in that further include:
After being authenticated successfully to first signing messages, the public key of the internet-of-things terminal is deleted.
4. a kind of authentication method characterized by comprising
It is signed using the private key of itself, to generate the first signing messages;
The first certification request is sent to the internet-of-things terminal, wherein including first A.L.S. in first certification request
Breath and the internet-of-things terminal of itself identify, so that internet-of-things terminal internet-of-things terminal mark of itself described in calculates
Public key, and first signing messages is authenticated according to calculated public key.
5. according to the method described in claim 4, it is characterized by further comprising:
After the second certification request for receiving internet-of-things terminal transmission, the second signature is extracted from second certification request
The internet-of-things terminal of information and internet-of-things terminal mark;
The public key of the internet-of-things terminal is calculated using the internet-of-things terminal mark of the internet-of-things terminal;
Second signing messages is authenticated according to the public key.
6. method according to claim 4 or 5, which is characterized in that further include:
After being authenticated successfully to second signing messages, the public key of the internet-of-things terminal is deleted.
7. a kind of authentication device characterized by comprising
First extraction module, for after the first certification request that first interface module receives that the internet-of-things terminal is sent,
The internet-of-things terminal mark of the first signing messages and the internet-of-things terminal is extracted from first certification request;
First public key computing module calculates the internet-of-things terminal for the internet-of-things terminal mark using the internet-of-things terminal
Public key;
First authentication module, for being authenticated according to the public key to first signing messages.
8. authentication device according to claim 7, which is characterized in that further include:
First signature blocks are signed using the private key of itself for after the first authentication module authenticates successfully, to generate the
Two signing messages;
First interface module also sends the second certification request to the internet-of-things terminal, wherein including in second certification request
Second signing messages and the internet-of-things terminal of itself identify, so that the internet-of-things terminal utilizes itself the Internet of Things
Terminal iidentification calculates public key, and is authenticated according to calculated public key to second signing messages.
9. authentication device according to claim 7 or 8, which is characterized in that further include:
First removing module, for after the first authentication module authenticates successfully, the public key of the internet-of-things terminal to be deleted.
10. a kind of authentication device characterized by comprising
Memory, for storing instruction;
Processor is coupled to the memory, the processor is configured to the instruction execution based on memory storage is real
Existing method as claimed in any one of claims 1-3.
11. a kind of authentication device characterized by comprising
Second signature blocks, for being signed using the private key of itself, to generate the first signing messages;
Second interface module, for sending the first certification request to the internet-of-things terminal, wherein in first certification request
It is identified including first signing messages and the internet-of-things terminal of itself, so that the internet-of-things terminal utilizes itself the object
Networked terminals mark calculates public key, and is authenticated according to calculated public key to first signing messages.
12. authentication device according to claim 11, which is characterized in that further include:
Second extraction module, for second interface module receive internet-of-things terminal transmission the second certification request after, from institute
State the internet-of-things terminal mark that the second signing messages and the internet-of-things terminal are extracted in the second certification request;
Second public key computing module calculates the internet-of-things terminal for the internet-of-things terminal mark using the internet-of-things terminal
Public key;
Second authentication module, for being authenticated according to the public key to second signing messages.
13. authentication device according to claim 11 or 12, which is characterized in that further include:
Second removing module, for after the second authentication module authenticates successfully, the public key of the internet-of-things terminal to be deleted.
14. a kind of authentication device characterized by comprising
Memory, for storing instruction;
Processor is coupled to the memory, the processor is configured to the instruction execution based on memory storage is real
The now method as described in any one of claim 4-6.
15. a kind of internet-of-things terminal, which is characterized in that including the authentication device as described in any one of claim 7-10, and/
Or the authentication device as described in any one of claim 11-14.
16. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has computer to refer to
It enables, such as method of any of claims 1-6 is realized when described instruction is executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710865664.8A CN109547205A (en) | 2017-09-22 | 2017-09-22 | Authentication method and device, internet-of-things terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710865664.8A CN109547205A (en) | 2017-09-22 | 2017-09-22 | Authentication method and device, internet-of-things terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109547205A true CN109547205A (en) | 2019-03-29 |
Family
ID=65830416
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710865664.8A Pending CN109547205A (en) | 2017-09-22 | 2017-09-22 | Authentication method and device, internet-of-things terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109547205A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110365488A (en) * | 2019-07-23 | 2019-10-22 | 上海铂英飞信息技术有限公司 | Based on the authentication method under untrusted environment, apparatus and system |
CN111385379A (en) * | 2020-03-05 | 2020-07-07 | 中国信息通信研究院 | Internet of things identification method and device for eSIM terminal |
CN111680334A (en) * | 2020-06-11 | 2020-09-18 | 深圳市网心科技有限公司 | Disk security access method, device, equipment and medium |
CN111769940A (en) * | 2020-07-09 | 2020-10-13 | 天翼物联科技有限公司 | Method, system and medium for on-line distribution of secret key |
WO2021104408A1 (en) * | 2019-11-29 | 2021-06-03 | 华为技术有限公司 | Key agreement method and electronic device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080114984A1 (en) * | 2006-11-09 | 2008-05-15 | Pramila Srinivasan | Method for programming on-chip non-volatile memory in a secure processor, and a device so programmed |
CN101242269A (en) * | 2007-02-09 | 2008-08-13 | 西门子(中国)有限公司 | Mobile communication terminal, service provider terminal, system and method for subscribing telecommunication service |
CN101958796A (en) * | 2010-09-27 | 2011-01-26 | 北京联合智华微电子科技有限公司 | Secret key devices for supporting anonymous authentication, generation method and unlocking method thereof |
CN102170357A (en) * | 2011-05-31 | 2011-08-31 | 北京虎符科技有限公司 | Combined secret key dynamic security management system |
CN105553669A (en) * | 2015-12-21 | 2016-05-04 | 中城智慧科技有限公司 | Identity authentication based information encryption transmission apparatus, method, and control method |
-
2017
- 2017-09-22 CN CN201710865664.8A patent/CN109547205A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080114984A1 (en) * | 2006-11-09 | 2008-05-15 | Pramila Srinivasan | Method for programming on-chip non-volatile memory in a secure processor, and a device so programmed |
CN101242269A (en) * | 2007-02-09 | 2008-08-13 | 西门子(中国)有限公司 | Mobile communication terminal, service provider terminal, system and method for subscribing telecommunication service |
CN101958796A (en) * | 2010-09-27 | 2011-01-26 | 北京联合智华微电子科技有限公司 | Secret key devices for supporting anonymous authentication, generation method and unlocking method thereof |
CN102170357A (en) * | 2011-05-31 | 2011-08-31 | 北京虎符科技有限公司 | Combined secret key dynamic security management system |
CN105553669A (en) * | 2015-12-21 | 2016-05-04 | 中城智慧科技有限公司 | Identity authentication based information encryption transmission apparatus, method, and control method |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110365488A (en) * | 2019-07-23 | 2019-10-22 | 上海铂英飞信息技术有限公司 | Based on the authentication method under untrusted environment, apparatus and system |
WO2021104408A1 (en) * | 2019-11-29 | 2021-06-03 | 华为技术有限公司 | Key agreement method and electronic device |
CN111385379A (en) * | 2020-03-05 | 2020-07-07 | 中国信息通信研究院 | Internet of things identification method and device for eSIM terminal |
CN111680334A (en) * | 2020-06-11 | 2020-09-18 | 深圳市网心科技有限公司 | Disk security access method, device, equipment and medium |
CN111680334B (en) * | 2020-06-11 | 2023-05-09 | 深圳市网心科技有限公司 | Disk security access method, device, equipment and medium |
CN111769940A (en) * | 2020-07-09 | 2020-10-13 | 天翼物联科技有限公司 | Method, system and medium for on-line distribution of secret key |
CN111769940B (en) * | 2020-07-09 | 2023-02-03 | 天翼物联科技有限公司 | Online key distribution method, system and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109547205A (en) | Authentication method and device, internet-of-things terminal | |
CN104683112B (en) | A kind of car car safety communicating method that certification is assisted based on RSU | |
CN111314274B (en) | Vehicle-mounted terminal and center platform bidirectional authentication method and system | |
WO2023147785A1 (en) | Internet-of-vehicles communication security authentication method, system and device based on national cryptographic algorithm | |
CN106452782B (en) | Method and system for generating secure communication channel for terminal device | |
CN109067549B (en) | Virtual key bidirectional authentication system and method | |
CN108964919A (en) | The lightweight anonymous authentication method with secret protection based on car networking | |
CN109005538B (en) | Message authentication method between unmanned vehicle and multi-mobile-edge computing server | |
CN108366069A (en) | A kind of mutual authentication method and system | |
CN105792207A (en) | Vehicle networking authentication method facing vehicle differentiation | |
CN103546567A (en) | Method for certificateless cross-domain authentication in credible could computing environment | |
CN103974255B (en) | A kind of vehicle access system and method | |
CN110177124A (en) | Identity identifying method and relevant device based on block chain | |
CN107483191A (en) | A kind of SM2 algorithm secret keys segmentation signature system and method | |
CN106850207A (en) | Identity identifying method and system without CA | |
CN107634834A (en) | A kind of trusted identity authentication method based on the more scenes in multiple terminals | |
CN111182497A (en) | V2X anonymous authentication method, device and storage medium | |
CN110366176A (en) | A kind of cryptographic key negotiation method of vehicular ad hoc network | |
CN111211905A (en) | Identity management method for Fabric alliance chain members based on certificate-free authentication | |
CN106789925A (en) | Information of vehicles safe transmission method and device in car networking | |
CN109286500A (en) | Vehicle Electronic Control Unit ECU authentication method, device and equipment | |
WO2023071751A1 (en) | Authentication method and communication apparatus | |
CN104618113B (en) | The method that the authentication of a kind of mobile terminal and safe lane are set up | |
CN109379372B (en) | A kind of condition anonymous authentication method without certificate and signature towards VANET | |
CN105682092B (en) | Bidirectional authentication method based on short-distance wireless communication technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190329 |