CN111814132B - Security authentication method and device, security authentication chip and storage medium - Google Patents
Security authentication method and device, security authentication chip and storage medium Download PDFInfo
- Publication number
- CN111814132B CN111814132B CN202010957911.9A CN202010957911A CN111814132B CN 111814132 B CN111814132 B CN 111814132B CN 202010957911 A CN202010957911 A CN 202010957911A CN 111814132 B CN111814132 B CN 111814132B
- Authority
- CN
- China
- Prior art keywords
- data
- electronic equipment
- certificate
- security
- verified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000003860 storage Methods 0.000 title claims abstract description 12
- 238000004519 manufacturing process Methods 0.000 claims abstract description 11
- 238000012795 verification Methods 0.000 claims description 15
- 238000004422 calculation algorithm Methods 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 5
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 230000015572 biosynthetic process Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 238000004904 shortening Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Abstract
The application provides a security authentication method and device, a security authentication chip and a storage medium, wherein the method comprises the following steps: acquiring the security level of the electronic equipment to be authenticated; executing a security authentication strategy corresponding to the security level according to the security level, and performing security authentication on the electronic equipment; wherein, different security levels correspond to different security authentication policies. The method reduces the data processing amount in the safety certification process, shortens the safety certification time, enhances the generalization of the encryption chip, is beneficial to the formation of the self ecological system, and reduces the production cost.
Description
Technical Field
The present application relates to the field of security technologies, and in particular, to a security authentication method and apparatus, a security authentication chip, and a storage medium.
Background
The safety certification chip can be used as an accessory of the upper computer to carry out safety protection on the upper computer. When the upper computer interacts with the security chip, security authentication needs to be performed on the security chip to verify the identity of the security chip, and security is guaranteed.
Under different application scenarios, the security chip has different security level requirements, for example, when the security chip is installed in an earphone plug, the security level requirements are very low, and when the security chip is installed in a plug of a bank U shield, the security level requirements are very high. In the prior art, no matter what the requirement of the security level of the chip is, the upper computer checks all data of the chip, which inevitably increases the data processing amount of the upper computer, wastes data processing resources and prolongs the security authentication time.
Disclosure of Invention
The embodiment of the application provides a security authentication method, which is used for carrying out targeted security authentication on electronic equipment, reducing data processing amount in the security authentication process, shortening security authentication time, enhancing the generalization of an encryption chip, being beneficial to the formation of an own ecosystem and reducing production cost.
The application provides a security authentication method, which comprises the following steps:
acquiring the security level of the electronic equipment to be authenticated;
executing a security authentication strategy corresponding to the security level according to the security level, and performing security authentication on the electronic equipment;
wherein, different security levels correspond to different security authentication policies.
In an embodiment, the obtaining the security level of the electronic device to be authenticated includes:
and determining the security level of the electronic equipment according to the service request of the electronic equipment.
In an embodiment, the performing, according to the security level, a security authentication policy corresponding to the security level to perform security authentication on the electronic device includes:
if the security level indicates a first level, a second level or a third level, determining the type of the data to be verified as one or more of factory information data according to the security level;
acquiring the data to be verified from the electronic equipment; the data to be verified is encrypted by a private key of the electronic equipment;
decrypting the data to be verified by using the public key of the electronic equipment;
and after the data to be verified is successfully decrypted, performing rationality verification on the data to be verified.
In an embodiment, the performing, according to the security level, a security authentication policy corresponding to the security level to perform security authentication on the electronic device includes:
if the security level indicates a fourth level, determining the type of the data to be verified corresponding to the fourth level as certificate data and factory information data;
acquiring data to be verified from the electronic equipment;
verifying the certificate data;
and decrypting and checking the rationality of the factory information data.
In an embodiment, the verifying the certificate data includes:
acquiring a first information abstract by using the certificate data;
calculating a second information abstract through an information abstract algorithm;
and comparing the first information abstract with the second information abstract, and if the comparison is successful, indicating that the verification is successful.
In an embodiment, the performing, according to the security level, a security authentication policy corresponding to the security level to perform security authentication on the electronic device includes:
if the security level indicates a fifth level, verifying certificate data and factory information data of the electronic equipment;
sending a first message to the electronic equipment; the first message is obtained by encrypting a public key of the electronic equipment;
comparing the first message with a second message returned by the electronic equipment, and if the comparison is successful, indicating that the verification is successful; and the second message is obtained by decrypting the electronic equipment through a private key.
In an embodiment, the performing, according to the security level, a security authentication policy corresponding to the security level to perform security authentication on the electronic device includes:
if the security level indicates a sixth level, verifying certificate data and factory information data of the electronic equipment;
sending the encrypted message to the electronic equipment, and checking a decrypted message returned by the electronic equipment;
and verifying whether the certificate serial number in the certificate data is unique.
In another aspect, the present application further provides a security authentication apparatus, including:
the level acquisition module is used for acquiring the security level of the electronic equipment to be authenticated;
the safety authentication module is used for executing a safety authentication strategy corresponding to the safety level according to the safety level and carrying out safety authentication on the electronic equipment; wherein, different security levels correspond to different security authentication policies.
Further, the present application also provides a security authentication chip, wherein the security authentication chip includes:
a processor;
a memory for storing processor-executable instructions;
wherein, the processor is configured to execute the security authentication method provided by the embodiment of the application.
Further, the present application also provides a computer-readable storage medium, where the storage medium stores a computer program, and the computer program is executable by a processor to complete the security authentication method provided by the embodiments of the present application.
According to the technical scheme provided by the embodiment of the application, the security level of the electronic equipment to be authenticated is acquired, the security authentication strategy corresponding to the security level is executed according to the security level, and the electronic equipment is subjected to security authentication.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required to be used in the embodiments of the present application will be briefly described below.
Fig. 1 is a schematic view of an application scenario of a security authentication method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a security authentication method according to an embodiment of the present application;
fig. 3 is a detailed flowchart of step S220 according to an embodiment of the present application;
fig. 4 is a detailed flowchart of step S220 according to another embodiment of the present application;
FIG. 5 is a detailed flowchart of step S430 in the corresponding embodiment of FIG. 4;
fig. 6 is a detailed flowchart of step S220 according to another embodiment of the present application;
fig. 7 is a detailed flowchart of step S220 according to another embodiment of the present application;
fig. 8 is a block diagram of a security authentication apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
Like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Fig. 1 is a schematic view of an application scenario of a security authentication method according to an embodiment of the present application. As shown in fig. 1, the application scenario includes: host computer 110 and electronic equipment 120. The upper computer 110 may be a device for performing security authentication on the electronic device 120, such as a computer, a mobile phone, and the like. The electronic device 120 may be a headset plug, a security chip inside a charging plug. The upper computer 110 can perform targeted security authentication on the electronic device 120 by using the method provided by the embodiment, so that the data processing amount in the security authentication process is reduced, and the security authentication time is shortened.
The present application also provides a security authentication chip 130. The security authentication chip 130 may be an accessory of the upper computer 110 or an accessory of the electronic device 120. The secure authentication chip 130 may include a processor 111 and a memory 112 for storing instructions executable by the processor 111; wherein the processor 111 is configured to execute the security authentication method provided herein.
The Memory 112 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk.
The present application also provides a computer-readable storage medium storing a computer program executable by the processor 111 to perform the security authentication method provided herein.
Fig. 2 is a schematic flowchart of a security authentication method according to an embodiment of the present application. The method may be executed by a host computer, as shown in fig. 2, and includes the following steps S210-S220.
Step S210: and acquiring the security level of the electronic equipment to be authenticated.
The electronic device has different requirements on security and different security risks according to different application scenarios. For example, the chip security requirements in the headset are lower, while the chip security requirements in the bank U shield are higher. According to the level of the safety requirement of the electronic equipment, a plurality of different safety levels can be divided. In this step, the security level of the electronic device to be authenticated is obtained.
Step S220: executing a security authentication strategy corresponding to the security level according to the security level, and performing security authentication on the electronic equipment; wherein, different security levels correspond to different security authentication policies.
The security authentication policy refers to a manner of security authentication for the electronic device. And the different security levels correspond to different security authentication strategies, and the security strategy corresponding to the security level is executed according to the security level of the electronic equipment. In different security authentication policies, different security authentication modes can be adopted, or different security authentication conditions can be set. And when the electronic equipment meets the safety certification condition, indicating that the safety certification is successful, and if the safety certification condition is not met, indicating that the safety certification fails. In one embodiment, if the security requirements of the electronic device are higher, i.e., the security level is higher, the more complex the security authentication policy to be implemented and the lower the security risk.
According to the technical scheme provided by the embodiment of the application, the security level of the electronic equipment to be authenticated is acquired, the security authentication strategy corresponding to the security level is executed according to the security level, and the electronic equipment is subjected to security authentication.
In one embodiment, step S210 includes: and determining the security level of the electronic equipment according to the service request of the electronic equipment.
Since the electronic device may be maliciously replaced or the service request may be tampered with, there is still a high security risk in pre-storing the security level of the electronic device and directly performing security authentication according to the pre-stored security level. In addition, the electronic device may have different functions at different times and may send different service requests, so that it is inconvenient to set a fixed security level for the electronic device.
Considering these factors, the security level of the electronic device may be determined according to the service request after receiving the service request sent by the electronic device each time. In an embodiment, all the service requests that may occur may be divided into different security levels, a corresponding set of the service requests and the security levels is pre-stored, and when a service request sent by the electronic device is received, the security level corresponding to the service request is found from the corresponding set.
In one embodiment, the service request may include a transfer of funds, a voice transmission, and the like. Correspondingly, the safety level of the fund transfer can be set as A level, and the safety level of the voice transmission can be set as B level. If a service request sent by electronic equipment is fund transfer, determining the security level of the electronic equipment to be A level; and if the service request sent by the electronic equipment is voice transmission, determining that the security level of the electronic equipment is B level.
In one embodiment, as shown in FIG. 3, step S220 includes the following steps S310-S340.
Step S310: and if the security level indicates a first level, a second level or a third level, determining the type of the data to be verified as one or more of factory information data according to the security level.
The factory information data refers to inherent information data of the electronic device, and may include model data, manufacturer data, production date, validity period, developer information, manufacturing information, and the like. According to different security levels, the type of the data to be verified of the electronic device can be one or more of factory information data. The higher the security level, the more data types are to be verified.
In one embodiment, when the security level indicates a first level, determining that the type of data to be verified is model data; when the security level indicates a second level, determining the type of the data to be verified as model data, manufacturer data and production date; when the security level indicates a third level, it is determined that the type of data to be verified is model data, manufacturer data, production date, and validity period.
In other embodiments, the data type to be verified may further include other data types in the factory information data according to different security levels.
Step S320: acquiring the data to be verified from the electronic equipment; and the data to be verified is encrypted by a private key of the electronic equipment.
After determining the data type to be verified, the data type to be verified may be sent to the electronic device. The electronic device encrypts the data to be verified with its own private key. In this step, the encrypted data to be verified is obtained from the electronic device.
Step S330: and decrypting the data to be verified by using the public key of the electronic equipment.
The public key and the private key of the electronic equipment form a unique pair of keys, and the information encrypted by the private key of the electronic equipment can only be decrypted by the public key corresponding to the private key. In an upper computer for carrying out security authentication on the electronic equipment, a public key of the electronic equipment is prestored, and the public key is utilized to decrypt data to be verified. If the decryption succeeds, the private key of the electronic equipment and the public key prestored in the upper computer are paired, and the authenticity of the identity of the electronic equipment can be proved to a certain extent.
Step S340: and after the data to be verified is successfully decrypted, performing rationality verification on the data to be verified.
The rationality check refers to checking whether the data is reasonable. Because the acquired data to be verified are all data with real significance, whether the data are reasonable or not can be verified, and the identity of the electronic equipment can be further verified. In one embodiment, it may be verified whether the vendor data is a valid vendor, or whether the production date and expiration date are in a valid date range.
In one embodiment, as shown in FIG. 4, step S220 includes the following steps S410-S440.
Step S410: and if the security level indicates a fourth level, determining the type of the data to be verified corresponding to the fourth level as certificate data and factory information data.
The certificate data refers to digital certificate data of the electronic device. The digital certificate is issued by a certificate authority and can verify the identity of the holder of the digital certificate.
Step S420: and acquiring the data to be verified from the electronic equipment.
The factory information data is encrypted by a private key of the electronic equipment, and the certificate data is encrypted by a private key of a certificate authority.
Step S430: and verifying the certificate data.
To verify the certificate data, the public key of the certificate authority is used to decrypt the certificate data. In an embodiment, the upper computer first pre-stores a root certificate, in which a public key of a certificate authority is pre-stored. The certificate data can be decrypted by using the root certificate, so that the certificate data is verified.
Step S440: and decrypting and checking the rationality of the factory information data.
In this step, the method for decrypting and checking the rationality of the factory information data may refer to the embodiment corresponding to fig. 3, and will not be described herein again.
In one embodiment, as shown in fig. 5, step S430 specifically includes the following steps S510-S530.
Step S510: and acquiring a first information abstract by using the certificate data.
When the electronic device registers the certificate, the certificate authority distributes the certificate to the pair of key pairs of the electronic device. Wherein the private key is retained by the electronic device and the public key is recorded in the certificate. When the electronic equipment sends information, first information abstract which is uniquely corresponding to the information is generated through an information abstract algorithm, then the first information abstract is encrypted through a private key, and the information, the first information abstract and the certificate are sent to the upper computer together. In one embodiment, the message digest algorithm may be MD5, SHA-1, SHA-256, RIPEMD128, RIPEMD160, or the like, including but not limited to these algorithms.
After the upper computer receives the data, the upper computer can decrypt the certificate by using the public key of the certificate authority, and after the certificate data is decrypted successfully, the certificate is a trustable certificate issued by the certificate authority. And acquiring the public key of the electronic equipment from the certificate, and decrypting the first message digest by using the public key.
Step S520: and calculating a second message digest through a message digest algorithm.
And calculating a second information abstract through the received information by adopting an information abstract algorithm which is the same as that of the electronic equipment.
Step S530: and comparing the first information abstract with the second information abstract, and if the comparison is successful, indicating that the verification is successful.
Because the information digests generated by different information are different through the information digest algorithm, the directly received information digest is compared with the information digest generated by calculation, and if the comparison is successful, the information is not tampered in the transmission process. In this step, the first information abstract and the second information abstract are compared, and if the comparison is successful, the certificate data is verified successfully.
In one embodiment, as shown in FIG. 6, step S220 includes the following steps S610-S630.
Step S610: and if the safety level indicates a fifth level, verifying the certificate data and the factory information data of the electronic equipment.
For verifying the certificate data and the factory information data of the electronic device, embodiments corresponding to fig. 3, fig. 4, and fig. 5 may be referred to.
Step S620: sending a first message to the electronic equipment; the first message is obtained by encrypting the public key of the electronic equipment.
And encrypting the first message by using the public key of the electronic equipment, and sending the encrypted first message to the electronic equipment.
Step S630: comparing the first message with a second message returned by the electronic equipment, and if the comparison is successful, indicating that the verification is successful; and the second message is obtained by decrypting the electronic equipment through a private key.
After receiving the first message, the electronic device may decrypt the first message with the private key, and the message after decryption is referred to as a second message. And after the decryption is successful, sending the second message to the upper computer. And after receiving the second message, the upper computer compares the second message with the first message, and if the comparison is successful, the verification is successful.
In one embodiment, as shown in FIG. 7, step S220 includes the following steps S710-S730.
Step S710: and if the safety level indicates a sixth level, verifying the certificate data and the factory information data of the electronic equipment.
The specific implementation process of this step may refer to the embodiments corresponding to fig. 3, fig. 4, and fig. 5.
Step S720: and sending the encrypted message to the electronic equipment, and checking the decrypted message returned by the electronic equipment.
The specific implementation process of this step may refer to the embodiment corresponding to fig. 6.
Step S730: and verifying whether the certificate serial number in the certificate data is unique.
In order to further ensure the safety, one upper computer can only bind one electronic device, namely, the certificate serial number of the electronic device corresponding to the upper computer is unique. The certificate data sent by the electronic device includes the certificate serial number, and in this step, it is verified whether the certificate serial number is unique. In an embodiment, when a certificate serial number sent by the electronic device is received for the first time, the certificate serial number may be stored, and then the received certificate serial number is compared with the stored certificate serial number each time, if the comparison is successful, the certificate serial number is unique, the verification is successful, otherwise, the verification fails.
The following is an embodiment of the apparatus of the present application, which can be used to execute the above-mentioned embodiments of the security authentication method of the present application. For details not disclosed in the embodiments of the device of the present application, please refer to the embodiments of the security authentication method of the present application.
Fig. 8 is a block diagram of a security authentication apparatus according to an embodiment of the present application. As shown in fig. 8, the apparatus includes a level acquisition module 810 and a security authentication module 820.
The level obtaining module 810 is configured to obtain a security level of the electronic device to be authenticated.
A security authentication module 820, configured to execute a security authentication policy corresponding to the security level according to the security level, and perform security authentication on the electronic device; wherein, different security levels correspond to different security authentication policies.
The implementation process of the functions and actions of each module in the above device is specifically described in the implementation process of the corresponding step in the above security authentication method, and is not described herein again.
In the embodiments provided in the present application, the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Claims (4)
1. A method of secure authentication, the method comprising:
the method for acquiring the security level of the electronic equipment to be authenticated comprises the following steps: determining the security level of the electronic equipment according to the service request of the electronic equipment; wherein the higher the security requirement of the electronic device, the higher the security level;
when the security level indicates a first level, determining that the data to be verified is model data; when the security level indicates a second level, determining the data to be verified as model data, manufacturer data and production date; when the security level indicates a third level, determining that the data to be verified is model data, manufacturer data, production date and validity period; acquiring the data to be verified from the electronic equipment, wherein the data to be verified is encrypted by a private key of the electronic equipment, the public key of the electronic equipment is utilized to decrypt the data to be verified, and after the data to be verified is successfully decrypted, the data to be verified is subjected to rationality verification;
if the security level indicates a fourth level, determining that data to be verified corresponding to the fourth level are certificate data and factory information data, acquiring the data to be verified from the electronic equipment, when the electronic equipment registers a certificate, receiving a private key and a public key sent by a certificate authority by the electronic equipment, wherein the private key is reserved by the electronic equipment, the public key is recorded in the certificate, when the electronic equipment sends information, generating a first information summary corresponding to the information through an information summary algorithm, encrypting the first information summary through the private key, sending the information, the first information summary and the certificate to an upper computer, calculating a second information summary through the information summary algorithm, comparing the first information summary with the second information summary, and if the comparison is successful, if the verification is successful, decrypting and checking the rationality of the factory information data;
if the security level indicates a fifth level, verifying certificate data and factory information data of the electronic equipment; sending a first message to the electronic equipment; the first message is obtained by encrypting a public key of the electronic equipment; comparing the first message with a second message returned by the electronic equipment, and if the comparison is successful, indicating that the verification is successful; the second message is obtained by decrypting the electronic equipment through a private key;
if the security level indicates a sixth level, verifying certificate data and factory information data of the electronic equipment, sending an encrypted message to the electronic equipment, verifying a decrypted message returned by the electronic equipment, and verifying whether a certificate serial number in the certificate data is unique or not, including: and comparing the certificate serial number with the stored certificate serial number, wherein if the comparison is successful, the certificate serial number is unique.
2. A security authentication apparatus, characterized in that the apparatus comprises:
the grade acquisition module is used for acquiring the security grade of the electronic equipment to be authenticated, and comprises: determining the security level of the electronic equipment according to the service request of the electronic equipment; wherein the higher the security requirement of the electronic device, the higher the security level;
the safety authentication module is used for determining the data to be verified as model data when the safety level indicates a first level; when the security level indicates a second level, determining the data to be verified as model data, manufacturer data and production date; when the security level indicates a third level, determining that the data to be verified is model data, manufacturer data, production date and validity period; acquiring the data to be verified from the electronic equipment, wherein the data to be verified is encrypted by a private key of the electronic equipment, the public key of the electronic equipment is utilized to decrypt the data to be verified, and after the data to be verified is successfully decrypted, the data to be verified is subjected to rationality verification;
if the security level indicates a fourth level, determining that data to be verified corresponding to the fourth level are certificate data and factory information data, acquiring the data to be verified from the electronic equipment, when the electronic equipment registers a certificate, receiving a private key and a public key sent by a certificate authority by the electronic equipment, wherein the private key is reserved by the electronic equipment, the public key is recorded in the certificate, when the electronic equipment sends information, generating a first information summary corresponding to the information through an information summary algorithm, encrypting the first information summary through the private key, sending the information, the first information summary and the certificate to an upper computer, calculating a second information summary through the information summary algorithm, comparing the first information summary with the second information summary, and if the comparison is successful, if the verification is successful, decrypting and checking the rationality of the factory information data;
if the security level indicates a fifth level, verifying certificate data and factory information data of the electronic equipment; sending a first message to the electronic equipment; the first message is obtained by encrypting a public key of the electronic equipment; comparing the first message with a second message returned by the electronic equipment, and if the comparison is successful, indicating that the verification is successful; the second message is obtained by decrypting the electronic equipment through a private key;
if the security level indicates a sixth level, verifying certificate data and factory information data of the electronic equipment, sending an encrypted message to the electronic equipment, verifying a decrypted message returned by the electronic equipment, and verifying whether a certificate serial number in the certificate data is unique or not, including: and comparing the certificate serial number with the stored certificate serial number, wherein if the comparison is successful, the certificate serial number is unique.
3. A security authentication chip, the security authentication chip comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to perform the secure authentication method of claim 1.
4. A computer-readable storage medium, characterized in that the storage medium stores a computer program executable by a processor to perform the secure authentication method of claim 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010957911.9A CN111814132B (en) | 2020-09-14 | 2020-09-14 | Security authentication method and device, security authentication chip and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010957911.9A CN111814132B (en) | 2020-09-14 | 2020-09-14 | Security authentication method and device, security authentication chip and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111814132A CN111814132A (en) | 2020-10-23 |
| CN111814132B true CN111814132B (en) | 2021-08-03 |
Family
ID=72860713
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010957911.9A Active CN111814132B (en) | 2020-09-14 | 2020-09-14 | Security authentication method and device, security authentication chip and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111814132B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112989370B (en) * | 2021-02-09 | 2023-06-30 | 腾讯科技(深圳)有限公司 | Key filling method, system, device, equipment and storage medium |
| CN113360890A (en) * | 2021-06-10 | 2021-09-07 | 重庆科创职业学院 | Computer-based security authentication method and system |
| CN115022075B (en) * | 2022-06-29 | 2023-03-21 | 广东瑞普科技股份有限公司 | Computer network information security management method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108768664A (en) * | 2018-06-06 | 2018-11-06 | 腾讯科技(深圳)有限公司 | Key management method, device, system, storage medium and computer equipment |
| CN110113339A (en) * | 2019-05-08 | 2019-08-09 | 北京百度网讯科技有限公司 | Elevator information display terminal letter of identity acquisition methods and device |
| CN110278556A (en) * | 2018-03-13 | 2019-09-24 | 中兴通讯股份有限公司 | A kind of safety certification strategy determines method, equipment and computer readable storage medium |
| CN110769009A (en) * | 2019-12-29 | 2020-02-07 | 深圳竹云科技有限公司 | User identity authentication method and system |
-
2020
- 2020-09-14 CN CN202010957911.9A patent/CN111814132B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110278556A (en) * | 2018-03-13 | 2019-09-24 | 中兴通讯股份有限公司 | A kind of safety certification strategy determines method, equipment and computer readable storage medium |
| CN108768664A (en) * | 2018-06-06 | 2018-11-06 | 腾讯科技(深圳)有限公司 | Key management method, device, system, storage medium and computer equipment |
| CN110113339A (en) * | 2019-05-08 | 2019-08-09 | 北京百度网讯科技有限公司 | Elevator information display terminal letter of identity acquisition methods and device |
| CN110769009A (en) * | 2019-12-29 | 2020-02-07 | 深圳竹云科技有限公司 | User identity authentication method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111814132A (en) | 2020-10-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10708062B2 (en) | In-vehicle information communication system and authentication method | |
| CN111756533B (en) | System, method and storage medium for secure password generation | |
| US11258792B2 (en) | Method, device, system for authenticating an accessing terminal by server, server and computer readable storage medium | |
| CN111814132B (en) | Security authentication method and device, security authentication chip and storage medium | |
| CN106612180B (en) | Method and device for realizing session identification synchronization | |
| US20080005577A1 (en) | Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| WO2009158086A2 (en) | Techniques for ensuring authentication and integrity of communications | |
| CN110795126A (en) | Firmware safety upgrading system | |
| JP6387908B2 (en) | Authentication system | |
| CN112241527B (en) | Secret key generation method and system of terminal equipment of Internet of things and electronic equipment | |
| KR20200102213A (en) | Method and System for Providing Security on in-Vehicle Network | |
| CN113239363A (en) | Firmware updating method, device, equipment, readable storage medium and memory system | |
| CN108768941B (en) | Method and device for remotely unlocking safety equipment | |
| CN112019326A (en) | Vehicle charging safety management method and system | |
| CN113612852A (en) | Communication method, device, equipment and storage medium based on vehicle-mounted terminal | |
| CN114040401B (en) | Terminal authentication method and system | |
| CN111934862B (en) | Server access method and device, readable medium and electronic equipment | |
| CN111970122B (en) | Official APP identification method, mobile terminal and application server | |
| JP2015104020A (en) | Communication terminal device, communication terminal association system, communication terminal association method and computer program | |
| CN112261103A (en) | Node access method and related equipment | |
| CN109302442B (en) | Data storage proving method and related equipment | |
| CN107241341B (en) | Access control method and device | |
| CN115766192A (en) | UKEY-based offline security authentication method, device, equipment and medium | |
| CN114329522A (en) | Private key protection method, device, system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20201023 Assignee: Hangzhou Weiming Information Technology Co.,Ltd. Assignor: Zhejiang core Gravity Technology Co.,Ltd. Contract record no.: X2021330000325 Denomination of invention: Security authentication method and device, security authentication chip and storage medium Granted publication date: 20210803 License type: Common License Record date: 20210927 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20201023 Assignee: SHENZHEN YUANAI ELECTRONIC TECHNOLOGY CO.,LTD. Assignor: Zhejiang core Gravity Technology Co.,Ltd. Contract record no.: X2023980053655 Denomination of invention: Security authentication methods and devices, security authentication chips, storage media Granted publication date: 20210803 License type: Common License Record date: 20231222 |