CN110061988B - Authentication method of embedded equipment, service server and storage medium - Google Patents

Authentication method of embedded equipment, service server and storage medium Download PDF

Info

Publication number
CN110061988B
CN110061988B CN201910319084.8A CN201910319084A CN110061988B CN 110061988 B CN110061988 B CN 110061988B CN 201910319084 A CN201910319084 A CN 201910319084A CN 110061988 B CN110061988 B CN 110061988B
Authority
CN
China
Prior art keywords
signature
serial number
product serial
authentication
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910319084.8A
Other languages
Chinese (zh)
Other versions
CN110061988A (en
Inventor
韩少阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Onething Technology Co Ltd
Original Assignee
Shenzhen Onething Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Onething Technology Co Ltd filed Critical Shenzhen Onething Technology Co Ltd
Priority to CN201910319084.8A priority Critical patent/CN110061988B/en
Publication of CN110061988A publication Critical patent/CN110061988A/en
Application granted granted Critical
Publication of CN110061988B publication Critical patent/CN110061988B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses an authentication method of embedded equipment, which comprises the following steps: sending a random character string and a service identifier to the embedded equipment so that the embedded equipment can calculate the random character string and the service identifier according to a preset algorithm to obtain a first signature and a product serial number; acquiring a first signature and a product serial number sent by the embedded equipment, and sending the product serial number, a service identifier and a random character string to an authentication server so that the authentication server operates the random character string, the service identifier and the product serial number according to a preset algorithm to acquire a second signature; the service server acquires a second signature sent by the authentication server; and the service server authenticates the embedded equipment according to the first signature and the second signature. The invention can authenticate only according to the registration code and the product serial number burnt in the embedded equipment, the random character string and the service identification issued by the service server and the general algorithm, does not need to pass through the encryption technology provided by a third party, and can reduce the cost.

Description

Authentication method of embedded equipment, service server and storage medium
Technical Field
The present invention relates to the technical field of device authentication, and in particular, to an authentication method for an embedded device, a service server, and a storage medium.
Background
The embedded device mainly comprises an embedded processor, related supporting hardware and an embedded software system, and is an independent working 'device' integrating software and hardware. The embedded processor mainly comprises a single chip microcomputer or a Microcontroller (MCU). The relevant support hardware includes a display card, a storage medium (ROM, RAM, etc.), a communication device, an IC card or credit card reading device, and the like. An embedded system is different from a general computer processing system, and does not have a storage medium with a large capacity like a hard disk, and a Flash Memory (Flash Memory) is mostly used as the storage medium. The embedded software comprises hardware-related underlying software, an operating system, a graphical interface, a communication protocol, a database system, a standardized browser, application software and the like.
Identity authentication is also called authentication and verification, and means that the identity of a user is confirmed and the corresponding right is granted by a certain means. The authentication technology of the equipment to be authenticated refers to the technology of identity authentication of a product sold by a manufacturer of the equipment to be authenticated, and aims to identify whether the equipment to be authenticated, which is accessed to an ecological network of the manufacturer, belongs to the product manufactured by the manufacturer. Currently, there are roughly two authentication techniques for devices to be authenticated: the first is to authenticate the device by the MAC address and the production serial number segment of the device to be authenticated, and the security of the method is poor and easy to crack. Secondly, the equipment is authenticated through an encryption chip technology of a third party company, namely, the identity authentication is carried out on the equipment to be authenticated by utilizing a public and private key encryption pair provided by the third party company.
Disclosure of Invention
The embodiment of the invention mainly provides an authentication method of embedded equipment, a service server, the embedded equipment and a storage medium, which can reduce the authentication cost of the embedded equipment.
In one aspect, the present invention provides an authentication method for an embedded device, which is applied to a service server communicating with the embedded device, and the authentication method includes:
the service server sends a random character string and a service identifier to the embedded equipment so that the embedded equipment can calculate the random character string and the service identifier according to a preset algorithm to obtain a first signature and a product serial number;
the service server acquires the first signature and the product serial number sent by the embedded equipment, and sends the product serial number, the service identifier and the random character string to the authentication server, so that the authentication server operates the random character string, the service identifier and the product serial number according to the preset algorithm to acquire a second signature;
the service server acquires the second signature sent by the authentication server;
and the service server authenticates the embedded equipment by the first signature and the second signature.
In another aspect, the present invention further provides a service server, where the service server includes a first processor and a first memory, where the first memory is used to store a computer program, and the first processor executes the computer program to implement the authentication method for the embedded device as described above.
On the other hand, an authentication method of an embedded device is applied to the embedded device, and the authentication method comprises the following steps:
the embedded equipment acquires the random character string and the service identification sent by the service server;
the embedded device calculates the random character string and the service identification according to a preset algorithm to obtain a first signature and a product serial number, and sends the first signature and the product serial number to the service server, so that the service server sends the product serial number to the authentication server along with the random character string and the service identification, the service server obtains a second signature sent by the authentication server, and authenticates the embedded device according to the first signature and the second signature, and the second signature is generated by the authentication server according to the machine character string and the service identification according to the preset algorithm.
In another aspect, the present invention further provides an embedded device, which includes a second processor and a second memory, where the second memory is used to store a computer program, and the second processor executes the computer program to implement the authentication method as described above.
On the other hand, the invention also provides an authentication method of the embedded equipment. The authentication method is applied to an authentication system for authenticating the embedded equipment, the authentication system comprises a service server and an authentication server, and the authentication method comprises the following steps:
the service server sends a random character string and a service identifier to the embedded equipment so that the embedded equipment can calculate the random character string and the service identifier according to a preset algorithm to obtain a first signature and a product serial number;
the business server acquires the first signature and the product serial number sent by the embedded equipment;
the service server sends the product serial number, the service identification and the random character string to the authentication server;
the authentication server calculates the random character string, the service identifier and the product serial number according to the preset algorithm to obtain a second signature;
the authentication server sends the second signature to the traffic server,
the service server acquires the second signature sent by the authentication server;
and the service server authenticates the embedded equipment according to the first signature and the second signature.
In another aspect, the present invention further provides a storage medium having a computer program stored thereon, where the computer program is executed to implement the authentication method of the embedded device as described above.
The embodiment of the invention has the beneficial effects that: the authentication method and the service server can realize the embedded equipment without using an encryption chip technology provided by a third party company, thereby reducing the cost.
Drawings
FIG. 1 is a schematic diagram of an operating environment of an embedded authentication method according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating an embedded authentication method according to a first embodiment of the present invention;
FIG. 3 is a flowchart illustrating an embedded authentication method according to a second embodiment of the present invention;
FIG. 4 is a flowchart illustrating an embedded authentication method according to a third embodiment of the present invention;
fig. 5 is a schematic internal structure diagram of a service server provided in an embodiment of the present invention;
fig. 6 is a schematic diagram of an internal structure of an embedded device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present application and in the drawings described above, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that the description relating to "first", "second", etc. in the present invention is for descriptive purposes only and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between the embodiments may be combined with each other, but must be based on the realization of the technical solutions by a person skilled in the art, and when the technical solutions are contradictory to each other or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present invention.
Please refer to fig. 1, which is a schematic diagram illustrating an operating environment of an authentication method of an embedded device. The authentication method operates in the authentication system 100. The authentication system 100 comprises a service server 10, an authentication server 20 and at least one embedded device 30. Each embedded device 30 stores a MAC address, a registration code rkey, and a product serial number SN. The MAC address, the registration code rkey, and the product serial number SN are located in different storage spaces of the embedded device 30, wherein the MAC address, the registration code rkey, and the product serial number SN are burned into the embedded device 30 in a production process of the embedded device 30. In addition, the authentication server 20 stores the MAC address, the registration code rkey, and the product serial number SN of each embedded device 30. The following describes an authentication process of the embedded device 30 as an example.
Please refer to fig. 2, which is a flowchart illustrating an embedded device operating in a service server 10 according to a first embodiment of the embedded authentication method of the present invention. The authentication method includes the following steps.
In step S201, the service server 10 sends the random string random _ string and the service identifier bussiness _ id to the embedded device 30, so that the embedded device 30 calculates the random string random _ string and the service identifier bussiness _ id according to a preset algorithm to obtain the first signature S1 and the product serial number SN. Specifically, the preset algorithm is a general algorithm. The preset algorithm is as follows: (SX, SN) ═ md5{ sha512(random _ string + bussiness _ id + rkey) }. Wherein md5 is the fifth version of the message digest algorithm, sha512 is the secure hash algorithm, rkey is the registration code, and the registration code rkey and the product serial number SN are stored in the embedded device 30. SX is denoted herein as S1. Specifically, the embedded device 30 obtains the registration code rkey and the product serial number SN according to the embedded device 30, and invokes a general library 40 algorithm in the embedded device 10, so as to calculate S1 according to a preset algorithm for the random string, the service identifier business _ id, the registration code rkey and the product serial number SN.
Step S203, the service server 10 obtains the first signature S1 and the product serial number SN sent by the embedded device 30, and sends the product serial number SN, the service identifier bussiness _ id, and the random character string random _ string to the authentication server 20, so that the authentication server 20 obtains the second signature S2 by calculating the random character string random _ string and the service identifier bussiness _ id according to a preset algorithm. The authentication server 20 first obtains the registration code rkey according to the product serial number SN, and then obtains the second signature S2 according to the preset algorithm operation.
In step S205, the service server 10 obtains the second signature sent by the authentication server 20.
In step S207, the service server 10 authenticates the embedded device 10 according to the first signature S1 and the second signature S2. Specifically, the service server 10 compares the first signature S1 with the second signature S2, and if the first signature S1 and the second signature S2 are the same, the authentication is passed; when the first signature S1 and the second signature S2 are not the same, the authentication is not the same.
The above embodiment can perform authentication only according to the registration code rkey and the product serial number SN burned in the embedded device 10, the random string issued by the service server, the service identifier business _ id, and the general algorithm, and does not need to use an encryption technology provided by a third party, thereby reducing the cost.
Referring to fig. 3, fig. 3 is a flowchart illustrating an embedded device authentication method according to a second embodiment of the present invention operating in an embedded device 30, wherein the authentication method includes the following steps.
Step S301, the embedded device 30 obtains the random _ string and the service identifier busineid sent by the service server 10.
Step S303, the embedded device 30 calculates the random string random _ string and the service identifier bussiness _ id according to a preset algorithm to obtain a first signature S1 and a product serial number SN, and sends the first signature and the product serial number SN to the service server 10, so that the service server 10 sends the product serial number SN to the authentication server 20 together with the random string random _ string and the service identifier bussiness _ id, the service server 10 obtains a second signature S2 sent by the authentication server 30, and authenticates the embedded device 30 according to the first signature S1 and the second signature S2, and the second signature S2 is generated by the authentication server 30 through calculation according to the preset algorithm. Specifically, the preset algorithm is as follows: (SX, SN) ═ md5{ sha512(random _ string + bussiness _ id + rkey) }. Wherein md5 is the fifth version of the message digest algorithm, sha512 is the secure hash algorithm, rkey is the registration code, and the registration code rkey and the product serial number SN are stored in the embedded device 30. SX is denoted herein as first signature S1 or second signature S2.
Please refer to fig. 4, which is a flowchart illustrating an authentication method operating in the authentication system according to a third embodiment of the present invention.
Step S401, the service server 10 sends the random string _ string and the service identifier busineid to the embedded device 30
In step S403, the embedded device 10 calculates the random string _ string and the service identifier business _ id according to a preset algorithm to obtain a first signature S1 and a product serial number SN. Specifically, the preset algorithm is (SX, SN) ═ md5{ sha512(random _ string + bussiness _ id + rkey) }. Wherein md5 is the fifth version of the message digest algorithm, sha512 is the secure hash algorithm, rkey is the registration code, and the registration code rkey and the product serial number SN are stored in the embedded device 30. SX is denoted herein as S1.
In step S405, the embedded device 10 sends the first signature S1 and the product serial number SN to the service server 10.
In step S407, the service server 10 obtains the first signature S1 and the product serial number SN sent by the embedded device 30, and sends the product serial number SN, the random string random _ string, and the service identifier bussinesid to the authentication server 20.
In step S409, the authentication server 20 calculates the product serial number SN, the random string and the service identifier business _ id according to the preset algorithm to obtain a second signature S2. Specifically, the authentication server 20 reads the registration code rkey from the authentication server 20 according to the product serial number SN, and then generates the registration code rkey according to the random string and the service identifier business _ id through the operation of the preset algorithm. Here, SX in the preset algorithm is a second signature S2. Preferably, the authentication server 20 further performs authentication according to the external network IP white list + service id (discovery _ id), determines whether the service server 10 is a trusted server, and responds to the data sent by the service server.
The authentication server 20 sends the second signature S2 to the service server 10, step S411.
In step S413, the service server 10 obtains the second signature sent by the authentication server 20S 2 to authenticate the embedded device 30 with the first signature and the second signature.
Please refer to fig. 5 in combination, wherein fig. 5 is a schematic diagram of an internal structure of a business service 10 according to a first embodiment of the present invention. The business service 10 comprises a first memory 11, a second processor 12, a first bus 13.
The first memory 11 includes at least one type of readable storage medium, which includes a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The first memory 11 may in some embodiments be an internal storage unit of the terminal 1, for example a hard disk of the service server 10. The first memory 11 may also be an external storage device of the service server 10 in other embodiments, such as a plug-in hard disk equipped on the service server 10, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the first memory 11 may also include both an internal storage unit of the service server 10 and an external storage device. The first memory 11 may be used not only to store application software installed in the service server 10 and various types of data, such as codes of the computer program 110, but also to temporarily store data that has been output or is to be output.
The first processor 12 may be, in some embodiments, a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data Processing chip for running program codes stored in the first memory 11 or Processing data, such as the computer program 110.
The first bus 13 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 5, but this is not intended to represent only one bus or type of bus.
While fig. 5 shows only the service server 10 with components 11-13 and computer programs, it will be understood by those skilled in the art that the structure shown in fig. 5 is not limiting to the service server 10 and may include fewer or more components than shown, or some components in combination, or a different arrangement of components.
The first memory 11 is used for storing computer programs. The first processor 12 is used in a computer program to implement the above-described authentication method.
Referring to fig. 6, fig. 6 is a schematic diagram of an internal structure of an embedded device 30 according to a first embodiment of the present invention. The embedded device 30 includes a second memory 31, a second processor 32, and a second bus 33.
The second memory 31 includes at least one type of readable storage medium, which includes a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The second memory 31 may be an internal storage unit of the second memory 31 in some embodiments. The second memory 31 is used for storing codes of the computer program 310 and the like, and may also be used for temporarily storing data that has been output or is to be output.
The second processor 32 may be, in some embodiments, a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data Processing chip for executing program codes stored in the second memory 31 or Processing data, such as executing the computer program 310.
The second bus 33 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 6, but this is not intended to represent only one bus or type of bus.
Fig. 6 shows only an embedded device with components 31-33 and a computer program 310, and it will be understood by those skilled in the art that the structure shown in fig. 6 does not constitute a limitation of the terminal, and may comprise fewer or more components than shown, or a combination of certain components, or a different arrangement of components.
The second memory 31 is used for storing executable programs. The second processor 32 is configured to execute the computer program 310 to implement the charging method.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product.
The computer program product includes one or more computer instructions. The procedures or functions described in accordance with the embodiments of the invention are generated in whole or in part when the computer program instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that a computer can store or a data storage device, such as a server, a data center, etc., that is integrated with one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the unit is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It should be noted that the above-mentioned numbers of the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments. And the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that includes the element.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes performed by the present specification and drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (11)

1. An authentication method of embedded equipment is applied to a service server communicated with the embedded equipment, and is characterized in that the embedded equipment stores a registration code and a product serial number; the authentication server stores the registration code and the product serial number of each embedded device; the authentication method comprises the following steps:
the service server sends a random character string and a service identifier to the embedded equipment so that the embedded equipment can calculate the random character string, the service identifier, the registration code and the product serial number according to a preset algorithm to obtain a first signature;
the service server acquires the first signature and the product serial number sent by the embedded equipment, and sends the product serial number, the service identifier and the random character string to the authentication server, so that the authentication server calculates the random character string, the service identifier, the product serial number and the registration code corresponding to the product serial number according to the preset algorithm to acquire a second signature;
the service server acquires the second signature sent by the authentication server;
and the service server authenticates the embedded equipment according to the first signature and the second signature.
2. The authentication method according to claim 1, wherein the authentication of the embedded device by the service server according to the first signature and the second signature specifically comprises:
the business server compares the first signature with the second signature;
and if the first signature is the same as the second signature, the service server passes the authentication of the embedded equipment.
3. The authentication method as claimed in claim 2, wherein said method further comprises:
and if the first signature is different from the second signature, the service server does not pass the authentication of the embedded equipment.
4. The authentication method according to claim 1, wherein the predetermined algorithm is:
(SX,SN)=md5{sha512(random_string+business_id+rkey)}
wherein, md5 is a fifth version of message digest algorithm, sha512 is a secure hash algorithm, random _ string is the random string, business _ id is the service identifier, SN is the product serial number, SX is the first signature or the second signature, rkey is a registration code, and the registration code and the product serial number are stored in the embedded device and the authentication server.
5. A service server for communicating with an embedded device and an authentication server, the service server comprising a first processor and a first memory for storing a computer program, the first processor executing the computer program to implement the authentication method of any one of claims 1 to 4.
6. An authentication method of embedded equipment is applied to the embedded equipment and is characterized in that a registration code and a product serial number are stored in the embedded equipment; the authentication server stores the registration code and the product serial number of each embedded device; the authentication method comprises the following steps:
the embedded equipment acquires a random character string and a service identifier sent by a service server;
the embedded device calculates the random character string, the service identifier, the registration code and the product serial number according to a preset algorithm to obtain a first signature, and sends the first signature to the service server, so that the service server sends the product serial number to the authentication server along with the random character string and the service identifier, the service server obtains a second signature sent by the authentication server, and authenticates the embedded device according to the first signature and the second signature, and the second signature is generated by the authentication server according to the random character string, the service identifier, the product serial number and the registration code corresponding to the product serial number according to the preset algorithm.
7. The authentication method according to claim 6, wherein the predetermined algorithm is:
(SX,SN)=md5{sha512(random_string+business_id+rkey)}
wherein, md5 is a fifth version of message digest algorithm, sha512 is a secure hash algorithm, random _ string is the random string, business _ id is the service identifier, SN is the product serial number, SX is the first signature or the second signature, rkey is a registration code, and the registration code and the product serial number are stored in the embedded device and the authentication server.
8. An embedded device, characterized in that the embedded device comprises a second processor and a second memory, the second memory being configured to store a computer program, the second processor executing the computer program to implement the authentication method according to any one of claims 6 to 7.
9. The authentication method of the embedded equipment is characterized in that the authentication method is applied to an authentication system for authenticating the embedded equipment, the authentication system comprises a service server, an authentication server and the embedded equipment, and the embedded equipment stores a registration code and a product serial number; the authentication server stores the registration code and the product serial number of each embedded device; the authentication method comprises the following steps:
the service server sends a random character string and a service identifier to the embedded equipment;
the embedded equipment calculates the random character string, the service identification, the registration code and the product serial number according to a preset algorithm to obtain a first signature;
the business server acquires the first signature and the product serial number sent by the embedded equipment;
the service server sends the product serial number, the service identification and the random character string to the authentication server;
the authentication server calculates the random character string, the service identifier, the product serial number and the registration code corresponding to the product serial number according to the preset algorithm to obtain a second signature;
the authentication server sends the second signature to the service server;
the service server acquires the second signature sent by the authentication server; and
and the service server authenticates the embedded equipment by the first signature and the second signature.
10. The authentication method according to claim 9, wherein the predetermined algorithm is:
(SX,SN)=md5{sha512(random_string+business_id+rkey)}
wherein, md5 is a fifth version of message digest algorithm, sha512 is a secure hash algorithm, random _ string is the random string, business _ id is the service identifier, SN is the product serial number, SX is the first signature or the second signature, rkey is a registration code, and the registration code and the product serial number are stored in the embedded device and the authentication server.
11. A storage medium having stored thereon a computer program which, when executed by a processor, implements the authentication method of any one of claims 1 to 4, 6 to 7.
CN201910319084.8A 2019-04-19 2019-04-19 Authentication method of embedded equipment, service server and storage medium Active CN110061988B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910319084.8A CN110061988B (en) 2019-04-19 2019-04-19 Authentication method of embedded equipment, service server and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910319084.8A CN110061988B (en) 2019-04-19 2019-04-19 Authentication method of embedded equipment, service server and storage medium

Publications (2)

Publication Number Publication Date
CN110061988A CN110061988A (en) 2019-07-26
CN110061988B true CN110061988B (en) 2022-06-10

Family

ID=67319768

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910319084.8A Active CN110061988B (en) 2019-04-19 2019-04-19 Authentication method of embedded equipment, service server and storage medium

Country Status (1)

Country Link
CN (1) CN110061988B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230010786A1 (en) * 2019-12-03 2023-01-12 Sony Group Corporation Method, computer program and data sharing system for sharing user-specific data of a user
CN113468855A (en) * 2021-06-30 2021-10-01 北京达佳互联信息技术有限公司 Data processing method, device, server and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107945049A (en) * 2017-11-27 2018-04-20 重庆川仪自动化股份有限公司 A kind of wisdom water utilities emergency response method and system based on technology of Internet of things
CN108769067A (en) * 2018-06-28 2018-11-06 武汉斗鱼网络科技有限公司 A kind of authentication method of calibration, device, equipment and medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG11201405282RA (en) * 2012-04-01 2014-09-26 Authentify Inc Secure authentication in a multi-party system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107945049A (en) * 2017-11-27 2018-04-20 重庆川仪自动化股份有限公司 A kind of wisdom water utilities emergency response method and system based on technology of Internet of things
CN108769067A (en) * 2018-06-28 2018-11-06 武汉斗鱼网络科技有限公司 A kind of authentication method of calibration, device, equipment and medium

Also Published As

Publication number Publication date
CN110061988A (en) 2019-07-26

Similar Documents

Publication Publication Date Title
JP5516821B2 (en) System and method for remote maintenance of multiple clients in an electronic network using virtualization and authentication
CN103763331B (en) Method and system for a platform-based trust verifying service for multi-party verification
CN111556059A (en) Abnormity detection method, abnormity detection device and terminal equipment
US11509655B2 (en) Authentication system and authentication method
WO2020181809A1 (en) Data processing method and system based on interface checking, and computer device
US20140157368A1 (en) Software authentication
CN104978531A (en) Method of Programming a Smart Card, Computer Program Product and Programmable Smart Card
US10621335B2 (en) Method and device for verifying security of application
CN110334531B (en) Virtual machine key management method, master node, system, storage medium and device
CN110061988B (en) Authentication method of embedded equipment, service server and storage medium
CN111131221A (en) Interface checking device, method and storage medium
JPWO2021117406A1 (en) Usage right information processing device based on smart contract, usage right information processing system, and usage right information processing method
CN115102792A (en) Multi-system synchronous login method and system
WO2016150034A1 (en) Virtual sim card management method, device and system
CN111901304A (en) Registration method and device of mobile security equipment, storage medium and electronic device
CN112468497B (en) Block chain terminal equipment authorization authentication method, device, equipment and storage medium
CN111224826B (en) Configuration updating method, device, system and medium based on distributed system
CN109871715B (en) Access method and device of distributed storage file and storage medium
CN111800390A (en) Abnormal access detection method, device, gateway equipment and storage medium
CN115482132A (en) Data processing method and device for electronic contract based on block chain and server
CN107846390B (en) Authentication method and device for application program
CN111447080B (en) Private network decentralization control method, device and computer readable storage medium
JP6776689B2 (en) Information processing equipment, security systems and programs
WO2020119477A1 (en) Identity authentication method employing blockchain, and terminal apparatus
CN112491893B (en) Block chain terminal equipment network access method, device, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant