CN109995843B - Terminal verification method and device based on narrowband Internet of things - Google Patents
Terminal verification method and device based on narrowband Internet of things Download PDFInfo
- Publication number
- CN109995843B CN109995843B CN201810003161.4A CN201810003161A CN109995843B CN 109995843 B CN109995843 B CN 109995843B CN 201810003161 A CN201810003161 A CN 201810003161A CN 109995843 B CN109995843 B CN 109995843B
- Authority
- CN
- China
- Prior art keywords
- information
- terminal
- sensor
- verification
- registration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims abstract description 140
- 238000000034 method Methods 0.000 title claims abstract description 57
- 230000008569 process Effects 0.000 claims abstract description 30
- 238000012545 processing Methods 0.000 claims description 12
- 238000004891 communication Methods 0.000 claims description 11
- 239000000284 extract Substances 0.000 claims description 2
- 238000012986 modification Methods 0.000 abstract description 8
- 230000004048 modification Effects 0.000 abstract description 8
- 238000002955 isolation Methods 0.000 abstract description 4
- 238000012423 maintenance Methods 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 13
- 238000010586 diagram Methods 0.000 description 9
- 238000004590 computer program Methods 0.000 description 7
- 230000002159 abnormal effect Effects 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000009529 body temperature measurement Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 239000007795 chemical reaction product Substances 0.000 description 1
- 238000010367 cloning Methods 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention relates to the technology of Internet of things, and discloses a terminal verification method and device based on a narrowband Internet of things, which are used for accurately completing terminal verification on the premise of not increasing the operation loads of a terminal and an Internet of things platform. The method comprises the following steps: the authentication gateway is additionally arranged between the Internet of things platform and the terminal and used for replacing the Internet of things platform to complete the verification process of the terminal in the registration process of the terminal, so that the verification process is independent of a bottom link, mutual verification of the terminal and the Internet of things platform is realized, excessive modification on the existing terminal function model is not needed, the self characteristics of the narrow-band Internet of things terminal are adapted, the terminal does not need to execute excessive operation, the electric quantity of the terminal can be effectively maintained, the service life of the terminal is ensured, on the other hand, due to the fact that the authentication gateway exists, function isolation in the verification process is realized, the service reliability of the Internet of things platform is improved, and the platform maintenance difficulty is reduced.
Description
Technical Field
The invention relates to the technology of the Internet of things, in particular to a terminal verification method and device based on a narrow-band Internet of things.
Background
With the development of technology, the Internet of Things (Internet of Things, loT) has been widely used. The internet of things, also called as a sensing network, is an extension of the internet from people to objects, and the safety problem is undoubtedly a crucial link in the use scene of the internet of things.
For a terminal accessing to the internet of things (especially accessing to a narrowband internet of things), the terminal does not usually have a direct human-computer interaction interface, but needs to be directly connected with a back-end internet of things platform, and then performs related operations and device management through a service interface of the internet of things platform, such as interfaces for registration, upgrading, reading and writing.
Due to the close connection between the narrowband internet of things terminal and the internet of things platform, it becomes very important to verify whether the accessed terminal is legal or not besides processing the security of the communication channel. If the terminal cannot be correctly distinguished, after an illegal narrow-band internet of things terminal is accessed to the internet of things platform, a user may obtain false information, and even more seriously, the whole internet of things platform may be abnormal.
However, compared with the communication system terminal, the narrowband internet of things terminal and the internet of things platform have the following characteristics:
firstly, the narrow-band internet of things terminal is usually a device with very limited computing capability (e.g., a car lock with a sensor), and has a high requirement for the continuous electric quantity of a battery, so that too many complex operations cannot be borne, the operation load of the narrow-band internet of things terminal needs to be reduced in the verification process, and too much storage space cannot be consumed.
Secondly, the internet of things platform faces massive narrowband internet of things terminal access, and the operation and maintenance cost of the internet of things platform can be increased due to excessively complex safe calculation and information query and storage.
In view of this, the terminal verification scheme in the existing communication system is not suitable for the internet of things, and an adaptive terminal verification scheme needs to be redesigned by combining the technical characteristics of the internet of things.
Disclosure of Invention
The invention aims to provide a terminal verification method and device based on a narrowband Internet of things, which are used for accurately completing terminal verification on the premise of not increasing the operation loads of a terminal and an Internet of things platform.
The purpose of the invention is realized by the following technical scheme:
in a first aspect, a terminal verification method based on a narrowband internet of things includes:
the method comprises the steps that an authentication gateway receives registration information sent by a terminal, wherein the registration information at least carries a serial number, signature information and information of a sensor to be activated of the terminal;
the authentication gateway acquires pre-stored registration reference information corresponding to the serial number, and verifies the signature information and the information of the sensor to be activated based on the registration reference information to obtain a verification result;
and the authentication gateway allows the terminal to access the Internet of things platform when at least determining that the verification result represents that the signature information and the information of the sensor to be activated pass verification.
Optionally, before the authenticating gateway receives the registration information sent by the terminal, the method further includes:
the authentication gateway synchronizes terminal information between the local platform and the platform of the Internet of things, stores the serial numbers of all the terminals and records corresponding registration reference information corresponding to each serial number respectively.
Optionally, if the registration information is encrypted by the terminal, the acquiring, by the authentication gateway, registration reference information pre-stored corresponding to the serial number includes:
the authentication gateway decrypts the registration information by adopting a key agreed in advance or currently negotiated with a terminal side to obtain the serial number of the terminal carried in the registration information,
and the authentication gateway acquires pre-stored registration reference information corresponding to the serial number based on the serial number.
Optionally, the verifying the signature information by the authentication gateway based on the registration reference information includes:
the authentication gateway acquires a preset public key and reference sensor description information from the registration reference information, wherein the reference sensor description information records the sensor ID and the maximum instance number of each sensor installed on the terminal;
the authentication gateway decrypts the signature information by adopting the public key to obtain a first part of sensor description information, obtains a second part of sensor description information prestored corresponding to the sn, and combines the first part of sensor description information and the second part of sensor description information to obtain complete sensor description information;
the authentication gateway matches the complete sensor description information with the reference sensor description information, determines that the two are consistent, judges that the signature information passes verification,
optionally, the verifying, by the authentication gateway, the to-be-activated sensor information based on the registration reference information includes:
the authentication gateway determines the sensor ID and the number of to-be-activated implementation of each sensor which is requested to be activated by the terminal based on the information of the to-be-activated sensors;
the authentication gateway compares the information of the sensor to be activated with reference sensor description information recorded in the registration reference information to obtain a comparison result, wherein the reference sensor description information records the sensor ID and the maximum instance number of each type of sensor installed on the terminal;
and when the authentication gateway determines that the implementation quantity to be activated corresponding to each sensor ID recorded in the sensor information to be activated is not greater than the maximum implementation quantity corresponding to the corresponding sensor ID in the reference sensor information, judging that the sensor information to be activated passes verification.
Optionally, if the registration information further carries verification information, after the verifying the signature information and the information of the sensor to be activated by the authentication gateway, before allowing the terminal to access the internet of things platform, the method further includes:
the authentication gateway extracts verification information from the registration request message, wherein the verification information is information which is acquired by the terminal in the last registration process and used for distinguishing the terminal; and the authentication gateway compares the verification information with reference verification information stored locally corresponding to the serial number, and judges that the verification information passes verification when the verification information is consistent with the reference verification information stored locally corresponding to the serial number.
Optionally, further comprising:
and after allowing the terminal to access the Internet of things platform, the authentication gateway updates the verification information and the reference verification information and sends the updated verification information to the terminal for storage.
In a second aspect, a terminal verification method based on a narrowband internet of things includes:
the communication unit is used for receiving registration information sent by a terminal, wherein the registration information at least carries a serial number, signature information and information of a sensor to be activated of the terminal;
the verification unit is used for acquiring registration reference information prestored corresponding to the serial number, verifying the signature information and the information of the sensor to be activated based on the registration reference information and acquiring a verification result;
and the processing unit is used for allowing the terminal to access the Internet of things platform when at least the verification result indicates that the signature information and the information of the sensor to be activated pass verification.
Optionally, before receiving the registration information sent by the terminal, the verification unit is further configured to:
and carrying out terminal information synchronization between the local platform and the Internet of things platform, storing the serial number of each terminal, and recording corresponding registration reference information corresponding to each serial number respectively.
Optionally, if the registration information is encrypted by the terminal, when obtaining pre-stored registration reference information corresponding to the serial number, the verification unit is configured to:
decrypting the registration information by adopting a key agreed in advance or negotiated at present with a terminal side to obtain a serial number of the terminal carried in the registration information,
and acquiring pre-stored registration reference information corresponding to the serial number based on the serial number.
Optionally, when verifying the signature information based on the registration reference information, the verifying unit is configured to:
acquiring a preset public key and reference sensor description information from the registration reference information, wherein the reference sensor description information records a sensor ID and the maximum instance number of each sensor installed on the terminal;
decrypting the signature information by adopting the public key to obtain a first part of sensor description information, obtaining a second part of sensor description information prestored corresponding to the serial number, and combining the first part of sensor description information and the second part of sensor description information to obtain complete sensor description information;
matching the complete sensor description information with the reference sensor description information, determining that the two are consistent, judging that the signature information passes verification,
optionally, when verifying the to-be-activated sensor information based on the registration reference information, the verification unit is configured to:
determining the sensor ID and the number of to-be-activated implementation of each sensor which is requested to be activated by the terminal based on the information of the to-be-activated sensors;
comparing the information of the sensor to be activated with reference sensor description information recorded in the registered reference information to obtain a comparison result, wherein the reference sensor description information records the sensor ID and the maximum instance number of each type of sensor installed on the terminal;
and when the number of to-be-activated implementation corresponding to each sensor ID recorded in the information of the to-be-activated sensors is determined to be not greater than the maximum implementation number corresponding to the corresponding sensor ID in the information of the reference sensors, judging that the information of the to-be-activated sensors passes verification.
Optionally, if the registration information further carries verification information, after verifying the signature information and the information of the sensor to be activated, before allowing the terminal to access the internet of things platform, the verification unit is further configured to:
extracting verification information from the registration request message, wherein the verification information is information which is acquired by the terminal in the last registration process and used for distinguishing the terminal; and the authentication gateway compares the verification information with reference verification information stored locally corresponding to the serial number, and judges that the verification information passes verification when the verification information is consistent with the reference verification information stored locally corresponding to the serial number.
Optionally, the processing unit is further configured to:
and after the terminal is allowed to access the Internet of things platform, updating the verification information and the reference verification information, and sending the updated verification information to the terminal for storage.
In a third aspect, a storage medium stores a program for implementing narrowband internet of things-based terminal authentication, and when the program is executed by a processor, the program performs the following steps:
receiving registration information sent by a terminal, wherein the registration information at least carries a serial number of the terminal, signature information and information of a sensor to be activated;
acquiring registration reference information prestored corresponding to the serial number, and verifying the signature information and the information of the sensor to be activated based on the registration reference information to obtain a verification result;
and when at least the verification result indicates that the signature information and the information of the sensor to be activated pass verification, allowing the terminal to access the Internet of things platform.
In a fourth aspect, a communications apparatus includes one or more processors; and one or more computer-readable media having instructions stored thereon, which, when executed by the one or more processors, cause the apparatus to perform the method of any of the first aspects described above.
In the embodiment of the invention, the authentication gateway is additionally arranged between the Internet of things platform and the terminal and is used for replacing the Internet of things platform to complete the verification process of the terminal in the registration process of the terminal, so that the verification process is independent of a bottom link, the mutual verification of the terminal and the Internet of things platform is realized, excessive modification on the existing terminal function model is not needed, and the terminal adapts to the characteristics of the narrowband Internet of things terminal, namely the terminal does not need to execute excessive operation, the electric quantity of the terminal can be effectively maintained, the service life of the terminal is ensured, on the other hand, due to the existence of the authentication gateway, the function isolation of the verification process is realized, the service reliability of the Internet of things platform is improved, and the maintenance difficulty of the platform is reduced.
Drawings
Fig. 1 is a schematic view of a verification process performed on a narrowband internet of things terminal in an embodiment of the present invention;
fig. 2 is a schematic diagram of a functional structure of an authentication gateway in the embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For the convenience of the following description of the embodiments, the following description introduces a triple definition of a narrowband internet of things terminal (hereinafter referred to as a terminal).
For a general narrowband internet of things terminal, the function definition thereof may be organized according to the following triplets: "sensors, sensor instances, sensor parameters", i.e. objects (e.g. a certain type of sensor), object instances (e.g. the number of the above mentioned certain type of sensors in a terminal) and resources in the object (e.g. various types of attributes in a sensor).
For example, in the internet of things specification, for an end product as a thermometer, a triple "8811/1/2000" may be defined, which means that a sensor object (object) with a reference number 8811 currently has 1 instance (instance), and an attribute is a resource (resource) with a reference number 2000.
Generally, for a fixed object, the contained resource set is fixed, for example, the resource set corresponding to the temperature sensor contains a temperature value, upper and lower temperature limits, temperature measurement accuracy, and the like. Through the definition mode, the Internet of things platform can manage the terminal.
The Internet of things platform can standardize the definition of equipment and related functions and resources thereof through the method, effectively simplifies and standardizes communication contents, and the mode is also the implementation basis of the technical scheme of the invention.
In the embodiment of the invention, the platform of the internet of things respectively generates a unique serial number in a platform range for each terminal: sn; meanwhile, corresponding signature information is respectively generated for each terminal: and (6) sigs. Taking a terminal as an example, the above mentioned triples are used when generating signature information, specifically:
first, for one terminal, an information vector is constructed: v ═ object 1; object 2; … object N }; where object i (1. ltoreq. i.ltoreq.N) is expressed using the two terms "sensor" and "maximum number of instances" in the triplet described above, namely "object _ id" and "max _ instance _ amount".
For example, taking a temperature sensor as an example, object i is represented as "8811/2", 8811 is identification information (i.e., ID) of the temperature sensor, and 2 indicates that there are at most 2 temperature sensors in the terminal.
Secondly, aiming at the information vector v, the platform of the internet of things firstly adopts asymmetric encrypted key value pairs: sign _ keypair (pk, sk), obtaining a public key (pk) and a private key (sk) for signature, and then performing separable signature on the information vector v by using the sk: sign _ specified (sig, v, sk), signature information sig is obtained.
The separable signature means that only a part of information in the information vector v is signed to generate signature information sig, and the rest of information is used for subsequent separable signature verification: sign _ verify _ modified (sig, v, pk).
And finally, the Internet of things platform issues the generated sn and sig of each terminal to a terminal manufacturer, and the terminal manufacturer writes the corresponding sn and sig into a safe area of the terminal before the terminal leaves the factory
Based on the above process, referring to fig. 1, a detailed process of verifying a terminal in a narrowband internet of things in the embodiment of the present invention is as follows:
step 100: and terminal information synchronization is carried out between the authentication gateway and the Internet of things platform.
In practical application, the authentication gateway may be used as a part of the platform of the internet of things, or may be used as an independent device, as shown in fig. 1, in the embodiment of the present invention, it is described that the authentication gateway is an independent device, so that part of functions of the authentication gateway may be independent from the platform of the internet of things, thereby simplifying the service logic of the platform of the internet of things, performing logic isolation, and improving the overall security of the system.
As shown in fig. 1, in step 100, the authentication gateway synchronizes terminal information between the local and internet of things platforms, where the terminal information at least includes: serial number (sn), signature information (sig), and public key (pk) for verification, and further, terminal information such as v ═ object 1; object 2; … object N, which will not be described herein.
Step 110: the terminal generates registration information.
In the embodiment of the invention, the terminal may initiate the registration process for many times in the using process, for example, the dormant state is switched to the working state; if the computer is restarted, the computer enters a working state; for another example, after switching the cell or temporarily disconnecting the network, the network is re-accessed, and so on.
Therefore, when the terminal needs to perform network registration, the terminal generates registration information according to the current working state of the terminal, where the registration information at least carries sn and sign written in the factory and information (i.e. v ') of the sensor to be activated of the terminal, for example, v' at least records sensor identification information (hereinafter referred to as sensor ID) of the sensor that needs to be currently activated by the internet of things platform and a corresponding implementation quantity to be activated.
Further, the terminal may also carry verification information (hereinafter referred to as token) in the registration information, the verification information is set to null when initially used, the terminal initiates a registration process each time, after verification, the authentication gateway re-issues an updated token to the terminal, the terminal carries the updated token in the registration information when initiating the registration process next time and sends the updated token to the authentication gateway, and the authentication gateway can distinguish whether the terminal is cloned through consistency of the tokens. Of course, if the clone terminal is identified, the token may not be carried, and the details are not described herein.
Step 120: and the terminal sends a registration request message to the authentication gateway, wherein the registration request message carries registration information.
In order to ensure the security of the registration information, optionally, when the terminal sends the registration request message, the registration information may be fused and confused by using a symmetric encryption algorithm, which symmetric encryption algorithm is used may be agreed or negotiated with the authentication gateway or the internet of things platform in advance, and the internet of things platform notifies the authentication gateway in the terminal information synchronization process.
Step 130: and the authentication gateway verifies the terminal based on the registration information carried in the registration request message. Specifically, after the authentication gateway obtains the registration information, if the terminal performs symmetric encryption processing on the registration information in step 120, the authentication gateway needs to decrypt the registration information with the agreed key.
The authentication gateway obtains sn and sig from the registration information, and further, may obtain a token, in the following embodiment, the token is used as an example for explanation.
Further, the authentication gateway detects registration reference information pre-stored corresponding to the sn through the sn, wherein the registration reference information may be recorded in the form of an information group, e.g., (pk, v, token), and the registration reference information and the sn are in a one-to-one key-value relationship, so that fast retrieval may be achieved, and v represents the sensor ID of each type of sensor set on the terminal corresponding to the sn and the corresponding maximum number of instances, which may also be referred to as reference sensor description information.
The authentication gateway then verifies the registration information in the following manner.
First, the authentication gateway verifies the sig by using a separate signature verification function (sign _ verify _ modified, using pk and v in the registration reference information).
Specifically, the authentication gateway decrypts the sig by using pk to obtain a first part of sensor description information, then obtains a second part of sensor description information corresponding to the sn and sent by the platform of the internet of things, merges the first part of sensor description information and the second part of sensor description information to obtain complete sensor description information, matches the complete sensor description information obtained by parsing from the sig with reference sensor description information (namely v) extracted from the local corresponding sn, and determines that the sig passes verification when the complete sensor description information and the reference sensor description information (namely v) are consistent. Since the authentication gateway and the internet of things platform perform terminal information synchronization, the authentication gateway can acquire complete v and second part of sensor description information, which is not described herein again.
And secondly, matching v recorded in the registration reference information with v 'carried in the registration information by the authentication gateway, wherein the v at least comprises the sensor ID of each sensor arranged on the terminal and the corresponding maximum implementation quantity, and if the to-be-activated implementation quantity corresponding to each sensor ID recorded in the v' is not more than the maximum instance quantity corresponding to the corresponding sensor ID in the v, judging that the matching of the v and the v 'is successful, namely the v' passes the verification.
For example, v ═ { 8810/3; 8811/2 and v' is 8810/1,8811/0,8811/1, the match is determined to be successful.
Then, the authentication gateway needs to perform token pairing, and if the token carried in the registration information is consistent with a token (also referred to as a reference token) pre-stored in the local corresponding sn, it is determined that the token matching is successful, that is, the token passes verification.
the token is information for distinguishing whether the terminal is a cloned terminal, and the token is updated after each registration, so that two terminals using the same token cannot be successfully registered at the same time, and once the condition is found, the internet of things platform can timely find and process an abnormal terminal.
And finally, after the sigs, the v' and the token are determined to be successfully verified through the operation, judging that the terminal passes the verification, and obtaining a final verification result.
Step 140: and the authentication gateway returns a verification result to the terminal and informs the terminal that the verification is passed.
Further, the authentication gateway generates a new token and sends the token to the terminal, the terminal needs to store the new token for the next verification, and meanwhile, the authentication gateway also stores the new token (i.e. the new reference token).
The Token updating mode may be flexibly set according to a specific application environment, for example, the Token is increased according to a set step length, decreased according to a set step length, a random number is generated by using a specified random function, and the like.
Conversely, if the verification fails, the authentication gateway also notifies the terminal that the verification failed.
Step 150: and the authentication gateway forwards the registration request message sent by the terminal to the Internet of things platform, and allows the establishment of interactive connection with the Internet of things platform.
So far, the verification process is completely finished.
Based on the above embodiments, referring to fig. 2, in the embodiment of the present invention, the authentication gateway at least includes a communication unit 20, a verification unit 21 and a processing unit 22, wherein,
the communication unit 20 is configured to receive registration information sent by a terminal, where the registration information at least carries a serial number, signature information, and information of a sensor to be activated;
the verification unit 21 is configured to acquire pre-stored registration reference information corresponding to the serial number, and verify the signature information and the information of the sensor to be activated based on the registration reference information to obtain a verification result;
and the processing unit 22 is configured to allow the terminal to access the internet of things platform when at least the verification result indicates that the signature information and the to-be-activated sensor information are both verified.
Optionally, before receiving the registration information sent by the terminal, the verifying unit 21 is further configured to:
and carrying out terminal information synchronization between the local platform and the Internet of things platform, storing the serial number of each terminal, and recording corresponding registration reference information corresponding to each serial number respectively.
Optionally, if the registration information is encrypted by the terminal, when obtaining pre-stored registration reference information corresponding to the serial number, the verification unit is configured to:
decrypting the registration information by adopting a key agreed in advance or negotiated at present with a terminal side to obtain a serial number of the terminal carried in the registration information,
and acquiring pre-stored registration reference information corresponding to the serial number based on the serial number.
Optionally, when verifying the signature information based on the registration reference information, the verifying unit 21 is configured to:
acquiring a preset public key and reference sensor description information from the registration reference information, wherein the reference sensor description information records a sensor ID and the maximum instance number of each sensor installed on the terminal;
decrypting the signature information by adopting the public key to obtain a first part of sensor description information, obtaining a second part of sensor description information prestored corresponding to the serial number, and combining the first part of sensor description information and the second part of sensor description information to obtain complete sensor description information;
matching the complete sensor description information with the reference sensor description information, determining that the two are consistent, judging that the signature information passes verification,
optionally, when verifying the to-be-activated sensor information based on the registration reference information, the verification unit 21 is configured to:
determining the sensor ID and the number of to-be-activated implementation of each sensor which is requested to be activated by the terminal based on the information of the to-be-activated sensors;
comparing the information of the sensor to be activated with reference sensor description information recorded in the registered reference information to obtain a comparison result, wherein the reference sensor description information records the sensor ID and the maximum instance number of each type of sensor installed on the terminal;
and when the number of to-be-activated implementation corresponding to each sensor ID recorded in the information of the to-be-activated sensors is determined to be not greater than the maximum implementation number corresponding to the corresponding sensor ID in the information of the reference sensors, judging that the information of the to-be-activated sensors passes verification.
Optionally, if the registration information further carries verification information, after verifying the signature information and the information of the sensor to be activated, before allowing the terminal to access the internet of things platform, the verification unit 21 is further configured to:
extracting verification information from the registration request message, wherein the verification information is information which is acquired by the terminal in the last registration process and used for distinguishing the terminal; and the authentication gateway compares the verification information with reference verification information stored locally corresponding to the serial number, and judges that the verification information passes verification when the verification information is consistent with the reference verification information stored locally corresponding to the serial number.
Optionally, the processing unit 22 is further configured to:
and after the terminal is allowed to access the Internet of things platform, updating the verification information and the reference verification information, and sending the updated verification information to the terminal for storage.
Based on the same inventive concept, in an embodiment of the present invention, a storage medium is provided, which stores a program for implementing narrowband internet of things-based terminal authentication, and when the program is executed by a processor, the program performs the following steps:
receiving registration information sent by a terminal, wherein the registration information at least carries a serial number of the terminal, signature information and information of a sensor to be activated;
acquiring registration reference information prestored corresponding to the serial number, and verifying the signature information and the information of the sensor to be activated based on the registration reference information to obtain a verification result;
and when at least the verification result indicates that the signature information and the information of the sensor to be activated pass verification, allowing the terminal to access the Internet of things platform.
Based on the same inventive concept, in one embodiment of the present invention, a communication apparatus is provided, which includes one or more processors; and one or more computer-readable media having instructions stored thereon, which when executed by the one or more processors, cause the apparatus to perform any of the methods mentioned in the above embodiments.
In the embodiment of the invention, the authentication gateway is additionally arranged between the Internet of things platform and the terminal and is used for replacing the Internet of things platform to complete the verification process of the terminal in the registration process of the terminal, so that the verification process is independent of a bottom link, the mutual verification of the terminal and the Internet of things platform is realized, excessive modification on the existing terminal function model is not needed, and the terminal adapts to the characteristics of the narrowband Internet of things terminal, namely the terminal does not need to execute excessive operation, the electric quantity of the terminal can be effectively maintained, the service life of the terminal is ensured, on the other hand, due to the existence of the authentication gateway, the function isolation of the verification process is realized, the service reliability of the Internet of things platform is improved, and the maintenance difficulty of the platform is reduced.
Furthermore, the authentication gateway can search various parameters required to be used in the verification process through a simple key-value matching mode, complex information query does not need to be carried out in massive data, and the operation complexity of the verification process is reduced.
On the other hand, the authentication gateway can identify whether the terminal requesting to access the internet of things platform is cloned by using the verification information token, so that the completely cloned terminal cannot complete the simultaneous registration successfully, the internet of things platform can effectively find out and solve the related abnormal conditions, and more illegal cloning operations are avoided.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made in the embodiments of the present invention without departing from the spirit or scope of the embodiments of the invention. Thus, if such modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to encompass such modifications and variations.
Claims (9)
1. A terminal verification method based on a narrowband Internet of things is characterized by comprising the following steps:
the method comprises the steps that an authentication gateway receives registration information sent by a terminal, wherein the registration information at least carries a serial number, signature information and information of a sensor to be activated of the terminal;
the authentication gateway acquires pre-stored registration reference information corresponding to the serial number, and verifies the signature information and the information of the sensor to be activated based on the registration reference information to obtain a verification result;
the authentication gateway at least allows the terminal to access the Internet of things platform when the verification result at least indicates that the signature information and the information of the sensor to be activated pass verification;
wherein the verifying the signature information by the authentication gateway based on the registration reference information comprises:
the authentication gateway acquires a preset public key and reference sensor description information from the registration reference information, wherein the reference sensor description information records the sensor ID and the maximum instance number of each sensor installed on the terminal;
the authentication gateway decrypts the signature information by adopting the public key to obtain a first part of sensor description information, obtains a second part of sensor description information prestored corresponding to the serial number, and combines the first part of sensor description information and the second part of sensor description information to obtain complete sensor description information;
and the authentication gateway matches the complete sensor description information with the reference sensor description information, determines that the complete sensor description information and the reference sensor description information are consistent, and judges that the signature information passes verification.
2. The method of claim 1, wherein before the authentication gateway receives the registration information sent by the terminal, the method further comprises:
the authentication gateway synchronizes terminal information between the local platform and the platform of the Internet of things, stores the serial numbers of all the terminals and records corresponding registration reference information corresponding to each serial number respectively.
3. The method according to claim 1, wherein if the registration information has been encrypted by the terminal, the acquiring, by the authentication gateway, registration reference information pre-stored corresponding to the serial number comprises:
the authentication gateway decrypts the registration information by adopting a key agreed in advance or currently negotiated with a terminal side to obtain the serial number of the terminal carried in the registration information,
and the authentication gateway acquires pre-stored registration reference information corresponding to the serial number based on the serial number.
4. The method of claim 1, 2 or 3, wherein the authentication gateway verifying the to-be-activated sensor information based on the registration reference information comprises:
the authentication gateway determines the sensor ID and the number of to-be-activated implementation of each sensor which is requested to be activated by the terminal based on the information of the to-be-activated sensors;
the authentication gateway compares the information of the sensor to be activated with reference sensor description information recorded in the registration reference information to obtain a comparison result, wherein the reference sensor description information records the sensor ID and the maximum instance number of each type of sensor installed on the terminal;
and when the authentication gateway determines that the implementation quantity to be activated corresponding to each sensor ID recorded in the sensor information to be activated is not greater than the maximum implementation quantity corresponding to the corresponding sensor ID in the reference sensor information, judging that the sensor information to be activated passes verification.
5. The method according to claim 1, 2 or 3, wherein if the registration information further carries verification information, after the authentication gateway verifies the signature information and the to-be-activated sensor information, before allowing the terminal to access the platform of the internet of things, the method further comprises:
the authentication gateway extracts verification information from the registration request message, wherein the verification information is information which is acquired by the terminal in the last registration process and used for distinguishing the terminal; and the authentication gateway compares the verification information with reference verification information stored locally corresponding to the serial number, and judges that the verification information passes verification when the verification information is consistent with the reference verification information stored locally corresponding to the serial number.
6. The method of claim 5, further comprising:
and after allowing the terminal to access the Internet of things platform, the authentication gateway updates the verification information and the reference verification information and sends the updated verification information to the terminal for storage.
7. A terminal verification method based on a narrowband Internet of things is characterized by comprising the following steps:
the communication unit is used for receiving registration information sent by a terminal, wherein the registration information at least carries a serial number, signature information and information of a sensor to be activated of the terminal;
the verification unit is used for acquiring registration reference information prestored corresponding to the serial number, verifying the signature information and the information of the sensor to be activated based on the registration reference information and acquiring a verification result;
the processing unit is used for allowing the terminal to access the Internet of things platform when at least the verification result indicates that the signature information and the information of the sensor to be activated pass verification;
wherein, when verifying the signature information based on the registration reference information, the verification unit is specifically configured to:
acquiring a preset public key and reference sensor description information from the registration reference information, wherein the reference sensor description information records a sensor ID and the maximum instance number of each sensor installed on the terminal;
decrypting the signature information by adopting the public key to obtain a first part of sensor description information, obtaining a second part of sensor description information prestored corresponding to the serial number, and combining the first part of sensor description information and the second part of sensor description information to obtain complete sensor description information;
and matching the complete sensor description information with the reference sensor description information, determining that the complete sensor description information and the reference sensor description information are consistent, and judging that the signature information passes verification.
8. A storage medium storing a program for implementing narrowband internet of things-based terminal authentication, the program, when executed by a processor, performing the steps of:
receiving registration information sent by a terminal, wherein the registration information at least carries a serial number of the terminal, signature information and information of a sensor to be activated;
acquiring registration reference information prestored corresponding to the serial number, and verifying the signature information and the information of the sensor to be activated based on the registration reference information to obtain a verification result;
when at least the verification result indicates that the signature information and the information of the sensor to be activated pass verification, allowing the terminal to access an Internet of things platform;
wherein, when verifying the signature information based on the registration reference information, the program executes the steps of:
acquiring a preset public key and reference sensor description information from the registration reference information, wherein the reference sensor description information records a sensor ID and the maximum instance number of each sensor installed on the terminal;
decrypting the signature information by adopting the public key to obtain a first part of sensor description information, obtaining a second part of sensor description information prestored corresponding to the serial number, and combining the first part of sensor description information and the second part of sensor description information to obtain complete sensor description information;
and matching the complete sensor description information with the reference sensor description information, determining that the complete sensor description information and the reference sensor description information are consistent, and judging that the signature information passes verification.
9. A communications apparatus comprising one or more processors; and
one or more computer-readable media having instructions stored thereon that, when executed by the one or more processors, cause the apparatus to perform the method of any of claims 1-6.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810003161.4A CN109995843B (en) | 2018-01-02 | 2018-01-02 | Terminal verification method and device based on narrowband Internet of things |
| PCT/CN2018/123833 WO2019134565A1 (en) | 2018-01-02 | 2018-12-26 | Terminal verification method and apparatus based on narrowband internet of things |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810003161.4A CN109995843B (en) | 2018-01-02 | 2018-01-02 | Terminal verification method and device based on narrowband Internet of things |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109995843A CN109995843A (en) | 2019-07-09 |
| CN109995843B true CN109995843B (en) | 2021-01-15 |
Family
ID=67128774
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810003161.4A Active CN109995843B (en) | 2018-01-02 | 2018-01-02 | Terminal verification method and device based on narrowband Internet of things |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN109995843B (en) |
| WO (1) | WO2019134565A1 (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113206815B (en) | 2020-01-31 | 2024-02-20 | 伊姆西Ip控股有限责任公司 | Method for encryption and decryption, programmable switch and computer readable storage medium |
| CN111901289B (en) * | 2020-06-03 | 2022-02-25 | 瑞数信息技术(上海)有限公司 | Identity authentication method, device, equipment and storage medium |
| CN112600676B (en) * | 2020-12-09 | 2023-04-07 | 北京航天紫光科技有限公司 | Edge gateway access method and device for industrial Internet |
| CN113613190A (en) * | 2021-06-22 | 2021-11-05 | 国网思极网安科技(北京)有限公司 | Terminal security access unit, system and method |
| CN114697047B (en) * | 2022-06-01 | 2022-10-04 | 树根互联股份有限公司 | Sub-device registration method in Internet of things, cloud server and gateway device |
| CN117596083B (en) * | 2024-01-18 | 2024-04-12 | 杭州海康威视数字技术股份有限公司 | Intelligent Internet of things data aggregation method and device based on data desensitization |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101778102B (en) * | 2009-12-31 | 2013-05-08 | 卓望数码技术(深圳)有限公司 | Safety authentication method of sensor, sensor and authentication system thereof |
| CN102916810B (en) * | 2011-08-05 | 2015-03-11 | 中国移动通信集团公司 | Method, system and apparatus for authenticating sensor |
| US20150319170A1 (en) * | 2012-12-21 | 2015-11-05 | Didier Grossemy | Computer implemented frameworks and methodologies for enabling identification verification in an online environment |
| CN103220271A (en) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | Downloading method, management method, downloading management method, downloading management device and downloading management system for secret key |
| CN105635062B (en) * | 2014-10-31 | 2019-11-29 | 腾讯科技(上海)有限公司 | The verification method and device of network access equipment |
| CN104505938B (en) * | 2014-12-12 | 2017-07-14 | 国家电网公司 | A kind of electric network terminal communication system |
| CN105471858B (en) * | 2015-11-20 | 2018-08-24 | 西安电子科技大学 | A kind of cloud platform Verification System and method based on Internet of Things awareness apparatus |
| CN106683252A (en) * | 2017-03-09 | 2017-05-17 | 徐东哲 | Community intelligent passing control system and method based on narrow band Internet of Things |
-
2018
- 2018-01-02 CN CN201810003161.4A patent/CN109995843B/en active Active
- 2018-12-26 WO PCT/CN2018/123833 patent/WO2019134565A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| WO2019134565A1 (en) | 2019-07-11 |
| CN109995843A (en) | 2019-07-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109995843B (en) | Terminal verification method and device based on narrowband Internet of things | |
| CN107196901B (en) | Identity registration and authentication method and device | |
| CN108377272B (en) | Method and system for managing terminal of Internet of things | |
| CN111355684B (en) | Internet of things data transmission method, device and system, electronic equipment and medium | |
| US10372440B1 (en) | Tokenized mobile device update systems and methods | |
| US8607318B2 (en) | Slave device for a bluetooth system and related authentication method | |
| CN109255873A (en) | Bluetooth method for unlocking, apparatus and system | |
| CN105933374B (en) | A kind of mobile terminal data backup method, system and mobile terminal | |
| US20230325178A1 (en) | Tokenized mobile device update systems and methods | |
| CN106469078A (en) | A kind of upgrade method of intelligent appliance and device | |
| CN113920616B (en) | Method for safely connecting vehicle with Bluetooth key, bluetooth module and Bluetooth key | |
| CN108574658B (en) | Application login method and device | |
| CN110717770B (en) | Anti-counterfeiting detection method, device, equipment and storage medium for vehicle parts | |
| CN115935321B (en) | Method, device and storage medium for accessing algorithm library | |
| CN106685931B (en) | Smart card application management method and system, terminal and smart card | |
| KR102468823B1 (en) | Applet package sending method and device, electronic apparatus, and computer readable medium | |
| CN106533685B (en) | Identity authentication method, device and system | |
| CN109583183B (en) | Client management method and device | |
| CN111953637A (en) | Application service method and device | |
| KR20200101053A (en) | Electronic device and certification method in electronic device | |
| CN115829186B (en) | ERP management method based on artificial intelligence and data processing AI system | |
| CN115694843B (en) | Camera access management method, system, device and medium for avoiding counterfeiting | |
| CN115001716B (en) | Network data processing method and system of education all-in-one machine and education all-in-one machine | |
| US11972002B2 (en) | Method of logging in to operating system, electronic device and readable storage medium | |
| CN113783839B (en) | Block chain data updating method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |