CN109995843A - A kind of terminal verification method and device based on narrowband Internet of Things - Google Patents
A kind of terminal verification method and device based on narrowband Internet of Things Download PDFInfo
- Publication number
- CN109995843A CN109995843A CN201810003161.4A CN201810003161A CN109995843A CN 109995843 A CN109995843 A CN 109995843A CN 201810003161 A CN201810003161 A CN 201810003161A CN 109995843 A CN109995843 A CN 109995843A
- Authority
- CN
- China
- Prior art keywords
- information
- terminal
- sensor
- things
- registration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012795 verification Methods 0.000 title claims abstract description 78
- 238000000034 method Methods 0.000 title claims abstract description 49
- 230000008569 process Effects 0.000 claims abstract description 26
- 238000012545 processing Methods 0.000 claims description 12
- 238000004891 communication Methods 0.000 claims description 11
- 230000004913 activation Effects 0.000 claims description 6
- 238000003860 storage Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 3
- 239000000284 extract Substances 0.000 claims description 2
- 238000012360 testing method Methods 0.000 claims description 2
- 238000012512 characterization method Methods 0.000 claims 1
- 230000005611 electricity Effects 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 abstract description 4
- 238000002955 isolation Methods 0.000 abstract description 4
- 238000012423 maintenance Methods 0.000 abstract description 4
- 230000006870 function Effects 0.000 description 11
- 238000004590 computer program Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 230000001360 synchronised effect Effects 0.000 description 4
- 230000006978 adaptation Effects 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000009529 body temperature measurement Methods 0.000 description 1
- 239000007795 chemical reaction product Substances 0.000 description 1
- 238000005314 correlation function Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000002045 lasting effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
Abstract
The present invention relates to technology of Internet of things, a kind of terminal verification method and device based on narrowband Internet of Things are disclosed, for accurately completing terminal authentication under the premise of not increasing the operating load of terminal and platform of internet of things.This method are as follows: authentication gateway is additionally arranged between platform of internet of things and terminal, for in the registration process of terminal, the verification process of terminal is completed instead of platform of internet of things, in this way, keep verification process unrelated with bottom link, both being mutually authenticated for terminal and platform of internet of things had been realized, simultaneously again without excessively being modified existing terminal function model, the characteristics of adapting to narrowband internet-of-things terminal itself, i.e. terminal does not need to execute excessive operation, the electricity of terminal can effectively be maintained, guarantee the use duration of terminal, on the other hand, due to the appearance of authentication gateway, realize the function isolation of verification process, improve the service reliability of platform of internet of things, reduce platform maintenance difficulty.
Description
Technical field
The present invention relates to technology of Internet of things more particularly to a kind of terminal verification methods and device based on narrowband Internet of Things.
Background technique
With the development of technology, Internet of Things (Internet of Things, loT) is widely used.Internet of Things
Also known as Sensor Network is extension of the internet from people to object, and safety problem is undoubtedly one in Internet of Things usage scenario
Most important the key link.
For the terminal of access Internet of Things (especially access narrowband Internet of Things), do not have usually direct man-machine
Interactive interface, and need directly to be attached with the platform of internet of things of rear end, then pass through the service interface of platform of internet of things into
Row relevant operation and equipment management, e.g., the interfaces such as registration, upgrading, read-write.
Since narrowband internet-of-things terminal and this of platform of internet of things are closely connected, except the safety for handling communication channel,
Whether the terminal for how verifying access is legal, just becomes extremely important.Because if not can be carried out correct resolution, when illegal narrow
After band internet-of-things terminal is linked into platform of internet of things, it is possible to cause user to obtain deceptive information, more seriously may cause entire
Platform of internet of things is abnormal.
However, narrowband internet-of-things terminal and platform of internet of things have its own feature compared to communication system terminal:
Firstly, narrowband internet-of-things terminal is usually the equipment (e.g., with the lock of sensor) that computing capability is very limited,
And it has higher requirements for the lasting electricity of battery, therefore excessive complex calculation can not be undertaken, need to subtract in verification process
The computational load of few narrowband internet-of-things terminal, and too many memory space cannot be consumed.
Secondly, platform of internet of things, be faced with the narrowband internet-of-things terminal access of magnanimity, excessively complicated safety calculate and
Information inquiry and storage, also will increase the operation and maintenance cost of platform of internet of things.
In view of this, the terminal authentication scheme in existing communication system is not particularly suited for Internet of Things, need to combine Internet of Things
Technical characterstic redesign adaptable terminal authentication scheme.
Summary of the invention
The object of the present invention is to provide a kind of terminal verification method and device based on narrowband Internet of Things, for not increasing
Under the premise of the operating load of terminal and platform of internet of things, terminal authentication is accurately completed.
The purpose of the present invention is what is be achieved through the following technical solutions:
In a first aspect, a kind of terminal verification method based on narrowband Internet of Things, comprising:
Authentication gateway receives the registration information that terminal is sent, at least carry in the registration information terminal sequence number,
Signing messages and sensor information to be activated;
The authentication gateway obtains the registration reference information that the corresponding sequence number prestores, and based on the registration with reference to letter
Breath, verifies the signing messages and sensor information to be activated, obtains verification result;
The authentication gateway at least determines that the verification result characterizes the signing messages and the sensor letter to be activated
When breath passes through verifying, allow the terminal access platform of internet of things.
Optionally, before authentication gateway receives the registration information that terminal is sent, further comprise:
The authentication gateway carries out end message between local and platform of internet of things and synchronizes, and saves the sequence of each terminal
Number, and respectively correspond the corresponding registration reference information of each sequence number record.
Optionally, if the terminal encryption, the authentication gateway obtain the corresponding sequence to the registration information
Number registration reference information prestored, comprising:
The authentication gateway solves the registration information using making an appointment with terminal side or the key of current negotiation
It is close, the sequence number of the terminal carried in the registration information is obtained,
The authentication gateway is based on the sequence number, obtains the registration reference information that the corresponding sequence number prestores.
Optionally, the authentication gateway is based on the registration reference information, verifies to the signing messages, comprising:
The authentication gateway obtains preset public key and reference sensor description information from the registration reference information,
In, the sensor ID and maximum of each sensor installed in the terminal are had recorded in the reference sensor description information
Example quantity;
The authentication gateway is decrypted the signing messages using the public key, obtains the description of first part's sensor
Information, and the second part sensor description information that the corresponding sn is prestored is obtained, and first part's sensor is retouched
It states information and the second part sensor description information merges, obtain complete sensor description information;
The authentication gateway carries out the complete sensor description information and the reference sensor description information
Match, determine that the two is consistent, determines that the signing messages passes through verifying,
Optionally, the authentication gateway is based on the registration reference information, tests the sensor information to be activated
Card, comprising:
The authentication gateway is based on the sensor information to be activated, determines each sensor of terminal requests activation
Sensor ID and implementation quantity to be activated;
The authentication gateway senses the reference recorded in the sensor information to be activated and the registration reference information
Device description information is compared, and obtains comparison result, wherein have recorded in the terminal in the reference sensor description information
The sensor ID of each sensor of installation and maximum example quantity;
The authentication gateway determines that each sensor ID recorded in the sensor information to be activated is corresponding wait swash
Quantity living of implementing is sentenced when maximum corresponding no more than sensor ID corresponding in the reference sensor information implements quantity
The fixed sensor information to be activated passes through verifying.
Optionally, if further carrying verification information in the registration information, the authentication gateway is to the signature
After information and sensor information to be activated are verified, before allowing the terminal to access platform of internet of things, further
Include:
The authentication gateway extracts verification information from the login request message, and the verification information is the terminal
What is obtained in upper primary registration process is used to differentiate the information of the terminal;The authentication gateway is by the verification information and originally
Ground corresponds to the reference verification information that the sequence number saves and is compared, and when determining that the two is consistent, determines that the verification information is logical
Cross verifying.
Optionally, further comprise:
The authentication gateway allows terminal to access after platform of internet of things, to the verification information and the reference verifying letter
Breath is updated, and updated verification information is sent to the terminal and is saved.
Second aspect, a kind of terminal verification method based on narrowband Internet of Things, comprising:
Communication unit at least carries the sequence of terminal for receiving the registration information of terminal transmission in the registration information
Row number, signing messages and sensor information to be activated;
Authentication unit, the registration reference information prestored for obtaining the corresponding sequence number, and referred to based on the registration
Information verifies the signing messages and sensor information to be activated, obtains verification result;
Processing unit, at least determining that the verification result characterizes the signing messages and the sensor letter to be activated
When breath passes through verifying, allow the terminal access platform of internet of things.
Optionally, before receiving the registration information that terminal is sent, the authentication unit is further used for:
It is synchronous that end message is carried out between local and platform of internet of things, saves the sequence number of each terminal, and respectively
The corresponding corresponding registration reference information of each sequence number record.
Optionally, if the registration information terminal encryption, the registration that the corresponding sequence number prestores is obtained
When reference information, the authentication unit is used for:
Using making an appointment with terminal side or the key of current negotiation, the registration information is decrypted, described in acquisition
The sequence number of the terminal carried in registration information,
Based on the sequence number, the registration reference information that the corresponding sequence number prestores is obtained.
Optionally, it is based on the registration reference information, when verifying to the signing messages, the authentication unit is used
In:
Preset public key and reference sensor description information are obtained from the registration reference information, wherein the reference
The sensor ID and maximum example quantity of each sensor installed in the terminal are had recorded in sensor description information;
The signing messages is decrypted using the public key, obtains first part's sensor description information, and obtain
The second part sensor description information for taking the corresponding sequence number to prestore, and by first part's sensor description information and
The second part sensor description information merges, and obtains complete sensor description information;
The complete sensor description information and the reference sensor description information are matched, determine the two one
It causes, determines that the signing messages passes through verifying,
Optionally, the registration reference information, when verifying to the sensor information to be activated, the verifying are based on
Unit is used for:
Based on the sensor information to be activated, determine each sensor of terminal requests activation sensor ID and to
Quantity is implemented in activation;
By the reference sensor description information that records in the sensor information to be activated and the registration reference information into
Row compares, and obtains comparison result, wherein have recorded each installed in the terminal in the reference sensor description information
The sensor ID of sensor and maximum example quantity;
Determine the corresponding implementation quantity to be activated of each sensor ID recorded in the sensor information to be activated,
When maximum implementation quantity corresponding no more than sensor ID corresponding in the reference sensor information, the biography to be activated is determined
Sensor information passes through verifying.
Optionally, if further carrying verification information in the registration information, to the signing messages and wait swash
After sensor information living is verified, before allowing the terminal to access platform of internet of things, the authentication unit is further
For:
Verification information is extracted from the login request message, the verification information is the terminal in upper primary registration
What is obtained in the process is used to differentiate the information of the terminal;The authentication gateway is by the verification information and the local corresponding sequence
The reference verification information that row number saves is compared, and when determining that the two is consistent, determines that the verification information passes through verifying.
Optionally, the processing unit is further used for:
Allow terminal to access after platform of internet of things, the verification information and the verification information that refers to be updated,
And updated verification information is sent to the terminal and is saved.
The third aspect, a kind of storage medium are stored with the program for realizing the terminal authentication based on narrowband Internet of Things, the journey
When sequence is run by processor, following steps are executed:
The registration information that terminal is sent is received, sequence number, the signing messages of terminal are at least carried in the registration information
And sensor information to be activated;
The registration reference information that the corresponding sequence number prestores is obtained, and is based on the registration reference information, to the label
Name information and sensor information to be activated are verified, and verification result is obtained;
At least determine that the verification result characterizes the signing messages and the sensor information to be activated passes through verifying
When, allow the terminal access platform of internet of things.
Fourth aspect, a kind of communication device, including one or more processors;And one or more computer-readable Jie
Matter is stored with instruction on the readable medium, when described instruction is executed by one or more of processors, so that described device
Execute method described in any one of above-mentioned first aspect.
In the embodiment of the present invention, authentication gateway is additionally arranged between platform of internet of things and terminal, for the registration in terminal
In the process, it was both realized instead of the verification process that platform of internet of things completes terminal in this way, keeping verification process unrelated with bottom link
Terminal and platform of internet of things are mutually authenticated, while again without excessively being modified existing terminal function model, adaptation
The characteristics of narrowband internet-of-things terminal itself, i.e. terminal, do not need to execute excessive operation, can effectively maintain the electricity of terminal, protect
The use duration of terminal is demonstrate,proved, on the other hand, due to the appearance of authentication gateway, the function isolation of verification process is realized, improves
The service reliability of platform of internet of things reduces platform maintenance difficulty.
Detailed description of the invention
Fig. 1 is to carry out verifying flow diagram to narrowband internet-of-things terminal in the embodiment of the present invention;
Fig. 2 is authentication gateway illustrative view of functional configuration in the embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, is not whole embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
For the description convenient for subsequent embodiment, the ternary of narrowband internet-of-things terminal (hereinafter referred to as terminal) is described below
Group definition.
For usual narrowband internet-of-things terminal, function definition can carry out tissue according to following triple: " sensing
Device, sensor instance, sensor parameters ", i.e. object (e.g., certain a kind of sensor), object instance is (e.g., above-mentioned a certain in terminal
The quantity of class sensor) and object in resource (e.g., each generic attribute in a sensor).
For example, when for a kind of end product as thermometer, can define triple is in Internet of Things specification
" 8811/1/2000 ", is meant that, a kind of sensor object (object) marked as 8811 is currently owned by 1 example
(instance), and attribute is resource (resource) marked as 2000.
Generally, for fixed object, the resource that is included set be it is certain, e.g., temperature sensor
Corresponding resource set contains temperature value, temperature bound, temperature measurement accuracy etc..By this definition mode,
Platform of internet of things can carry out equipment management to terminal.
Platform of internet of things can by this method can be with the definition of conforming equipment and its correlation function and resource, effectively letter
Change and standardized Content of Communication, this mode is also the optimized integration of technical solution of the present invention.
In the embodiment of the present invention, platform of internet of things is for the unique sequence code within the scope of each terminal difference generating platform
Number: sn;Meanwhile corresponding signing messages: sig is generated respectively for each terminal.By taking a terminal as an example, sign generating
It will use the above-mentioned triple being mentioned to when information, specifically:
Firstly, being directed to a terminal, tectonic information vector: v={ object 1;object 2;…object N};Wherein
Object i (1≤i≤N) is expressed using " sensor " and its " maximum example quantity " two in above-mentioned triple, i.e.,
" object_id " and " max_instance_amount ".
For example, object i is expressed as " 8811/2 " by taking temperature sensor as an example, 8811 believe for the mark of temperature sensor
It ceases (i.e. ID), 2 indicate be up to 2 temperature sensors in terminal.
Secondly, being directed to above- mentioned information vector v, platform of internet of things first uses the key-value pair of asymmetric encryption: sign_
Keypair (pk, sk), obtains the public key (pk) and private key (sk) of signature, then carries out separate type label to information vector v with sk
Name: sign_detached (sig, v, sk) obtains signing messages sig.
So-called separate type signature refers to, only carries out signature operation to the partial information in information vector v, generates A.L.S.
Sig is ceased, and remaining partial information is then used for subsequent separate type signature verification: sign_verify_detached (sig, v,
pk)。
Finally, the sn and sig of each terminal of generation can be issued to manufacturer terminal, by manufacturer terminal by platform of internet of things
By the safety zone of corresponding sn and sig write-in terminal before terminal factory
Based on above-mentioned process, as shown in fig.1, being verified in the embodiment of the present invention to the terminal in narrowband Internet of Things
Detailed process it is as follows:
Step 100: it is synchronous that end message is carried out between authentication gateway and platform of internet of things.
In practical application, the part that authentication gateway can be used as platform of internet of things is used, and can also be used as independent dress
Use is set, as shown in fig.1, being illustrated so that authentication gateway is self-contained unit as an example in the embodiment of the present invention, can be incited somebody to action in this way
The partial function of authentication gateway is independent from platform of internet of things, to simplify the service logic of platform of internet of things, and is patrolled
Isolation is collected, the overall security of system is improved.
As shown in Figure 1, in step 100, authentication gateway realizes that end message is synchronous between local and platform of internet of things,
So-called end message includes at least: sequence number (sn), signing messages (sig) and the public key (pk) for being verified, further
Ground can also synchronize following end message in synchronizing process, e.g., v={ object 1;object 2;... object N },
This is repeated no more.
Step 110: terminal generates registration information.
In the embodiment of the present invention, terminal may repeatedly initiate register flow path in use, e.g., be switched by dormant state
It is in working condition;For another example, working condition is entered after turning back on;For another example, after switching cell or interim suspension, net is accessed again
Network, etc..
Therefore, when terminal needs to carry out network registry, terminal can will generate registration according to itself current working condition
Information, the sensor information to be activated of sn, sign for being written and terminal is (i.e. when at least carrying factory in the registration information
V '), e.g., in v ' at least record the sensor identification information of the currently active sensor of platform of internet of things in need (hereinafter referred to as
Sensor ID) and corresponding implementation quantity to be activated.
Further, terminal can also carry verification information (being denoted as token below) in registration information, and verification information exists
Sky is set to when initial use, a terminal register flow path of every initiation, after through verifying, authentication gateway can re-issue one
Updated token is to terminal, and terminal is when initiating register flow path next time by updated token carrying in registration information
It is sent to authentication gateway, authentication gateway can differentiate whether terminal is cloned by the consistency of token.Certainly, if no matter dividing
It distinguishes clone terminal, then can not also carry token, details are not described herein.
Step 120: terminal sends login request message to authentication gateway, and registration letter is carried in the login request message
Breath.
In order to guarantee the safety of registration information, optionally, terminal can be used symmetrical when sending login request message
Encryption Algorithm carries out fusion to registration information and obscures, can be with authentication gateway or platform of internet of things using which kind of symmetric encipherment algorithm
It makes an appointment or negotiates, notify authentication gateway in end message synchronizing process by platform of internet of things.
Step 130: authentication gateway verifies terminal based on the registration information carried in login request message.Specifically
, after authentication gateway obtains registration information, if terminal has carried out symmetric cryptography processing to registration information in the step 120, recognize
Card gateway needs the key pair registration information of the agreement used to be decrypted.
Authentication gateway gets sn and sig from registration information, further, it is also possible to obtain token, behind implement
In example, it is illustrated for there are token.
Further, authentication gateway detects the registration reference information for corresponding to the sn and prestoring by sn, wherein registration reference
Information can be recorded in the form of information group, e.g., (pk, v, token), and it is one-to-one for registering reference information and sn
Key-value relationship, may be implemented quick-searching, and v indicates the sensor ID for the various kinds of sensors being arranged in the corresponding terminal of sn
With corresponding maximum example quantity, it is referred to as reference sensor description information.
Then, authentication gateway in the following ways verifies registration information.
Firstly, authentication gateway is using separate type signature verification function, (sign_verify_detached is referred to using registration
Pk and v in information, verify sig.
Specifically, authentication gateway can be decrypted sig using pk, first part's sensor description information is obtained, then
The second part sensor description information for the above-mentioned sn of correspondence that platform of internet of things is sent is obtained, and first part's sensor is described
Information and second part sensor description information merge, and obtain complete sensor description information, then will parse from sig
The complete sensor description information and local corresponding sn extraction that obtain reference sensor description information (v) matched,
Furthermore when determining consistent, determine that sig passes through verifying.Wherein, to carry out end message with platform of internet of things due to authentication gateway same
Step, therefore, authentication gateway can know complete v and second part sensor description information, and details are not described herein.
Secondly, authentication gateway matches the v ' for registering the v recorded in reference information and carrying in registration information,
In, it at least to include the sensor ID and corresponding maximum implementation quantity of each sensor being arranged in terminal in v, if in v '
The corresponding implementation quantity to be activated of each sensor ID of record, no more than the corresponding maximum of corresponding sensor ID in v
Example quantity, then determine v and v ' successful match, i.e. v ' passes through verifying.
For example, v={ 8810/3;8811/2 }, v '={ 8810/1,8811/0,8811/1 }, it is determined that successful match.
Then, authentication gateway also needs to carry out token pairing, if the token carried in registration information sn corresponding with local
The token prestored (alternatively referred to as unanimously with reference to token), then determines token successful match, i.e. token passes through verifying.
Token be for differentiate terminal whether be clone terminal information because token can be more after each registration
Newly, therefore, it can not be succeeded in registration simultaneously using two terminals of identical token, then, once discovery such case, Internet of Things
Net platform can note abnormalities in time terminal and to be pocessed.
Finally, determining sig, v by aforesaid operations ' and after token is proved to be successful, determine that terminal authentication passes through, i.e.,
Obtain final verification result.
Step 140: authentication gateway returns to verification result to terminal, and notice terminal authentication passes through.
Further, authentication gateway can generate new token, be sent to terminal, and terminal needs to save new token, with
Standby verifying next time, meanwhile, authentication gateway can also save new token (i.e. new reference token).
The update mode of Token can be incremented by according to setting step-length, press according to specific application environment flexible setting, e.g.
Random number etc. is generated according to setting increments, using specified random function, no matter which kind of mode is used, as long as determining terminal side
Token it is consistent with the token that authentication gateway saves, that is, can determine that details are not described herein there is no clone terminal.
Phase ground return, if verifying does not pass through, authentication gateway is also notified that terminal authentication fails.
Step 150: the login request message that authentication gateway is sent to platform of internet of things forwarding terminal allows permission and Internet of Things
Net platform establishes interactive connection.
So far, verifying process all terminates.
Based on the above embodiment, as shown in fig.2, in the embodiment of the present invention, authentication gateway include at least communication unit 20,
Authentication unit 21 and processing unit 22, wherein
Communication unit 20 at least carries terminal in the registration information for receiving the registration information of terminal transmission
Sequence number, signing messages and sensor information to be activated;
Authentication unit 21, the registration reference information prestored for obtaining the corresponding sequence number, and joined based on the registration
Information is examined, the signing messages and sensor information to be activated are verified, obtains verification result;
Processing unit 22, at least determining that the verification result characterizes the signing messages and the sensor to be activated
When information passes through verifying, allow the terminal access platform of internet of things.
Optionally, before receiving the registration information that terminal is sent, authentication unit 21 is further used for:
It is synchronous that end message is carried out between local and platform of internet of things, saves the sequence number of each terminal, and respectively
The corresponding corresponding registration reference information of each sequence number record.
Optionally, if the registration information terminal encryption, the registration that the corresponding sequence number prestores is obtained
When reference information, the authentication unit is used for:
Using making an appointment with terminal side or the key of current negotiation, the registration information is decrypted, described in acquisition
The sequence number of the terminal carried in registration information,
Based on the sequence number, the registration reference information that the corresponding sequence number prestores is obtained.
Optionally, it is based on the registration reference information, when verifying to the signing messages, authentication unit 21 is used for:
Preset public key and reference sensor description information are obtained from the registration reference information, wherein the reference
The sensor ID and maximum example quantity of each sensor installed in the terminal are had recorded in sensor description information;
The signing messages is decrypted using the public key, obtains first part's sensor description information, and obtain
The second part sensor description information for taking the corresponding sequence number to prestore, and by first part's sensor description information and
The second part sensor description information merges, and obtains complete sensor description information;
The complete sensor description information and the reference sensor description information are matched, determine the two one
It causes, determines that the signing messages passes through verifying,
Optionally, the registration reference information, when verifying to the sensor information to be activated, authentication unit are based on
21 are used for:
Based on the sensor information to be activated, determine each sensor of terminal requests activation sensor ID and to
Quantity is implemented in activation;
By the reference sensor description information that records in the sensor information to be activated and the registration reference information into
Row compares, and obtains comparison result, wherein have recorded each installed in the terminal in the reference sensor description information
The sensor ID of sensor and maximum example quantity;
Determine the corresponding implementation quantity to be activated of each sensor ID recorded in the sensor information to be activated,
When maximum implementation quantity corresponding no more than sensor ID corresponding in the reference sensor information, the biography to be activated is determined
Sensor information passes through verifying.
Optionally, if further carrying verification information in the registration information, to the signing messages and wait swash
After sensor information living is verified, before allowing the terminal to access platform of internet of things, authentication unit 21 is further used
In:
Verification information is extracted from the login request message, the verification information is the terminal in upper primary registration
What is obtained in the process is used to differentiate the information of the terminal;The authentication gateway is by the verification information and the local corresponding sequence
The reference verification information that row number saves is compared, and when determining that the two is consistent, determines that the verification information passes through verifying.
Optionally, processing unit 22 is further used for:
Allow terminal to access after platform of internet of things, the verification information and the verification information that refers to be updated,
And updated verification information is sent to the terminal and is saved.
Based on the same inventive concept, in an embodiment of the invention, a kind of storage medium is provided, realization is stored with and is based on
The program of the terminal authentication of narrowband Internet of Things when described program is run by processor, executes following steps:
The registration information that terminal is sent is received, sequence number, the signing messages of terminal are at least carried in the registration information
And sensor information to be activated;
The registration reference information that the corresponding sequence number prestores is obtained, and is based on the registration reference information, to the label
Name information and sensor information to be activated are verified, and verification result is obtained;
At least determine that the verification result characterizes the signing messages and the sensor information to be activated passes through verifying
When, allow the terminal access platform of internet of things.
Based on the same inventive concept, in an embodiment of the invention, a kind of communication device, including one or more are provided
Processor;And one or more computer-readable mediums, instruction is stored on the readable medium, and described instruction is by described one
When a or multiple processors execute, so that described device executes any method referred in above-described embodiment.
In the embodiment of the present invention, authentication gateway is additionally arranged between platform of internet of things and terminal, for the registration in terminal
In the process, it was both realized instead of the verification process that platform of internet of things completes terminal in this way, keeping verification process unrelated with bottom link
Terminal and platform of internet of things are mutually authenticated, while again without excessively being modified existing terminal function model, adaptation
The characteristics of narrowband internet-of-things terminal itself, i.e. terminal, do not need to execute excessive operation, can effectively maintain the electricity of terminal, protect
The use duration of terminal is demonstrate,proved, on the other hand, due to the appearance of authentication gateway, the function isolation of verification process is realized, improves
The service reliability of platform of internet of things reduces platform maintenance difficulty.
Further, authentication gateway can find verification process by simple key-value matching way
All kinds of parameters to be used are needed, does not need to carry out complicated information inquiry in the data of magnanimity, reduces the behaviour of verification process
Make complexity.
On the other hand, verification information token can be used in authentication gateway, and the terminal of identification request access platform of internet of things is
It is no to be cloned, enable the terminal cloned completely be unable to complete while succeeding in registration, platform of internet of things can effectively find relevant different
Reason condition is simultaneously solved, and more illegal clone operations are avoided.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, those skilled in the art can carry out various modification and variations without departing from this hair to the embodiment of the present invention
The spirit and scope of bright embodiment.In this way, if these modifications and variations of the embodiment of the present invention belong to the claims in the present invention
And its within the scope of equivalent technologies, then the present invention is also intended to include these modifications and variations.
Claims (10)
1. a kind of terminal verification method based on narrowband Internet of Things characterized by comprising
Authentication gateway receives the registration information that terminal is sent, and sequence number, the signature of terminal are at least carried in the registration information
Information and sensor information to be activated;
The authentication gateway obtains the registration reference information that the corresponding sequence number prestores, and is based on the registration reference information,
The signing messages and sensor information to be activated are verified, verification result is obtained;
The authentication gateway at least determines that the verification result characterizes the signing messages and the sensor information to be activated is equal
When passing through verifying, allow the terminal access platform of internet of things.
2. the method as described in claim 1, which is characterized in that before authentication gateway receives the registration information that terminal is sent, into
One step includes:
The authentication gateway carries out end message between local and platform of internet of things and synchronizes, and saves the sequence number of each terminal,
And respectively correspond the corresponding registration reference information of each sequence number record.
3. the method as described in claim 1, which is characterized in that described if the registration information terminal encryption
Authentication gateway obtains the registration reference information that the corresponding sequence number prestores, comprising:
The authentication gateway is decrypted the registration information using making an appointment with terminal side or the key of current negotiation,
The sequence number of the terminal carried in the registration information is obtained,
The authentication gateway is based on the sequence number, obtains the registration reference information that the corresponding sequence number prestores.
4. method as claimed in claim 1,2 or 3, which is characterized in that the authentication gateway is based on the registration reference information,
The signing messages is verified, comprising:
The authentication gateway obtains preset public key and reference sensor description information from the registration reference information, wherein
Sensor ID and the maximum that each sensor installed in the terminal is had recorded in the reference sensor description information are real
Number of cases amount;
The authentication gateway is decrypted the signing messages using the public key, obtains first part's sensor description letter
Breath, and obtain the second part sensor description information that the corresponding sequence number prestores, and by first part's sensor
Description information and the second part sensor description information merge, and obtain complete sensor description information;
The authentication gateway matches the complete sensor description information and the reference sensor description information, really
It is both fixed consistent, determine that the signing messages passes through verifying.
5. method as claimed in claim 1,2 or 3, which is characterized in that the authentication gateway is based on the registration reference information,
The sensor information to be activated is verified, comprising:
The authentication gateway is based on the sensor information to be activated, determines the sensing of each sensor of terminal requests activation
Device ID and implementation quantity to be activated;
The authentication gateway retouches the reference sensor recorded in the sensor information to be activated and the registration reference information
It states information to be compared, obtains comparison result, wherein have recorded in the terminal and install in the reference sensor description information
Each sensor sensor ID and maximum example quantity;
The authentication gateway determines the corresponding reality to be activated of each sensor ID recorded in the sensor information to be activated
Quantity is applied, when maximum corresponding no more than sensor ID corresponding in the reference sensor information implements quantity, determines institute
It states sensor information to be activated and passes through verifying.
6. method as claimed in claim 1,2 or 3, which is characterized in that if further carrying verifying in the registration information
Information, then after the authentication gateway verifies the signing messages and sensor information to be activated, described in permission
Terminal accesses before platform of internet of things, further comprises:
The authentication gateway extracts verification information from the login request message, and the verification information is the terminal upper
What is obtained in registration process is used to differentiate the information of the terminal;The authentication gateway is right by the verification information and local
The reference verification information for answering the sequence number to save is compared, and when determining that the two is consistent, determines the verification information by testing
Card.
7. method as claimed in claim 6, which is characterized in that further comprise:
The authentication gateway allows terminal to access after platform of internet of things, to the verification information and it is described with reference to verification information into
Row updates, and updated verification information is sent to the terminal and is saved.
8. a kind of terminal verification method based on narrowband Internet of Things characterized by comprising
Communication unit, at least carried for receiving the registration information of terminal transmission, in the registration information terminal sequence number,
Signing messages and sensor information to be activated;
Authentication unit, the registration reference information prestored for obtaining the corresponding sequence number, and it is based on the registration reference information,
The signing messages and sensor information to be activated are verified, verification result is obtained;
Processing unit, at least determining that the verification result characterizes the signing messages and the sensor information to be activated is equal
When passing through verifying, allow the terminal access platform of internet of things.
9. a kind of storage medium, which is characterized in that be stored with the program for realizing the terminal authentication based on narrowband Internet of Things, the journey
When sequence is run by processor, following steps are executed:
Receive the registration information that terminal is sent, at least carry in the registration information sequence number of terminal, signing messages and
Sensor information to be activated;
The registration reference information that the corresponding sequence number prestores is obtained, and is based on the registration reference information, to the A.L.S.
Breath and sensor information to be activated are verified, and verification result is obtained;
When at least determining that the verification result characterization signing messages and the sensor information to be activated pass through verifying, permit
Perhaps the described terminal accesses platform of internet of things.
10. a kind of communication device, which is characterized in that including one or more processors;And
One or more computer-readable mediums are stored with instruction on the readable medium, and described instruction is by one or more
When a processor executes, so that described device executes such as method described in any item of the claim 1 to 8.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810003161.4A CN109995843B (en) | 2018-01-02 | 2018-01-02 | Terminal verification method and device based on narrowband Internet of things |
PCT/CN2018/123833 WO2019134565A1 (en) | 2018-01-02 | 2018-12-26 | Terminal verification method and apparatus based on narrowband internet of things |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810003161.4A CN109995843B (en) | 2018-01-02 | 2018-01-02 | Terminal verification method and device based on narrowband Internet of things |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109995843A true CN109995843A (en) | 2019-07-09 |
CN109995843B CN109995843B (en) | 2021-01-15 |
Family
ID=67128774
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810003161.4A Active CN109995843B (en) | 2018-01-02 | 2018-01-02 | Terminal verification method and device based on narrowband Internet of things |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN109995843B (en) |
WO (1) | WO2019134565A1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111901289A (en) * | 2020-06-03 | 2020-11-06 | 瑞数信息技术(上海)有限公司 | Identity authentication method and device |
CN113206815A (en) * | 2020-01-31 | 2021-08-03 | 伊姆西Ip控股有限责任公司 | Method for encryption and decryption, programmable switch and computer program product |
CN113613190A (en) * | 2021-06-22 | 2021-11-05 | 国网思极网安科技(北京)有限公司 | Terminal security access unit, system and method |
CN117596083A (en) * | 2024-01-18 | 2024-02-23 | 杭州海康威视数字技术股份有限公司 | Intelligent Internet of things data aggregation method and device based on data desensitization |
CN117596083B (en) * | 2024-01-18 | 2024-04-12 | 杭州海康威视数字技术股份有限公司 | Intelligent Internet of things data aggregation method and device based on data desensitization |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112600676B (en) * | 2020-12-09 | 2023-04-07 | 北京航天紫光科技有限公司 | Edge gateway access method and device for industrial Internet |
CN114697047B (en) * | 2022-06-01 | 2022-10-04 | 树根互联股份有限公司 | Sub-device registration method in Internet of things, cloud server and gateway device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104505938A (en) * | 2014-12-12 | 2015-04-08 | 国家电网公司 | Power grid terminal communication system |
US20150319170A1 (en) * | 2012-12-21 | 2015-11-05 | Didier Grossemy | Computer implemented frameworks and methodologies for enabling identification verification in an online environment |
CN105471858A (en) * | 2015-11-20 | 2016-04-06 | 西安电子科技大学 | Internet-of-things-sensing-equipment-based cloud platform authentication system and method |
CN106683252A (en) * | 2017-03-09 | 2017-05-17 | 徐东哲 | Community intelligent passing control system and method based on narrow band Internet of Things |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101778102B (en) * | 2009-12-31 | 2013-05-08 | 卓望数码技术(深圳)有限公司 | Safety authentication method of sensor, sensor and authentication system thereof |
CN102916810B (en) * | 2011-08-05 | 2015-03-11 | 中国移动通信集团公司 | Method, system and apparatus for authenticating sensor |
CN103220271A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
CN105635062B (en) * | 2014-10-31 | 2019-11-29 | 腾讯科技(上海)有限公司 | The verification method and device of network access equipment |
-
2018
- 2018-01-02 CN CN201810003161.4A patent/CN109995843B/en active Active
- 2018-12-26 WO PCT/CN2018/123833 patent/WO2019134565A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150319170A1 (en) * | 2012-12-21 | 2015-11-05 | Didier Grossemy | Computer implemented frameworks and methodologies for enabling identification verification in an online environment |
CN104505938A (en) * | 2014-12-12 | 2015-04-08 | 国家电网公司 | Power grid terminal communication system |
CN105471858A (en) * | 2015-11-20 | 2016-04-06 | 西安电子科技大学 | Internet-of-things-sensing-equipment-based cloud platform authentication system and method |
CN106683252A (en) * | 2017-03-09 | 2017-05-17 | 徐东哲 | Community intelligent passing control system and method based on narrow band Internet of Things |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113206815A (en) * | 2020-01-31 | 2021-08-03 | 伊姆西Ip控股有限责任公司 | Method for encryption and decryption, programmable switch and computer program product |
US11616640B2 (en) | 2020-01-31 | 2023-03-28 | EMC IP Holding Company LLC | Method for encryption and decryption, programmable switch and computer program product |
CN113206815B (en) * | 2020-01-31 | 2024-02-20 | 伊姆西Ip控股有限责任公司 | Method for encryption and decryption, programmable switch and computer readable storage medium |
CN111901289A (en) * | 2020-06-03 | 2020-11-06 | 瑞数信息技术(上海)有限公司 | Identity authentication method and device |
CN111901289B (en) * | 2020-06-03 | 2022-02-25 | 瑞数信息技术(上海)有限公司 | Identity authentication method, device, equipment and storage medium |
CN113613190A (en) * | 2021-06-22 | 2021-11-05 | 国网思极网安科技(北京)有限公司 | Terminal security access unit, system and method |
CN117596083A (en) * | 2024-01-18 | 2024-02-23 | 杭州海康威视数字技术股份有限公司 | Intelligent Internet of things data aggregation method and device based on data desensitization |
CN117596083B (en) * | 2024-01-18 | 2024-04-12 | 杭州海康威视数字技术股份有限公司 | Intelligent Internet of things data aggregation method and device based on data desensitization |
Also Published As
Publication number | Publication date |
---|---|
CN109995843B (en) | 2021-01-15 |
WO2019134565A1 (en) | 2019-07-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109995843A (en) | A kind of terminal verification method and device based on narrowband Internet of Things | |
CN113438289B (en) | Block chain data processing method and device based on cloud computing | |
WO2018112940A1 (en) | Service execution method and device for blockchain node, and node device | |
JP4993733B2 (en) | Cryptographic client device, cryptographic package distribution system, cryptographic container distribution system, and cryptographic management server device | |
US9967739B2 (en) | Mobile virtualization platform for the remote control of a medical device | |
CN109741039A (en) | Bookkeeping methods, terminal device, digs mine node and mine pond at mine pool server | |
CN210691384U (en) | Face recognition payment terminal platform based on security unit and trusted execution environment | |
CN114556865A (en) | Electronic device and method for managing block chain address by using same | |
CN110995642A (en) | Providing secure connections using pre-shared keys | |
CN104917807B (en) | Resource transfers methods, devices and systems | |
EP3073667A1 (en) | Information delivery system | |
KR20160100151A (en) | Processing for secure information | |
CN113014444B (en) | Internet of things equipment production test system and safety protection method | |
CN108200078B (en) | Downloading and installing method of signature authentication tool and terminal equipment | |
WO2014049749A1 (en) | Biometric reference information registration system, device, and program | |
CN111027981B (en) | Method and device for multi-party joint training of risk assessment model for IoT (Internet of things) machine | |
CN108737171A (en) | A kind of method and system of management cloud service cluster | |
KR20080087917A (en) | System for certify one-time password, system for issue a seed, and method for generating one-time password | |
CN115730338B (en) | Zero trust sensitive big data cross-domain sharing method and device based on privacy calculation | |
CN109766152A (en) | A kind of exchange method and device | |
US20150288703A1 (en) | Data possession verification system and method | |
CN109981312A (en) | Smart machine configuration method, apparatus and system | |
US20210279307A1 (en) | Method for the secure interaction of a user with a mobile terminal and a further entity | |
JP2006252470A (en) | Electronic value exchange system and method | |
CN115964755B (en) | Data authorization and verification method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |