CN112887282A - Identity authentication method, device and system and electronic equipment - Google Patents
Identity authentication method, device and system and electronic equipment Download PDFInfo
- Publication number
- CN112887282A CN112887282A CN202110044025.1A CN202110044025A CN112887282A CN 112887282 A CN112887282 A CN 112887282A CN 202110044025 A CN202110044025 A CN 202110044025A CN 112887282 A CN112887282 A CN 112887282A
- Authority
- CN
- China
- Prior art keywords
- information
- current terminal
- identity authentication
- authentication
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The application provides an identity authentication method, an identity authentication device, an identity authentication system and electronic equipment, wherein in the system, a current terminal acquires identity authentication request information and sends the identity authentication request information to an authentication gateway; the authentication gateway verifies the identity authentication request information according to the terminal access identifier, generates feedback information and sends the feedback information to the current terminal; the current terminal acquires an encryption key and encrypts the feedback information by using the encryption key to obtain corresponding encryption information; the authentication gateway reads the encrypted information by using the session key to obtain corresponding decryption information; and generating an identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information. The scheme realizes bidirectional authentication between the current terminal and the authentication gateway, improves the reliability of the identity authentication result, and lays a foundation for improving the safety of the power system.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to an identity authentication method, apparatus, system, and electronic device.
Background
With the development of network technology, the types and the number of terminal devices in an electric power system are increasing continuously, and in order to ensure the safety of the electric power system, identity authentication needs to be performed on the terminal devices in the electric power system.
In the prior art, the identity authentication information of the current terminal device is usually authenticated according to a preset identity registry.
However, since the network attack means are various, it is inevitable that the network attacker forges the identity authentication information, resulting in lower reliability of the identity authentication result in the prior art. Therefore, an identity authentication method capable of ensuring the reliability of an identity authentication result is urgently needed, and the identity authentication method has important significance for improving the safety of a power system.
Disclosure of Invention
The application provides an identity authentication method, device, system and electronic equipment, which aim to overcome the defects of low reliability and the like in the prior art.
A first aspect of the present application provides an identity authentication method, including:
receiving identity authentication request information sent by a current terminal, wherein the identity authentication request information comprises a terminal access identifier of the current terminal;
verifying the identity authentication request information according to the terminal access identifier to generate feedback information, and sending the feedback information to the current terminal;
receiving encryption information sent by the current terminal, wherein the encryption information is obtained by encrypting the feedback information by the current terminal based on a corresponding encryption key of the current terminal;
selecting a corresponding session key from a preset authentication library according to the terminal access identifier, and reading the encrypted information by using the session key to obtain corresponding decrypted information;
and generating an identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information.
Optionally, after generating the identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information, the method further includes:
when the identity authentication result is that the authentication is passed, a first response instruction is sent to the current terminal;
receiving first response data sent by the current terminal; the first response data is generated by the current terminal according to the first response instruction;
and generating a safety detection result of the current terminal according to the relation between the first response data and the sent first response instruction.
Optionally, the generating an identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information includes:
judging whether the decryption information is the same as the feedback information;
when the decryption information is the same as the feedback information, determining that the identity authentication of the current terminal is successful;
and when the decryption information is different from the feedback information, determining that the identity authentication of the current terminal fails.
Optionally, the generating a security detection result of the current terminal according to the relationship between the first response data and the sent first response instruction includes:
judging whether the first response data and the first response instruction meet a preset corresponding relation or not;
when the first response data and the first response instruction meet a preset corresponding relation, determining that the current terminal is a normal terminal;
and when the first response data and the first response instruction do not meet the preset corresponding relation, determining that the current terminal is an abnormal terminal.
Optionally, before receiving the identity authentication request information sent by the current terminal, the method further includes:
acquiring equipment attribute information and service attribute information of a current terminal; the attribute information comprises equipment type, resource allocation information, authority information and operation environment information;
and generating a corresponding terminal access identifier and an encryption key according to the attribute information and the service attribute information of the current terminal based on a preset identifier generation rule, and sending the terminal access identifier and the encryption key to the current terminal.
Optionally, the method further includes:
sending a second response instruction to the current terminal according to a preset authentication period;
receiving second response data sent by the current terminal, wherein the second response data are generated by the current terminal according to the second response instruction;
and updating the safety detection result of the current terminal according to the relation between the second response data and the sent second response instruction.
A second aspect of the present application provides an identity authentication method, including:
acquiring identity authentication request information and sending the identity authentication request information to an authentication gateway, wherein the identity authentication request information comprises a terminal access identifier;
receiving feedback information sent by the authentication gateway, wherein the feedback information is generated by the authentication gateway according to the identity authentication request information;
acquiring an encryption key, and encrypting the feedback information by using the encryption key to obtain corresponding encryption information;
and sending the encrypted information to the authentication gateway so that the authentication gateway can generate a corresponding identity authentication result according to the encrypted information.
Optionally, the method further includes:
receiving a first response instruction sent by the authentication gateway, wherein the first response instruction is sent by the authentication gateway when the identity authentication result is that the authentication is passed;
generating corresponding first response data according to the first response instruction;
and sending the first response data to the authentication gateway so that the authentication gateway can generate a safety detection result according to the relation between the first response data and the sent first response instruction.
Optionally, before obtaining the identity authentication request information, the method further includes:
sending current equipment attribute information and service attribute information to the authentication gateway;
receiving a terminal access identifier and an encryption key sent by the authentication gateway, wherein the terminal access identifier and the encryption key are generated by the authentication gateway according to current equipment attribute information and service attribute information;
and generating corresponding identity authentication request information according to the terminal access identifier.
Optionally, the method further includes:
receiving a second response instruction sent by the authentication gateway, wherein the second response instruction is a response instruction sent by the authentication gateway according to a preset authentication period; generating corresponding second response data according to the second response instruction;
and sending the second response data to the authentication gateway so that the authentication gateway can update the safety detection result according to the relationship between the second response data and the sent second response instruction.
A third aspect of the present application provides an identity authentication apparatus, including:
the terminal comprises a first receiving module, a second receiving module and a sending module, wherein the first receiving module is used for receiving identity authentication request information sent by a current terminal, and the identity authentication request information comprises a terminal access identifier of the current terminal;
the verification module is used for verifying the identity authentication request information according to the terminal access identifier, generating feedback information and sending the feedback information to the current terminal;
the second receiving module is used for receiving encrypted information sent by the current terminal, wherein the encrypted information is obtained by encrypting the feedback information by the current terminal based on a corresponding encryption key of the current terminal;
the decryption module is used for selecting a corresponding session key from a preset authentication library according to the terminal access identifier, and reading the encrypted information by using the session key to obtain corresponding decryption information;
and the authentication module is used for generating an identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information.
A fourth aspect of the present application provides an identity authentication apparatus, including:
the first acquisition module is used for acquiring identity authentication request information and sending the identity authentication request information to an authentication gateway, wherein the identity authentication request information comprises a terminal access identifier;
a third receiving module, configured to receive feedback information sent by the authentication gateway, where the feedback information is feedback information generated by the authentication gateway according to the identity authentication request information;
the second acquisition module is used for acquiring an encryption key and encrypting the feedback information by using the encryption key to obtain corresponding encryption information;
and the sending module is used for sending the encrypted information to the authentication gateway so that the authentication gateway can generate a corresponding identity authentication result according to the encrypted information.
A fifth aspect of the present application provides an identity authentication system, which includes at least one terminal and an authentication gateway;
the current terminal acquires identity authentication request information and sends the identity authentication request information to an authentication gateway; wherein the identity authentication request information comprises a terminal access identifier;
the authentication gateway receives identity authentication request information sent by a current terminal; verifying the identity authentication request information according to the terminal access identifier to generate feedback information, and sending the feedback information to the current terminal;
the current terminal receives feedback information sent by the authentication gateway; acquiring an encryption key, and encrypting the feedback information by using the encryption key to obtain corresponding encryption information;
the authentication gateway receives the encrypted information sent by the current terminal; selecting a corresponding session key from a preset authentication library according to the terminal access identifier, and reading the encrypted information by using the session key to obtain corresponding decrypted information; and generating an identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information.
A sixth aspect of the present application provides an electronic device, comprising: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executing the computer-executable instructions stored by the memory causes the at least one processor to perform the method as set forth in the first aspect and various possible designs of the first aspect, or as set forth in the second aspect and various possible designs of the second aspect.
A fourth aspect of the present application provides a computer-readable storage medium having stored thereon computer-executable instructions that, when executed by a processor, perform a method as set forth in the first aspect and various possible designs of the first aspect, or as set forth in the second aspect and various possible designs of the second aspect.
This application technical scheme has following advantage:
according to the identity authentication method, the identity authentication device, the identity authentication system and the electronic equipment, identity authentication request information is obtained through a current terminal, and the identity authentication request information is sent to an authentication gateway; wherein the identity authentication request information comprises a terminal access identifier; the authentication gateway receives identity authentication request information sent by a current terminal; verifying the identity authentication request information according to the terminal access identifier to generate feedback information, and sending the feedback information to the current terminal; the current terminal receives feedback information sent by the authentication gateway; acquiring an encryption key, and encrypting the feedback information by using the encryption key to obtain corresponding encryption information; the authentication gateway receives the encrypted information sent by the current terminal; selecting a corresponding session key from a preset authentication library according to the terminal access identifier, and reading the encrypted information by using the session key to obtain corresponding decrypted information; and generating an identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information. According to the scheme, the information encryption condition of the current terminal is verified in the process of verifying the identity authentication request information of the current terminal, so that bidirectional authentication is realized between the current terminal and the authentication gateway, the reliability of the identity authentication result is improved, and a foundation is laid for improving the safety of a power system.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings can be obtained by those skilled in the art according to these drawings.
Fig. 1 is a schematic diagram of a network structure based on an embodiment of the present application;
fig. 2 is a schematic flowchart of an identity authentication method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of another identity authentication method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an identity authentication apparatus according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of another identity authentication apparatus according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
With the above figures, there are shown specific embodiments of the present application, which will be described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. In the description of the following examples, "plurality" means two or more unless specifically limited otherwise.
In the prior art, the identity authentication information of the current terminal device is usually authenticated according to a preset identity registry. However, since the network attack means are various, it is inevitable that the network attacker forges the identity authentication information, resulting in lower reliability of the identity authentication result in the prior art.
In order to solve the above problems, the identity authentication method, device, system and electronic device provided in the embodiments of the present application acquire identity authentication request information through a current terminal, and send the identity authentication request information to an authentication gateway; the identity authentication request information comprises a terminal access identifier; the authentication gateway receives identity authentication request information sent by a current terminal; verifying the identity authentication request information according to the terminal access identifier to generate feedback information, and sending the feedback information to the current terminal; the current terminal receives feedback information sent by an authentication gateway; acquiring an encryption key, and encrypting the feedback information by using the encryption key to obtain corresponding encryption information; the authentication gateway receives encryption information sent by a current terminal; selecting a corresponding session key from a preset authentication library according to the terminal access identifier, and reading encrypted information by using the session key to obtain corresponding decrypted information; and generating an identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information. According to the scheme, the information encryption condition of the current terminal is verified in the process of verifying the identity authentication request information of the current terminal, so that bidirectional authentication is realized between the current terminal and the authentication gateway, the reliability of the identity authentication result is improved, and a foundation is laid for improving the safety of a power system.
The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
First, a network structure on which the present application is based will be explained:
the identity authentication method, the identity authentication device, the identity authentication system and the electronic equipment are suitable for verifying the identity of the terminal equipment in the network. As shown in fig. 1, a schematic diagram of a network structure based on the embodiment of the present application mainly includes a plurality of terminals, an authentication gateway, and an authentication center. Specifically, when a certain terminal needs to perform identity authentication, identity authentication request information is sent to an authentication gateway, and the authentication gateway performs identity authentication on the terminal according to the obtained identity authentication request information and an authentication library arranged in an authentication center and generates a corresponding identity authentication result.
The embodiment of the application provides an identity authentication system, which comprises at least one terminal and an authentication gateway.
As shown in fig. 2, a schematic flow chart of an identity authentication method provided in the embodiment of the present application is shown, where the method includes:
step 201, the current terminal acquires identity authentication request information and sends the identity authentication request information to an authentication gateway.
Wherein the identity authentication request information comprises a terminal access identifier.
For example, the current terminal sends the authentication request message to the authentication gateway, and generates a timestamp N1, and the authentication request message S ═ H (a _ ID) ≦ N1, which transmits S and N1 to the authentication gateway. Wherein, a _ ID represents a terminal access identifier, and H (a _ ID) represents a hash value corresponding to the terminal access identifier.
Step 202, an authentication gateway receives identity authentication request information sent by a current terminal; and verifying the identity authentication request information according to the terminal access identifier to generate feedback information, and sending the feedback information to the current terminal.
For example, after the authentication gateway receives the authentication request information of your terminal, based on the obtained terminal access identifier, the authentication gateway calculates H (a _ ID) × N1, further determines whether the obtained calculation result is the same as the received S, and if the obtained calculation result is the same as the received S, determines that the authentication request information of the current terminal passes authentication, and generates feedback information M ═ H (a _ ID) × N1| | N2}, where N2 is a timestamp generated by the authentication gateway.
Step 203, the current terminal receives feedback information sent by the authentication gateway; and acquiring an encryption key, and encrypting the feedback information by using the encryption key to obtain corresponding encryption information.
For example, the current terminal may obtain the encryption information Q ═ M | | | E (H (T _ ID) | N4)) }, where ek (x) is a process of encrypting the obtained feedback information with the encryption key K, the encryption algorithm may use any symmetric encryption algorithm, and N4 is the current corresponding timestamp.
Step 204, the authentication gateway receives the encryption information sent by the current terminal; selecting a corresponding session key from a preset authentication library according to the terminal access identifier, and reading encrypted information by using the session key to obtain corresponding decrypted information; and generating an identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information.
It should be explained that the authentication library stores the registration information of each terminal device in the current network, and the registration information includes the session key corresponding to the terminal device, so as to decrypt the encrypted information of the terminal device.
For example, after obtaining the encryption information, the authentication gateway extracts the corresponding session key from the authentication library, and obtains decryption information { H (a _ ID) | N1| | N2| | | E (H (T _ ID) | N4+1| | KS)) }. And further generating an identity authentication result of the current terminal according to the obtained decryption information and the previous feedback information.
Specifically, in an embodiment, the authentication gateway may determine whether the decryption information is the same as the feedback information; when the decryption information is the same as the feedback information, determining that the identity authentication of the current terminal is successful; and when the decryption information is different from the feedback information, determining that the identity authentication of the current terminal fails.
Specifically, since the encrypted information is obtained by encrypting the feedback information by the current terminal, it can be determined whether the current terminal has received the feedback information sent by the authentication gateway by further verifying whether the obtained decryption information is the same as the feedback information sent to the current terminal before, so as to determine the validity of the current terminal.
On the basis of the foregoing embodiment, because in a complex network environment, even if the identity authentication of the current terminal is successful, the security of the current terminal cannot be guaranteed, so as to further detect the security of the current terminal, as an implementable manner, as shown in fig. 3, a schematic flow diagram of another identity authentication method provided in the embodiment of the present application is provided, in an embodiment, after the authentication gateway generates an identity authentication result of the current terminal according to a relationship between the feedback information and the decryption information, the method further includes:
step 301, when the identity authentication result is that the authentication is passed, a first response instruction is sent to the current terminal;
step 302, receiving first response data sent by a current terminal; the first response data is generated by the current terminal according to the first response instruction;
step 303, generating a security detection result of the current terminal according to the relationship between the first response data and the sent first response instruction.
Correspondingly, in an embodiment, the identity authentication method executed by the current terminal further includes:
Illustratively, after the authentication gateway determines that the identity authentication of the current terminal is successful, a first response instruction is generated to control the current terminal to generate corresponding first response data, and the security of the current terminal is further detected by judging the corresponding relationship between the first response instruction and the first response data generated by the current terminal.
Specifically, in an embodiment, it may be determined whether the first response data and the first response instruction satisfy a preset corresponding relationship; when the first response data and the first response instruction meet a preset corresponding relation, determining that the current terminal is a normal terminal; and when the first response data and the first response instruction do not meet the preset corresponding relation, determining that the current terminal is an abnormal terminal.
Specifically, whether the current terminal makes a correct response or not can be determined by judging whether the first response data and the first response instruction meet a preset corresponding relationship or not, so as to determine the security of the current terminal. When the current terminal is determined to be an abnormal terminal, corresponding alarm information can be generated, and the network connection between the current terminal and the authentication gateway is cut off.
Specifically, in an embodiment, in order to further perform real-time monitoring on the security of the current terminal to ensure network security, the authentication gateway may send a second response instruction to the current terminal according to a preset authentication period; receiving second response data sent by the current terminal, wherein the second response data are generated by the current terminal according to a second response instruction; and updating the safety detection result of the current terminal according to the relation between the second response data and the sent second response instruction.
Correspondingly, in an embodiment, the current terminal may receive a second response instruction sent by the authentication gateway, where the second response instruction is a response instruction sent by the authentication gateway according to a preset authentication cycle; generating corresponding second response data according to the second response instruction; and sending the second response data to the authentication gateway so that the authentication gateway updates the safety detection result according to the relationship between the second response data and the sent second response instruction.
The preset authentication period can be set according to actual requirements. If the security requirement on the current terminal is high, the authentication period may be set to be shorter, and conversely, if the security requirement on the current terminal is relatively low, the authentication period may be set to be longer, which is not limited in the embodiment of the present application. For a specific safety detection principle and method, reference may be made to the above embodiments, which are not described herein again.
Specifically, in an embodiment, before receiving the identity authentication request information sent by the current terminal, the authentication gateway may obtain device attribute information and service attribute information of the current terminal; the equipment attribute information comprises equipment type, resource allocation information, authority information and running environment information; and based on a preset identifier generation rule, generating a corresponding terminal access identifier and an encryption key according to the attribute information and the service attribute information of the current terminal, and sending the terminal access identifier and the encryption key to the current terminal.
Correspondingly, in an embodiment, the current terminal may send the current device attribute information and the current service attribute information to the authentication gateway; receiving a terminal access identifier and an encryption key sent by an authentication gateway, wherein the terminal access identifier and the encryption key are generated by the authentication gateway according to current equipment attribute information and service attribute information; and generating corresponding identity authentication request information according to the terminal access identifier.
For example, if the device attribute information of the current terminal is a1, a2, …, An, and the service attribute information of the current terminal is B _ ID, the device identifier of the current terminal is generated as follows: t _ ID ═ H (a1| | a2| | | … | | | An | | | B _ ID). Where T _ ID represents a device identifier, h (x) is a hash algorithm, and | is a string concatenation. The network will assign a unique terminal access identifier a _ ID according to the terminal service attribute information B _ ID, which also includes the information of the domain where the terminal user is located.
Specifically, before the current terminal accesses the network, it needs to register with the authentication center. The internet of things terminal transmits information needing authentication to the authentication center through a secure channel for registration, and generates a current terminal access identifier and a master key (encryption key) shared by both parties.
Specifically, the current terminal provides the authentication center with device attribute information and service attribute information, where the device attribute information further includes a production manufacturer, a product serial number, and the like. The authentication center generates a unique device identifier (T _ ID) by using a preset hash algorithm according to the device attribute information { A _ i | i ═ 1, …, n } and the service attribute information (B _ ID), and randomly generates a unique terminal access identifier (A _ ID) and an encryption key K. The terminal access identifier contains identification information of the domain where the terminal access identifier is located, and the terminal access identifier corresponds to the terminal identifier one by one. The authentication center and the authentication gateway save the hash value H (A _ ID) of the terminal access identifier; the authentication center transmits the terminal access identifier (a _ ID) and the encryption key K to the current terminal. For convenience of distinction, the master key sent to the current terminal is defined as an encryption key, and the master key stored in the authentication center is defined as a session key.
The identity authentication system provided by the embodiment of the application acquires identity authentication request information through the current terminal and sends the identity authentication request information to the authentication gateway; the identity authentication request information comprises a terminal access identifier; the authentication gateway receives identity authentication request information sent by a current terminal; verifying the identity authentication request information according to the terminal access identifier to generate feedback information, and sending the feedback information to the current terminal; the current terminal receives feedback information sent by an authentication gateway; acquiring an encryption key, and encrypting the feedback information by using the encryption key to obtain corresponding encryption information; the authentication gateway receives encryption information sent by a current terminal; selecting a corresponding session key from a preset authentication library according to the terminal access identifier, and reading encrypted information by using the session key to obtain corresponding decrypted information; and generating an identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information. According to the scheme, the information encryption condition of the current terminal is verified in the process of verifying the identity authentication request information of the current terminal, so that bidirectional authentication is realized between the current terminal and the authentication gateway, the reliability of the identity authentication result is improved, and a foundation is laid for improving the safety of a power system. Moreover, the safety of the current terminal is detected by verifying the response condition of the current terminal, and the safety of the power system is further guaranteed.
The embodiment of the present application provides an identity authentication apparatus, which is configured to execute an identity authentication method corresponding to an authentication gateway provided in the foregoing embodiment.
Fig. 4 is a schematic structural diagram of an identity authentication apparatus according to an embodiment of the present application. The identity authentication device 40 comprises a first receiving module 401, a verification module 402, a second receiving module 403, a decryption module 404 and an authentication module 405.
The first receiving module is used for receiving identity authentication request information sent by a current terminal, wherein the identity authentication request information comprises a terminal access identifier of the current terminal; the verification module is used for verifying the identity authentication request information according to the terminal access identifier, generating feedback information and sending the feedback information to the current terminal; the second receiving module is used for receiving the encrypted information sent by the current terminal, wherein the encrypted information is obtained by encrypting the feedback information by the current terminal based on the corresponding encryption key of the current terminal; the decryption module is used for selecting a corresponding session key from a preset authentication library according to the terminal access identifier, and reading the encrypted information by using the session key to obtain corresponding decryption information; and the authentication module is used for generating an identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information.
The specific manner in which each module performs operations of the identity authentication apparatus in this embodiment has been described in detail in the embodiment of the method, and will not be described in detail here.
The identity authentication device provided in the embodiment of the present application is configured to execute the identity authentication method corresponding to the authentication gateway provided in the above embodiment, and an implementation manner of the identity authentication device is the same as a principle, and is not described again.
The embodiment of the application provides an identity authentication device, which is used for executing the identity authentication method corresponding to the current terminal provided by the embodiment.
Fig. 5 is a schematic structural diagram of another identity authentication apparatus provided in the embodiment of the present application. The identity authentication device 50 includes a first obtaining module 501, a third receiving module 502, a second obtaining module 503 and a sending module 504.
The first acquisition module is used for acquiring identity authentication request information and sending the identity authentication request information to the authentication gateway, wherein the identity authentication request information comprises a terminal access identifier; the third receiving module is used for receiving feedback information sent by the authentication gateway, wherein the feedback information is generated by the authentication gateway according to the identity authentication request information; the second acquisition module is used for acquiring the encryption key and encrypting the feedback information by using the encryption key to obtain corresponding encryption information; and the sending module is used for sending the encrypted information to the authentication gateway so that the authentication gateway generates a corresponding identity authentication result according to the encrypted information.
The specific manner in which each module performs operations of the identity authentication apparatus in this embodiment has been described in detail in the embodiment of the method, and will not be described in detail here.
The identity authentication device provided in the embodiment of the present application is configured to execute the identity authentication method corresponding to the current terminal provided in the above embodiment, and an implementation manner of the identity authentication device is the same as a principle, which is not described again.
The embodiment of the application provides electronic equipment, which is used for executing the identity authentication method provided by the embodiment.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application. The electronic device 60 includes: at least one processor 61 and memory 62;
the memory stores computer-executable instructions; the at least one processor executes the computer-executable instructions stored in the memory, so that the at least one processor executes the identity authentication method corresponding to the authentication gateway or the identity authentication method corresponding to the current terminal provided in the above embodiments.
The electronic device provided in the embodiment of the present application is configured to execute the identity authentication method corresponding to the authentication gateway provided in the foregoing embodiment, or the identity authentication method corresponding to the current terminal, and an implementation manner of the electronic device is the same as the principle, which is not described again.
An embodiment of the present application provides a computer-readable storage medium, where a computer execution instruction is stored in the computer-readable storage medium, and when a processor executes the computer execution instruction, an identity authentication method corresponding to an authentication gateway or an identity authentication method corresponding to a current terminal, which are provided in any of the above embodiments, is implemented.
The storage medium including the computer executable instruction in the embodiment of the present application may be used to store the identity authentication method corresponding to the authentication gateway provided in the foregoing embodiments, or the computer executable instruction of the identity authentication method corresponding to the current terminal, and the implementation manner and principle thereof are the same, and details thereof are not repeated
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.
Claims (15)
1. An identity authentication method, comprising:
receiving identity authentication request information sent by a current terminal, wherein the identity authentication request information comprises a terminal access identifier of the current terminal;
verifying the identity authentication request information according to the terminal access identifier to generate feedback information, and sending the feedback information to the current terminal;
receiving encryption information sent by the current terminal, wherein the encryption information is obtained by encrypting the feedback information by the current terminal based on a corresponding encryption key of the current terminal;
selecting a corresponding session key from a preset authentication library according to the terminal access identifier, and reading the encrypted information by using the session key to obtain corresponding decrypted information;
and generating an identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information.
2. The method according to claim 1, wherein after generating the identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information, the method further comprises:
when the identity authentication result is that the authentication is passed, a first response instruction is sent to the current terminal;
receiving first response data sent by the current terminal; the first response data is generated by the current terminal according to the first response instruction;
and generating a safety detection result of the current terminal according to the relation between the first response data and the sent first response instruction.
3. The method according to claim 1, wherein the generating the identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information comprises:
judging whether the decryption information is the same as the feedback information;
when the decryption information is the same as the feedback information, determining that the identity authentication of the current terminal is successful;
and when the decryption information is different from the feedback information, determining that the identity authentication of the current terminal fails.
4. The method according to claim 2, wherein the generating the security detection result of the current terminal according to the relationship between the first response data and the transmitted first response instruction comprises:
judging whether the first response data and the first response instruction meet a preset corresponding relation or not;
when the first response data and the first response instruction meet a preset corresponding relation, determining that the current terminal is a normal terminal;
and when the first response data and the first response instruction do not meet the preset corresponding relation, determining that the current terminal is an abnormal terminal.
5. The method according to claim 1, wherein before receiving the identity authentication request information sent by the current terminal, the method further comprises:
acquiring equipment attribute information and service attribute information of a current terminal; the attribute information comprises equipment type, resource allocation information, authority information and operation environment information;
and generating a corresponding terminal access identifier and an encryption key according to the attribute information and the service attribute information of the current terminal based on a preset identifier generation rule, and sending the terminal access identifier and the encryption key to the current terminal.
6. The method of claim 2, further comprising:
sending a second response instruction to the current terminal according to a preset authentication period;
receiving second response data sent by the current terminal, wherein the second response data are generated by the current terminal according to the second response instruction;
and updating the safety detection result of the current terminal according to the relation between the second response data and the sent second response instruction.
7. An identity authentication method, comprising:
acquiring identity authentication request information and sending the identity authentication request information to an authentication gateway, wherein the identity authentication request information comprises a terminal access identifier;
receiving feedback information sent by the authentication gateway, wherein the feedback information is generated by the authentication gateway according to the identity authentication request information;
acquiring an encryption key, and encrypting the feedback information by using the encryption key to obtain corresponding encryption information;
and sending the encrypted information to the authentication gateway so that the authentication gateway can generate a corresponding identity authentication result according to the encrypted information.
8. The method of claim 7, further comprising:
receiving a first response instruction sent by the authentication gateway, wherein the first response instruction is sent by the authentication gateway when the identity authentication result is that the authentication is passed;
generating corresponding first response data according to the first response instruction;
and sending the first response data to the authentication gateway so that the authentication gateway can generate a safety detection result according to the relation between the first response data and the sent first response instruction.
9. The method of claim 7, wherein prior to obtaining the authentication request information, the method further comprises:
sending current equipment attribute information and service attribute information to the authentication gateway;
receiving a terminal access identifier and an encryption key sent by the authentication gateway, wherein the terminal access identifier and the encryption key are generated by the authentication gateway according to current equipment attribute information and service attribute information;
and generating corresponding identity authentication request information according to the terminal access identifier.
10. The method of claim 8, further comprising:
receiving a second response instruction sent by the authentication gateway, wherein the second response instruction is a response instruction sent by the authentication gateway according to a preset authentication period; generating corresponding second response data according to the second response instruction;
and sending the second response data to the authentication gateway so that the authentication gateway can update the safety detection result according to the relationship between the second response data and the sent second response instruction.
11. An identity authentication apparatus, comprising:
the terminal comprises a first receiving module, a second receiving module and a sending module, wherein the first receiving module is used for receiving identity authentication request information sent by a current terminal, and the identity authentication request information comprises a terminal access identifier of the current terminal;
the verification module is used for verifying the identity authentication request information according to the terminal access identifier, generating feedback information and sending the feedback information to the current terminal;
the second receiving module is used for receiving encrypted information sent by the current terminal, wherein the encrypted information is obtained by encrypting the feedback information by the current terminal based on a corresponding encryption key of the current terminal;
the decryption module is used for selecting a corresponding session key from a preset authentication library according to the terminal access identifier, and reading the encrypted information by using the session key to obtain corresponding decryption information;
and the authentication module is used for generating an identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information.
12. An identity authentication apparatus, comprising:
the first acquisition module is used for acquiring identity authentication request information and sending the identity authentication request information to an authentication gateway, wherein the identity authentication request information comprises a terminal access identifier;
a third receiving module, configured to receive feedback information sent by the authentication gateway, where the feedback information is feedback information generated by the authentication gateway according to the identity authentication request information;
the second acquisition module is used for acquiring an encryption key and encrypting the feedback information by using the encryption key to obtain corresponding encryption information;
and the sending module is used for sending the encrypted information to the authentication gateway so that the authentication gateway can generate a corresponding identity authentication result according to the encrypted information.
13. An identity authentication system, comprising at least one terminal and an authentication gateway, characterized in that:
the current terminal acquires identity authentication request information and sends the identity authentication request information to an authentication gateway; wherein the identity authentication request information comprises a terminal access identifier;
the authentication gateway receives identity authentication request information sent by a current terminal; verifying the identity authentication request information according to the terminal access identifier to generate feedback information, and sending the feedback information to the current terminal;
the current terminal receives feedback information sent by the authentication gateway; acquiring an encryption key, and encrypting the feedback information by using the encryption key to obtain corresponding encryption information;
the authentication gateway receives the encrypted information sent by the current terminal; selecting a corresponding session key from a preset authentication library according to the terminal access identifier, and reading the encrypted information by using the session key to obtain corresponding decrypted information; and generating an identity authentication result of the current terminal according to the relationship between the feedback information and the decryption information.
14. An electronic device, comprising: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executing the computer-executable instructions stored by the memory causes the at least one processor to perform the method of any of claims 1 to 6, or the method of any of claims 7 to 10.
15. A computer-readable storage medium having computer-executable instructions stored thereon which, when executed by a processor, implement the method of any of claims 1 to 6, or the method of any of claims 7 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110044025.1A CN112887282B (en) | 2021-01-13 | 2021-01-13 | Identity authentication method, device, system and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110044025.1A CN112887282B (en) | 2021-01-13 | 2021-01-13 | Identity authentication method, device, system and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112887282A true CN112887282A (en) | 2021-06-01 |
| CN112887282B CN112887282B (en) | 2023-06-20 |
Family
ID=76045710
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110044025.1A Active CN112887282B (en) | 2021-01-13 | 2021-01-13 | Identity authentication method, device, system and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112887282B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113992416A (en) * | 2021-10-28 | 2022-01-28 | 上海辰锐信息科技公司 | Internet of things perception terminal authentication method and internet of things perception terminal |
| CN114205131A (en) * | 2021-12-06 | 2022-03-18 | 广西电网有限责任公司梧州供电局 | Safety certification protocol for transformer substation measurement and control and PMU (power management unit) equipment |
| CN114500005A (en) * | 2022-01-05 | 2022-05-13 | 上海安几科技有限公司 | ModbusTcp instruction protection method, device, terminal and storage medium |
| CN114900337A (en) * | 2022-04-19 | 2022-08-12 | 贵州电网有限责任公司 | Authentication encryption method and system suitable for power chip |
| CN116033070A (en) * | 2021-10-27 | 2023-04-28 | 中移(杭州)信息技术有限公司 | Alarm method and device based on signal detection and storage medium |
| CN116996234A (en) * | 2023-09-26 | 2023-11-03 | 北京数盾信息科技有限公司 | Method for accessing terminal to authentication gateway, terminal and authentication gateway |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105553666A (en) * | 2015-12-15 | 2016-05-04 | 国网智能电网研究院 | Security authentication system and method for smart power terminal |
| CN107623665A (en) * | 2016-07-15 | 2018-01-23 | 华为技术有限公司 | A kind of authentication method, equipment and system |
| CN110289958A (en) * | 2019-07-18 | 2019-09-27 | 郑州信大捷安信息技术股份有限公司 | Internet of Vehicles identity authentication method and system |
| JP2019186600A (en) * | 2018-04-02 | 2019-10-24 | Kddi株式会社 | Terminal device, home gateway device, management server device, terminal authentication method and computer program |
| CN110784466A (en) * | 2019-10-29 | 2020-02-11 | 北京汽车集团有限公司 | Information authentication method, device and equipment |
-
2021
- 2021-01-13 CN CN202110044025.1A patent/CN112887282B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105553666A (en) * | 2015-12-15 | 2016-05-04 | 国网智能电网研究院 | Security authentication system and method for smart power terminal |
| CN107623665A (en) * | 2016-07-15 | 2018-01-23 | 华为技术有限公司 | A kind of authentication method, equipment and system |
| JP2019186600A (en) * | 2018-04-02 | 2019-10-24 | Kddi株式会社 | Terminal device, home gateway device, management server device, terminal authentication method and computer program |
| CN110289958A (en) * | 2019-07-18 | 2019-09-27 | 郑州信大捷安信息技术股份有限公司 | Internet of Vehicles identity authentication method and system |
| CN110784466A (en) * | 2019-10-29 | 2020-02-11 | 北京汽车集团有限公司 | Information authentication method, device and equipment |
Non-Patent Citations (1)
| Title |
|---|
| 陈学锋: "移动网络终端单点登陆身份准确认证仿真分析", 《计算机仿真》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116033070A (en) * | 2021-10-27 | 2023-04-28 | 中移(杭州)信息技术有限公司 | Alarm method and device based on signal detection and storage medium |
| CN113992416A (en) * | 2021-10-28 | 2022-01-28 | 上海辰锐信息科技公司 | Internet of things perception terminal authentication method and internet of things perception terminal |
| CN114205131A (en) * | 2021-12-06 | 2022-03-18 | 广西电网有限责任公司梧州供电局 | Safety certification protocol for transformer substation measurement and control and PMU (power management unit) equipment |
| CN114205131B (en) * | 2021-12-06 | 2024-03-22 | 广西电网有限责任公司梧州供电局 | Safety authentication method for transformer substation measurement and control and PMU equipment |
| CN114500005A (en) * | 2022-01-05 | 2022-05-13 | 上海安几科技有限公司 | ModbusTcp instruction protection method, device, terminal and storage medium |
| CN114900337A (en) * | 2022-04-19 | 2022-08-12 | 贵州电网有限责任公司 | Authentication encryption method and system suitable for power chip |
| CN114900337B (en) * | 2022-04-19 | 2024-04-05 | 贵州电网有限责任公司 | Authentication encryption method and system suitable for power chip |
| CN116996234A (en) * | 2023-09-26 | 2023-11-03 | 北京数盾信息科技有限公司 | Method for accessing terminal to authentication gateway, terminal and authentication gateway |
| CN116996234B (en) * | 2023-09-26 | 2023-12-26 | 北京数盾信息科技有限公司 | Method for accessing terminal to authentication gateway, terminal and authentication gateway |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112887282B (en) | 2023-06-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110968743B (en) | Data storage and data reading method and device for private data | |
| CN112887282B (en) | Identity authentication method, device, system and electronic equipment | |
| CN111010410B (en) | Mimicry defense system based on certificate identity authentication and certificate signing and issuing method | |
| EP3462747A1 (en) | Security device for providing security function for image, camera device including the same, and system on chip for controlling the camera device | |
| CN106790045B (en) | distributed virtual machine agent device based on cloud environment and data integrity guarantee method | |
| CN110708388A (en) | Vehicle body safety anchor node device, method and network system for providing safety service | |
| JP2020532928A (en) | Digital signature methods, devices and systems | |
| CN113285932B (en) | Method for acquiring edge service, server and edge device | |
| CN111246474B (en) | Base station authentication method and device | |
| CN112861106B (en) | Digital certificate processing method and system, electronic device and storage medium | |
| CN113114699A (en) | Vehicle terminal identity certificate application method | |
| CN114218548B (en) | Identity verification certificate generation method, authentication method, device, equipment and medium | |
| CN113259722B (en) | Secure video Internet of things key management method, device and system | |
| CN111654503A (en) | Remote control method, device, equipment and storage medium | |
| CN113703911B (en) | Virtual machine migration method, device, equipment and storage medium | |
| WO2020018187A1 (en) | Network device, method for security and computer readable storage medium | |
| CN112261103A (en) | Node access method and related equipment | |
| CN111510421B (en) | Data processing method and device, electronic equipment and computer readable storage medium | |
| CN116599719A (en) | User login authentication method, device, equipment and storage medium | |
| CN113872986B (en) | Power distribution terminal authentication method and device and computer equipment | |
| US11570008B2 (en) | Pseudonym credential configuration method and apparatus | |
| CN114553542A (en) | Data packet encryption method and device and electronic equipment | |
| CN112437436A (en) | Identity authentication method and device | |
| CN112182551A (en) | PLC equipment identity authentication system and PLC equipment identity authentication method | |
| CN110830243A (en) | Symmetric key distribution method, device, vehicle and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |