CN110460567B

CN110460567B - Identity authentication method and device

Info

Publication number: CN110460567B
Application number: CN201910579196.7A
Authority: CN
Inventors: 刘莉莉; 李锦波; 李锋; 郭兴民; 姜文浩
Original assignee: Huawei Technologies Co Ltd
Current assignee: Honor Device Co Ltd
Priority date: 2019-06-28
Filing date: 2019-06-28
Publication date: 2020-11-06
Anticipated expiration: 2039-06-28
Also published as: CN110460567A

Abstract

An identity authentication method and device are applied to a communication system comprising a device family and an authentication server, wherein the device family comprises at least two devices, and a first device in the at least two devices is connected with at least one of other devices; the method solves the problems of low authentication efficiency and low data security. After obtaining the general token and the secret key of the device family, the first device generates a device token of the first device according to the secret key and the identifier of the first device, and then generates an authentication token comprising the general token and the device token, so that the first device can communicate with an authentication server by using the authentication token to obtain an authentication result. The universal token is generated by the authentication server according to the identifier of the equipment family and a first preset encryption algorithm, and the secret key is determined by the authentication server according to the identifier of the equipment family.

Description

Identity authentication method and device

Technical Field

The embodiment of the application relates to the technical field of communication, in particular to an identity authentication method and device.

Background

In order to ensure the security of the system and data, when a terminal accesses a certain service, a server providing the service performs identity authentication (also called "authentication" or "verification") on the terminal.

In the prior art, an authentication center is adopted to provide unified authentication for a plurality of terminals. Specifically, the authentication center receives authentication requests sent by each terminal, routes the received authentication requests to the corresponding authentication units, and the authentication is completed by the corresponding authentication units. However, each authentication of the scheme needs to pass through the authentication center, so that the complexity of the authentication communication process is increased, and the authentication efficiency is low; in addition, if the authentication center is attacked, all the authentication units are also seriously affected, and the security of data cannot be effectively guaranteed.

Disclosure of Invention

The application provides an identity authentication method and device, which can solve the problems of low authentication efficiency and low data security in the prior art.

In order to achieve the purpose, the technical scheme is as follows:

in a first aspect, an identity authentication method applied to a communication system including a device family and an authentication server is provided, wherein the device family includes at least two devices, and a first device of the at least two devices is connected with at least one of the other devices. Specifically, after obtaining a general token (for convenience of description, the following description is performed by using a general token) and a secret key of a device family, the first device generates a device token of the first device according to the secret key and an identifier of the first device, and then the first device generates an authentication token including the general token and the device token of the first device, where the authentication token uniquely corresponds to the first device, so that the first device can communicate with an authentication server by using the authentication token to obtain an authentication result. The universal token is generated by the authentication server according to the identifier of the equipment family and a first preset encryption algorithm, and the secret key is determined by the authentication server according to the identifier of the equipment family.

It can be seen that the first device in the device family can generate the authentication token of the first device by itself after acquiring the general token and the secret key, and directly communicate with the authentication server without passing through other devices, thereby effectively improving the authentication efficiency.

In addition, the authentication token comprises a general token and a device token uniquely corresponding to the device, the general token and the device token are generated by different devices, and the authentication can be successfully performed only under the condition that the general token and the device token are both correct, so that the safety of data and a system is effectively improved.

Optionally, in a possible implementation manner of the present application, the first device of the present application is a master device in a device family, each device in the other devices is a slave device, and the master device is connected to each slave device. In this scenario, the first device also sends a generic token and a secret key to each slave device, so that each slave device generates its own authentication token from the generic token and the secret key.

The master device communicates with the authentication server to obtain the universal token and the key, and sends the obtained universal token and key to each slave device, so that each device in the device family can obtain the universal token and the key. In the process of obtaining the general token and the secret key, only the master device communicates with the authentication server, so that the access pressure of the authentication server is effectively reduced.

Optionally, in another possible implementation manner of the present application, in a scenario where the first device is a master device in a device family, the method for the first device to obtain a universal token and a key of the device family includes: the first equipment acquires the identifier of the equipment family and the identifier of each equipment in the equipment family, and sends an authentication request comprising the identifier of the equipment family and the identifier of each equipment in the equipment family to an authentication server; correspondingly, the first device receives the general token and the secret key sent by the authentication server.

Optionally, in another possible implementation manner of the present application, in a scenario that the first device is a master device in a device family, the first device further sends, to the authentication server, a first message including an identifier of the second device, where the first message is used to indicate that the second device is a device newly added to the device family, or to notify that the second device has exited from the device family; correspondingly, the first equipment receives a second message sent by the authentication server; if the second device is a device newly added to the device family, the second message is used for indicating that the token is issued for the second device; the second message is for indicating removal of the token of the second device if the second device is a device that has exited the device family. And if the second message is used for indicating that the token is issued for the second equipment, the first equipment sends the general token and the secret key to the second equipment so that the second equipment can generate the authentication token of the second equipment according to the general token and the secret key.

Therefore, when a device is newly added or withdrawn from the device family, the master device can acquire the identifier of the device, that is, the identifier of the second device. If the second device is a newly added device, in order to improve the authentication efficiency of the second device, the first device timely notifies the authentication server that the second device is newly added to the device family, so that the authentication server agrees to issue a token for the second device. If the second device is a logged-out device, in order to ensure the security of data and the system, the first device timely notifies the authentication server that the second device has logged out of the device family, so that the authentication server timely updates the related information of the second device, and prevents the illegal access of the second device.

Optionally, in another possible implementation manner of the present application, in a scenario where the device family includes a master device and at least one slave device, and the first device is any one of the at least one slave device, the method for the first device to obtain the universal token and the key includes: the first device receives the generic token and the key sent by the master device.

In a second aspect, an electronic device is provided. The method is applied to a communication system comprising a device family and an authentication server, wherein the device family comprises at least two devices, a first device in the at least two devices is connected with at least one of the other devices, and the electronic device is the first device. The electronic equipment provided by the application comprises an acquisition unit, a generation unit and a communication unit.

Specifically, the obtaining unit is configured to obtain a general token and a secret key of the device family, where the general token is generated by the authentication server according to the identifier of the device family and the first preset encryption algorithm, and the secret key is determined by the authentication server according to the identifier of the device family. The generating unit is configured to generate a device token of the first device and generate an authentication token of the first device according to the secret key and the identifier of the first device acquired by the acquiring unit, where the authentication token of the first device includes a general token and the device token of the first device. The communication unit is configured to communicate with the authentication server by using the authentication token of the first device generated by the generation unit to obtain an authentication result.

Optionally, in a possible implementation manner of the present application, the first device is a master device in a device family, each device in the other devices is a slave device, and the master device is connected to each slave device. Accordingly, the communication unit is configured to send the universal token and the key to each slave device, so that the slave device generates an authentication token of the slave device according to the universal token and the key.

Optionally, in another possible implementation manner of the present application, the obtaining unit is specifically configured to obtain an identifier of a device family and an identifier of each device in the device family. The communication unit is further configured to send an authentication request to the authentication server, where the authentication request includes an identifier of the device family and an identifier of each device in the device family, and is configured to receive the general token and the secret key sent by the authentication server.

Optionally, in another possible implementation manner of the present application, the communication unit is further configured to: sending a first message to an authentication server, wherein the first message comprises an identifier of the second device, and the first message is used for indicating that the second device is a device newly added to the device family or informing that the second device exits the device family; receiving a second message sent by the authentication server; if the second device is a device newly added to the device family, the second message is used for indicating that the token is issued for the second device; if the second device is a device that has exited the device family, the second message is used to indicate removal of the token of the second device; and if the second message is used for indicating that the token is issued for the second equipment, sending the general token and the secret key to the second equipment so that the second equipment can generate an authentication token of the second equipment according to the general token and the secret key.

Optionally, in another possible implementation manner of the present application, the device family includes a master device and at least one slave device, and the first device is any one of the at least one slave device. Correspondingly, the communication unit is further configured to receive the general token and the key sent by the master device.

In a third aspect, an electronic device is provided, which includes: one or more processors and memory. The memory is coupled to the one or more processors. The memory is configured to store computer instructions that, when executed by the one or more processors, cause the electronic device to perform the identity authentication method as described in any one of the above first aspect and any one of its possible implementations.

In a fourth aspect, there is provided a computer program product, which includes instructions that, when executed by a processor of the electronic device according to the third aspect, cause the electronic device to perform the identity authentication method according to any one of the first aspect and any one of its possible implementations.

In a fifth aspect, a computer-readable storage medium is provided, where the computer-readable storage medium includes computer instructions, and when a processor of the electronic device according to the third aspect executes the computer instructions, the electronic device is caused to perform the identity authentication method according to any one of the first aspect and any one of the possible implementation manners of the first aspect.

For a detailed description of the second to fifth aspects and their various implementations in this application, reference may be made to the detailed description of the first aspect and its various implementations; moreover, the beneficial effects of the second aspect to the fifth aspect and the various implementation manners thereof may refer to the beneficial effect analysis of the first aspect and the various implementation manners thereof, and are not described herein again.

In the present application, the names of the above-mentioned electronic devices do not limit the devices or functional modules themselves, and in actual implementation, the devices or functional modules may appear by other names. Insofar as the functions of the respective devices or functional modules are similar to those of the present application, they fall within the scope of the claims of the present application and their equivalents.

In a sixth aspect, there is provided an identity authentication method applied to a communication system comprising a family of devices and an authentication server, wherein the family of devices comprises at least two devices, a first device of the at least two devices being connected to at least one of the other devices. Specifically, the authentication server receives an authentication token of the first device sent by the first device, authenticates the authentication token of the first device, and then sends an authentication result to the first device. The authentication token of the first device comprises a general token and a device token of the first device, the general token is generated by the authentication server according to the family identifier of the device family, and the device token of the first device is generated by the first device according to the secret key determined by the authentication server and the identifier of the first device.

Optionally, in a possible implementation manner of the present application, the authentication server further receives an authentication request sent by a master device in the device family, where the authentication request includes an identifier of the device family and an identifier of each device in the device family; under the condition that the main equipment is determined to be legal, the authentication server generates a universal token according to the identifier of the equipment family and a first preset encryption algorithm, and determines a secret key according to the identifier of the equipment family; the authentication server then sends the generic token and the key to the master device.

The generic token and the key of the present application are for a family of devices, and after generating the generic token and the key, the authentication server sends the generic token and the key to the master device. So that the master device sends a generic token and key to each slave device in the device family. In this way, the authentication server does not need to communicate with each device in the device family during the process of obtaining the universal token and the secret key, thereby effectively reducing the access pressure of the authentication server.

Optionally, in another possible implementation manner of the present application, the authentication server further stores an identifier of each device in the device family and an identifier of the device family, so as to provide a basis for the subsequent authentication operation of the authentication server.

Optionally, in another possible implementation manner of the present application, the authentication server further receives a first message that includes an identifier of the second device and is sent by the master device, where the first message is used to indicate that the second device is a device newly added to the device family, or is used to notify that the second device has exited the device family; the authentication server updates the identifier of each device in the device family according to the first message and sends a second message to the main device; if the second device is a device newly added to the device family, the second message is used for indicating that the token is issued for the second device; the second message is for indicating removal of the token of the second device if the second device is a device that has exited the device family.

In a seventh aspect, a server is provided for use in a communication system including a device family and an authentication server, the device family including a master device and at least one slave device, each of the at least one slave device being connected to the master device. The server of the application is an authentication server. The server comprises a receiving unit, an authentication unit and a sending unit.

Specifically, the receiving unit is configured to receive an authentication token of the first device sent by the first device, where the authentication token of the first device includes a general token and a device token of the first device, the general token is generated by the authentication server according to the family identifier of the device family, and the device token of the first device is generated by the first device according to the secret key determined by the authentication server and the identifier of the first device. The authentication unit is configured to authenticate the authentication token of the first device received by the receiving unit. The sending unit is configured to send the authentication result determined by the authentication unit to the first device.

Optionally, in a possible implementation manner of the present application, the receiving unit is further configured to receive an authentication request sent by a master device in a device family, where the authentication request includes an identifier of the device family and an identifier of each device in the device family. The server provided by the application further comprises a determining unit and a generating unit, wherein the determining unit is used for determining that the main equipment is legal; the generating unit is used for generating a universal token of the equipment family according to the identifier of the equipment family and a first preset encryption algorithm under the condition that the determining unit determines that the main equipment is legal; and the determining unit is also used for determining the key according to the identification of the equipment family. The transmitting unit is configured to transmit the general token generated by the generating unit and the key determined by the determining unit to the master device.

Optionally, in another possible implementation manner of the present application, the server further includes a storage unit, where the storage unit is configured to store an identifier of each device in the device family and an identifier of the device family.

Optionally, in another possible implementation manner of the present application, the receiving unit is further configured to receive a first message sent by the master device, where the first message includes an identifier of the second device, and the first message is used to indicate that the second device is a device newly added to the device family, or to notify that the second device has exited from the device family. The server provided by the application further comprises an updating unit, wherein the updating unit is used for updating the identifier of each device in the device family according to the first message received by the receiving unit. The sending unit is further configured to send a second message to the master device; if the second device is a device newly added to the device family, the second message is used for indicating that the token is issued for the second device; the second message is for indicating removal of the token of the second device if the second device is a device that has exited the device family.

In an eighth aspect, there is provided a server comprising: one or more processors and memory. The memory is coupled to the one or more processors. The memory is configured to store computer instructions that, when executed by the one or more processors, cause the server to perform the identity authentication method as described in any one of the above sixth aspect and any one of its possible implementations.

A ninth aspect provides a computer program product, which includes computer instructions that, when executed by a processor of the server according to the eighth aspect, cause the server to perform the identity authentication method according to any one of the sixth aspect and any one of the possible implementations thereof.

A tenth aspect provides a computer-readable storage medium, which includes computer instructions, and when the processor of the server according to the eighth aspect executes the computer instructions, the server executes the identity authentication method according to any one of the sixth aspect and any one of the possible implementation manners.

In the present application, the name of the server mentioned above does not limit the devices or functional modules themselves, which may appear by other names in actual implementations. Insofar as the functions of the respective devices or functional modules are similar to those of the present application, they fall within the scope of the claims of the present application and their equivalents.

These and other aspects of the present application will be more readily apparent from the following description.

Drawings

Fig. 1 is a schematic structural diagram of a communication system according to an embodiment of the present application;

fig. 2 is a schematic hardware structure of a communication device according to an embodiment of the present application;

fig. 3 is a schematic diagram of another hardware structure of a communication device in the embodiment of the present application;

fig. 4 is a first flowchart illustrating an identity authentication method according to an embodiment of the present application;

fig. 5 is a flowchart illustrating a second method for identity authentication in an embodiment of the present application;

fig. 6 is a third schematic flowchart of an identity authentication method in an embodiment of the present application;

fig. 7 is a fourth schematic flowchart illustrating an identity authentication method in an embodiment of the present application;

FIG. 8 is a schematic structural diagram of an electronic device in an embodiment of the present application;

fig. 9 is a schematic diagram of another hardware structure of the server in the embodiment of the present application.

Detailed Description

The terms "first," "second," "third," and "fourth," etc. in the description and claims of the embodiments of the present application and the above-described drawings are used for distinguishing between different objects and not for limiting a particular order.

In the embodiments of the present application, words such as "exemplary" or "for example" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "e.g.," is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.

The embodiment of the application provides an identity authentication method and device, which are suitable for a communication system comprising a device family (comprising a master device and at least one slave device) and an authentication server. In this communication system, the master device acquires a general token (for convenience of description, the general token is hereinafter referred to as a general token for the device family) and a secret key of the device family assigned by the authentication server by communicating with the authentication server, and transmits the general token and the secret key to each slave device. After obtaining the general token and the secret key, each device in the device family generates an authentication token of the device by combining the identifier of the device, wherein the authentication token of the device comprises the general token and the device token, and then each device in the device family communicates with an authentication server by using the authentication token of the device.

After each device in the device family acquires the general token and the secret key, the authentication token of the device can be generated by itself and is directly communicated with the authentication server, other devices are not needed, and the authentication efficiency is effectively improved.

Because the authentication token generated by each device comprises the universal token and the device token of the device, the authentication can be successfully performed only under the condition that the universal token and the device token are both correct, and the safety of data and a system is effectively improved.

As can be seen from the above description, the identity authentication method provided in the embodiments of the present application is applicable to a communication system including a device family and an authentication server. Fig. 1 shows a structure of the communication system.

As shown in fig. 1, the communication system includes a device family 10 and an authentication server 11, the device family 10 includes a master device 101 and at least one slave device (e.g., slave device a, slave device b, etc.). The master device 101 is connected to each slave device. For a slave device, in addition to connecting with the master device 101, the slave device may also connect with at least one other slave device in the device family 10. An authentication server 11 is connected to each device in the family of devices 10.

The master device 101 in the device family 10 may be connected to the slave device through Near Field Communication (NFC), may also be connected to the slave device through bluetooth (bluetooth), and may also be connected to the slave device through other manners, which is not limited in this embodiment of the present application.

Of course, for a certain slave device connected to other slave devices, the slave device may be connected to other slave devices through NFC, may also be connected to other slave devices through bluetooth (bluetooth), and may also be connected to other slave devices through other manners, which is not limited in this embodiment of the application.

The master device 101 is configured to maintain a connection status list of the slave devices, obtain the general token and the secret key from the authentication server 11, and send the obtained general token and secret key to each slave device.

Specifically, the master device 101 manages all slave devices, stores the identification of each slave device, acquires a general token and a key by communicating with the authentication server 11, and transmits the general token and the key to each slave device. When some (or some) slave devices are newly added or withdrawn from the device family 10, the master device 101 communicates with the authentication server 11, and can send a general token and a secret key for the newly added slave devices in time, so that the interaction time of authentication is effectively shortened, the authentication server 11 can be informed in time to remove the authentication token of the device which has withdrawn from the device family 10, and the authentication efficiency is improved to ensure the safety of data and a system.

Furthermore, the master device 101 generates an authentication token including the generic token and a device token of the master device 101, based on the generic token and the secret key, the authentication token corresponding uniquely to the master device 101; the master device 101 communicates with the authentication server using the authentication token, so that the authentication server can identify whether the master device 101 is a secure and legitimate user and its operation.

The slave device is mainly used for maintaining interconnection with the master device, receiving the general token and the secret key sent by the master device 101, and generating an authentication token uniquely corresponding to the slave device after obtaining the general token and the secret key sent by the master device 101, wherein the authentication token comprises the general token and a device token of the slave device; the slave device communicates with the authentication server using the authentication token to facilitate the authentication server in authenticating whether the slave device is a secure and legitimate user terminal and its operation.

The master device 101 and the slave device are both electronic devices, and the electronic devices may be User Equipment (UE), a terminal, a mobile device, a handheld device with a wireless communication function, a computing device or other processing devices connected to a wireless modem, a vehicle-mounted device, a wearable device (also referred to as a wearable smart device), and the like.

In the device family 10, the master device 101 is a device in the device family 10, such as a smartphone, that is capable of controlling all other devices.

The authentication server 11 is mainly configured to authenticate and authenticate the device family 10, generate a general token, and maintain an authentication status of each device in the device family 10 (e.g., whether authentication is required or not, and whether authentication is successful or not).

Specifically, the authentication server 11 is configured to receive an authentication request sent by the master device 101, where the authentication request includes an identifier of a device family and an identifier of each device in the device family, and when it is determined that the master device 101 is legal, the authentication server 11 generates a general token according to the identifier of the device family and a first preset encryption algorithm, and determines a secret key according to the identifier of the device family, and then the authentication server 11 sends the general token and the secret key to the master device 101.

The authentication server 11 is further configured to receive an authentication token sent by a device in the device family 10, and identify whether the device is a secure and legitimate user side and its operation according to the authentication token.

The communication system shown in fig. 1 is merely exemplary. In practical applications, the communication system to which the embodiment of the present application is applied may also have other structures, which are not listed here.

In one example, the master device and the slave device referred to in fig. 1 may be both the communication apparatus 20 shown in fig. 2, and may also be a device including the communication apparatus 20 shown in fig. 2 (for example, a chip system in which the communication apparatus is a master/slave device). Fig. 2 is a schematic composition diagram of a communication apparatus 20 according to an embodiment of the present application, where the communication apparatus 20 may be used to implement operations of a master device/a slave device in an identity authentication method according to an embodiment of the present application.

As shown in fig. 2, the communication device 20 includes a memory 21, a memory controller 22, one or more processors 23 (only one is shown), a peripheral interface 24, a radio frequency module 25, and a near field communication module 26. Optionally, the communication device may further include components such as a touch screen 27 and a key module 28. These components communicate with each other via one or more communication buses/signal lines 29.

The memory 21 may be configured to store software programs and modules, for example, program instructions/modules for executing the identity authentication method in the embodiment of the present application, and the processor 23 executes various functional applications and data processing by running the software programs and modules stored in the memory 21, so as to implement the identity authentication method provided in the embodiment of the present application.

The memory 21 may include high speed random access memory and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 21 may further include memory located remotely from processor 22, which may be connected to communication device 20 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. Access to the memory 21 by the processor 23 and possibly other components may be under the control of a memory controller 22.

The peripheral interface 24 couples various input/output devices to a Central Processing Unit (CPU) and the memory 21. Processor 23 executes various software, instructions within memory 21 to perform various functions of communication device 20 and to perform data processing.

In some embodiments, peripheral interface 24, processor 23, and memory controller 22 may be implemented in a single chip. In other examples, they may be implemented separately from the individual chips.

The rf module 25 is used for receiving and transmitting electromagnetic waves, and implementing interconversion between the electromagnetic waves and electrical signals, so as to communicate with a communication network or other devices. The radio frequency module 25 may include various existing circuit elements for performing these functions, such as an antenna, a radio frequency transceiver, a digital signal processor, an encryption/decryption chip, a Subscriber Identity Module (SIM) card, memory, and so forth. The rf module 25 may communicate with various networks such as the internet, an intranet, a wireless network, or with other devices via a wireless network. The wireless network may comprise a cellular telephone network, a wireless local area network, or a metropolitan area network. The wireless network may use various communication standards, protocols and technologies, including but not limited to global system for mobile communication (GSM), enhanced mobile communication (EDGE), wideband code division multiple access (W-CDMA), Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), bluetooth, WiFi, voice over internet protocol (VoIP), worldwide interoperability for microwave access (Wi-Max), other protocols for mail, instant messaging and short messaging, and any other suitable communication protocols, and may even include those protocols that have not yet been developed.

The near field communication module 26 is used to provide an interface for implementing near field communication, and the communication apparatus 20 can perform short-range near field communication with other devices through the near field communication module 26 to implement data exchange.

The touch screen 27 provides both an output and an input interface between the communication device 20 and the user. In particular, the touch screen 27 displays video output to the user, the content of which may include text, graphics, video, and any combination thereof. Some of the output results are for some of the user interface objects. The touch screen 27 also receives user inputs, such as user clicks, swipes, and other gesture operations, so that the user interface objects respond to these user inputs. The technique of detecting user input may be based on resistive, capacitive, or any other possible touch detection technique. Specific examples of the touch screen 27 display unit include, but are not limited to, a liquid crystal display or a light emitting polymer display.

The key module 28 also provides an interface for user input to the communication device 20, and the user may cause the communication device 20 to perform different functions by pressing different keys.

It should be noted that the configuration shown in fig. 2 is merely an illustration, and the communication device 20 may include more or fewer components than those shown in fig. 2, or have a different configuration than that shown in fig. 2. The components shown in fig. 2 may be implemented in hardware, software, or a combination thereof.

In an example, the authentication server 11 shown in fig. 1 may be the communication device 30 shown in fig. 3, or may be an apparatus including the communication device 30 shown in fig. 3 (for example, the communication device is a chip system of the authentication server). Fig. 3 is a schematic composition diagram of a communication device 30 according to an embodiment of the present application, where the communication device 30 may be used to implement an operation of an authentication server in an identity authentication method according to the embodiment of the present application.

As shown in fig. 3, the communication device 30 may include a processor 31, a memory 32, a communication interface 33, and a communication bus 34. The processor 31, the memory 32 and the communication interface 33 may be connected by a communication bus 34. The respective constituent elements of the communication device 30 are described below with reference to fig. 3:

in the embodiment of the present application, the processor 31 is a control center of the communication device 30, and may be a single processor or a collective term for a plurality of processing elements. For example, the processor 31 is a CPU, and may also be an application-specific integrated circuit (ASIC), or one or more integrated circuits configured to implement the embodiments of the present application, such as: one or more Digital Signal Processors (DSPs), or one or more field-programmable gate arrays (FPGAs).

The processor 31 may perform various functions of the communication device 30 by running or executing software programs stored in the memory 32, and calling up data stored in the memory 32, among other things.

For one embodiment, processor 31 may include one or more CPUs, such as CPU 0 and CPU 1 shown in FIG. 3.

For one embodiment, the communication device 30 may further include another processor, such as the processor 35 shown in fig. 3, and the processor 35 includes an ASIC 0. Each of the plurality of processors in the communication device 30 may be a single-Core Processor (CPU) or a multi-Core Processor (CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).

In the embodiment of the present application, the memory 32 may be a read-only memory (ROM) or other types of static storage devices that can store static information and instructions, a Random Access Memory (RAM) or other types of dynamic storage devices that can store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a magnetic disk storage medium or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto.

In a possible implementation, the memory 32 may exist separately from the processor 31, i.e. the memory 32 may be a memory external to the processor 31, in which case the memory 32 may be connected to the processor 31 via a communication bus 34 for storing instructions or program code. The processor 31, when calling and executing the instructions or program codes stored in the memory 32, can implement the identity authentication method provided in the following embodiments of the present application.

In another possible implementation, the memory 32 may also be integrated with the processor 31, that is, the memory 32 may be an internal memory of the processor 31, for example, the memory 32 is a cache memory, and may be used for temporarily storing some data and/or instruction information, and the like.

In the embodiment of the present application, the communication interface 33 is configured to use any transceiver or other devices to communicate with other devices or communication networks, such as ethernet, Radio Access Network (RAN), Wireless Local Area Network (WLAN), and the like. The communication interface 33 may include a receiving unit implementing a receiving function and a transmitting unit implementing a transmitting function.

In the embodiment of the present application, the communication bus 34 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (enhanced Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 3, but this does not mean only one bus or one type of bus.

It is noted that the device structure shown in fig. 3 does not constitute a limitation of the communication apparatus 30, and the communication apparatus 30 may include more or less components than those shown in fig. 3, or combine some components, or a different arrangement of components, in addition to the components shown in fig. 3.

The identity authentication method provided by the embodiment of the present application is described below with reference to the accompanying drawings.

As shown in fig. 4, the identity authentication method provided in the embodiment of the present application includes:

s400, the devices in the device family complete connection authentication.

After the devices in the device family complete the connection authentication, the two devices establishing the connection can transmit data to each other.

For example: the smart watch sends a connection authentication request to the smart phone, and the smart phone is required to perform authentication operation; if the smart phone and the smart bracelet are successfully authenticated, the smart phone and the smart bracelet establish Bluetooth continuous connection and transmit data through Bluetooth, otherwise, the Bluetooth connection is interrupted.

Optionally, the connection authentication between the devices in the device family may be a bluetooth connection authentication operation, or may also be another conventional wireless connection authentication operation, which is not limited in this embodiment of the present application.

S401, the first device obtains a general token and a secret key.

The universal token is generated by the authentication server according to the identifier of the equipment family and a first preset encryption algorithm, and the secret key is determined by the authentication server according to the identifier of the equipment family.

It can be seen that the generic token and the key are specific to the family of devices, and thus each device in the family of devices can use the generic token and the key.

In practical applications, different device families may communicate with the same authentication server, and the authentication server needs to distinguish the different device families according to the device family identifiers.

The first device may be a master device in a device family, or may be any slave device in the device family.

If the first device is a master device in the device family, the first device stores the identifier of each device in the device family, and the first device directly communicates with the authentication server to obtain a universal token (token) and a secret key. Specifically, the first device sends an authentication request including an identifier of a device family and an identifier of each device in the device family to the authentication server, and correspondingly, the first device receives the universal token and the secret key sent by the authentication server.

In addition, in the case where the first device is a master device in the device family, the first device, after acquiring the common token and the key, also sends the common token and the key to each slave device in the device family.

If the first device is any slave device in the device family, the first device obtains the general token and the key from the master device. Specifically, the first device receives the universal token and the key sent by the master device.

In summary, the master device in the embodiment of the present application directly communicates with the authentication server to obtain the general token and the secret key, and then the master device sends the general token and the secret key to the slave devices in the device family, and each slave device does not need to separately communicate with the authentication server, thereby effectively simplifying the authentication operation and improving the communication efficiency.

S402, the first device generates a device token of the first device according to the key and the identification of the first device.

The first device encrypts an identification of the first device with a key to generate a device token for the first device.

It will be readily appreciated that the device token generated by the first device uniquely corresponds to the first device, since the identity of each device is different.

The secret key may be a public key in a certain asymmetric encryption algorithm determined by the authentication server (in this case, the authentication server stores a private key corresponding to the public key), or may be a secret key in a certain symmetric encryption algorithm, which is not limited in this embodiment of the present application.

S403, the first device generates an authentication token of the first device according to the general token and the device token of the first device.

The first device may combine the generic token and the device token of the first device to generate an authentication token for the first device. The embodiment of the present application does not limit the manner in which the first device combines the universal token and the device token of the first device.

S404, the first device sends the authentication token of the first device to the authentication server.

After generating the authentication token of the first device, the first device sends the authentication token of the first device to request the authentication of the authentication server.

S405, the authentication server authenticates the received authentication token and sends an authentication result to the first device.

And the authentication server identifies whether the first equipment is a safe and legal user side and the operation of the first equipment according to the authentication token of the first equipment.

In one implementation, if the secret key is a secret key in a certain symmetric encryption algorithm determined by the authentication server, the authentication server may determine a device token of each device according to the secret key and an identifier of each device in the device family sent by the master device, and then, the authentication server determines and stores the authentication token of each device in combination with the general token. Thus, after receiving the authentication token of the first device sent by the first device, the authentication server may determine whether the authentication token of the first device stored by the authentication server is the same as the received authentication token. If the two devices are the same, the first device is a safe and legal user side. If not, the first device is an illegal user end, and the authentication server prevents the access of the first device.

In another embodiment, if the secret key is the public key determined by the authentication server, the authentication server may store the private key corresponding to the public key, so that after receiving the authentication token of the first device, the authentication server may decrypt the device token in the authentication token of the first device by using the private key to obtain a device identifier, and further, the authentication server determines whether the obtained device identifier is the same as the identifier of the first device. If the two devices are the same, the first device is a safe and legal user side. If not, the first device is an illegal user end, and the authentication server prevents the access of the first device.

In addition to the above description, if the first device is a master device in the device family, the first device may further obtain an identifier of a newly added device in the device family, so that the first device needs to notify the authentication server in time, so that the authentication server allocates a general token and a secret key to the newly added device in the device family in time, and the authentication efficiency and the communication efficiency of the newly added device are improved.

Certainly, if the first device is a master device in the device family, the first device can also determine the identifier of the device that has exited from the device family, and thus, the first device needs to notify the authentication server in time, so that the authentication server updates the identifier of each device in the device family, thereby effectively preventing the access of an illegal user and ensuring the security of data.

In summary, after each device in the device family acquires the general token and the secret key, the authentication token of the device can be generated by itself and directly communicated with the authentication server without other devices, and the authentication efficiency is effectively improved.

For ease of understanding, the identity authentication method provided in the embodiment of the present application will now be described with reference to a communication process between a master device and a slave device (taking one as an example) in a device family and an authentication server.

As shown in fig. 5, the identity authentication method provided in the embodiment of the present application includes:

s500, the master device sends an authentication request including an identifier of the device family and an identifier of each device in the device family to the authentication server.

The master device stores an identification of each device in the device family, as well as the family identification of the device family. After the devices in the device family establish a connection, the master device sends an authentication request to the authentication server for requesting to obtain the generic token and the secret key.

S501, the authentication server authenticates the master device.

S502, under the condition that the main equipment is determined to be legal, the authentication server generates a universal token according to the identification of the equipment family and a first preset encryption algorithm.

Optionally, the first preset encryption algorithm is any one of symmetric encryption algorithms in the prior art, and may also be any one of asymmetric encryption algorithms in the prior art, which is not limited in this embodiment of the present application.

S503, the authentication server determines a secret key according to the identifier of the equipment family.

The secret key may be a public key in a certain asymmetric encryption algorithm determined by the authentication server (in this case, the authentication server stores a private key corresponding to the public key), or may be a secret key in a certain symmetric encryption algorithm, which is not limited in the embodiment of the present application.

It can be seen that the general token and the secret key determined by the authentication server in the embodiment of the present application are for the whole device family, and each device in the device family can use the general token and the secret key.

The authentication server may store the generic token and the secret key after determining the generic token and the secret key.

S504, the authentication server sends the general token and the key to the master device.

And S505, the master device generates a device token 1 according to the key and the identifier of the master device.

The device token 1 uniquely corresponds to the master device, that is, the device token 1 is the device token of the master device.

S506, the master device generates an authentication token 1 including the generic token and the device token 1.

The authentication token 1 is uniquely corresponding to the master device, that is, the authentication token 1 is the authentication token of the master device.

S507, the master device sends an authentication token 1 to the authentication server.

S508, the authentication server authenticates the authentication token 1 and sends an authentication result to the master device.

S508 may refer to the description of S405 above, and will not be described in detail here.

S509, the master device sends the generic token and the key to the slave device.

After obtaining the general token and the key, the master device sends the general token and the key to each slave device, so that the slave devices generate an authentication token uniquely corresponding to the slave devices.

After S504, in the embodiment of the present application, S505 may be executed first, and then S509 may be executed; or executing S507 first and then executing S504; s504 and S507 may also be executed simultaneously, which is not limited in this embodiment of the application.

And S510, the slave device generates a device token 2 according to the key and the identification of the slave device.

The standby token 2 corresponds uniquely to the slave device, i.e. the device token 2 is the device token of the slave device.

S511, the slave device generates an authentication token 2 including the general token and the device token 2.

The authentication token 2 corresponds uniquely to the slave device, i.e. the authentication token 2 is the authentication token of the slave device.

S512, the slave device sends an authentication token 2 to the authentication server.

S513, the authentication server authenticates the authentication token 2, and sends the authentication result to the slave device.

S513 may refer to the description of S405 above, and will not be described in detail here.

Following the flow shown in fig. 5, if a slave device is newly added to the device family, the master device needs to inform the authentication server in time in order for the authentication server to agree on the assignment of the generic token and key to the slave device. This process is illustrated in fig. 6.

As shown in fig. 6, the identity authentication method provided in the embodiment of the present application includes:

s600, the master device determines that the slave device 1 is newly added in the device family.

S601, the master device sends a first message including an identifier of the slave device 1 to the authentication server.

The first message is used to indicate that the slave device 1 is a device newly added to the device family.

S602, the authentication server updates the identifier of the device in the device family, and sends a second message to the master device, the second message indicating that the token is issued for the slave device 1.

S603, the master device sends the general token and the key to the slave device 1.

After S603, the slave device 1 and the authentication server perform the above-described S510 to S513.

The master device timely informs the authentication server device family that the slave device 1 is newly added, so that the authentication server timely distributes the universal token and the secret key to the slave device 1, and the authentication efficiency and the communication efficiency of the slave device 1 are improved.

Following the flow shown in fig. 5, if a slave device exits from a family of devices, the master device needs to notify the authentication server in time in order for the authentication server to determine to remove the token of the slave device. This process is illustrated in fig. 7.

As shown in fig. 7, the identity authentication method provided in the embodiment of the present application includes:

s700, the master device determines that the slave device 2 in the device family has exited.

That is, the slave device 2 is disconnected from all devices in the family of devices.

S701, the master device sends a first message including an identifier of the slave device 2 to the authentication server.

The first message is used to indicate that the slave device 2 has exited the device family.

S702, the authentication server updates the identification of the devices in the device family and sends a second message to the master device indicating to remove the token of the slave device 2.

In this way, the subsequent slave device 2 reuses the authentication token generated before to communicate with the authentication server, and the authentication server can prevent the access of the slave device 2, thereby effectively ensuring the data security.

In summary, compared with the prior art, the identity authentication method provided by the embodiment of the application effectively simplifies authentication operation, shortens the interaction time of authentication, and improves authentication efficiency.

The scheme provided by the embodiment of the application is mainly introduced from the perspective of a method. To implement the above functions, it includes hardware structures and/or software modules for performing the respective functions. Those of skill in the art would readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

In the embodiment of the present application, the device and the authentication server in the device family may be divided into function modules according to the above method, for example, each function module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. Optionally, the division of the modules in the embodiment of the present application is schematic, and is only a logic function division, and there may be another division manner in actual implementation.

Fig. 8 shows a schematic composition diagram of an electronic device 80, and the electronic device 80 may be used to perform the functions of the first device, the master device, or the slave device in the above embodiments. As one implementation, the electronic device 80 shown in fig. 8 includes: an acquisition unit 81, a generation unit 82, and a communication unit 83.

The obtaining unit 81 is configured to support the electronic device 80 to perform operations such as obtaining shown in any one of fig. 4 to 7, for example: s400, and/or other processes for the techniques described herein.

The generating unit 82 is configured to support the electronic device 80 to perform operations such as the generation shown in any one of fig. 4 to 7, for example: s402, S403, S505, S506, S510, S511, and/or other processes for the techniques described herein.

The communication unit 83 is configured to support the electronic device 80 to perform operations such as the transmission and reception shown in any one of fig. 4 to 7, for example: s404, S500, S504, S509, S512, S601, S603, S701, S702, and/or other processes for the techniques described herein.

All relevant contents of each step related to the above method embodiment may be referred to the functional description of the corresponding functional module, and are not described herein again.

Of course, the electronic device 80 provided in the embodiment of the present application includes, but is not limited to, the above modules, for example, the electronic device 80 may further include the storage unit 84.

The storage unit 84 may be used to store program codes and the like of the electronic device 80.

Optionally, all relevant contents of each step related to the method embodiment may be referred to the functional description of the corresponding functional module, and are not described herein again. The electronic device provided by the embodiment of the application is used for executing the function of the network device in the data flow control method, so that the same effect as the data flow control method can be achieved.

The entity block diagram of the electronic device 80 provided by the present application can refer to fig. 2 described above. The acquiring unit 81 and the communication unit 83 may be the device interface 24 in fig. 2, the generating unit 82 may be the processor 23 in fig. 2, and the storing unit 84 may be the memory 21 in fig. 2.

Fig. 9 shows a schematic block diagram of a server 90, which server 90 can be used to perform the functions of the authentication server in the above embodiments. As one implementation, the server 90 shown in fig. 9 includes: a receiving unit 91, an authentication unit 92 and a sending unit 93.

The receiving unit 91 is configured to support the server 90 to perform operations such as receiving shown in any one of fig. 5 to 7, for example: s500, S601, and/or other processes for the techniques described herein.

The authentication unit 92 is configured to support the server 90 to perform operations such as authentication shown in any one of the above fig. 5 to 7, for example: s501, S508, S513, and/or other processes for the techniques described herein.

The sending unit 93 is configured to support the server 90 to perform operations such as the generation shown in any one of fig. 5 to 7, for example: s504, and/or other processes for the techniques described herein.

Of course, the server 90 provided in the embodiment of the present application includes, but is not limited to, the above modules, for example, the server 90 may further include a storage unit 94, a determination unit 95, a generation unit 96, and an update unit 97.

The storage unit 94 may be used to store program codes of the server 90 and the like.

The determining unit 95 may be configured to support the server 90 to perform the operations of determining and the like shown in any one of fig. 5 to 7, for example: s503, and/or other processes for the techniques described herein.

The generating unit 96 may be configured to support the server 90 to perform operations such as the generation shown in any one of fig. 5 to 7, for example: s502, and/or other processes for the techniques described herein.

The updating unit 97 may be configured to support the server 90 to perform the operations such as the updating shown in any one of fig. 5 to 7, for example: s602, S702, and/or other processes for the techniques described herein.

Optionally, all relevant contents of each step related to the method embodiment may be referred to the functional description of the corresponding functional module, and are not described herein again. The server provided by the embodiment of the application is used for executing the function of the network device in the data flow control method, so that the same effect as the data flow control method can be achieved.

The entity block diagram of the server 90 provided in the present application may refer to fig. 3 described above. The receiving unit 91 and the sending unit 93 may be the communication interface 33 in fig. 3, the authenticating unit 92, the determining unit 95, the generating unit 96 and the updating unit 97 may be the processor 31 in fig. 3, and the storing unit 94 may be the memory 32 in fig. 3.

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented using a software program, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions described in accordance with the embodiments of the present application are all or partially generated upon loading and execution of computer program instructions on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or can comprise one or more data storage devices, such as a server, a data center, etc., that can be integrated with the medium. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.

While the present application has been described in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed application, from a review of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the word "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Although the present application has been described in conjunction with specific features and embodiments thereof, it will be evident that various modifications and combinations can be made thereto without departing from the spirit and scope of the application. Accordingly, the specification and figures are merely exemplary of the present application as defined in the appended claims and are intended to cover any and all modifications, variations, combinations, or equivalents within the scope of the present application. It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is also intended to include such modifications and variations.

Claims

1. An identity authentication method applied to a communication system including a device family and an authentication server, the device family including at least two devices, a first device of the at least two devices being connected with at least one of other devices, the identity authentication method comprising:

the first device obtains a general token and a secret key of the device family, wherein the general token is generated by the authentication server according to the identifier of the device family and a first preset encryption algorithm, and the secret key is determined by the authentication server according to the identifier of the device family;

the first device generates a device token of the first device according to the secret key and the identifier of the first device;

the first device generates an authentication token of the first device, wherein the authentication token of the first device comprises the general token and a device token of the first device;

and the first equipment adopts the authentication token of the first equipment to communicate with the authentication server so as to obtain an authentication result.

2. The identity authentication method of claim 1, wherein the first device is a master device in the device family, each of the other devices is a slave device, and the master device is connected to each slave device, the identity authentication method further comprising:

the first device sends the general token and the secret key to each slave device so that the slave device can generate an authentication token of the slave device according to the general token and the secret key.

3. The identity authentication method of claim 2, wherein the obtaining of the generic token and the key of the device family by the first device comprises:

the first device acquires the identifier of the device family and the identifier of each device in the device family;

the first device sends an authentication request to the authentication server, wherein the authentication request comprises the identifier of the device family and the identifier of each device in the device family;

and the first equipment receives the general token and the secret key sent by the authentication server.

4. The identity authentication method according to claim 2 or 3, characterized in that the identity authentication method further comprises:

the first device sends a first message to the authentication server, wherein the first message comprises an identifier of a second device, and the first message is used for indicating that the second device is a device newly added to the device family or informing that the second device exits the device family;

the first equipment receives a second message sent by the authentication server; if the second device is the device newly added to the device family, the second message is used for indicating that a token is issued for the second device; if the second device is a device that has exited the device family, the second message is used to indicate removal of the token of the second device;

and if the second message is used for indicating that a token is issued for the second equipment, the first equipment sends the general token and the secret key to the second equipment, so that the second equipment can generate an authentication token of the second equipment according to the general token and the secret key.

5. The identity authentication method of claim 1, wherein the device family comprises a master device and at least one slave device, the first device is any one of the at least one slave device, and the first device obtains a generic token and a secret key, comprising:

the first device receives the generic token and the key sent by the master device.

6. An identity authentication method applied to a communication system including a device family and an authentication server, the device family including at least two devices, a first device of the at least two devices being connected with at least one of other devices, the identity authentication method comprising:

the authentication server receives an authentication token of the first device sent by the first device, where the authentication token of the first device includes a general token of the device family and a device token of the first device, the general token is generated by the authentication server according to a family identifier of the device family, and the device token of the first device is generated by the first device according to a secret key determined by the authentication server and the identifier of the first device;

and the authentication server authenticates the authentication token of the first equipment and sends an authentication result to the first equipment.

7. The identity authentication method of claim 6, further comprising:

the authentication server receives an authentication request sent by a master device in the device family, wherein the authentication request comprises an identifier of the device family and an identifier of each device in the device family;

the authentication server generates the universal token according to the identifier of the equipment family and a first preset encryption algorithm under the condition that the main equipment is determined to be legal;

the authentication server determines a secret key according to the identifier of the equipment family;

the authentication server sends the generic token and the secret key to the master device.

8. The identity authentication method according to claim 6 or 7, characterized in that the identity authentication method further comprises:

the authentication server stores an identification of each device in the family of devices and an identification of the family of devices.

9. The identity authentication method of claim 8, further comprising:

the authentication server receives a first message sent by a master device in the device family, wherein the first message comprises an identifier of a second device, and the first message is used for indicating that the second device is a device newly added to the device family or informing that the second device exits the device family;

the authentication server updates the identifier of each device in the device family according to the first message;

the authentication server sends a second message to the master device; if the second device is the device newly added to the device family, the second message is used for indicating that a token is issued for the second device; and if the second device is a device which already exits the device family, the second message is used for indicating the removal of the token of the second device.

10. An electronic device, applied to a communication system including a device family and an authentication server, the device family including at least two devices, a first device of the at least two devices being connected to at least one of the other devices, the electronic device being the first device, the electronic device comprising:

an obtaining unit, configured to obtain a general token and a secret key of the device family, where the general token is generated by the authentication server according to an identifier of the device family and a first preset encryption algorithm, and the secret key is determined by the authentication server according to the identifier of the device family;

a generating unit, configured to generate a device token of the first device and generate an authentication token of the first device according to the secret key and the identifier of the first device, where the authentication token of the first device includes the general token and the device token of the first device;

and the communication unit is used for communicating with the authentication server by adopting the authentication token of the first equipment generated by the generation unit so as to obtain an authentication result.

11. The electronic device of claim 10, wherein the first device is a master device in the family of devices, each of the other devices is a slave device, and the master device is connected to each slave device;

the communication unit is configured to send the general token and the secret key to each slave device, so that the slave device generates an authentication token of the slave device according to the general token and the secret key.

12. The electronic device of claim 11,

the acquiring unit is specifically configured to acquire an identifier of the device family and an identifier of each device in the device family;

the communication unit is further configured to send an authentication request to the authentication server, where the authentication request includes an identifier of the device family and an identifier of each device in the device family, and to receive the general token and the secret key sent by the authentication server.

13. The electronic device of claim 11 or 12, wherein the communication unit is further configured to:

sending a first message to the authentication server, the first message including an identifier of a second device, the first message being used to indicate that the second device is a device newly added to the device family or to inform that the second device has exited the device family;

receiving a second message sent by the authentication server; if the second device is the device newly added to the device family, the second message is used for indicating that a token is issued for the second device; if the second device is a device that has exited the device family, the second message is used to indicate removal of the token of the second device;

and if the second message is used for indicating that a token is issued for the second equipment, sending the general token and the secret key to the second equipment so that the second equipment can generate an authentication token of the second equipment according to the general token and the secret key.

14. The electronic device of claim 10, wherein the device family includes a master device and at least one slave device, and wherein the first device is any one of the at least one slave device;

the communication unit is further configured to receive the general token and the secret key sent by the master device.

15. A server applied to a communication system including a device family and an authentication server, the device family including at least two devices, a first device of the at least two devices being connected to at least one of the other devices, the server being the authentication server, the server comprising:

a receiving unit, configured to receive an authentication token of the first device sent by the first device, where the authentication token of the first device includes a general token and a device token of the first device, the general token is generated by the authentication server according to the family identifier of the device family, and the device token of the first device is generated by the first device according to a secret key determined by the authentication server and the identifier of the first device;

the authentication unit is used for authenticating the authentication token of the first equipment received by the receiving unit;

and the sending unit is used for sending the authentication result determined by the authentication unit to the first equipment.

16. The server according to claim 15,

the receiving unit is further configured to receive an authentication request sent by a master device in the device family, where the authentication request includes an identifier of the device family and an identifier of each device in the device family;

the server further comprises a determining unit and a generating unit;

the determining unit is used for determining that the main equipment is legal;

the generating unit is used for generating a universal token of the equipment family according to the identifier of the equipment family and a first preset encryption algorithm under the condition that the determining unit determines that the main equipment is legal;

the determining unit is further configured to determine a secret key according to the identifier of the device family;

the sending unit is configured to send the general token generated by the generating unit and the key determined by the determining unit to the master device.

17. The server according to claim 15 or 16, wherein the server further comprises a storage unit;

the storage unit is configured to store an identifier of each device in the device family and an identifier of the device family.

18. The server according to claim 17,

the receiving unit is further configured to receive a first message sent by a master device in the device family, where the first message includes an identifier of a second device, and the first message is used to indicate that the second device is a device newly added to the device family or to notify that the second device has exited the device family;

the server further comprises an updating unit;

the updating unit is configured to update the identifier of each device in the device family according to the first message received by the receiving unit;

the sending unit is further configured to send a second message to the master device; if the second device is the device newly added to the device family, the second message is used for indicating that a token is issued for the second device; and if the second device is a device which already exits the device family, the second message is used for indicating the removal of the token of the second device.

19. An electronic device, comprising: one or more processors, and a memory; the memory coupled with the one or more processors, the memory storing computer instructions;

the computer instructions, when executed by the one or more processors, cause the electronic device to implement the identity authentication method of any one of claims 1-5.

20. A computer-readable storage medium comprising instructions that, when executed on an electronic device, cause the electronic device to implement the identity authentication method of any one of claims 1-5.

21. A server, comprising: one or more processors, and a memory; the memory coupled with the one or more processors, the memory storing computer instructions;

the computer instructions, when executed by the one or more processors, cause the server to implement the identity authentication method of any one of claims 6-9.

22. A computer-readable storage medium comprising instructions that, when executed on a server, cause the server to implement the identity authentication method of any one of claims 6-9.