CN111988267A - Authentication method and device for computing equipment - Google Patents
Authentication method and device for computing equipment Download PDFInfo
- Publication number
- CN111988267A CN111988267A CN201910441816.0A CN201910441816A CN111988267A CN 111988267 A CN111988267 A CN 111988267A CN 201910441816 A CN201910441816 A CN 201910441816A CN 111988267 A CN111988267 A CN 111988267A
- Authority
- CN
- China
- Prior art keywords
- authentication
- request message
- authenticated
- computing device
- authentication request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
After a to-be-authenticated computing device sends a registration request message to a cloud computing device, an authentication request message sent by the cloud computing device and corresponding to the registration request message is sent to the authenticated computing device, and then an obtained authentication response message returned by the authenticated computing device is sent to the cloud computing device, so that the distribution process with the authenticated computing device can be completed. Therefore, the authentication method for the computing equipment provided by the application is simple in steps, and user experience can be greatly improved.
Description
Technical Field
The application relates to the field of the internet of things, in particular to an authentication method and device for computing equipment and an authentication method and device for internet of things equipment.
Background
With the development of internet technology, in daily life, internet of things equipment is accessed into a WIFI network of a family environment or a working environment where a user is located, and the user is provided with service by configuring cooperative work among various internet of things equipment, so that more comfortable life can be provided for the user.
Generally speaking, the process of first accessing the internet of things device to the WIFI network is generally referred to as a distribution network. At present, the network distribution for the Internet of things equipment generally needs the following steps: 1. the user controls the Internet of things equipment to start a temporary WIFI hotspot and connects the Internet of things equipment with the universal two-factor authentication equipment; 2. the user uses mobile terminal equipment to connect the WIFI hotspot; 3. a user configures a network for the Internet of things equipment on the mobile terminal equipment and sends a registration request message to a cloud service corresponding to the Internet of things equipment; 4. the cloud service responds to a registration request of the Internet of things equipment and sends an authority authentication request message to the Internet of things equipment through an authority authentication scheme of universal cryptography two-factor authentication; 5. the general two-factor authentication equipment connected with the Internet of things equipment responds to an authentication request of the cloud service to generate a corresponding authentication response message, and then the Internet of things equipment sends the authentication response message to the cloud service; 6. and the cloud service accesses the Internet of things equipment into the network according to the authentication response message.
As described above, although the network distribution process can be completed in the current network distribution mode for the internet of things device, when the network is distributed for the internet of things device, the internet of things device needs to be controlled to start a temporary hotspot and be connected with the universal two-factor authentication device, and the internet of things device needs to be connected through the mobile terminal device, which is relatively complex in steps; moreover, as the phenomenon of unstable network and network fluctuation possibly exists in the WIFI hotspot started by the equipment of the internet of things, when messages are transmitted between the equipment of the internet of things, the user mobile terminal equipment and the cloud service, if the network fluctuation is frequent, the method also has the problem of slow response; in addition, because the current universal two-factor authentication equipment only supports connection of bluetooth, NFC and USB, but does not support connection through WIFI, the network distribution operation for each piece of internet of things equipment needs to control the internet of things equipment to be connected with the universal two-factor authentication equipment through one of the connection modes of bluetooth, NFC and USB, and the overall user experience is poor.
Disclosure of Invention
The application provides an authentication method for computing equipment, and aims to solve the problems that in the prior art, when the internet of things equipment is subjected to network distribution, the network distribution steps are complex, connection authentication cannot be carried out through a WIFI network and general two-factor authentication equipment, and user experience is poor.
The application provides an authentication method for a computing device, comprising:
sending a registration request message to the cloud computing device;
obtaining an authentication request message which is sent by the cloud computing device and corresponds to the registration request message;
sending the authentication request message to an authenticated computing device that has been authenticated;
obtaining an authentication response message corresponding to the authentication request message returned by the authenticated computing device;
and sending the authentication response message to the cloud computing equipment.
Optionally, the authentication request message includes security information pre-allocated to the cloud computing device by a security authentication processing device, where the security information is information for authenticating the computing device to be authenticated.
Optionally, the registration request message includes device identification information of the computing device to be authenticated that sent the registration request message.
Optionally, the registration request message further includes account information for logging in the cloud computing device.
Optionally, the authenticated computing device is a computing device registered and authenticated in the cloud computing device.
Optionally, the authenticated computing device is an authenticated wireless local area network router;
the sending the authentication request message to the authenticated computing device that has been authenticated, comprising:
and sending the authentication request message to the wireless local area network router through a wireless local area network.
The present application further provides an authentication apparatus for a computing device, comprising:
the registration request message sending unit is used for sending a registration request message to the cloud computing equipment;
the authentication request message acquisition unit is used for acquiring an authentication request message which is sent by the cloud computing equipment and corresponds to the registration request message;
an authentication request message sending unit for sending the authentication request message to an authenticated computing device that has been authenticated;
an authentication response message obtaining unit, configured to obtain an authentication response message corresponding to the authentication request message, where the authentication response message is returned by the authenticated computing device;
And the authentication response message sending unit is used for sending the authentication response message to the cloud computing equipment.
The present application further provides an authentication method for a computing device, comprising:
the authenticated computing equipment which is authenticated obtains an authentication request message sent by the computing equipment to be authenticated;
the authenticated computing device sending the authentication request message to a secure authentication processing device;
the authenticated computing device obtains an authentication response message provided by the secure authentication processing device and corresponding to the authentication request message;
the authenticated computing device sends the authentication response message to the computing device to be authenticated.
Optionally, the method further includes: after obtaining the authentication request message sent by the computing device to be authenticated, the authenticated computing device records the authentication request message of the computing device to be authenticated in a log of the authenticated computing device.
Optionally, the method further includes: the authenticated computing equipment obtains an authentication request message sent by the computing equipment to be authenticated through a wireless local area network, and sends an obtained authentication response message corresponding to the authentication request message to the computing equipment to be authenticated through the wireless local area network.
Optionally, the method further includes: the authenticated computing device sends the authentication request message to a security authentication processing device through a wireless local area network, and obtains an authentication response message corresponding to the authentication request message, which is provided by the security authentication processing device, through the wireless local area network.
The present application further provides an authentication apparatus for a computing device, applied to an authenticated computing device that has been authenticated, the apparatus comprising:
the authentication request message obtaining unit is used for obtaining an authentication request message sent by the computing equipment to be authenticated; an authentication request message sending unit configured to send the authentication request message to a security authentication processing apparatus;
an authentication response message obtaining unit, configured to obtain an authentication response message corresponding to the authentication request message, where the authentication response message is provided by the secure authentication processing apparatus;
and the authentication response message sending unit is used for sending the authentication response message to the computing equipment to be authenticated.
The present application further provides an authentication method for a computing device, comprising:
the security authentication processing equipment acquires an authentication request message sent by authenticated computing equipment which is authenticated, wherein the authentication request message is an authentication request message generated by cloud computing equipment aiming at computing equipment to be authenticated;
The security authentication processing equipment generates an authentication response message corresponding to the authentication request message aiming at the authentication request message;
the secure authentication processing device provides the authentication response message to the authenticated computing device.
Optionally, the method further includes: the secure authentication processing device obtains an authentication request message sent by the authenticated computing device through a wireless local area network, and provides an authentication response message corresponding to the authentication request message to the authenticated computing device through the wireless local area network.
Optionally, after obtaining the authentication request message sent by the authenticated computing device that has been authenticated, the secure authentication processing device further includes:
the security authentication processing equipment sends prompt information whether to approve verification of the authentication request message or not, and obtains a confirmation result aiming at the prompt information;
and if the confirmation result is that the authentication request message is approved to be verified, the safety authentication processing equipment generates an authentication response message corresponding to the authentication request message aiming at the authentication request message.
Optionally, the obtaining a confirmation result for the prompt information includes:
The safety certification processing equipment acquires the trigger aiming at the confirmation key on the safety certification processing equipment and acquires the confirmation result aiming at the prompt message according to the trigger result;
or the safety authentication processing equipment acquires the input safety information code, verifies the safety information code and acquires a confirmation result aiming at the prompt information according to a verification result.
Optionally, the authentication request message includes security information pre-allocated to the cloud computing device by a security authentication processing device, where the security information is information for authenticating a device to be authenticated;
the secure authentication processing device generates an authentication response message corresponding to the authentication request message for the authentication request message, including:
the security authentication processing equipment acquires a private key pre-distributed to the cloud computing equipment according to the security information;
and the safety certification processing equipment generates a certification response message corresponding to the certification request message according to the certification request message and the private key.
Optionally, the authentication request message includes challenge information signed by a public key corresponding to the private key;
The secure authentication processing device generates an authentication response message corresponding to the authentication request message according to the authentication request message and the private key, and the method comprises the following steps:
the security authentication processing equipment analyzes the challenge information according to the private key to obtain an analysis result;
if the analysis result is correct, the safety authentication processing equipment sends prompt information of whether to agree with verification information of the authentication request, and obtains a confirmation result aiming at the verification information;
and the safety certification processing equipment generates the certification response message according to the confirmation result.
The present application further provides an authentication apparatus for a computing device, applied to a security authentication processing device, the apparatus including:
the authentication request message obtaining unit is used for obtaining an authentication request message sent by authenticated computing equipment which is authenticated, wherein the authentication request message is an authentication request message generated by cloud computing equipment for computing equipment to be authenticated;
an authentication response message generation unit configured to generate an authentication response message corresponding to the authentication request message with respect to the authentication request message;
an authentication response message providing unit to provide the authentication response message to the authenticated computing device.
The application provides an authentication method for equipment of the Internet of things, which comprises the following steps:
when the Internet of things equipment is accessed to a network for the first time, sending an authentication request message to authenticated computing equipment;
the Internet of things equipment acquires an authentication response message which is returned by the authenticated computing equipment and corresponds to the authentication request message;
the internet of things device provides the authentication response message to a computing device for authenticating the internet of things device.
The application also provides an authentication device to thing networking device, is applied to thing networking device, the device includes:
an authentication request message issuing unit configured to issue an authentication request message to an authenticated computing device that has been authenticated, when the network is accessed for the first time;
an authentication response message obtaining unit, configured to obtain an authentication response message corresponding to the authentication request message, where the authentication response message is returned by the authenticated computing device;
an authentication response message providing unit, configured to provide the authentication response message to a computing device for authenticating the internet of things device.
The application also provides an authentication method for the internet of things equipment, which comprises the following steps:
the authenticated computing equipment which is authenticated acquires an authentication request message sent by the Internet of things equipment when the Internet of things equipment is accessed to the network for the first time;
And the authenticated computing equipment returns an authentication response message corresponding to the authentication request message to the Internet of things equipment aiming at the authentication request message.
The application also provides an authentication device to thing networking device, is applied to the authenticated computing device that has been authenticated, the device includes:
the authentication request message obtaining unit is used for obtaining an authentication request message sent by the Internet of things equipment when the Internet of things equipment is accessed to a network for the first time;
and the authentication response message returning unit is used for returning an authentication response message corresponding to the authentication request message to the internet of things equipment aiming at the authentication request message.
The application also provides an authentication method for the internet of things equipment, which comprises the following steps:
the method comprises the steps that a universal two-factor authentication device obtains an authentication request message sent by authenticated computing equipment which is authenticated, wherein the authentication request message is an authentication request message aiming at Internet of things equipment which is accessed to a network for the first time;
and the universal two-factor authentication equipment returns an authentication response message corresponding to the authentication request message to the authenticated computing equipment aiming at the authentication request message.
The application also provides an authentication device to thing networking device, is applied to general two-factor authentication equipment, the device includes:
The authentication request message obtaining unit is used for obtaining an authentication request message sent by authenticated computing equipment which is authenticated, wherein the authentication request message is an authentication request message aiming at Internet of things equipment which is accessed to a network for the first time;
and an authentication response message returning unit, configured to return, to the authenticated computing device, an authentication response message corresponding to the authentication request message, for the authentication request message.
Compared with the prior art, the method has the following advantages:
the application provides an authentication method for computing equipment, which comprises the following steps: sending a registration request message to the cloud computing device; obtaining an authentication request message which is sent by the cloud computing device and corresponds to the registration request message; sending the authentication request message to an authenticated computing device that has been authenticated; obtaining an authentication response message corresponding to the authentication request message returned by the authenticated computing device; and sending the authentication response message to the cloud computing equipment. After the computing device to be authenticated sends a registration request message to the cloud computing device, sending an authentication request message sent by the cloud computing device and corresponding to the registration request message to the authenticated computing device, and then sending an obtained authentication response message returned by the authenticated computing device to the cloud computing device, so that the distribution process with the authenticated computing device can be completed. Therefore, the authentication method for the computing equipment provided by the application is simple in steps, and user experience can be greatly improved.
The present application further provides an authentication method for a computing device, comprising: the authenticated computing equipment which is authenticated obtains an authentication request message sent by the computing equipment to be authenticated; the authenticated computing device sending the authentication request message to a secure authentication processing device; the authenticated computing device obtains an authentication response message provided by the secure authentication processing device and corresponding to the authentication request message; the authenticated computing device sends the authentication response message to the computing device to be authenticated. The authenticated computing equipment sends the obtained authentication request message of the computing equipment to be authenticated to the security authentication processing equipment, and sends the obtained authentication response message returned by the security authentication processing equipment to the computing equipment to be authenticated, so that the security of the authentication process of the computing equipment to be authenticated can be improved, the steps are simple, and the user experience can be greatly improved.
The present application further provides an authentication method for a computing device, comprising: the security authentication processing equipment acquires an authentication request message sent by authenticated computing equipment which is authenticated, wherein the authentication request message is an authentication request message generated by cloud computing equipment aiming at computing equipment to be authenticated; the security authentication processing equipment generates an authentication response message corresponding to the authentication request message aiming at the authentication request message; the secure authentication processing device returns the authentication response message to the authenticated computing device. The security authentication processing device obtains an authentication request message generated by the cloud computing device for the computing device to be authenticated from the authenticated computing device, generates a corresponding authentication response message for the authentication request message, and then returns the authentication response message to the authenticated computing device. The authentication method can improve the safety of the authentication process aiming at the computing equipment to be authenticated, has simple steps and can greatly improve the user experience.
The application also provides an authentication method for the internet of things equipment, which comprises the following steps: when the Internet of things equipment is accessed to a network for the first time, sending an authentication request message to authenticated computing equipment; the Internet of things equipment acquires an authentication response message which is returned by the authenticated computing equipment and corresponds to the authentication request message; the Internet of things equipment provides the authentication response information to computing equipment for authenticating the Internet of things equipment. When the internet of things equipment is accessed to the network for the first time, the internet of things equipment can be accessed to the network only by sending an authentication request message to authenticated computing equipment and providing an authentication response message returned by the authenticated computing equipment for the computing equipment used for authenticating the internet of things equipment. Therefore, the method provided by the application has simple steps and can greatly improve the user experience.
The application also provides an authentication method for the internet of things equipment, which comprises the following steps: the authenticated computing equipment which is authenticated acquires an authentication request message sent by the Internet of things equipment when the Internet of things equipment is accessed to the network for the first time; and the authenticated computing equipment returns an authentication response message corresponding to the authentication request message to the Internet of things equipment aiming at the authentication request message. Therefore, the method provided by the application has simple steps and can greatly improve the user experience.
The application also provides an authentication method for the internet of things equipment, which comprises the following steps: the method comprises the steps that a universal two-factor authentication device obtains an authentication request message sent by authenticated computing equipment which is authenticated, wherein the authentication request message is an authentication request message aiming at Internet of things equipment which is accessed to a network for the first time; and the universal two-factor authentication equipment returns an authentication response message corresponding to the authentication request message to the authenticated computing equipment aiming at the authentication request message. The method can improve the safety of the authentication process of the Internet of things equipment, has simple steps, and can greatly improve the user experience
Drawings
Fig. 1 is a schematic diagram of an application scenario of a first authentication method for a computing device according to a first embodiment of the present application;
fig. 2 is a flowchart of a first authentication method for a computing device according to a first embodiment of the present application;
fig. 3 is a schematic diagram of a message processing procedure in a first authentication method for a computing device according to a first embodiment of the present application;
fig. 4 is a schematic diagram of a first authentication apparatus for a computing device according to a second embodiment of the present application;
fig. 5 is a flowchart of a second authentication method for a computing device according to a third embodiment of the present application;
Fig. 6 is a schematic diagram of a second authentication apparatus for a computing device according to a fourth embodiment of the present application;
fig. 7 is a flowchart of a third authentication method for a computing device according to a fifth embodiment of the present application;
fig. 8 is a schematic diagram of a third authentication apparatus for a computing device according to a sixth embodiment of the present application;
fig. 9 is a flowchart of a first authentication method for an internet of things device according to a seventh embodiment of the present application;
fig. 10 is a schematic diagram of a first authentication apparatus for an internet of things device according to an eighth embodiment of the present application;
fig. 11 is a flowchart of a second authentication method for an internet of things device according to a ninth embodiment of the present application;
fig. 12 is a schematic diagram of a second authentication apparatus for an internet of things device according to a tenth embodiment of the present application;
fig. 13 is a flowchart of a third authentication method for an internet of things device according to an eleventh embodiment of the present application;
fig. 14 is a schematic diagram of a third authentication apparatus for an internet of things device according to a twelfth embodiment of the present application.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application. This application is capable of implementation in many different ways than those herein set forth and of similar import by those skilled in the art without departing from the spirit of this application and is therefore not limited to the specific implementations disclosed below.
In daily life, the network is usually distributed to devices in the internet of things in a one-key configuration (Smart configuration) mode and a flash mode, in addition to the mode described in the background of the present application. The one-key configuration mode mainly means that the Internet of things equipment monitors all messages in the network; the user encodes WIFI connection information (a WIFI name and a WIFI password) into a UDP message through the mobile terminal device, the WIFI connection information is sent through a broadcast packet or a multicast message, the Internet of things device receives the UDP message and then decodes and extracts the WIFI connection information, and therefore the mode of a distribution network is completed; the mode of flashing mainly means that a photodiode is configured on the Internet of things equipment, the photodiode is close to the mobile terminal equipment, and information required by a distribution network is transmitted by means of quick black-white conversion of a screen of the mobile terminal equipment, so that the mode of the distribution network is completed. Although the above methods can complete the distribution network process, the methods have the problems of more or less complicated steps and slow response, and therefore, the overall user experience is relatively poor.
In addition, when the internet of things equipment is distributed in three ways, the authority authentication is completed in a mode of challenge-response by using a Universal cryptography Two-Factor authentication (U2F, Universal Two Factor, hereinafter referred to as U2F) authority authentication scheme, the security of the internet of things equipment during distribution can be improved, however, when the U2F authority authentication scheme is implemented, verification needs to be done with a generic two-factor authentication device, i.e., a U2F device, while the U2F device supports only bluetooth NFC and USB connections, and therefore, when the U2F authority authentication scheme is adopted to distribute the network for the equipment of the Internet of things, although the security of the distribution network is improved, however, the internet of things equipment is required to be connected with the U2F equipment through the connection mode to complete authority authentication, so that the internet of things equipment supports the connection mode, which increases the cost of the internet of things equipment; if the Internet of things equipment does not support the connection mode, the universality and the usability of the scheme are reduced; in addition, even if the internet of things device supports connection with the U2F device through the above connection method to complete authority authentication, the internet of things device and the U2F device need to be paired and connected each time authority authentication is performed, and the steps are still relatively complicated. Therefore, in order to simplify the configuration steps and enhance the universality and the usability of the internet of things equipment while improving the security of the internet of things equipment distribution, in the application, the process of the internet of things distribution network is mainly as follows: the Internet of things equipment sends a registration request message to the cloud computing equipment; obtaining an authentication request message which is sent by the cloud computing device and corresponds to the registration request message; sending the authentication request message to an authenticated computing device that has been authenticated; obtaining an authentication response message corresponding to the authentication request message returned by the authenticated computing device; and sending the authentication response message to the cloud computing equipment.
First, in order to make those skilled in the art better understand the solution of the present application, a detailed description is given below of a specific application scenario of an embodiment of the present application based on the first authentication method for a computing device provided in the present application. Fig. 1 is a schematic view of an application scenario of a first authentication method for a computing device according to a first embodiment of the present application.
In a specific implementation process, the authentication method for the computing device is implemented by generally completing authentication processing for the computing device 101 to be authenticated through an authenticated computing device 102 and a security authentication processing device 104 which have access to a network when a user 105 needs to configure a network for the computing device 101 to be authenticated, that is, when the computing device 101 to be authenticated is registered in a cloud computing device 103, where the computing device 101 to be authenticated generally refers to an internet of things device to be authenticated, the internet of things device mainly refers to a smart desk lamp, a smart switch, a smart camera and other devices that are common in daily life, and in this embodiment, the computing device 101 to be authenticated is represented by the smart camera; the authenticated computing device 102 is mainly a computing device that has been authenticated by the cloud computing device and that completes the operation of the distribution network, and in this embodiment, the authenticated computing device 102 is represented by a wireless local area network router; the cloud computing device 103 generally refers to a remote computing device that provides registration and authentication services for the computing device to be authenticated, and performs remote control on the computing device that passes authentication; the secure authentication processing device 104 mainly refers to an authentication response device capable of responding to the cloud authentication request, and generally refers to a general two-factor authentication device. For example: when the user 105 needs to register the to-be-authenticated computing device 101 in the internet of things where the to-be-authenticated computing device is located, that is, when the to-be-authenticated computing device is registered in the cloud computing device 103, firstly, the user 105 operates a registration key (that is, a network configuration key) on the to-be-authenticated computing device 101, and meanwhile, the secure authentication processing device 104 is connected with the authenticated computing device 102; then, the to-be-authenticated computing device 101 sends a registration request message to the cloud computing device 103 in response to the operation of the user; the cloud computing device 103 responds to the registration request message of the computing device 101 to be authenticated, and sends an authentication request message corresponding to the registration request message to the computing device 101 to be authenticated; after obtaining the authentication request message sent by the cloud computing device 103, the to-be-authenticated computing device 101 sends the authentication request message to the authenticated computing device 102; after obtaining the authentication request message sent by the to-be-authenticated computing device 101, the authenticated computing device 102 sends the authentication request message to the secure authentication processing device 104; after obtaining the authentication request message sent by the authenticated computing device 102, the secure authentication processing device 104 generates a corresponding authentication response message for the authentication request message, and provides the authentication response message to the authenticated computing device 102; after obtaining the authentication response message provided by the secure authentication processing device 104, the authenticated computing device 102 sends the authentication response message to the computing device to be authenticated 101; then, the to-be-authenticated computing device 101 sends the authentication response message to the cloud computing device 103; after obtaining the authentication response message, the cloud computing device 103 verifies the authentication response message, and after the verification is passed, sends a message that the registration is successful to the computing device to be authenticated 101; after the computing device to be authenticated 101 is successfully registered, the secure authentication processing device is disconnected from the authenticated computing device by the user 105.
Fig. 2 is a flowchart of a first authentication method for a computing device according to a first embodiment of the present disclosure, and fig. 3 is a schematic diagram of a message processing procedure in the first authentication method for a computing device according to the first embodiment of the present disclosure, which is described in detail below with reference to fig. 2 and fig. 3.
Step S201, a registration request message is sent to the cloud computing device.
First, in this embodiment, when a network is configured for a computing device to be authenticated, a cloud computing device corresponding to the computing device to be authenticated needs to be bound with a security authentication processing device in advance. Namely, the cloud computing device corresponding to the computing device to be authenticated is registered to the security authentication processing device. For example: the security authentication device is a device U2F, and the cloud service address corresponding to the cloud computing device is xxx. Specifically, the cloud computing device sends a registration request message to the security authentication processing device; after obtaining the registration request message, the security authentication processing device generates a key pair, namely a public key-private key pair, which is dedicated to the cloud computing device, and security information, namely key-handle information, which is dedicated to the cloud computing device, and then sends the public key and the security information in the key pair to the cloud computing device; and after the cloud computing equipment obtains the public key and the safety information, storing the information in the storage equipment of the cloud computing equipment. At this point, the process of registering the cloud computing device into the security authentication processing device is completed; the security information is used for authenticating computation to be authenticated, and specifically, when the cloud computing device generates an authentication request message for the computing device to be authenticated, the security information is placed in a field corresponding to the authentication request message, and when the security authentication processing device acquires the authentication request message, key pair information corresponding to the cloud computing device is acquired according to the security information in the authentication request message. The following illustrates a detailed process of registering the cloud computing device with the secure authentication processing device.
Here, the U2F device and the cloud service xxx. Prior to registering the cloud service xxx.closed.com with the U2F device, first connecting the U2F device with a user computer device; then, accessing and logging in the cloud service in a user computer device, clicking a menu of 'binding U2F devices' provided by the cloud service, and then sending a registration request message to the U2F device by the cloud service; after acquiring the registration request message, the U2F device needs to verify the registration process of this time to prevent the device from being bound to the U2F device under the condition that the actual user is not aware of, wherein one verification method is that the user can perform the subsequent operation of binding the U2F device after having to log in the cloud service by using the dedicated account information; another form is that after the U2F device obtains the registration request message, a light is turned on or a screen is turned on to remind the user to confirm a prompt message of "whether to agree with registration", if the user clicks an agreement key on the U2F, verification is successful, and then the U2F device generates a dedicated key pair and a key-handle message for the cloud service according to the registration request message, then generates an authentication response message corresponding to the registration request message according to a public key in the key pair and the key-handle, and sends the authentication response message to the cloud service; and after obtaining the authentication response message, the cloud service analyzes the public key and the key-handle message in the authentication response message and stores the public key and the key-handle message in a corresponding storage. Therefore, the cloud computing device is registered in the security authentication processing device, when the network distribution of the computing device to be authenticated is carried out subsequently, the authority authentication of the network distribution of the computing device to be authenticated can be carried out through the security authentication processing device corresponding to the cloud computing device, and therefore the security of the computing device to be authenticated in the network distribution process is improved.
Secondly, after the cloud computing device is registered in the security authentication processing device, when the computing device to be authenticated is the network distribution device, step S201-1 shown in fig. 3 is executed, and a registration request message is sent, that is, the computing device to be authenticated sends a registration request message to the cloud computing device corresponding to the computing device to be authenticated, where in this embodiment, the computing device to be authenticated mainly refers to an internet of things device.
In practice, the internet of things device is usually produced by a corresponding manufacturer, and when a user specifically uses the internet of things device, the internet of things device is usually required to be registered in a cloud service provided by the manufacturer through account information provided by the manufacturer. For example: when a user is in a network distribution for the intelligent camera, the user usually needs to obtain unique account information at a cloud service provided by the manufacturer a in advance, where the cloud service may be accessed by accessing an address in the form of xxx. After the user obtains the corresponding account information, the user sends a registration request message to the cloud service by operating a distribution network key on the intelligent camera.
Generally, the registration request message includes device identification information of the computing device to be authenticated, and the cloud computing device obtains the registration request message of the computing device to be authenticated, then analyzes the device identification information of the computing device to be authenticated from the registration request message, and verifies whether the device identification information is legal in a corresponding device database. If the authentication is legal, the cloud computing equipment continues to authenticate the computing equipment to be authenticated; and if the authentication is illegal, sending a registration response message of 'registration failure' to the computing equipment to be authenticated. It should be noted that, in actual implementation, when the verification fails, other forms may be used as needed, or registration response messages with different contents may be set, and when the to-be-authenticated computing device obtains a registration response message of "registration failure", a red light may flash three times to remind the user of the registration failure.
In addition, the registration request message may further include account information for logging in the cloud computing device. And after the cloud computing equipment obtains the registration request message of the computing equipment to be authenticated, analyzing the account information from the registration request message, and verifying whether the account information is legal or not. And finishing one-time verification of the distribution network of the computing equipment to be authenticated, namely verifying whether the account information of the user is correct. After the first verification is successful, a second verification, or second authentication process, for the computing device to be authenticated may be started. It should be noted that, in the implementation, different authentication levels may also be set, such as: the account information is not verified, namely, one-time verification processing is omitted, and only secondary verification is carried out.
After the cloud computing device obtains the registration request message sent by the computing device to be authenticated and verifies the information in the registration request message, it may start secondary verification, i.e., secondary authentication processing, for the computing device to be authenticated, execute step S201-2 shown in fig. 3, and send an authentication request message, i.e., the cloud computing device sends an authentication request message corresponding to the registration request message to the computing device to be authenticated, for the registration request message.
And the cloud computing equipment sends an authentication request message corresponding to the registration request message to the computing equipment to be authenticated aiming at the registration request message. Specifically, the cloud computing device generates client data composed of challenge values, and signs the generated client data by using a public key returned during registration of the security authentication processing device to generate challenge information; and then, the cloud computing equipment encapsulates security information, namely key-handle information, the challenge information and other associated information, which is returned when the security authentication processing equipment is registered, to form an authentication request message corresponding to the registration request message. And sending the authentication request message to the computing device to be authenticated. The cloud computing device generates the corresponding authentication request message for the registration request message, and because detailed description is provided in the prior art, this process is only described here simply, and detailed processing is not repeated here.
Continuing with fig. 2, after step S201, step S202 is executed to obtain an authentication request message sent by the cloud computing device and corresponding to the registration request message.
In step S201, after the cloud computing device generates an authentication request message corresponding to a registration request message of the computing device to be authenticated and sends the authentication request message to the computing device to be authenticated, the computing device to be authenticated obtains the authentication request message.
Step S203, sending the authentication request message to the authenticated computing device that has been authenticated.
After the to-be-authenticated computing device obtains the authentication request message, the authentication request message needs to be processed by a security authentication processing device corresponding to the cloud computing device. In this embodiment, in order to facilitate user operations and save manufacturing cost of the computing device to be authenticated, the secure authentication processing device is connected to the authenticated computing device authenticated by the cloud computing device, and the authentication request message is forwarded by the authenticated computing device through a wireless local area network and sent to the secure authentication processing device. This process is described in detail below.
First, step S203-1 shown in fig. 3 is executed to send the authentication request message, i.e., the computing device to be authenticated sends the authentication request message to the authenticated computing device that has been authenticated.
In this embodiment, the authenticated computing device is an authenticated wireless local area network router, and the sending the authentication request message to the authenticated computing device is specifically sending the authentication request message to the wireless local area network router through a wireless local area network. If the to-be-authenticated computing device has obtained the IP address in the wireless local area network, the authentication request message can be directly sent to the wireless local area network router through the wireless local area network; if the to-be-authenticated computing equipment does not obtain the IP address in the wireless local area network, the connection information of the wireless local area network can be obtained in the one-key configuration mode, the wireless local area network is connected with the equipment, and the authentication request message is sent to the wireless local area network router.
After the to-be-authenticated computing device sends the authentication request message to the authenticated computing device that has been authenticated, step S203-2 shown in fig. 3 is executed, where the authentication request message is sent, that is, after the authenticated computing device that has been authenticated obtains the authentication request message sent by the to-be-authenticated computing device, the authentication request message is sent to a security authentication processing device.
Namely, the wireless local area network router obtains the authentication request message sent by the computing device to be authenticated through a wireless local area network, and sends the authentication request message to a security authentication processing device connected with the authenticated computing device. The security authentication processing device may be connected to the authenticated computing device through bluetooth, NFC, or USB, or may be connected to the authenticated computing device through an auxiliary wireless device through a wireless local area network, so as to obtain a message sent by the authenticated computing device through the wireless local area network, and provide the message to the authenticated computing device through the wireless local area network.
In addition, after obtaining the authentication request message sent by the computing device to be authenticated, the authenticated computing device may also record the authentication request message of the computing device to be authenticated in a log of the authenticated computing device. The user can check the authentication condition of the equipment through the log information when needed; in addition, the authenticated computing device may send risk early warning information to the user periodically according to the authentication data of the devices in the log, for example, if one device is frequently authenticated, an abnormal condition may exist, and at this time, the risk early warning information may be sent to the user for the user to confirm.
After the authenticated computing device that has been authenticated sends the authentication request message to the secure authentication processing device, step S203-3 shown in fig. 3 is performed, and the user is authenticated.
The security authentication processing device obtains an authentication request message sent by an authenticated computing device which has been authenticated, wherein the authentication request message is an authentication request message generated by the cloud computing device for the computing device to be authenticated. After obtaining the authentication request message, performing user verification, that is, sending prompt information indicating whether to approve verification of the authentication request message by the security authentication processing equipment, and obtaining a confirmation result aiming at the prompt information. For example, the computing device to be authenticated is an intelligent camera, the cloud service xxx.closed.com sends a corresponding authentication request message to the intelligent camera according to a registration request message of the intelligent camera, the intelligent camera sends the authentication request message to a corresponding wireless local area network router, the wireless local area network router sends the authentication request message to a U2F device connected with the wireless local area network router, after the U2F device acquires the authentication request message, the user is reminded to provide a presence certificate in a flashing light form, and after the user sees a U2F flashing light, the user can be confirmed according to the prompt information of U2F.
Wherein the obtaining of the confirmation result for the prompt information includes: the safety certification processing equipment acquires the trigger aiming at the confirmation key on the safety certification processing equipment and acquires the confirmation result aiming at the prompt message according to the trigger result; or the safety authentication processing equipment acquires the input safety information code, verifies the safety information code and acquires a confirmation result aiming at the prompt information according to a verification result. For example: the user can click on a key of the U2F device to provide user presence evidence; a preset security information code may also be input into the U2F device, and then the U2F device verifies the security information code and confirms that the user provides the user presence certificate after the verification is successful. It should be noted that, according to different application scenarios or different levels of the wind control, different confirmation forms may be adopted, for example, it may be completely unnecessary for the user to provide a presence certificate, or it may be only necessary for the user to click a button on the security authentication processing device, or it may be necessary for the user to input a security check code, which is not described herein again.
After the confirmation result of the user is obtained, step S203-4 shown in fig. 3 is performed to generate an authentication response message.
That is, after obtaining the confirmation result of the user verification, the secure authentication processing apparatus generates, for the authentication request message, an authentication response message corresponding to the authentication request message, including: the security authentication processing equipment acquires a private key pre-allocated to the cloud computing equipment according to the security information in the authentication request message; and the safety certification processing equipment generates a certification response message corresponding to the certification request message according to the certification request message and the private key.
The generating, by the security authentication processing device, an authentication response message corresponding to the authentication request message according to the authentication request message and the private key includes: the security authentication processing equipment analyzes the challenge information according to the private key to obtain an analysis result; if the analysis result is correct, the safety authentication processing equipment sends prompt information of whether to agree with verification information of the authentication request, and obtains a confirmation result aiming at the verification information; and the safety certification processing equipment generates the certification response message according to the confirmation result.
Here, the above-described processing procedure of the security authentication processing apparatus is exemplified by the U2F apparatus. For example: after acquiring an authentication request message of a cloud service, which is sent by a wireless local area network, for an intelligent camera, by a U2F device, acquiring key-handle information corresponding to the cloud service and challenge information signed by using a public key from the authentication request message, and acquiring a private key corresponding to the cloud service by the U2F device according to the key-handle information; then, according to the private key, decrypting the challenge information to obtain an analysis result; and if the analysis result is that the analysis is correct, flashing a light to remind the user to confirm whether the authentication response message is approved to be sent, if the user confirms that the authentication response message is approved to be sent, generating response information, packaging the response information to generate the authentication response message, and then sending the authentication response message corresponding to the authentication request message to the wireless local area network router. Of course, here, the process of generating the authentication response message for the authentication request message is simply described, and the detailed processing thereof is described in detail in the prior art, and is not described herein again.
After the secure authentication processing device generates an authentication response message corresponding to the authentication request message, step S203-5 shown in fig. 3 is executed to provide the authentication response message, i.e., the secure authentication processing device provides the authentication response message to the authenticated computing device.
Continuing with fig. 2, after step S203, step S204 is executed to obtain an authentication response message corresponding to the authentication request message returned by the authenticated computing device.
After the authenticated computing device obtains the authentication response message corresponding to the authentication request message provided by the secure authentication processing device, step S204-1 shown in fig. 3 is executed to send the authentication response message. That is, the authenticated computing device sends the authentication response message to the computing device to be authenticated.
Step S205, sending the authentication response message to the cloud computing device.
After the computing device to be authenticated obtains the authentication response message, step S205-1 shown in fig. 3 is executed to send the authentication response message, and send the authentication response message to the cloud computing device.
After the cloud computing device obtains the authentication response message which is sent by the computing device to be authenticated and corresponds to the authentication request message, the public key of the cloud computing device is used for analyzing the response information in the authentication response message, an analysis result is obtained, when the analysis result is correct, authentication is completed, the cloud computing device generates a registration response message which corresponds to the registration request message, and the registration response message is sent to the computing device to be authenticated. Therefore, the process here is the prior art, and is only briefly described here, and the detailed process thereof is not described again. Thus, the authentication of the computing device to be authenticated is completed, and the network distribution process of the computing device to be authenticated is completed.
It should be noted that, the authenticated computing device may obtain, through a wireless local area network, an authentication request message sent by the computing device to be authenticated, and send, through the wireless local area network, an obtained authentication response message corresponding to the authentication request message to the computing device to be authenticated. In addition, the authenticated computing device may further send the authentication request message to a secure authentication processing device through a wireless local area network, and obtain an authentication response message corresponding to the authentication request message, provided by the secure authentication processing device, through the wireless local area network. Therefore, the effect of connection authentication of the to-be-authenticated computing device and the security authentication processing device through the WIFI network can be achieved through the method of the embodiment of the application.
More than, from user experience, this application to treat the distribution network process of authentication computing equipment, the user need do when the authentication computing equipment joins in marriage the network authentication, only need to be connected with the authentication computing equipment earlier with the security authentication processing equipment, then, trigger the authentication computing equipment sends the registration request message, then arrives click on the security authentication processing equipment and confirm the button, later, will the security authentication processing equipment with the authentication computing equipment disconnection is saved alone, can accomplish the distribution network process to the security authentication processing equipment. Therefore, the authentication method for the computing equipment to be authenticated has the advantages of simple steps and high response speed, and can greatly improve the user experience; meanwhile, related messages in the process of distribution can be transmitted through the wireless local area network, on one hand, the legality of the authentication request message can be verified through the security authentication processing equipment, and on the other hand, the legality of the authentication response message can also be verified through the cloud computing equipment. The safety in the process of distribution network is greatly improved.
In summary, according to the authentication method for the computing device to be authenticated, after the computing device to be authenticated sends the registration request message to the cloud computing device, the authentication request message sent by the cloud computing device and corresponding to the registration request message is sent to the authenticated computing device, and then the authentication response message returned by the authenticated computing device is sent to the cloud computing device, so that the distribution process with the authentication computing device can be completed. Therefore, the method provided by the application has the advantages of simple steps and high response speed, and can greatly improve the user experience.
In the above description, a first authentication method for a computing device is provided, and in correspondence with the first authentication method for a computing device, the present application also provides an apparatus for a computing device, please refer to fig. 4, which is a schematic diagram of a first authentication apparatus for a computing device provided in a second embodiment of the present application, and since the apparatus embodiment is substantially similar to the method embodiment, the description is relatively simple, and for relevant points, reference may be made to part of the description in the first authentication method for a computing device provided in the first embodiment of the present application, and the apparatus embodiment described below is only illustrative. The first authentication device for a computing device provided by the application comprises the following parts.
A registration request message issuing unit 401, configured to issue a registration request message to the cloud computing device.
An authentication request message obtaining unit 402, configured to obtain an authentication request message sent by the cloud computing device and corresponding to the registration request message.
An authentication request message sending unit 403, configured to send the authentication request message to an authenticated computing device that has been authenticated.
An authentication response message obtaining unit 404, configured to obtain an authentication response message corresponding to the authentication request message, where the authentication response message is returned by the authenticated computing device.
An authentication response message sending unit 405, configured to send the authentication response message to the cloud computing device.
In the above description, from the perspective of a computing device to be authenticated, a first authentication method for a computing device is provided, which corresponds to the first authentication method for a computing device described above, and from the perspective of the authenticated computing device, the present application also provides an authentication method for a computing device, please refer to fig. 5, which is a flowchart of a second authentication method for a computing device provided in a third embodiment of the present application, and since the detailed processing procedure of the method is described in detail in the above embodiment, the description here is relatively simple, and relevant points refer to part of the description in the first authentication method for a computing device provided in the first embodiment of the present application, and are not described here again.
Fig. 5 is a flowchart of a second authentication method for a computing device according to a third embodiment of the present application. This is explained below with reference to fig. 5.
In step S501, the authenticated computing device that has been authenticated obtains an authentication request message sent by the computing device to be authenticated.
After obtaining the authentication request message sent by the computing device to be authenticated, the authenticated computing device further records the authentication request message of the computing device to be authenticated in a log of the authenticated computing device.
Step S502, the authenticated computing device sends the authentication request message to a secure authentication processing device.
In step S503, the authenticated computing device obtains an authentication response message corresponding to the authentication request message, which is provided by the secure authentication processing device.
Step S504, the authenticated computing device sends the authentication response message to the computing device to be authenticated.
It should be noted that, the authenticated computing device may obtain, through a wireless local area network, an authentication request message sent by the computing device to be authenticated, and send, through the wireless local area network, an obtained authentication response message corresponding to the authentication request message to the computing device to be authenticated. In addition, the authenticated computing device may also send the authentication request message to a secure authentication processing device through a wireless local area network, and obtain, through the wireless local area network, an authentication response message corresponding to the authentication request message, provided by the secure authentication processing device.
In summary, the second authentication method for computing device provided by the present application sends the obtained authentication request message of the computing device to be authenticated to the security authentication processing device through the authenticated computing device, and sends the obtained authentication response message returned by the security authentication processing device to the computing device to be authenticated, so as to improve the security of the authentication process for the computing device to be authenticated, and the steps are simple, so as to greatly improve the user experience.
In the above description, a second authentication method for a computing device is provided, and in correspondence with the above second authentication method for a computing device, the present application also provides an apparatus for a computing device, please refer to fig. 6, which is a schematic diagram of a second authentication apparatus for a computing device provided in a fourth embodiment of the present application. The second authentication apparatus for a computing device, provided by the present application, is applied to an authenticated computing device that has been authenticated, and includes the following components.
An authentication request message obtaining unit 601, configured to obtain an authentication request message sent by a computing device to be authenticated; an authentication request message sending unit 602, configured to send the authentication request message to a security authentication processing apparatus;
an authentication response message obtaining unit 603, configured to obtain an authentication response message corresponding to the authentication request message, where the authentication response message is provided by the secure authentication processing apparatus;
an authentication response message sending unit 604, configured to send the authentication response message to the computing device to be authenticated.
In addition, from the perspective of the security authentication processing device, the present application also provides an authentication method for a computing device, please refer to fig. 7, which is a flowchart of a third authentication method for a computing device provided in a fifth embodiment of the present application.
Fig. 7 is a flowchart of a third authentication method for a computing device according to a third embodiment of the present application. This is explained below with reference to fig. 7.
In step S701, the security authentication processing device obtains an authentication request message sent by an authenticated computing device that has been authenticated, where the authentication request message is an authentication request message generated by the cloud computing device for a computing device to be authenticated.
Wherein the secure authentication processing device, after obtaining the authentication request message sent by the authenticated computing device that has been authenticated, further comprises: the security authentication processing equipment sends prompt information whether to approve verification of the authentication request message or not, and obtains a confirmation result aiming at the prompt information; and if the confirmation result is that the authentication request message is approved to be verified, the safety authentication processing equipment generates an authentication response message corresponding to the authentication request message aiming at the authentication request message.
The obtaining of the confirmation result for the prompt information includes: the safety certification processing equipment acquires the trigger aiming at the confirmation key on the safety certification processing equipment and acquires the confirmation result aiming at the prompt message according to the trigger result; or the safety authentication processing equipment acquires the input safety information code, verifies the safety information code and acquires a confirmation result aiming at the prompt information according to a verification result.
In addition, the authentication request message includes security information pre-allocated to the cloud computing device by a security authentication processing device, and the security information is information for authenticating the device to be authenticated; the secure authentication processing device generates an authentication response message corresponding to the authentication request message for the authentication request message, including: the security authentication processing equipment acquires a private key pre-distributed to the cloud computing equipment according to the security information; and the safety certification processing equipment generates a certification response message corresponding to the certification request message according to the certification request message and the private key.
Further, the authentication request message includes challenge information signed by a public key corresponding to the private key; the secure authentication processing device generates an authentication response message corresponding to the authentication request message according to the authentication request message and the private key, and the method comprises the following steps: the security authentication processing equipment analyzes the challenge information according to the private key to obtain an analysis result; if the analysis result is correct, the safety authentication processing equipment sends prompt information of whether to agree with verification information of the authentication request, and obtains a confirmation result aiming at the verification information; and the safety certification processing equipment generates the certification response message according to the confirmation result.
Step S702, the secure authentication processing apparatus generates an authentication response message corresponding to the authentication request message for the authentication request message.
In step S703, the secure authentication processing device provides the authentication response message to the authenticated computing device.
Wherein the secure authentication processing device may obtain, via a wireless local area network, an authentication request message sent by the authenticated computing device, and provide, via the wireless local area network, an authentication response message corresponding to the authentication request message to the authenticated computing device.
In summary, according to the third authentication method for a computing device provided by the present application, the secure authentication processing device obtains an authentication request message generated by the cloud computing device for the computing device to be authenticated from the authenticated computing device, generates a corresponding authentication response message for the authentication request message, and then returns the authentication response message to the authenticated computing device. The authentication method can improve the safety of the authentication process aiming at the computing equipment to be authenticated, has simple steps and can greatly improve the user experience.
In the above description, a third authentication method for a computing device is provided, and in correspondence with the above third authentication method for a computing device, the present application also provides an apparatus for a computing device, please refer to fig. 8, which is a schematic diagram of a third authentication apparatus for a computing device provided in a sixth embodiment of the present application. The third authentication device for computing equipment, which is provided by the present application, is applied to a security authentication processing device, and the device includes the following parts.
An authentication request message obtaining unit 801, configured to obtain an authentication request message sent by an authenticated computing device that has been authenticated, where the authentication request message is an authentication request message generated by a cloud computing device for a computing device to be authenticated.
An authentication response message generating unit 802, configured to generate, for the authentication request message, an authentication response message corresponding to the authentication request message.
An authentication response message providing unit 803 for providing the authentication response message to the authenticated computing device.
In the above description, three authentication methods and apparatuses for a computing device are provided, and corresponding to the authentication methods and apparatuses for a computing device, the present application also provides three authentication methods and apparatuses for specific application scenarios, please refer to fig. 9, which is a flowchart of a first authentication method for an internet of things device provided in a seventh embodiment of the present application.
Fig. 9 is a flowchart of a first authentication method for an internet of things device according to a seventh embodiment of the present application. This will be described below with reference to fig. 9.
Step S901, when the internet of things device first accesses the network, the internet of things device sends an authentication request message to the authenticated computing device.
Step S902, the internet of things device obtains an authentication response message corresponding to the authentication request message, which is returned by the authenticated computing device.
Step S903, the Internet of things equipment provides the authentication response message to computing equipment for authenticating the Internet of things equipment.
To sum up, the first authentication method for internet of things equipment provided by the application only needs to send an authentication request message to authenticated computing equipment when the internet of things equipment is firstly accessed to a network, and provides an authentication response message returned by the authenticated computing equipment for the computing equipment used for authenticating the internet of things equipment, so that the internet of things equipment can be accessed to the network. Therefore, the method provided by the application has simple steps and can greatly improve the user experience.
In the above description, a first authentication method for an internet of things device is provided, and in correspondence with the first authentication method for an internet of things device, the present application also provides an apparatus for an internet of things device, please refer to fig. 10, which is a schematic diagram of a first authentication apparatus for an internet of things device provided in an eighth embodiment of the present application, and since an apparatus embodiment is substantially similar to a method embodiment, the description is relatively simple, and in relevant points, reference may be made to some descriptions provided in the above embodiment, and the apparatus embodiment described below is only illustrative. The application provides a first authentication device to thing networking equipment is applied to thing networking equipment, the device includes following part.
An authentication request message issuing unit 1001 is configured to issue an authentication request message to an authenticated computing device that has been authenticated when the network is accessed for the first time.
An authentication response message obtaining unit 1002, configured to obtain an authentication response message corresponding to the authentication request message, where the authentication response message is returned by the authenticated computing device.
An authentication response message providing unit 1003, configured to provide the authentication response message to a computing device for authenticating the internet of things device.
In the above description, from the perspective of the device of the internet of things, an authentication method for the device of the internet of things is provided, which corresponds to the first authentication method for the device of the internet of things, and from the perspective of the authenticated computing device, the present application also provides an authentication method for the device of the internet of things, please refer to fig. 11, which is a flowchart of a second authentication method for the device of the internet of things provided in the ninth embodiment of the present application, since the detailed processing procedure of the authentication method is described in detail in the above embodiment, the description here is relatively simple, and relevant points may be referred to part of the description in the above embodiment of the present application, which is not described here again.
Fig. 11 is a flowchart of a second authentication method for internet of things devices according to a ninth embodiment of the present application. This will be described below with reference to fig. 11.
In step S1101, the authenticated computing device that has been authenticated obtains an authentication request message sent by the internet of things device when accessing the network for the first time.
Step S1102, the authenticated computing device returns an authentication response message corresponding to the authentication request message to the internet of things device in response to the authentication request message.
In summary, the second authentication method for the internet of things device provided by the application is simple in steps and can greatly improve user experience.
In the above description, a second authentication method for an internet of things device is provided, and in correspondence with the above second authentication method for an internet of things device, the present application also provides an apparatus for an internet of things device, please refer to fig. 12, which is a schematic diagram of a second authentication apparatus for an internet of things device provided in a tenth embodiment of the present application. The second authentication device for the internet of things equipment, provided by the application, is applied to authenticated computing equipment which has been authenticated, and comprises the following parts.
An authentication request message obtaining unit 1201, configured to obtain an authentication request message sent by an internet of things device when the internet of things device first accesses a network;
an authentication response message returning unit 1202, configured to return, to the internet of things device, an authentication response message corresponding to the authentication request message, for the authentication request message.
In addition, from the perspective of a general two-factor authentication device, the present application also provides an authentication method for an internet of things device, please refer to fig. 13, which is a flowchart of a third authentication method for an internet of things device provided in an eleventh embodiment of the present application.
Fig. 13 is a flowchart of a third authentication method for an internet of things device according to an eleventh embodiment of the present application. This will be described below with reference to fig. 13.
Step S1301, the universal two-factor authentication device obtains an authentication request message sent by an authenticated computing device that has been authenticated, where the authentication request message is an authentication request message for an internet of things device that first accesses a network.
Step S1302, the general two-factor authentication device returns an authentication response message corresponding to the authentication request message to the authenticated computing device for the authentication request message.
In summary, the third authentication method for the internet of things equipment provided by the application can improve the security of the authentication process for the internet of things equipment, is simple in steps, and can greatly improve the user experience.
In the above description, a third authentication method for an internet of things device is provided, and in correspondence with the above third authentication method for an internet of things device, the present application also provides an apparatus for an internet of things device, please refer to fig. 14, which is a schematic diagram of a third authentication apparatus for an internet of things device provided in a twelfth embodiment of the present application. The third authentication device for the internet of things equipment, which is provided by the application, is applied to general two-factor authentication equipment, and comprises the following parts.
An authentication request message obtaining unit 1401, configured to obtain an authentication request message sent by an authenticated computing device that has been authenticated, where the authentication request message is an authentication request message for an internet of things device that first accesses a network;
an authentication response message returning unit 1402, configured to return, to the authenticated computing device, an authentication response message corresponding to the authentication request message, with respect to the authentication request message.
Although the present application has been described with reference to the preferred embodiments, it is not intended to limit the present application, and those skilled in the art can make variations and modifications without departing from the spirit and scope of the present application, therefore, the scope of the present application should be determined by the claims that follow.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Claims (25)
1. An authentication method for a computing device, comprising:
sending a registration request message to the cloud computing device;
obtaining an authentication request message which is sent by the cloud computing device and corresponds to the registration request message;
sending the authentication request message to an authenticated computing device that has been authenticated;
obtaining an authentication response message corresponding to the authentication request message returned by the authenticated computing device;
and sending the authentication response message to the cloud computing equipment.
2. The authentication method for a computing device according to claim 1, wherein the authentication request message includes security information pre-assigned to the cloud computing device by a security authentication processing device, the security information being information for authenticating the computing device to be authenticated.
3. The authentication method for a computing device of claim 1, wherein the registration request message includes device identification information of the computing device to be authenticated that issued the registration request message.
4. The authentication method for a computing device of claim 3, wherein the registration request message further comprises account information for logging into the cloud computing device.
5. The authentication method for a computing device of claim 1, wherein the authenticated computing device is a computing device registered and authenticated in the cloud computing device.
6. The authentication method for a computing device of claim 5, wherein the authenticated computing device is an authenticated wireless local area network router;
the sending the authentication request message to the authenticated computing device that has been authenticated, comprising:
and sending the authentication request message to the wireless local area network router through a wireless local area network.
7. An authentication apparatus for a computing device, comprising:
the registration request message sending unit is used for sending a registration request message to the cloud computing equipment;
The authentication request message acquisition unit is used for acquiring an authentication request message which is sent by the cloud computing equipment and corresponds to the registration request message;
an authentication request message sending unit for sending the authentication request message to an authenticated computing device that has been authenticated;
an authentication response message obtaining unit, configured to obtain an authentication response message corresponding to the authentication request message, where the authentication response message is returned by the authenticated computing device;
and the authentication response message sending unit is used for sending the authentication response message to the cloud computing equipment.
8. An authentication method for a computing device, comprising:
the authenticated computing equipment which is authenticated obtains an authentication request message sent by the computing equipment to be authenticated;
the authenticated computing device sending the authentication request message to a secure authentication processing device;
the authenticated computing device obtains an authentication response message provided by the secure authentication processing device and corresponding to the authentication request message;
the authenticated computing device sends the authentication response message to the computing device to be authenticated.
9. The authentication method for a computing device of claim 8, further comprising: after obtaining the authentication request message sent by the computing device to be authenticated, the authenticated computing device records the authentication request message of the computing device to be authenticated in a log of the authenticated computing device.
10. The authentication method for a computing device of claim 8, further comprising: the authenticated computing equipment obtains an authentication request message sent by the computing equipment to be authenticated through a wireless local area network, and sends an obtained authentication response message corresponding to the authentication request message to the computing equipment to be authenticated through the wireless local area network.
11. The authentication method for a computing device of claim 8, further comprising: the authenticated computing device sends the authentication request message to a security authentication processing device through a wireless local area network, and obtains an authentication response message corresponding to the authentication request message, which is provided by the security authentication processing device, through the wireless local area network.
12. An authentication apparatus for a computing device, applied to an authenticated computing device that has been authenticated, the apparatus comprising:
the authentication request message obtaining unit is used for obtaining an authentication request message sent by the computing equipment to be authenticated; an authentication request message sending unit configured to send the authentication request message to a security authentication processing apparatus;
an authentication response message obtaining unit, configured to obtain an authentication response message corresponding to the authentication request message, where the authentication response message is provided by the secure authentication processing apparatus;
And the authentication response message sending unit is used for sending the authentication response message to the computing equipment to be authenticated.
13. An authentication method for a computing device, comprising:
the security authentication processing equipment acquires an authentication request message sent by authenticated computing equipment which is authenticated, wherein the authentication request message is an authentication request message generated by cloud computing equipment aiming at computing equipment to be authenticated;
the security authentication processing equipment generates an authentication response message corresponding to the authentication request message aiming at the authentication request message;
the secure authentication processing device provides the authentication response message to the authenticated computing device.
14. The authentication method for a computing device of claim 13, further comprising: the secure authentication processing device obtains an authentication request message sent by the authenticated computing device through a wireless local area network, and provides an authentication response message corresponding to the authentication request message to the authenticated computing device through the wireless local area network.
15. The authentication method for a computing device according to claim 13, wherein the secure authentication processing device, after obtaining an authentication request message sent by an authenticated computing device that has been authenticated, further comprises:
The security authentication processing equipment sends prompt information whether to approve verification of the authentication request message or not, and obtains a confirmation result aiming at the prompt information;
and if the confirmation result is that the authentication request message is approved to be verified, the safety authentication processing equipment generates an authentication response message corresponding to the authentication request message aiming at the authentication request message.
16. The authentication method for a computing device of claim 15, wherein the obtaining of the confirmation result for the prompt message comprises:
the safety certification processing equipment acquires the trigger aiming at the confirmation key on the safety certification processing equipment and acquires the confirmation result aiming at the prompt message according to the trigger result;
or the safety authentication processing equipment acquires the input safety information code, verifies the safety information code and acquires a confirmation result aiming at the prompt information according to a verification result.
17. The authentication method for a computing device according to claim 15, wherein the authentication request message includes security information pre-assigned to the cloud computing device by a security authentication processing device, the security information being information for authenticating a device to be authenticated;
The secure authentication processing device generates an authentication response message corresponding to the authentication request message for the authentication request message, including:
the security authentication processing equipment acquires a private key pre-distributed to the cloud computing equipment according to the security information;
and the safety certification processing equipment generates a certification response message corresponding to the certification request message according to the certification request message and the private key.
18. The authentication method for a computing device of claim 17, wherein the authentication request message includes challenge information signed by a public key corresponding to the private key;
the secure authentication processing device generates an authentication response message corresponding to the authentication request message according to the authentication request message and the private key, and the method comprises the following steps:
the security authentication processing equipment analyzes the challenge information according to the private key to obtain an analysis result;
if the analysis result is correct, the safety authentication processing equipment sends prompt information of whether to agree with verification information of the authentication request, and obtains a confirmation result aiming at the verification information;
and the safety certification processing equipment generates the certification response message according to the confirmation result.
19. An authentication apparatus for a computing device, applied to a secure authentication processing device, the apparatus comprising:
the authentication request message obtaining unit is used for obtaining an authentication request message sent by authenticated computing equipment which is authenticated, wherein the authentication request message is an authentication request message generated by cloud computing equipment for computing equipment to be authenticated;
an authentication response message generation unit configured to generate an authentication response message corresponding to the authentication request message with respect to the authentication request message;
an authentication response message providing unit to provide the authentication response message to the authenticated computing device.
20. An authentication method for Internet of things equipment, comprising:
when the Internet of things equipment is accessed to a network for the first time, sending an authentication request message to authenticated computing equipment;
the Internet of things equipment acquires an authentication response message which is returned by the authenticated computing equipment and corresponds to the authentication request message;
the internet of things device provides the authentication response message to a computing device for authenticating the internet of things device.
21. The utility model provides an authentication device to thing networking equipment which characterized in that, is applied to thing networking equipment, the device includes:
An authentication request message issuing unit configured to issue an authentication request message to an authenticated computing device that has been authenticated, when the network is accessed for the first time;
an authentication response message obtaining unit, configured to obtain an authentication response message corresponding to the authentication request message, where the authentication response message is returned by the authenticated computing device;
an authentication response message providing unit, configured to provide the authentication response message to a computing device for authenticating the internet of things device.
22. An authentication method for Internet of things equipment, comprising:
the authenticated computing equipment which is authenticated acquires an authentication request message sent by the Internet of things equipment when the Internet of things equipment is accessed to the network for the first time;
and the authenticated computing equipment returns an authentication response message corresponding to the authentication request message to the Internet of things equipment aiming at the authentication request message.
23. An authentication apparatus for an internet of things device, applied to an authenticated computing device that has been authenticated, the apparatus comprising:
the authentication request message obtaining unit is used for obtaining an authentication request message sent by the Internet of things equipment when the Internet of things equipment is accessed to a network for the first time;
and the authentication response message returning unit is used for returning an authentication response message corresponding to the authentication request message to the internet of things equipment aiming at the authentication request message.
24. An authentication method for Internet of things equipment, comprising:
the method comprises the steps that a universal two-factor authentication device obtains an authentication request message sent by authenticated computing equipment which is authenticated, wherein the authentication request message is an authentication request message aiming at Internet of things equipment which is accessed to a network for the first time;
and the universal two-factor authentication equipment returns an authentication response message corresponding to the authentication request message to the authenticated computing equipment aiming at the authentication request message.
25. An authentication device for internet of things equipment is applied to general two-factor authentication equipment, and comprises:
the authentication request message obtaining unit is used for obtaining an authentication request message sent by authenticated computing equipment which is authenticated, wherein the authentication request message is an authentication request message aiming at Internet of things equipment which is accessed to a network for the first time;
and an authentication response message returning unit, configured to return, to the authenticated computing device, an authentication response message corresponding to the authentication request message, for the authentication request message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910441816.0A CN111988267B (en) | 2019-05-24 | 2019-05-24 | Authentication method and device for computing equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910441816.0A CN111988267B (en) | 2019-05-24 | 2019-05-24 | Authentication method and device for computing equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111988267A true CN111988267A (en) | 2020-11-24 |
| CN111988267B CN111988267B (en) | 2023-10-20 |
Family
ID=73436825
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910441816.0A Active CN111988267B (en) | 2019-05-24 | 2019-05-24 | Authentication method and device for computing equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111988267B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090052379A1 (en) * | 2007-08-24 | 2009-02-26 | Samsung Electronics Co., Ltd. | Method and system for managing mobility in a mobile communication system using mobile internet protocol |
| CN102457493A (en) * | 2010-10-26 | 2012-05-16 | 中兴通讯股份有限公司 | Authentication routing system and method for cloud computing service, and authentication router |
| CN106330838A (en) * | 2015-07-01 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Dynamic signature method, client using the same and server |
| CN106330850A (en) * | 2015-07-02 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Biological characteristic-based security verification method, client and server |
| CN108234450A (en) * | 2017-12-08 | 2018-06-29 | 海信集团有限公司 | A kind of identity authentication method, the method for endpoint registration, server and terminal |
-
2019
- 2019-05-24 CN CN201910441816.0A patent/CN111988267B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090052379A1 (en) * | 2007-08-24 | 2009-02-26 | Samsung Electronics Co., Ltd. | Method and system for managing mobility in a mobile communication system using mobile internet protocol |
| CN102457493A (en) * | 2010-10-26 | 2012-05-16 | 中兴通讯股份有限公司 | Authentication routing system and method for cloud computing service, and authentication router |
| CN106330838A (en) * | 2015-07-01 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Dynamic signature method, client using the same and server |
| CN106330850A (en) * | 2015-07-02 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Biological characteristic-based security verification method, client and server |
| CN108234450A (en) * | 2017-12-08 | 2018-06-29 | 海信集团有限公司 | A kind of identity authentication method, the method for endpoint registration, server and terminal |
Non-Patent Citations (2)
| Title |
|---|
| 齐爱琴等: "基于无线传感器网络的双因子认证协议的设计与研究", 《微电子学与计算机》 * |
| 齐爱琴等: "基于无线传感器网络的双因子认证协议的设计与研究", 《微电子学与计算机》, 31 January 2012 (2012-01-31) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111988267B (en) | 2023-10-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10965473B2 (en) | Smart object identification in the digital home | |
| US11323441B2 (en) | System and method for proxying federated authentication protocols | |
| JP6668183B2 (en) | Communication device, communication method, communication system and program | |
| WO2017028593A1 (en) | Method for making a network access device access a wireless network access point, network access device, application server, and non-volatile computer readable storage medium | |
| CN109417696B (en) | Method and entity for ending subscription | |
| EP3433994B1 (en) | Methods and apparatus for sim-based authentication of non-sim devices | |
| CN111327583B (en) | Identity authentication method, intelligent equipment and authentication server | |
| CN110800331A (en) | Network verification method, related equipment and system | |
| CN103401880B (en) | The system and method that a kind of industrial control network logs in automatically | |
| US11765164B2 (en) | Server-based setup for connecting a device to a local area network | |
| EP4068834A1 (en) | Initial security configuration method, security module, and terminal | |
| CN107864475B (en) | WiFi (Wireless Fidelity) shortcut authentication method based on Portal + dynamic password | |
| US20200162916A1 (en) | Timestamp based onboarding process for wireless devices | |
| CN112533206A (en) | Network distribution method and device, storage medium and electronic equipment | |
| US9843561B2 (en) | MiTM proxy having client authentication support | |
| US20220311625A1 (en) | Certificate Application Method And Device | |
| US20170041785A1 (en) | Generic bootstrapping architecture protocol | |
| CN113518348A (en) | Service processing method, device, system and storage medium | |
| WO2023279897A1 (en) | Secure binding method and system, storage medium, and electronic apparatus | |
| WO2023141876A1 (en) | Data transmission method, apparatus and system, electronic device, and readable medium | |
| CN111988267B (en) | Authentication method and device for computing equipment | |
| CN107426724B (en) | Method and system for accessing intelligent household electrical appliance to wireless network, terminal and authentication server | |
| KR20150114923A (en) | Method for configuring access point connection information and terminal device for the same | |
| CN113890778B (en) | Intelligent home authentication and encryption method and system based on local area network | |
| CN104244241A (en) | Network accessing authentication method, device and terminal equipment thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |