CN112118211A - Device communication method, device, system, medium, and electronic device - Google Patents
Device communication method, device, system, medium, and electronic device Download PDFInfo
- Publication number
- CN112118211A CN112118211A CN201910538496.0A CN201910538496A CN112118211A CN 112118211 A CN112118211 A CN 112118211A CN 201910538496 A CN201910538496 A CN 201910538496A CN 112118211 A CN112118211 A CN 112118211A
- Authority
- CN
- China
- Prior art keywords
- public key
- authorization
- certificate
- security chip
- verification result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 49
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000013475 authorization Methods 0.000 claims abstract description 165
- 238000012795 verification Methods 0.000 claims abstract description 93
- 230000004044 response Effects 0.000 claims abstract description 30
- 230000008520 organization Effects 0.000 claims description 44
- 238000004590 computer program Methods 0.000 claims description 9
- 238000010586 diagram Methods 0.000 description 12
- 230000006870 function Effects 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- GNFTZDOKVXKIBK-UHFFFAOYSA-N 3-(2-methoxyethoxy)benzohydrazide Chemical compound COCCOC1=CC=CC(C(=O)NN)=C1 GNFTZDOKVXKIBK-UHFFFAOYSA-N 0.000 description 1
- FGUUSXIOTUKUDN-IBGZPJMESA-N C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 Chemical compound C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 FGUUSXIOTUKUDN-IBGZPJMESA-N 0.000 description 1
- YTAHJIFKAKIKAV-XNMGPUDCSA-N [(1R)-3-morpholin-4-yl-1-phenylpropyl] N-[(3S)-2-oxo-5-phenyl-1,3-dihydro-1,4-benzodiazepin-3-yl]carbamate Chemical compound O=C1[C@H](N=C(C2=C(N1)C=CC=C2)C1=CC=CC=C1)NC(O[C@H](CCN1CCOCC1)C1=CC=CC=C1)=O YTAHJIFKAKIKAV-XNMGPUDCSA-N 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a device communication method, a device, a system, a storage medium and electronic equipment, and relates to the technical field of communication and computers. The device comprises a security chip, wherein a device certificate, a device public key, a device private key, an authorization public key and an authorization certificate are written in the security chip. The communication method comprises the following steps: reading an authorization public key and an authorization certificate in a security chip, and verifying the authorization certificate to obtain a first verification result; reading a device public key and a device certificate in the security chip, and verifying the device certificate to obtain a second verification result; after sending the random number to the security chip, receiving response data; verifying the response data by using the device public key to obtain a third verification result; and when the first verification result, the second verification result and the third verification result are verified successfully, determining that the equipment passes the verification. The invention improves the safety of the product by using the safety chip in the equipment and adopting the asymmetric public key system.
Description
Technical Field
The present invention relates to the field of communications and computer technologies, and in particular, to a device communication method, apparatus, system, computer-readable storage medium, and electronic device.
Background
With the wide application of technologies such as artificial intelligence, internet of things, cloud computing and big data, the smart home industry is rapidly developed, and the application of smart home equipment brings great convenience to the daily life of consumers.
The network communication safety problem of the intelligent household equipment is increasingly highlighted: one is the transport security issue. The intelligent household equipment is accessed to a network platform, the automation degree and the remote control performance are gradually improved, but the transmission protocol vulnerability of network communication is easy to attack, and the transmission security is greatly challenged. Secondly, the user privacy protection problem. The data acquisition amount and the data storage amount of the intelligent household equipment and the cloud platform are huge, most of contents of the intelligent household equipment and the cloud platform are related to daily life of users, privacy is strong, and a large amount of privacy data are leaked due to the fact that a network communication access link is attacked.
In the related art, in order to guarantee the network security of the intelligent home devices, a unique identifier can be set for the intelligent home devices in a software system, and the cloud service platform performs identity authentication on the network access behavior of the intelligent home devices according to the unique identifier, so that the identity bidirectional authentication between the intelligent home devices and the cloud platform is realized. However, when the network communication is secured by means of a software protocol, the network communication still has the possibility of being attacked and cracked by hackers.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present invention and therefore may include information that does not constitute prior art known to a person of ordinary skill in the art.
Disclosure of Invention
Embodiments of the present invention provide a device communication method, apparatus, system, computer-readable storage medium, and electronic device, so as to solve the network communication security problem of the device at least to a certain extent.
Additional features and advantages of the invention will be set forth in the detailed description which follows, or may be learned by practice of the invention.
According to a first aspect of an embodiment of the present invention, an apparatus communication method is provided, where the apparatus includes a security chip, and a device certificate, a device public key, a device private key, an authorization public key, and an authorization certificate are written in the security chip; wherein the method comprises the following steps: reading the authorization public key and the authorization certificate in the security chip, and verifying the authorization certificate by using an issuing organization public key and the authorization public key of an issuing organization to obtain a first verification result; reading a device public key and a device certificate in the security chip, and verifying the device certificate by using the authorization public key and the device public key to obtain a second verification result; after sending a random number to the security chip, receiving response data which is formed and sent after the security chip uses the device private key to sign the random number; verifying the response data by using the device public key and the random number to obtain a third verification result; and when the first verification result, the second verification result and the third verification result are verified successfully, determining that the equipment passes the verification.
In some embodiments, the method further comprises: generating an authorization public key; after the authorization public key is sent to the issuing organization, the authorization certificate formed after the issuing organization signs the authorization public key by using an issuing organization private key is received; and writing the authorization certificate and the authorization public key into the security chip.
In some embodiments, the method further comprises: generating an authorization private key; reading the device public key of the security chip; signing the device public key by using the authorization private key to form the device certificate; and writing the device certificate into the security chip.
In some embodiments, the method further comprises: and generating the device private key and the device public key by using the security chip.
In some embodiments, the method further comprises: generating, by the issuer, an issuer public key and an issuer private key; signing the authorization public key using the issuer private key to form the authorization certificate.
In some embodiments, signing the authorization public key using the issuer private key to form the authorization certificate comprises: signing the authorization public key using an elliptic curve digital signature algorithm and the issuer private key.
According to a second aspect of the embodiments of the present invention, there is provided an apparatus communication device, where the apparatus includes a secure chip, and a device certificate, a device public key, a device private key, an authorization public key, and an authorization certificate are written in the secure chip; wherein the apparatus comprises: the first verification unit is used for reading the authorization public key and the authorization certificate in the security chip and verifying the authorization certificate by using an issuing organization public key and the authorization public key of an issuing organization to obtain a first verification result; the second verification unit is used for reading a device public key and a device certificate in the security chip and verifying the device certificate by using the authorization public key and the device public key to obtain a second verification result; the third verification unit is used for receiving response data which is formed and sent by the security chip after the security chip uses the device private key to sign the random number after sending the random number to the security chip; verifying the response data by using the device public key and the random number to obtain a third verification result; a determining unit, configured to determine that the device passes the verification when the first verification result, the second verification result, and the third verification result are all verified successfully.
According to a third aspect of embodiments of the present invention, there is provided a device communication system, the system comprising: the device comprises an issuing organization, an authorization module, equipment and a verification module, wherein the issuing organization is used for generating an issuing organization private key and an issuing organization public key; wherein: the authorization module is used for sending the authorization public key to the issuing organization and receiving the authorization certificate formed after the issuing organization signs the authorization public key by using the issuing organization private key; writing the authorization certificate and the authorization public key into the security chip; reading the device public key of the security chip, and signing the device public key by using the authorization private key to form a device certificate; writing the device certificate to the secure chip; the verification module is used for reading the authorization public key and the authorization certificate in the security chip, and verifying the authorization certificate by using an issuing organization public key of an issuing organization and the authorization public key to obtain a first verification result; reading a device public key and a device certificate in the security chip, and verifying the device certificate by using the authorization public key and the device public key to obtain a second verification result; after sending a random number to the security chip, receiving response data which is formed and sent after the security chip uses the device private key to sign the random number; verifying the response data with the random number by using the device public key to obtain a third verification result; and when the first verification result, the second verification result and the third verification result are verified successfully, determining that the equipment passes the verification.
According to a fourth aspect of embodiments of the present invention, there is provided a computer-readable medium, on which a computer program is stored, which when executed by a processor, implements the device communication method as described in the first aspect of the embodiments above.
According to a fifth aspect of embodiments of the present invention, there is provided an electronic apparatus, including: one or more processors; storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the device communication method as described in the first aspect of the embodiments above.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
in the technical solutions provided in some embodiments of the present invention, by setting a security chip in the device, setting a device certificate, a device public key, a device private key, an authorization public key, and an authorization certificate in the security chip, and verifying the authorization certificate, the device certificate, and the response data in the security chip, an asymmetric public key mechanism is used, and the security of the product is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort. In the drawings:
fig. 1 schematically shows a flow chart of a device communication method according to an embodiment of the invention;
FIG. 2 schematically illustrates a flow diagram for writing an authorization certificate, an authorization public key, and a device certificate to a secure chip, in accordance with an embodiment of the invention;
FIG. 3 schematically illustrates a diagram of an authorization certificate, an authorization public key, and a device certificate written to a secure chip, according to an embodiment of the invention;
FIG. 4 schematically shows a schematic diagram of an authentication security chip according to an embodiment of the invention;
FIG. 5 schematically shows a block diagram of a device communication apparatus according to an embodiment of the invention;
FIG. 6 schematically shows a block diagram of a device communication system according to an embodiment of the invention;
FIG. 7 illustrates a schematic structural diagram of a computer system suitable for use with the electronic device to implement an embodiment of the invention.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations or operations have not been shown or described in detail to avoid obscuring aspects of the invention.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
In the related art, the intelligent household equipment guarantees the network communication safety in a software protocol mode, but the communication network is easy to attack and crack by hackers, so that the problems of transmission safety and privacy safety exist.
In order to solve the above problem, an embodiment of the present disclosure provides an apparatus communication method, which verifies an authorization certificate, a device certificate, and response data in a security chip, so as to improve transmission security of a communication network and protect privacy security.
Fig. 1 schematically illustrates a device communication method of an exemplary embodiment of the present disclosure. The method provided by the embodiment of the present disclosure may be executed by any electronic device with computer processing capability, such as a terminal device and/or a server, but the present disclosure is not limited thereto. The equipment comprises a security chip, wherein a device certificate, a device public key, a device private key, an authorization public key and an authorization certificate are written in the security chip. Referring to fig. 1, the device communication method may include the steps of:
step S102, reading the authorization public key and the authorization certificate in the security chip, and verifying the authorization certificate by using the issuing organization public key and the authorization public key of the issuing organization to obtain a first verification result.
And step S104, reading the device public key and the device certificate in the security chip, and verifying the device certificate by using the authorization public key and the device public key to obtain a second verification result.
And step S106, after sending the random number to the security chip, receiving response data formed and sent by the security chip after signing the random number by using the device private key.
And S108, verifying the response data by using the device public key and the random number to obtain a third verification result.
And step S110, when the first verification result, the second verification result and the third verification result are verified successfully, determining that the equipment passes the verification.
In the technical scheme of the embodiment of the invention, the authorization certificate, the device certificate and the response data in the security chip are verified respectively, and an asymmetric public key mechanism is used to improve the security of the product and the supply cost of hackers, thereby ensuring the privacy of users and the security of the product.
Before step S102, the issuer public key needs to be acquired.
Before step S102, as shown in fig. 2, the device communication method further includes:
step S202, generating an authorization public key and an authorization private key.
And step S204, after the authorization public key is sent to the issuing organization, an authorization certificate formed by the issuing organization signing the authorization public key by using the issuing organization private key is received.
Step S206, writing the authorization certificate and the authorization public key into the security chip.
And step S208, reading the device public key of the security chip, and signing the device public key by using the authorization private key to form a device certificate.
Step S210, writing the device certificate into the secure chip.
Prior to step S204, the issuer generates an issuer public key and an issuer private key, and signs the issuer public key with the issuer private key. In signing the authorization public key using the issuer private key, the authorization public key may be signed using an ECDSA (Elliptic Curve Digital Signature) Algorithm and the issuer private key.
Before step S208, the secure chip generates a device private key and a device public key.
In the embodiment of the present invention, steps S102 to S210 are processes of writing the certificate and the public key into the secure chip of the device, and steps S202 to S210 are processes of verifying the device.
Specifically, as shown in fig. 3, when writing the certificate and the public key into the security chip of the apparatus, the authorization module generates an authorization public key and an authorization private key, the issuing authority generates an issuing authority public key and an issuing authority private key, and the security chip generates a device public key and a device private key.
In step a, the authorization module sends the authorization public key to the issuing authority. In step b, the issuing organization signs the authorization public key by using the issuing organization private key, generates an authorization certificate and sends the authorization certificate to the authorization module. In step e, the authorization module sends the authorization public key to the security chip. In step f, the authorization module sends the authorization certificate to the security chip. In step c, the security chip sends the device public key to the authorization module, and the authorization module signs the device public key by using the authorization private key to generate a device certificate and sends the device certificate to the security chip in step d.
As shown in fig. 4, when the device is verified, in step g, the verification module obtains the authorization public key and the authorization certificate of the security chip, and verifies the authorization certificate using the issuer public key and the authorization public key. In step h, the verification module obtains the device public key and the device certificate of the security chip, and verifies the device certificate by using the authorization public key and the device public key. In step j, the verification module sends a random number to the security chip, and when the security chip returns response data, the response data is verified by using the random number and the device public key.
In the device communication method provided in some embodiments of the present invention, the security chip is used in the device, and the asymmetric public key system is adopted to verify the authorization certificate, the device certificate, and the response data in the security chip, thereby improving the security of the product.
The following describes embodiments of the apparatus of the present invention, which can be used to implement the above-mentioned device communication method of the present invention. The equipment comprises a security chip, wherein a device certificate, a device public key, a device private key, an authorization public key and an authorization certificate are written in the security chip. Referring to fig. 5, a device communication apparatus 500 provided in an embodiment of the present invention includes:
the first verification unit 502 is configured to read the authorization public key and the authorization certificate in the security chip, and verify the authorization certificate by using the issuer public key and the authorization public key of the issuer to obtain a first verification result.
The second verifying unit 504 is configured to read the device public key and the device certificate in the secure chip, and verify the device certificate by using the authorization public key and the device public key to obtain a second verification result.
A third verification unit 506, configured to receive response data that is formed and sent by the security chip after signing the random number with the device private key after sending the random number to the security chip; and verifying the response data by using the device public key and the random number to obtain a third verification result.
A determining unit 508, configured to determine that the device passes the verification when the first verification result, the second verification result, and the third verification result are all verified successfully.
For details which are not disclosed in the embodiments of the apparatus of the present invention, reference is made to the above-described embodiments of the apparatus communication method of the present invention for the respective functional modules of the apparatus communication device of the exemplary embodiment of the present invention correspond to the steps of the above-described exemplary embodiment of the apparatus communication method.
In the device communication apparatus provided in the embodiment of the present invention, the security chip is used in the device, and the asymmetric public key system is adopted to verify the authorization certificate, the device certificate, and the response data in the security chip, so that the security of the product is improved.
An embodiment of the present invention further provides an apparatus communication system, as shown in fig. 6, in an exemplary embodiment of the present disclosure, the apparatus communication system includes: the device comprises an issuing organization, an authorization module, equipment and a verification module, wherein the issuing organization is used for generating an issuing organization private key and an issuing organization public key, the authorization module is used for generating an authorization public key and an authorization private key, and the equipment comprises a security chip which is used for generating a device public key and a device private key. Wherein:
the authorization module 604 is configured to generate an authorization public key and an authorization private key; after sending the authorization public key to the issuing authority 602, receiving an authorization certificate formed after the issuing authority signs the authorization public key with an issuing authority private key; writing the authorization certificate and the authorization public key into the security chip 610; reading a device public key of the security chip 610, and signing the device public key by using an authorization private key to form a device certificate; the device certificate is written to the secure chip 610.
The verification module 608 is configured to read the authorization public key and the authorization certificate in the security chip 610, and verify the authorization certificate by using the issuing organization public key and the authorization public key of the issuing organization to obtain a first verification result; reading a device public key and a device certificate in the security chip 610, and verifying the device certificate by using the authorization public key and the device public key to obtain a second verification result; after sending the random number to the security chip 610, receiving response data which is formed and sent by the security chip after signing the random number by using a device private key; verifying the response data by using the device public key and the random number to obtain a third verification result; when the first verification result, the second verification result, and the third verification result are all verified successfully, it is determined that the device 606 is verified.
In the device communication system provided by the embodiment of the invention, the security chip is used in the device, and the asymmetric public key system is adopted to verify the authorization certificate, the device certificate and the response data in the security chip respectively, so that the safety of the product is improved.
Referring now to FIG. 7, shown is a block diagram of a computer system 700 suitable for use with the electronic device implementing an embodiment of the present invention. The computer system 700 of the electronic device shown in fig. 7 is only an example, and should not bring any limitation to the function and the scope of use of the embodiments of the present invention.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU)701, which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data necessary for system operation are also stored. The CPU 701, the ROM 702, and the RAM 703 are connected to each other via a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
In particular, according to an embodiment of the present invention, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the invention include a computer program product comprising a computer program embodied on a computer-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program executes the above-described functions defined in the system of the present application when executed by the Central Processing Unit (CPU) 701.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present invention may be implemented by software, or may be implemented by hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
As another aspect, the present application also provides a computer-readable medium, which may be contained in the electronic device described in the above embodiments; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by an electronic device, cause the electronic device to implement the device communication method as described in the above embodiments.
For example, the electronic device may implement the following as shown in fig. 1: step S102, reading the authorization public key and the authorization certificate in the security chip, and verifying the authorization certificate by using an issuing organization public key of an issuing organization and the authorization public key to obtain a first verification result; step S104, reading a device public key and a device certificate in the security chip, and verifying the device certificate by using the authorization public key and the device public key to obtain a second verification result; step S106, after sending the random number to the security chip, receiving response data formed and sent by the security chip after signing the random number by using the device private key; step S108, verifying the response data by using the device public key to obtain a third verification result; step S110, when the first verification result, the second verification result, and the third verification result are all verified successfully, determining that the device passes verification.
As another example, the electronic device may implement the steps shown in FIG. 2.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the invention. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiment of the present invention can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which can be a personal computer, a server, a touch terminal, or a network device, etc.) to execute the method according to the embodiment of the present invention.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
Claims (10)
1. The equipment communication method is characterized in that the equipment comprises a security chip, wherein a device certificate, a device public key, a device private key, an authorization public key and an authorization certificate are written in the security chip; wherein the method comprises the following steps:
reading the authorization public key and the authorization certificate in the security chip, and verifying the authorization certificate by using an issuing organization public key and the authorization public key of an issuing organization to obtain a first verification result;
reading a device public key and a device certificate in the security chip, and verifying the device certificate by using the authorization public key and the device public key to obtain a second verification result;
after sending a random number to the security chip, receiving response data which is formed and sent after the security chip uses the device private key to sign the random number;
verifying the response data by using the device public key and the random number to obtain a third verification result;
and when the first verification result, the second verification result and the third verification result are verified successfully, determining that the equipment passes the verification.
2. The method of claim 1, further comprising:
generating an authorization public key;
sending the authorization public key to the issuing authority;
receiving the authorization certificate formed after the authority signs the authorization public key by using an authority private key;
and writing the authorization certificate and the authorization public key into the security chip.
3. The method of claim 1, further comprising:
generating an authorization private key;
reading the device public key of the security chip;
signing the device public key by using the authorization private key to form the device certificate;
and writing the device certificate into the security chip.
4. The method of claim 1, further comprising:
and generating the device private key and the device public key by using the security chip.
5. The method of claim 2, further comprising:
generating, by the issuer, the issuer public key and the issuer private key;
signing the authorization public key using the issuer private key to form the authorization certificate.
6. The method of claim 5, wherein signing the authorization public key using the issuer private key to form the authorization certificate comprises:
signing the authorization public key using an elliptic curve digital signature algorithm and the issuer private key.
7. A device communication apparatus is characterized in that the device comprises a security chip, wherein a device certificate, a device public key, a device private key, an authorization public key and an authorization certificate are written in the security chip; wherein the apparatus comprises:
the first verification unit is used for reading the authorization public key and the authorization certificate in the security chip and verifying the authorization certificate by using an issuing organization public key and the authorization public key of an issuing organization to obtain a first verification result;
the second verification unit is used for reading a device public key and a device certificate in the security chip and verifying the device certificate by using the authorization public key and the device public key to obtain a second verification result;
the third verification unit is used for receiving response data which is formed and sent by the security chip after the security chip uses the device private key to sign the random number after sending the random number to the security chip; verifying the response data by using the device public key and the random number to obtain a third verification result;
a determining unit, configured to determine that the device passes the verification when the first verification result, the second verification result, and the third verification result are all verified successfully.
8. A device communication system, the system comprising: the device comprises an issuing organization, an authorization module, equipment and a verification module, wherein the issuing organization is used for generating an issuing organization private key and an issuing organization public key; wherein:
the authorization module is used for sending the authorization public key to the issuing organization and receiving the authorization certificate formed after the issuing organization signs the authorization public key by using the issuing organization private key; writing the authorization certificate and the authorization public key into the security chip; reading the device public key of the security chip, and signing the device public key by using the authorization private key to form a device certificate; writing the device certificate to the secure chip;
the verification module is used for reading the authorization public key and the authorization certificate in the security chip, and verifying the authorization certificate by using an issuing organization public key of an issuing organization and the authorization public key to obtain a first verification result; reading a device public key and a device certificate in the security chip, and verifying the device certificate by using the authorization public key and the device public key to obtain a second verification result; after sending a random number to the security chip, receiving response data which is formed and sent after the security chip uses the device private key to sign the random number; verifying the response data by using the device public key and the random number to obtain a third verification result; and when the first verification result, the second verification result and the third verification result are verified successfully, determining that the equipment passes the verification.
9. A computer-readable medium, on which a computer program is stored, which program, when being executed by a processor, carries out the device communication method according to any one of claims 1 to 6.
10. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the device communication method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910538496.0A CN112118211A (en) | 2019-06-20 | 2019-06-20 | Device communication method, device, system, medium, and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910538496.0A CN112118211A (en) | 2019-06-20 | 2019-06-20 | Device communication method, device, system, medium, and electronic device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112118211A true CN112118211A (en) | 2020-12-22 |
Family
ID=73796213
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910538496.0A Pending CN112118211A (en) | 2019-06-20 | 2019-06-20 | Device communication method, device, system, medium, and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112118211A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023098671A1 (en) * | 2021-12-03 | 2023-06-08 | 展讯通信(上海)有限公司 | Chip licensing and verification method and apparatus, and electronic device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103138934A (en) * | 2011-11-21 | 2013-06-05 | 美国博通公司 | Secure key generation |
| US20150341343A1 (en) * | 2013-01-02 | 2015-11-26 | Siemens Aktiengesellschaft | RFID Tag and Method for Operating an RFID Tag |
| CN106899410A (en) * | 2016-09-13 | 2017-06-27 | 中国移动通信有限公司研究院 | A kind of method and device of equipment identities certification |
| CN108282336A (en) * | 2017-01-06 | 2018-07-13 | 北京京东尚科信息技术有限公司 | Device subscription verification method and device |
| CN108768664A (en) * | 2018-06-06 | 2018-11-06 | 腾讯科技(深圳)有限公司 | Key management method, device, system, storage medium and computer equipment |
| CN109861817A (en) * | 2019-02-26 | 2019-06-07 | 数安时代科技股份有限公司 | Generate method, apparatus, system, equipment and the medium of key |
-
2019
- 2019-06-20 CN CN201910538496.0A patent/CN112118211A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103138934A (en) * | 2011-11-21 | 2013-06-05 | 美国博通公司 | Secure key generation |
| US20150341343A1 (en) * | 2013-01-02 | 2015-11-26 | Siemens Aktiengesellschaft | RFID Tag and Method for Operating an RFID Tag |
| CN106899410A (en) * | 2016-09-13 | 2017-06-27 | 中国移动通信有限公司研究院 | A kind of method and device of equipment identities certification |
| CN108282336A (en) * | 2017-01-06 | 2018-07-13 | 北京京东尚科信息技术有限公司 | Device subscription verification method and device |
| CN108768664A (en) * | 2018-06-06 | 2018-11-06 | 腾讯科技(深圳)有限公司 | Key management method, device, system, storage medium and computer equipment |
| CN109861817A (en) * | 2019-02-26 | 2019-06-07 | 数安时代科技股份有限公司 | Generate method, apparatus, system, equipment and the medium of key |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023098671A1 (en) * | 2021-12-03 | 2023-06-08 | 展讯通信(上海)有限公司 | Chip licensing and verification method and apparatus, and electronic device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2947840A1 (en) | Certificateless multi-agent signature method and apparatus | |
| CN112039826B (en) | Login method and device applied to applet end, electronic equipment and readable medium | |
| CN110661779B (en) | Block chain network-based electronic certificate management method, system, device and medium | |
| CN105635168A (en) | Off-line transaction device and security key using method thereof | |
| EP4350556A1 (en) | Information verification method and apparatus | |
| CN111931209A (en) | Contract information verification method and device based on zero knowledge certification | |
| CN114513350A (en) | Identity verification method, system and storage medium | |
| CN112118211A (en) | Device communication method, device, system, medium, and electronic device | |
| US8904508B2 (en) | System and method for real time secure image based key generation using partial polygons assembled into a master composite image | |
| CN109768969B (en) | Authority control method, Internet of things terminal and electronic equipment | |
| CN103546295A (en) | Dynamic mobile signature system and method | |
| CN108270741B (en) | Mobile terminal authentication method and system | |
| CN111902815B (en) | Data transmission method, system, device, electronic device and readable storage medium | |
| CN114186994A (en) | Method, terminal and system for using digital currency wallet application | |
| CN109886043B (en) | Method and apparatus for generating organizational credentials for blockchain participants | |
| CN113242132A (en) | Digital certificate management method and device | |
| CN112887097A (en) | Signature method based on SM2 elliptic curve, related device and storage medium | |
| CN113868713B (en) | Data verification method and device, electronic equipment and storage medium | |
| CN110519256B (en) | Method and device for DApp to access USB private key management equipment | |
| CN114157414B (en) | Identity certificate generation method, verification method and system for digital currency | |
| CN114697956B (en) | Secure communication method and device based on double links | |
| CN110490003B (en) | User trusted data generation method, user trusted data acquisition method, device and system | |
| CN113868713A (en) | Data verification method and device, electronic equipment and storage medium | |
| CN116226932A (en) | Service data verification method and device, computer medium and electronic equipment | |
| CN115150154A (en) | User login authentication method and related device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201222 |