CN111435913A - Identity authentication method and device for terminal of Internet of things and storage medium - Google Patents

Identity authentication method and device for terminal of Internet of things and storage medium Download PDF

Info

Publication number
CN111435913A
CN111435913A CN201910032485.5A CN201910032485A CN111435913A CN 111435913 A CN111435913 A CN 111435913A CN 201910032485 A CN201910032485 A CN 201910032485A CN 111435913 A CN111435913 A CN 111435913A
Authority
CN
China
Prior art keywords
module
authentication
random
ciphertext
unique
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910032485.5A
Other languages
Chinese (zh)
Inventor
孙宗臣
牟善礼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hisense Group Co Ltd
Hisense Co Ltd
Original Assignee
Hisense Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hisense Co Ltd filed Critical Hisense Co Ltd
Priority to CN201910032485.5A priority Critical patent/CN111435913A/en
Publication of CN111435913A publication Critical patent/CN111435913A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0876Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/12Network-specific arrangements or communication protocols supporting networked applications adapted for proprietary or special purpose networking environments, e.g. medical networks, sensor networks, networks in a car or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The application provides an identity authentication method and device for an Internet of things terminal and a storage medium, which are used for solving the problem that the authentication mode of the Internet of things terminal is complex in the prior art and relate to the technical field of the Internet of things. In the method, receiving authentication information which is sent by a module end and carries a first ciphertext and a unique identifier of the module end; decrypting the first ciphertext according to a preset symmetric key to obtain a first random number and a character string of the unique identifier of the module end; extracting the unique identifier of the module end from the character string according to the random number and the arrangement rule of the unique identifier of the module end; and comparing the extracted unique module end identification with the unique module end identification in the authentication information. Therefore, the authentication can be completed between the authentication server and the module end through less information (random numbers and module end unique identification) and a simple symmetric key, the steps of authentication operation are few, the operation is simple, and a digital signature or a certificate is not needed, so that the authentication process is simple and easy to realize.

Description

Identity authentication method and device for terminal of Internet of things and storage medium
Technical Field
The application relates to the technical field of internet of things, in particular to an identity authentication method and device for an internet of things terminal and a storage medium.
Background
The traditional identity authentication method comprises an authentication method based on password, an authentication method based on biological characteristics, a Public Key Infrastructure (PKI) Public Key and the like, and in addition, a plurality of mature identity authentication protocols, such as Kerberos (computer network authorization protocol), SSH (Secure Shell protocol), (D) T L S (Datagram Transport L eye Security protocol) and the like.
However, since many internet of things devices do not have an input operation interface, the authentication method based on the password is not suitable, and since the internet of things terminal is not used by a special user, the authentication method based on the biometric features is not suitable for the internet of things terminal.
Disclosure of Invention
In order to implement lightweight identity authentication of an internet of things terminal, embodiments of the present application provide an identity authentication method and apparatus for an internet of things terminal, and a storage medium.
In a first aspect, an embodiment of the present application provides an identity authentication method for an internet of things terminal, where the method includes:
module end:
generating a first random number;
acquiring a unique identifier of a module end;
sequencing the first random number and the unique module end identifier according to the arrangement rule of the random number and the unique module end identifier to obtain a character string of the first random number and the unique module end identifier;
encrypting the character string by using a preset symmetric key to obtain a first ciphertext;
and sending the first ciphertext and the unique identifier of the module end as authentication information to an authentication server.
An authentication server:
receiving authentication information which is sent by a module end and carries a first ciphertext and a unique identifier of the module end; the first ciphertext comprises a first random number and a module end unique identifier;
decrypting the first ciphertext according to a preset symmetric key to obtain a first random number and a character string of the unique identifier of the module end;
extracting the unique identifier of the module end from the character string according to the random number and the arrangement rule of the unique identifier of the module end;
comparing the extracted unique module end identifier with the unique module end identifier in the authentication information;
if the extracted module end unique identification is the same as the module end unique identification in the authentication information, determining that the authentication is successful;
and if the extracted module end unique identification is different from the module end unique identification in the authentication information, determining that the authentication fails.
On the other hand, the embodiment of the application also provides an identity authentication device of the terminal of the internet of things.
Module end:
a generating module for generating a first random number;
the acquisition module is used for acquiring the unique identifier of the module end;
the sorting module is used for sorting the first random number and the unique module end identifier according to the arrangement rule of the random number and the unique module end identifier to obtain a character string of the first random number and the unique module end identifier;
the encryption module is used for encrypting the character string by using a preset symmetric key to obtain a first ciphertext;
and the sending module is used for sending the first ciphertext and the unique identifier of the module end to an authentication server as authentication information.
An authentication server:
the receiving module is used for receiving authentication information which is sent by the module end and carries a first ciphertext and the unique identifier of the module end; the first ciphertext comprises a first random number and a module end unique identifier;
the decryption module is used for decrypting the first ciphertext according to a preset symmetric key to obtain a first random number and a character string of the unique identifier of the module end;
the extraction module is used for extracting the unique identifier of the module end from the character string according to the random number and the arrangement rule of the unique identifier of the module end;
the determining module is used for determining that the authentication is successful if the extracted module end unique identifier is the same as the module end unique identifier in the authentication information; and if the extracted module end unique identification is different from the module end unique identification in the authentication information, determining that the authentication fails.
Another embodiment of the present application also provides a computing device comprising at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to enable the at least one processor to execute the identity authentication method of any terminal of the internet of things provided by the embodiment of the application.
Another embodiment of the present application further provides a computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions are configured to enable a computer to execute an identity authentication method of any internet of things terminal in the embodiments of the present application.
According to the identity authentication method, the identity authentication device and the identity authentication storage medium of the terminal of the Internet of things, authentication can be completed between the authentication server and the module end through less information (random numbers and unique identification of the module end) and a simple symmetric key, the steps of authentication operation are few, the operation is simple, digital signatures or certificates are not needed, and therefore the authentication process is simple and easy to achieve.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic view of an application scenario of an identity authentication method of an internet of things terminal in an embodiment of the application;
fig. 2 is a flowchart of an identity authentication method of an internet of things terminal in the embodiment of the present application;
fig. 3 is a schematic view of another application scenario of the identity authentication method of the internet of things terminal in the embodiment of the application;
fig. 4 is another flowchart of an identity authentication method of an internet of things terminal in the embodiment of the present application;
fig. 5 is a timing diagram of an identity authentication method of an internet of things terminal in the embodiment of the present application;
fig. 6 is a schematic diagram of an identity authentication device of an internet of things terminal in the embodiment of the present application;
fig. 7 is another schematic diagram of an identity authentication device of an internet of things terminal in the embodiment of the present application;
FIG. 8 is a schematic diagram of a computing device according to an embodiment of the present application.
Detailed Description
In order to reasonably authenticate the identity of the terminal of the internet of things, the application provides an identity authentication method and device of the terminal of the internet of things and a storage medium. For better understanding of the technical solutions provided in the present application, the terms of the present application are explained as follows:
the terminal of the Internet of things: and the terminal equipment of the Internet of things is used for acquiring data. Such as a speed sensor and a camera in a traffic management system. And any equipment capable of constructing the Internet of things and acquiring data, such as a temperature sensor, a humidity sensor and the like.
Module end: and the cloud platform server is connected with the Internet of things terminal and used for transmitting the data acquired by the Internet of things terminal to the cloud platform server through the Internet of things network.
Unique identification of the module end: the identifier of the unique identifier module may be, for example, an IMEI (international mobile equipment Identity).
Cloud platform server: and the terminal management module is responsible for carrying out data transmission with the module end and is used for collecting data of the Internet of things terminal and/or managing the Internet of things terminal.
An authentication server: the system is mainly responsible for identity authentication and key distribution at the module end.
KGC: and the key generation center is used for generating a symmetric key, a public key and a corresponding private key.
The following is a brief description of the principles of the technical solutions provided in the present application:
at present, the traditional identity authentication method, such as the authentication method based on password and based on biological characteristics, is not suitable for the terminal of the internet of things, and the authentication methods such as the PKI public key or (D) T L S require digital signatures or certificates, so the authentication process is complicated, and the authentication efficiency is low.
In order to simply and efficiently realize identity authentication of terminal equipment of the internet of things, the embodiment of the application provides an identity authentication method of a terminal of the internet of things. In the method, a module end 01 generates a first random number and acquires a unique identifier of the module end. And then the module end 01 sequences the first random number and the unique identifier of the module end according to the arrangement rule of the random number and the unique identifier of the module end to obtain a character string of the first random number and the unique identifier of the module end. The module end encrypts the character string by using a preset symmetric key to obtain a first ciphertext, and sends the first ciphertext and the unique identifier of the module end serving as authentication information to the authentication server. And after receiving authentication information which is sent by the module end and carries the first ciphertext and the unique identifier of the module end, the authentication server decrypts the first ciphertext according to a preset symmetric key to obtain a first random number and a character string of the unique identifier of the module end. And the authentication server extracts the unique identifier of the module end from the character string according to the random number and the arrangement rule of the unique identifier of the module end, and compares the extracted unique identifier of the module end with the unique identifier of the module end in the authentication information. If the extracted module end unique identification is the same as the module end unique identification in the authentication information, determining that the authentication is successful; and if the extracted module end unique identification is different from the module end unique identification in the authentication information, determining that the authentication fails.
Therefore, the authentication server and the module end can achieve the purpose of identity authentication only by comparing the module end unique identifier obtained after decryption with the module end unique identifier in the authentication information. Compared with the identity authentication mode in the prior art, the identity authentication method does not need a digital signature or a certificate, is simple in identity authentication operation and high in efficiency.
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.
As shown in fig. 1, the schematic view is an application scenario diagram of completing identity authentication of an internet of things terminal according to the scheme provided by the embodiment of the present application. The scene comprises the following steps: module end 01, authentication server 02 and base station 03. It should be noted that the authentication server may be connected to a plurality of module terminals, and fig. 1 shows only one module terminal for convenience of description.
The module end 01 generates a first random number and obtains a unique identifier of the module end. And sequencing the first random number and the unique module end identifier according to the arrangement rule of the random number and the unique module end identifier to obtain a character string of the first random number and the unique module end identifier, and encrypting the character string by using a preset symmetric key to obtain a first ciphertext. And the module end 01 sends the first ciphertext and the unique identifier of the module end to the base station 03 as authentication information, and the base station 03 sends the authentication information to the authentication server 02. After receiving the authentication information sent by the base station 03, the authentication server 02 decrypts a first ciphertext in the authentication information according to the preset symmetric key to obtain a first random number and a character string of the unique identifier of the module terminal. The authentication server 02 extracts the unique identifier of the module side from the character string according to the random number and the arrangement rule of the unique identifier of the module side. The authentication server 02 compares the extracted module end unique identifier with the module end unique identifier in the authentication information, and if the extracted module end unique identifier is the same as the module end unique identifier in the authentication information, the authentication is determined to be successful. And if not, determining that the authentication fails.
The authentication server 02 may be served by a cloud platform server, or may be served by a third party server different from the cloud platform server. In addition, the preset symmetric key is calculated by KGC by using a key generation algorithm in the SM9 national cryptographic standard and is stored in the authentication server and the module. Preferably, KGC may be written into the authentication server, and the preset symmetric key of the authentication server is generated for KGC, and the symmetric key is stored in the module. Or, because the KGC is a key generation center and needs protection, the KGC may be deployed in a secure server different from the authentication server, and then the KGC generates a symmetric key, and stores the symmetric key in the module and the authentication server, respectively.
The Internet of things in the embodiment of the application is suitable for narrowband Internet of things and is also suitable for other Internet of things except the narrowband Internet of things.
The identity authentication method for the internet of things terminal provided by the embodiment of the application is further described with reference to the accompanying drawings.
Firstly, in order to complete identity authentication, the authentication server generates a symmetric key and then reserves one copy of the symmetric key, and distributes the symmetric key to each module end for storage. Different module ends can use the same symmetric key and can also use different symmetric keys, and the application does not limit the same. In particular, the symmetric key of the SM4 national cryptographic standard algorithm may be used.
After the authentication server and the module end have the symmetric key, both sides can execute subsequent authentication operation. As shown in fig. 2, a flowchart of an identity authentication method for an internet of things terminal provided in the embodiment of the present application includes the following steps:
step 201: receiving authentication information which is sent by a module end and carries a first ciphertext and a unique identifier of the module end; the first ciphertext comprises a first random number and a module end unique identifier.
Step 202: and decrypting the first ciphertext according to a preset symmetric key to obtain a first random number and a character string of the unique identifier of the module end.
Step 203: and extracting the unique identifier of the module end in the character string according to the random number and the arrangement rule of the unique identifier of the module end.
Step 204: comparing the extracted module end unique identifier with the module end unique identifier in the authentication information, and if the extracted module end unique identifier is the same as the module end unique identifier in the authentication information, executing step 205; if not, go to step 206.
Step 205: and determining that the authentication is successful.
Step 206: it is determined that the authentication failed.
It should be noted that the arrangement rule may be set according to the actual situation, and the present application does not limit this. For example, when the first random number is 00 and the module end unique identifier is 1001, the module end unique identifier and the first random number may be arranged in sequence, and the character string obtained by decrypting the first ciphertext is 100100 (where the first four digits are the module end unique identifier and the second two digits are the random numbers). And then according to the arrangement rule, the unique identifier of the extracted module end is 1001. Or, the module terminal unique identifier and the first random number may be sorted alternately, for example, the 2 nd and 4 th bits are the first random number, and the numbers of other bits are arranged in sequence to form the module terminal unique identifier. Then, the character string obtained by decrypting the first ciphertext is 100001, and according to the arrangement rule, the extracted module end unique identifier is 1001.
Therefore, the authentication between the authentication server and the module end can be completed through less information (random number and module end unique identification) and a simple symmetric key. The authentication operation steps are few, the operation is simple, and a digital signature or a certificate is not needed, so that the authentication process is simple and easy to realize, and the application provides a lightweight identity authentication scheme suitable for the Internet of things.
In addition, the random number and the module end unique identifier are arranged according to the arrangement rule, so that the first ciphertext is illegally used for receiving and sending information by the module end due to unknown arrangement rule after being stolen, and the identity authentication is failed due to the fact that the module end unique identifier which is wrongly extracted is extracted after the first ciphertext is tampered, so that the invasion of illegal equipment is prevented.
The identity authentication is carried out on the module end to ensure the safety and reliability of the module end, so that after the identity authentication is successful, the authentication server sends a notification of the successful identity authentication to the module end and the cloud platform server respectively, and after the module end and the cloud platform server receive the notification, the module end and the cloud platform server can communicate by adopting a plaintext to transmit data. Certainly, in order to ensure the security of data transmission between the module end and the cloud platform server, the authentication server may negotiate a session key for data transmission with the module end after performing identity authentication on the module end. Specifically, after the authentication server successfully authenticates the identity of the group terminal, a second random number can be generated; encrypting the second random number by using a preset symmetric key to obtain a second ciphertext; and then sending the second ciphertext to the module end so that the module end calculates the first random number and the second random number in the second ciphertext by adopting a password hash function to obtain a session key.
In specific implementation, the module end uses the result obtained by calculation of the cryptographic hash function to take the first 16 bytes as the session key. After the module end calculates the session key, the session key can be sent to the authentication server, and then the authentication server sends the session key to the cloud platform server.
In addition, in addition to forwarding the session key to the cloud platform server by the authentication server, the authentication server may generate the session key itself and send it to the cloud platform server. That is, after the authentication server generates the second random number, the second random number and the first random number in the first ciphertext may be calculated by using a cryptographic hash function to obtain the session key. And then sending the data to a cloud platform server. Of course, after the authentication server uses the cryptographic hash function to calculate the result, the first 16 bytes are also selected as the session key so as to make the generated session key the same as the module.
In order to ensure the security of the session key in the process of transmitting the session key, after the session key is obtained through calculation, the session key needs to be encrypted and then sent to the cloud platform server. In specific implementation, the authentication server may perform an encryption operation on the session key through the following two methods.
The method comprises the following steps: when the number of session keys is too large, additional keys may be used for encryption. For convenience of description, the additional key pair is referred to as a first public key and a first private key, and then the ID of the cloud platform server is referred to as a second public key. In specific implementation, a first public key and a corresponding first private key are randomly generated, the first public key is adopted to encrypt a session key to obtain a first part of ciphertext, and a second public key is adopted to encrypt the first private key to obtain a second part of ciphertext; and sending the first part of ciphertext and the second part of ciphertext to the cloud platform server, so that the cloud platform server decrypts the second part of ciphertext according to a pre-stored second private key corresponding to the second public key to obtain a first private key, and then decrypts the first part of ciphertext by using the first private key to obtain a session key.
The second method comprises the following steps: when the number of the session keys is not large, the session keys can be directly encrypted by using the second public key (the ID of the cloud platform server) to obtain a first part of ciphertext; and sending the first part of ciphertext to the cloud platform server, so that the cloud platform server decrypts the first part of ciphertext according to a second private key corresponding to a second public key stored in advance, and a session key is obtained.
The ID of the cloud platform server is used as a public key, a corresponding private key is generated according to the SM9 cryptographic algorithm, and the private key corresponding to the public key is stored in the cloud platform server. Different cloud platform servers correspond to different public and private key pairs. That is, the same authentication server may manage different cloud platform servers and generate corresponding session keys for the different cloud platform servers.
And when the authentication server sends the encrypted session key, the unique identifier of the module end corresponding to the session key is sent to the cloud platform server. When the cloud platform server stores the session key, the unique identifier of the module end and the corresponding session key can be correspondingly stored in the form of the unique identifier of the module end plus the session key.
The security of the session key can be ensured by sending the encrypted session key. Even if the session key is intercepted, the session key cannot be obtained through decryption because the private key corresponding to the public key does not exist.
In addition, in order to prevent the session key from being stolen to cause information leakage, the generated session key has a validity period. In specific implementation, both the module end and the authentication server may negotiate an update period of the session key in advance. For example, the session key update period is set to 1 day, and the validity period of the session key may be counted from the generation time of the session key or from the transmission start time when data is transmitted using the session key for the first time.
After determining that the session key is invalid, the module end actively requests the authentication server to perform identity authentication again, and then generates a new session key. Or the cloud platform server notifies the authentication server after determining that the session key is invalid, and then the authentication server notifies the module end to perform identity authentication again and generate the session key. Of course, in specific implementation, the session key is applicable to the embodiment of the present application as long as the session key can be updated in time after determining that the session key is invalid, and the present application does not limit this.
Furthermore, in order to prevent the authentication information sent by the module end from being intercepted and then being impersonated by other equipment to the module end to send the intercepted authentication information, the first ciphertext also comprises a timestamp, so that the authentication information can be ensured to pass the authentication only in the valid period through the timestamp. The expired authentication information is invalid even if intercepted and cracked, and the invalid authentication information can cause the identity authentication to fail, so that the aim of preventing illegal equipment from being masquerade as a module end is fulfilled. The scheme can be implemented by acquiring the current time, and then determining whether the time difference value between the current time and the timestamp in the first ciphertext is within a preset time difference value range; correspondingly, when the identity of the module end is authenticated, if the time difference is within the range of the preset time difference and the extracted unique identifier of the module end is the same as the unique identifier of the module end in the authentication information, the authentication is determined to be successful.
If the time difference value is not within the preset time difference value range; and/or determining that the authentication fails if the extracted module end unique identifier is different from the module end unique identifier in the authentication information.
Specifically, the preset time difference range is set by the actual situation. For example, less than 3 seconds, less than 5 seconds, or the like may be set. Certainly, in the specific implementation, the determination can be made by measuring the information transmission delay between the authentication server and the module end. By the method, the timeliness of the authentication information can be guaranteed, other equipment is prevented from falsifying the module end to send the authentication information after the authentication information is intercepted, and the identity authentication accuracy is guaranteed.
How to use the timestamp for identity authentication and calculating the session key in the embodiment of the present application is described in detail below with reference to fig. 3. The preset time difference range in the scene is less than or equal to 3 seconds, and the scene comprises a module end 01, an authentication server 02, a base station 03 and a cloud platform server 04.
The module end 01 generates a first random number and obtains a unique identifier of the module end. And then the module end 01 sequences the first random number and the unique identifier of the module end according to the arrangement rule of the random number and the unique identifier of the module end to obtain a character string of the first random number and the unique identifier of the module end. The module end 01 obtains the current time as a time stamp, and encrypts the character string and the time stamp by using a preset symmetric key to obtain a first ciphertext. And sending the first ciphertext and the unique identifier of the module end as authentication information to the base station 03. The base station 03 sends the authentication information to the authentication server 02. After receiving the authentication information, the authentication server 02 decrypts the first ciphertext in the authentication information by using the preset symmetric key, and obtains the character string and the timestamp. And acquiring the current time, and extracting the module end unique identifier in the character string according to the random number and the arrangement rule of the module end unique identifier if the time difference between the current time and the timestamp in the first ciphertext is determined to be less than 3 seconds. And then, comparing the extracted module end unique identification with the module end unique identification in the authentication information, and determining that the extracted module end unique identification is the same as the module end unique identification in the authentication information, thereby determining that the authentication is successful.
After the authentication is successful, the authentication server 02 generates a second random number, and encrypts the second random number by using the preset symmetric key to obtain a second ciphertext. And the second ciphertext is sent to the module end 01 corresponding to the module end unique identifier in the authentication information through the base station 03. And calculating the second random number and the first random number in the first cipher text by adopting a cipher hash function to obtain a session key. Then, the cloud platform server identity ID is used as a public key to encrypt the session key; sending the encrypted session key to the cloud platform server 04 corresponding to the cloud platform server ID, so that the cloud platform server 04 decrypts the encrypted session key according to the pre-stored private key to obtain the session key
After receiving the second ciphertext, the module end 01 decrypts the second ciphertext by using a preset symmetric key to obtain a second random number, and calculates the first random number and the second random number in the second ciphertext by using a password hash function to obtain a session key. Both the module end 01 and the authentication server have the session key, and communication can be performed subsequently.
The step of determining whether the time difference is within the preset time difference range may be performed after the step of comparing the extracted unique identifier of the module end with the unique identifier of the module end in the authentication information, or may be performed simultaneously with the step.
Based on the same inventive concept, the embodiment of the application provides an identity authentication method of an internet of things terminal at a module end. As shown in fig. 4, a flowchart of an identity authentication method for an internet of things terminal provided in the embodiment of the present application includes the following steps:
step 401: a first random number is generated.
Step 402: and acquiring the unique identifier of the module end.
Step 403: and sequencing the first random number and the unique module end identifier according to the arrangement rule of the random number and the unique module end identifier to obtain a character string of the first random number and the unique module end identifier.
Step 404: and encrypting the character string by using a preset symmetric key to obtain a first ciphertext.
Step 405: and sending the first ciphertext and the unique identifier of the module end as authentication information to an authentication server.
In specific implementation, as described above, the random number and the arrangement rule of the unique identifier at the module end are set according to actual conditions. For example, the module-side unique identifier and the first random number may be sequentially ordered, and when the first random number is 01 and the module-side unique identifier 1011 is obtained, the character string is 101101 according to the arrangement rule of the random number and the module-side unique identifier. The random number and the arrangement rule of the unique identifier of the module end are the same as the random number and the arrangement rule of the unique identifier of the module end extracted from the character string by the authentication server end.
Therefore, the authentication between the authentication server and the module end can be completed through less information (random number and module end unique identification) and a simple symmetric key. The authentication operation steps are few, the operation is simple, and a digital signature or a certificate is not needed, so that the authentication process is simple and easy to realize, and the application provides a lightweight identity authentication scheme suitable for the Internet of things.
After the identity authentication is successful, further negotiation of a session key is required. The method further comprises the following steps: receiving a second ciphertext sent by the authentication server; decrypting the second ciphertext by using a preset symmetric key to obtain a second random number; and calculating the first random number and the second random number in the second ciphertext by adopting a password hash function to obtain a session key.
And the module end uses the result obtained by calculation of the password hash function and takes the first 16 bytes as a session key. Therefore, after the identity authentication of the module end and the authentication server is completed, the two parties negotiate the session key and use the session key in data transmission, so that the data security can be ensured. The module end and the authentication server can preset an updating period of the session key, when the updating period is reached, the session key cannot be used, the identity authentication needs to be carried out again, and the session key can be updated and negotiated after the identity authentication is passed.
In order to ensure timeliness of the authentication information, a timestamp can be added for verification. Before encrypting the character string, the method further comprises: acquiring the current time as a timestamp; encrypting the character string specifically includes: and encrypting the character string and the time stamp.
By the method, the timeliness of the authentication information can be guaranteed, other equipment is prevented from falsifying the module end to send the authentication information after the authentication information is intercepted, and the safety of identity authentication is guaranteed.
To facilitate the system understanding of the embodiment of the present application, fig. 5 is a timing diagram of the scheme provided in the embodiment of the present application. The method comprises the following steps:
step 501: the module generates a first random number.
Step 502: the module end acquires the unique identifier of the module end.
The execution order of step 501 and step 502 is not limited.
Step 503: and the module end sorts the first random number and the unique module end identifier according to the arrangement rule of the random number and the unique module end identifier to obtain a character string of the first random number and the unique module end identifier.
Step 504: and the module end acquires the current time as a timestamp.
Step 505: and the module end encrypts the character string and the time stamp by using a preset symmetric key.
Step 506: and the module end sends the first ciphertext and the unique identifier of the module end as authentication information to an authentication server.
Step 507: the authentication server receives authentication information which is sent by the module end and carries a first ciphertext and the unique identifier of the module end; the first ciphertext comprises the first random number, the module end unique identifier and the timestamp.
Step 508: and the authentication server decrypts the first ciphertext and the timestamp according to a preset symmetric key.
Step 509: the authentication server obtains the current time.
Step 510: and if the time difference value between the current time and the time stamp in the first ciphertext is within a preset time difference value range, the authentication server extracts the unique identifier of the module end from the character string.
Step 511: and the authentication server compares the extracted module end unique identification with the module end unique identification in the authentication information, and if the extracted module end unique identification is the same as the module end unique identification in the authentication information, the authentication is determined to be successful.
Step 512: the authentication server generates a second random number.
Step 513: and the authentication server encrypts the second random number by using a preset symmetric key to obtain a second ciphertext.
Step 514: and the authentication server sends the second ciphertext to the module end.
Step 515: and the module end calculates the first random number and the second random number in the second cipher text by adopting a cipher hash function to obtain a session key.
Step 516: and the authentication server calculates the second random number and the first random number in the first cipher text by adopting a cipher hash function to obtain a session key.
The execution timing of step 516 may be after step 512 and before step 517, which is not specifically limited in this application. For example, step 516 may be performed concurrently with step 513.
517: and the authentication server encrypts the session key by taking the cloud platform server identity ID as a public key.
Step 518: and the authentication server sends the encrypted session key to a cloud platform server corresponding to the cloud platform server ID.
Step 519: and the cloud platform server decrypts the encrypted session key according to the pre-stored private key to obtain the session key.
By the identity authentication method of the terminal of the Internet of things, the steps of identity authentication can be reduced, the identity authentication can be completed through only one step, the session key can be completed through information interaction of the two steps, and the efficiency of identity authentication and session key negotiation is improved.
Based on the same inventive concept, the embodiment of the application also provides an identity authentication device of the terminal of the internet of things. Fig. 6 is a schematic diagram of an identity authentication device of an internet of things terminal in the embodiment of the present application. The device includes:
the receiving module 601 is configured to receive authentication information which is sent by the module end and carries a first ciphertext and a unique identifier of the module end; the first ciphertext comprises a first random number and a module end unique identifier;
the decryption module 602 is configured to decrypt the first ciphertext according to a preset symmetric key to obtain a first random number and a string of a unique identifier at the module end;
an extracting module 603, configured to extract the unique identifier of the module end from the character string according to the random number and an arrangement rule of the unique identifier of the module end;
a determining module 604, configured to determine that the authentication is successful if the extracted module end unique identifier is the same as the module end unique identifier in the authentication information; and if the extracted module end unique identification is different from the module end unique identification in the authentication information, determining that the authentication fails.
Further, the apparatus further comprises:
the second generation module is used for generating a second random number after the determination module determines that the authentication is successful;
the second encryption module is used for encrypting the second random number by using a preset symmetric key to obtain a second ciphertext;
and the second sending module is used for sending the second ciphertext to the module end so that the module end calculates the first random number and the second random number in the second ciphertext by adopting a password hash function to obtain a session key.
Further, the apparatus further comprises:
and the calculation module is used for calculating a second random number and a first random number in the first ciphertext by adopting a password hash function to obtain a session key after the second sending module sends the second ciphertext to the module end.
Further, the first ciphertext also includes a timestamp, and the apparatus further includes:
the second acquisition module is used for acquiring the current time;
the second determining module is used for determining whether the time difference value is within a preset time difference value range;
the determining module is specifically configured to determine that the authentication is successful if the time difference value is within a preset time difference value range and the extracted unique module end identifier is the same as the unique module end identifier in the authentication information.
The determining module is specifically configured to determine whether the time difference is within a preset time difference range; and/or determining that the authentication fails if the extracted module end unique identifier is different from the module end unique identifier in the authentication information.
Further, the apparatus further comprises:
the third generation module is used for randomly generating the first public key and the corresponding first private key;
the third encryption module is used for encrypting the session key by adopting the first public key to obtain a first part of ciphertext and encrypting the first private key by adopting the second public key to obtain a second part of ciphertext; the second public key is a platform server identity ID;
and the third sending module is used for sending the first part of ciphertext and the second part of ciphertext to the cloud platform server, so that the cloud platform server decrypts the second part of ciphertext according to a pre-stored second private key corresponding to the second public key to obtain a first private key, and then decrypts the first part of ciphertext by using the first private key to obtain a session key.
Based on the same inventive concept, the embodiment of the application also provides an identity authentication device of the internet of things terminal at the module end. As shown in fig. 7, the schematic diagram of an identity authentication device of an internet of things terminal provided in the embodiment of the present application is shown. The device includes:
a generating module 701, configured to generate a first random number;
an obtaining module 702, configured to obtain a unique identifier of a module end;
the sorting module 703 is configured to sort the first random number and the unique module end identifier according to an arrangement rule of the random number and the unique module end identifier, so as to obtain a character string of the first random number and the unique module end identifier;
an encrypting module 704, configured to encrypt the character string by using a preset symmetric key to obtain a first ciphertext;
a sending module 705, configured to send the first ciphertext and the unique module end identifier to an authentication server as authentication information, so that the authentication server receives the authentication information that is sent by the module end and carries the first ciphertext and the unique module end identifier; decrypting the first ciphertext according to a preset symmetric key to obtain a first random number and a character string of the unique identifier of the module end; extracting the unique identifier of the module end from the character string according to the random number and the arrangement rule of the unique identifier of the module end; and comparing the extracted unique module end identification with the unique module end identification in the authentication information.
Further, the apparatus further comprises:
the receiving module is used for receiving a second ciphertext sent by the authentication server;
the second decryption module is used for decrypting the second ciphertext by using a preset symmetric key to obtain a second random number;
and the second calculation module is used for calculating the first random number and the second random number in the second cipher text by adopting a cipher hash function to obtain the session key.
Further, the apparatus further comprises:
the third acquisition module is used for acquiring the current time as a timestamp before the encryption module encrypts the character string;
the encryption module is specifically configured to encrypt the character string and the timestamp.
After introducing the identity authentication method and apparatus for an internet of things terminal according to an exemplary embodiment of the present application, a computing apparatus according to another exemplary embodiment of the present application is introduced next.
As will be appreciated by one skilled in the art, aspects of the present application may be embodied as a system, method or program product. Accordingly, various aspects of the present application may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
In some possible implementations, a computing device according to the present application may include at least one processor, and at least one memory. The memory stores program codes, and when the program codes are executed by the processor, the processor executes the steps of the identity authentication method of the terminal of the internet of things according to various exemplary embodiments of the present application, which are described above in the specification. For example, the processor may perform step 201 as shown in FIG. 2 along with step 206 or step 401 as shown in FIG. 4 along with step 405.
The computing device 130 according to this embodiment of the present application is described below with reference to fig. 8. The computing device 130 shown in fig. 8 is only an example, and should not bring any limitation to the function and the scope of use of the embodiments of the present application.
As shown in FIG. 8, computing device 130 is embodied in the form of a general purpose computing device. Components of computing device 130 may include, but are not limited to: the at least one processor 131, the at least one memory 132, and a bus 133 that connects the various system components (including the memory 132 and the processor 131).
Bus 133 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, a processor, or a local bus using any of a variety of bus architectures.
The memory 132 may include readable media in the form of volatile memory, such as Random Access Memory (RAM)1321 and/or cache memory 1322, and may further include Read Only Memory (ROM) 1323.
Memory 132 may also include a program/utility 1325 having a set (at least one) of program modules 1324, such program modules 1324 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Computing device 130 may also communicate with one or more external devices 134 (e.g., keyboard, pointing device, etc.), and may also communicate with one or more devices that enable a user to interact with computing device 130, and/or with any devices (e.g., router, modem, etc.) that enable computing device 130 to communicate with one or more other computing devices, such communication may occur via input/output (I/O) interfaces 135. also, computing device 130 may communicate with one or more networks (e.g., local area network (L AN), Wide Area Network (WAN) and/or a public network, such as the Internet) via network adapter 136. As shown, network adapter 136 communicates with other modules for computing device 130 via bus 133. it should be understood, although not shown, that other hardware and/or software modules may be used in conjunction with computing device 130, including, but not limited to, microcode, device drivers, redundant processors, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, etc.
In some possible embodiments, the aspects of the identity authentication method for an internet of things terminal provided in the present application may also be implemented in the form of a program product, which includes program code for causing a computer device to execute the steps in the identity authentication method for an internet of things terminal according to various exemplary embodiments of the present application described above in this specification when the program product runs on the computer device, for example, the computer device may execute step 201 and step 206 shown in fig. 2 or step 401 and step 405 shown in fig. 4.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The program product for identity authentication of an internet of things terminal of the embodiments of the present application may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a computing device. However, the program product of the present application is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including AN object oriented programming language such as Java, C + +, or the like, as well as conventional procedural programming languages, such as the "C" language or similar programming languages.
It should be noted that although several units or sub-units of the apparatus are mentioned in the above detailed description, such division is merely exemplary and not mandatory. Indeed, the features and functions of two or more units described above may be embodied in one unit, according to embodiments of the application. Conversely, the features and functions of one unit described above may be further divided into embodiments by a plurality of units.
Further, while the operations of the methods of the present application are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (10)

1. An identity authentication method for an internet of things terminal is characterized by comprising the following steps:
receiving authentication information which is sent by a module end and carries a first ciphertext and a unique identifier of the module end; the first ciphertext comprises a first random number and a module end unique identifier;
decrypting the first ciphertext according to a preset symmetric key to obtain a first random number and a character string of the unique identifier of the module end;
extracting the unique identifier of the module end from the character string according to the random number and the arrangement rule of the unique identifier of the module end;
comparing the extracted unique module end identifier with the unique module end identifier in the authentication information;
if the extracted module end unique identification is the same as the module end unique identification in the authentication information, determining that the authentication is successful;
and if the extracted module end unique identification is different from the module end unique identification in the authentication information, determining that the authentication fails.
2. The method of claim 1, wherein after determining that authentication is successful, the method further comprises:
generating a second random number;
encrypting the second random number by using a preset symmetric key to obtain a second ciphertext;
and sending the second ciphertext to the module end so that the module end calculates the first random number and the second random number in the second ciphertext by adopting a password hash function to obtain a session key.
3. The method of claim 2, wherein after sending the second ciphertext to the module, further comprising:
and calculating the second random number and the first random number in the first cipher text by adopting a cipher hash function to obtain a session key.
4. The method of claim 1, wherein the first ciphertext further comprises a timestamp, the method further comprising:
acquiring current time;
determining whether the time difference value between the current time and the time stamp in the first ciphertext is within a preset time difference value range;
determining that the authentication is successful, specifically comprising:
if the time difference value is in a preset time difference value range, and the extracted unique module end identifier is the same as the unique module end identifier in the authentication information, the authentication is determined to be successful;
determining authentication failure, specifically including:
if the time difference value is not within the range of the preset time difference value; and/or determining that the authentication fails if the extracted module end unique identifier is different from the module end unique identifier in the authentication information.
5. The method of claim 3, wherein after calculating the session key, the method further comprises:
randomly generating a first public key and a corresponding first private key;
encrypting the session key by adopting a first public key to obtain a first part of ciphertext, and encrypting the first private key by adopting a second public key to obtain a second part of ciphertext; the second public key is a platform server identity ID;
and sending the first part of ciphertext and the second part of ciphertext to the cloud platform server, so that the cloud platform server decrypts the second part of ciphertext according to a pre-stored second private key corresponding to the second public key to obtain a first private key, and then decrypts the first part of ciphertext by using the first private key to obtain a session key.
6. An identity authentication method for an internet of things terminal is characterized by comprising the following steps:
generating a first random number;
acquiring a unique identifier of a module end;
sequencing the first random number and the unique module end identifier according to the arrangement rule of the random number and the unique module end identifier to obtain a character string of the first random number and the unique module end identifier;
encrypting the character string by using a preset symmetric key to obtain a first ciphertext;
and sending the first ciphertext and the unique identifier of the module end as authentication information to an authentication server.
7. The method of claim 6, further comprising:
receiving a second ciphertext sent by the authentication server;
decrypting the second ciphertext by using a preset symmetric key to obtain a second random number;
and calculating the first random number and the second random number in the second ciphertext by adopting a password hash function to obtain a session key.
8. The method of claim 6, wherein prior to encrypting the string, further comprising:
acquiring the current time as a timestamp;
encrypting the character string specifically includes:
and encrypting the character string and the time stamp.
9. An identity authentication device of an internet of things terminal, the identity authentication device comprising:
the receiving module is used for receiving authentication information which is sent by the module end and carries a first ciphertext and the unique identifier of the module end; the first ciphertext comprises a first random number and a module end unique identifier;
the decryption module is used for decrypting the first ciphertext according to a preset symmetric key to obtain a first random number and a character string of the unique identifier of the module end;
the extraction module is used for extracting the unique identifier of the module end from the character string according to the random number and the arrangement rule of the unique identifier of the module end;
the determining module is used for determining that the authentication is successful if the extracted module end unique identifier is the same as the module end unique identifier in the authentication information; and if the extracted module end unique identification is different from the module end unique identification in the authentication information, determining that the authentication fails.
10. An identity authentication device of an internet of things terminal, the identity authentication device comprising:
a generating module for generating a first random number;
the acquisition module is used for acquiring the unique identifier of the module end;
the sorting module is used for sorting the first random number and the unique module end identifier according to the arrangement rule of the random number and the unique module end identifier to obtain a character string of the first random number and the unique module end identifier;
the encryption module is used for encrypting the character string by using a preset symmetric key to obtain a first ciphertext;
and the sending module is used for sending the first ciphertext and the unique identifier of the module end to an authentication server as authentication information.
CN201910032485.5A 2019-01-14 2019-01-14 Identity authentication method and device for terminal of Internet of things and storage medium Pending CN111435913A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910032485.5A CN111435913A (en) 2019-01-14 2019-01-14 Identity authentication method and device for terminal of Internet of things and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910032485.5A CN111435913A (en) 2019-01-14 2019-01-14 Identity authentication method and device for terminal of Internet of things and storage medium

Publications (1)

Publication Number Publication Date
CN111435913A true CN111435913A (en) 2020-07-21

Family

ID=71579937

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910032485.5A Pending CN111435913A (en) 2019-01-14 2019-01-14 Identity authentication method and device for terminal of Internet of things and storage medium

Country Status (1)

Country Link
CN (1) CN111435913A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106357400A (en) * 2016-11-07 2017-01-25 福建星海通信科技有限公司 Method and system for establishing channel between TBOX terminal and TSP platform
WO2017036310A1 (en) * 2015-08-31 2017-03-09 阿里巴巴集团控股有限公司 Authentication information update method and device
CN107317789A (en) * 2016-04-27 2017-11-03 华为技术有限公司 Key distribution, authentication method, apparatus and system
US20170373845A1 (en) * 2013-09-10 2017-12-28 M2M And Lot Technologies, Llc Key Derivation for a Module Using an Embedded Universal Integrated Circuit Card

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170373845A1 (en) * 2013-09-10 2017-12-28 M2M And Lot Technologies, Llc Key Derivation for a Module Using an Embedded Universal Integrated Circuit Card
WO2017036310A1 (en) * 2015-08-31 2017-03-09 阿里巴巴集团控股有限公司 Authentication information update method and device
CN107317789A (en) * 2016-04-27 2017-11-03 华为技术有限公司 Key distribution, authentication method, apparatus and system
CN106357400A (en) * 2016-11-07 2017-01-25 福建星海通信科技有限公司 Method and system for establishing channel between TBOX terminal and TSP platform

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
李宁编著: "《物联网基础理论与应用》", 1 July 2012, 北京邮电大学出版社 *
段传林编著: "《电子商务基础》", 31 December 2007, 冶金工业出版社 *
陈卓编著: "《网络安全编程与实践》", 1 August 2008, 国防工业出版社 *

Similar Documents

Publication Publication Date Title
CN106357649B (en) User identity authentication system and method
CN104219228B (en) A kind of user's registration, user identification method and system
CN108737394B (en) Offline verification system, code scanning device and server
CN104394172B (en) Single-sign-on apparatus and method
CN102017578B (en) Network helper for authentication between a token and verifiers
CN108650082B (en) Encryption and verification method of information to be verified, related device and storage medium
US20150350196A1 (en) Terminal authentication system, server device, and terminal authentication method
CN109756500B (en) Anti-quantum computation HTTPS communication method and system based on multiple asymmetric key pools
CN104660605A (en) Multi-factor identity authentication method and system
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
US9154304B1 (en) Using a token code to control access to data and applications in a mobile platform
CN107465689B (en) Key management system and method of virtual trusted platform module in cloud environment
CN106130716B (en) Key exchange system and method based on authentication information
CN104836784A (en) Information processing method, client, and server
JP2001177513A (en) Authenticating method in communication system, center equipment, and recording medium with authentication program recorded thereon
KR101739203B1 (en) Password-based user authentication method using one-time private key-based digital signature and homomorphic encryption
WO2018120938A1 (en) Offline key transmission method, terminal and storage medium
CN111080299B (en) Anti-repudiation method for transaction information, client and server
CN111526007A (en) Random number generation method and system
CN111010399A (en) Data transmission method and device, electronic equipment and storage medium
CN111416807A (en) Data acquisition method, device and storage medium
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN108932425B (en) Offline identity authentication method, authentication system and authentication equipment
CN106850207B (en) Identity identifying method and system without CA
CN111435913A (en) Identity authentication method and device for terminal of Internet of things and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination