CN112995213B - Security authentication method and application device thereof - Google Patents

Security authentication method and application device thereof Download PDF

Info

Publication number
CN112995213B
CN112995213B CN202110438844.4A CN202110438844A CN112995213B CN 112995213 B CN112995213 B CN 112995213B CN 202110438844 A CN202110438844 A CN 202110438844A CN 112995213 B CN112995213 B CN 112995213B
Authority
CN
China
Prior art keywords
server
certificate
intelligent lock
signature value
production line
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110438844.4A
Other languages
Chinese (zh)
Other versions
CN112995213A (en
Inventor
王强
陶康
王飞
黄钧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Ziguang Anxin Technology Co ltd
Original Assignee
Beijing Ziguang Anxin Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Ziguang Anxin Technology Co ltd filed Critical Beijing Ziguang Anxin Technology Co ltd
Priority to CN202110438844.4A priority Critical patent/CN112995213B/en
Publication of CN112995213A publication Critical patent/CN112995213A/en
Application granted granted Critical
Publication of CN112995213B publication Critical patent/CN112995213B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Abstract

The invention provides a security authentication method and an application device thereof, which are applied to the technical field of information security.A server sends a server certificate and a first challenge number, an intelligent lock checks a signature value of the server certificate, acquires a server public key and obtains a first challenge number signature value after signing the first challenge number; the server obtains a production line certificate, an intelligent lock certificate, a first challenge number signature value and a second challenge number which are sent by the intelligent lock, checks the production line certificate, the intelligent lock certificate and the first challenge number signature value respectively, if the check is successful, the server signs the second challenge number by using a server private key to obtain a second challenge number signature value, the server sends the second challenge number signature value to the intelligent lock, the intelligent lock checks the second challenge number signature value by using a server public key, and the authentication is confirmed to be successful after the check passes. The method can confirm the successful authentication only after each authentication object passes the authentication, ensure the communication relationship between the intelligent lock and the legal server, and ensure the data security.

Description

Security authentication method and application device thereof
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a security authentication method and an application device thereof.
Background
In order to meet market demands and ensure that a user can use the intelligent lock more simply and conveniently, the functions of the intelligent lock are continuously updated and developed, and intelligent lock products such as a fingerprint lock, a face recognition lock and the like are successively produced.
In order to realize more and more intelligent functions, the intelligent lock is mostly provided with a corresponding controller, and the intelligent lock controller not only can realize the off-network function of the intelligent lock, but also can establish connection with a server when necessary and perform necessary data interaction with the server, such as uploading user authentication data, downloading control software update programs and the like.
The inventor researches and discovers that in the prior art, a communication process between an intelligent lock and a server lacks necessary security authentication measures, and the server is likely to be impersonated by an illegal server, so that the loss and leakage of transmission data are caused, and the data security is influenced.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a security authentication method and an application apparatus thereof, which perform security authentication on an intelligent lock and a server before data transmission, so as to ensure that the intelligent lock establishes a communication relationship with a legal server, and further ensure data security, and the specific scheme is as follows:
in a first aspect, the present invention provides a security authentication method applied to a server, where the method includes:
under the condition of starting authentication, sending a server certificate and a first challenge number to enable an intelligent lock to obtain a server public key contained in the server certificate and obtain a first challenge number signature value after signing the first challenge number;
acquiring a production line certificate, an intelligent lock certificate, the first challenge number signature value and a second challenge number which are sent by the intelligent lock;
verifying the production line certificate, the intelligent lock certificate and the first challenge number signature value respectively;
the production line certificate is a certificate of a production line for producing the intelligent lock;
if the production line certificate, the intelligent lock certificate and the first challenge number signature value pass the verification, signing the second challenge number by using a server private key corresponding to the server public key to obtain a second challenge number signature value;
and sending the second challenge number signature value to the intelligent lock so that the intelligent lock verifies the signature of the second challenge number signature value by using the server public key, and confirming that the authentication is successful after the signature verification is passed.
Optionally, the production line certificate includes a production line public key and a production line signature value, and the production line signature value is obtained by signing with a preset root private key;
the intelligent lock certificate comprises an intelligent lock public key and an intelligent lock signature value, and the intelligent lock signature value is obtained by signature of a production line private key corresponding to the production line public key;
the verifying the production line certificate, the intelligent lock certificate and the first challenge number signature value respectively comprises:
checking the signature of the production line signature value by using a preset root public key corresponding to the preset root private key, and extracting the production line public key;
checking the signature of the intelligent lock signature value by using the production line public key, and extracting the intelligent lock public key;
and verifying the signature of the first challenge number signature value by using the public key of the intelligent lock.
Optionally, after the authentication is successful, the method further includes:
encrypting the first random number by using the public key of the intelligent lock to obtain a first ciphertext;
sending the first ciphertext to the intelligent lock, so that the intelligent lock obtains the first random number by using the private key of the intelligent lock to decrypt, obtains a second ciphertext by using the public key of the server to encrypt a second random number, and obtains a third ciphertext by using the first random number and the second random number as keys to encrypt the second random number;
acquiring the second ciphertext and the third ciphertext;
decrypting the second ciphertext by using the server private key to obtain the second random number;
decrypting the third ciphertext based on a key consisting of the first random number and the second random number to obtain a decrypted plaintext;
and if the decrypted plaintext is equal to the second random number, using the first random number and the second random number as symmetric keys for communication with the intelligent lock.
In a second aspect, the present invention provides another security authentication method applied to an intelligent lock, including:
receiving a server certificate and a first challenge number sent by a server when authentication starts; the server certificate comprises a server public key and a server certificate signature value, and the server certificate signature value is obtained by signature of a preset root private key;
verifying the signature of the server certificate signature value by using a preset root public key corresponding to the preset root private key, and extracting the server public key;
signing the first challenge number by using an intelligent lock private key to obtain a first challenge number signature value;
sending a production line certificate, an intelligent lock certificate, a second challenge number and the first challenge number signature value to the server, so that the server verifies the production line certificate, the intelligent lock certificate and the first challenge number signature value respectively;
the production line certificate is a certificate of a production line for producing the intelligent lock;
acquiring a second challenge number signature value;
the second challenge number signature value is obtained by the server after signing a second challenge number by using a server private key under the condition that the production line certificate, the intelligent lock certificate and the first challenge number signature value pass verification;
verifying the signature of the second challenge number signature value by using the server public key;
and if the second challenge number signature value passes the signature verification, the authentication is confirmed to be successful.
Optionally, the production line certificate includes a production line public key and a production line signature value, and the production line signature value is obtained by signing with a preset root private key;
the intelligent lock certificate comprises an intelligent lock public key and an intelligent lock signature value, and the intelligent lock signature value is obtained by signature of a production line private key corresponding to the production line public key.
Optionally, after the authentication is successful, the method further includes:
acquiring a first ciphertext, wherein the first ciphertext is obtained by encrypting a first random number by the server by using the public key of the intelligent lock;
decrypting the first ciphertext by using the intelligent lock private key to obtain the first random number;
encrypting a second random number by using the server public key to obtain a second ciphertext;
encrypting the second random number by taking the first random number and the second random number as keys to obtain a third ciphertext;
and sending the second ciphertext and the third ciphertext to the server, so that the server uses the first random number and the second random number as symmetric keys for communication with the intelligent lock under the condition that the second ciphertext and the third ciphertext are respectively decrypted and the decryption results are consistent.
In a third aspect, the present invention provides a security authentication apparatus, including:
the intelligent lock comprises a first sending unit, a second sending unit and a third sending unit, wherein the first sending unit is used for sending a server certificate and a first challenge number under the condition that authentication starts so that the intelligent lock obtains a server public key contained in the server certificate and obtains a first challenge number signature value after signing the first challenge number;
the first acquisition unit is used for acquiring the production line certificate, the intelligent lock certificate, the first challenge number signature value and the second challenge number which are sent by the intelligent lock;
the first verification unit is used for verifying the production line certificate, the intelligent lock certificate and the first challenge number signature value respectively;
the production line certificate is a certificate of a production line for producing the intelligent lock;
the first signing unit is used for signing the second challenge number by using a server private key corresponding to the server public key to obtain a second challenge number signature value if the production line certificate, the intelligent lock certificate and the first challenge number signature value pass the signature verification;
and the second sending unit is used for sending the second challenge number signature value to the intelligent lock so that the intelligent lock verifies the signature of the second challenge number signature value by using the server public key, and confirms that the authentication is successful after the verification passes.
In a fourth aspect, the present invention provides a security authentication apparatus, comprising:
a receiving unit configured to receive a server certificate and a first challenge number transmitted by a server when authentication is started; the server certificate comprises a server public key and a server certificate signature value, and the server certificate signature value is obtained by signature of a preset root private key;
the second signature verification unit is used for verifying the signature of the server certificate signature value by using a preset root public key corresponding to the preset root private key and extracting the server public key;
the second signature unit is used for signing the first challenge number by using a private key of the intelligent lock to obtain a first challenge number signature value;
a third sending unit, configured to send a production line certificate, an intelligent lock certificate, a second challenge number, and the first challenge number signature value to the server, so that the server verifies the production line certificate, the intelligent lock certificate, and the first challenge number signature value, respectively;
the production line certificate is a certificate of a production line for producing the intelligent lock;
a second obtaining unit configured to obtain a second challenge number signature value;
the second challenge number signature value is obtained by the server after signing a second challenge number by using a server private key under the condition that the production line certificate, the intelligent lock certificate and the first challenge number signature value pass verification;
the third signature verification unit is used for verifying the signature of the second challenge number signature value by using the server public key;
and the confirmation unit is used for confirming that the authentication is successful if the second challenge number signature value passes the signature verification.
In a fifth aspect, the present invention provides a server, comprising: a memory and a processor; the memory stores a program adapted to be executed by the processor to implement the security authentication method according to any one of the first aspect of the present invention.
In a sixth aspect, the present invention provides an intelligent lock, comprising: a memory and a processor; the memory stores a program adapted to be executed by the processor to implement the security authentication method according to any one of the second aspect of the present invention.
Based on the technical scheme, in the security authentication method provided by the invention, under the condition of starting authentication, the server sends the server certificate and the first challenge number, and the intelligent lock acquires the server public key contained in the server certificate and obtains a first challenge number signature value after signing the first challenge number; the server obtains a production line certificate, an intelligent lock certificate, a first challenge number signature value and a second challenge number which are sent by the intelligent lock, checks the production line certificate, the intelligent lock certificate and the first challenge number signature value respectively, if the check is successful, signs a second challenge number signature value by using a server private key corresponding to a server public key, finally, the server sends the second challenge number signature value to the intelligent lock, the intelligent lock checks the second challenge number signature value by using the server public key, and the authentication is confirmed to be successful after the check passes. The security authentication method provided by the invention authenticates the legality of the intelligent lock, the server and a production line for producing the intelligent lock by using the asymmetric encryption key, and only after all the authentication objects pass the authentication, the authentication is confirmed to be successful, so that the communication relationship between the intelligent lock and the legal server is ensured, and the data security is ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a security authentication method according to an embodiment of the present invention;
fig. 2 is a block diagram of a security authentication system according to an embodiment of the present invention;
fig. 3 is a flowchart of another security authentication method provided by an embodiment of the present invention;
fig. 4 is a block diagram of a security authentication apparatus according to an embodiment of the present invention;
fig. 5 is a block diagram of another security authentication apparatus according to an embodiment of the present invention;
fig. 6 is a block diagram of a server according to an embodiment of the present invention;
fig. 7 is a block diagram of an intelligent lock according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart of a security authentication method according to an embodiment of the present invention, where the flowchart of the security authentication method according to the embodiment includes:
s100, when the server starts authentication, the server sends a server certificate and a first challenge number.
To facilitate the explanation of the security authentication method provided in this embodiment and the following embodiments, the security authentication system of the present invention is first described below, and an optional configuration of the security authentication system provided in the embodiment of the present invention can be seen in fig. 2.
The security authentication system provided by this embodiment can be roughly divided into three levels, in practical application, the trusted device in the first level can be understood as a security device used by an intelligent lock generator to store a preset root key pair, and the preset root key pair stored in the trusted device cannot be derived and queried, so that the absolute security of the preset root key pair can be ensured. In the embodiment of the invention, the systems at all levels adopt an asymmetric encryption mode to transmit the relevant information, so that the preset root key pair comprises a preset root public key and a preset root private key.
The second level mainly comprises a server and a production line of an intelligent lock manufacturer. It should be noted that the number of servers and production lines shown in fig. 2 is only an example, and the actual situation of the smart lock manufacturer is taken as the standard. Correspondingly, the server and the production line also have corresponding key pairs, and in the subsequent content, the key pair used by the server is defined as a server public key and a server private key. The key pair used by the production line is defined as a production line public key and a production line private key. The key pair of the server and the production line is correspondingly stored in the security module of the server and the production line.
The third level is the intelligent lock used by the user, the key pair used by the intelligent lock is correspondingly defined as the public key of the intelligent lock and the private key of the intelligent lock, and correspondingly, the key pair of the intelligent lock is stored in the security module of the intelligent lock.
Based on the system structure, the server, the production line and each intelligent lock in the system have own certificate, which is respectively defined as a server certificate, a production line certificate and an intelligent lock certificate. Each certificate is signed by a private key stored in the upper-level security module, and each certificate comprises a corresponding public key and a signature value.
Specifically, the server certificate includes a server public key and a server certificate signature value signed based on a preset root private key in the first-level trusted device; the production line certificate comprises a production line public key and a production line signature value signed based on a preset root private key in the first-stage trusted device; the intelligent lock certificate comprises an intelligent lock public key and an intelligent lock signature value based on the second-level production line private key signature, and further, a production line certificate is stored in the intelligent lock.
It should be noted that each certificate also includes other related information, such as a certificate version number, a certificate validity period, and so on, and for the content related to the certificate not described in this embodiment, it can be implemented by referring to the prior art.
In addition, based on the basic application rule of the asymmetric encryption algorithm, it can be known that each public key mentioned in the above contents is known to the outside, especially the preset root public key in the first level, and the server, the production line and the intelligent lock all store the preset root public key so as to complete the authentication belonging to the same trusted root, while the preset root private key, the server private key, the production line private key and the intelligent lock private key are all devices which cannot be obtained from the outside, that is, they cannot be obtained from the outside.
Therefore, the security authentication method provided by the embodiment of the invention aims to realize the security authentication between the second-level server and the third-level intelligent lock, further ensure the security of data transmission between the second-level server and the third-level intelligent lock, and prevent lawless persons from pretending to be the server and stealing user data.
Based on the security authentication system shown in fig. 2, after the authentication is started, the server first sends the server certificate and the first challenge number to the smart lock, where the first challenge number may be any given random number.
It should be noted that, triggering the authentication process does not strictly limit the initiator of the authentication request, that is, the intelligent lock may initiate the authentication request, and the server responds to the obtained authentication request, i.e., it is considered that authentication starts; correspondingly, the authentication process may also be initiated actively by the server.
S101, the intelligent lock receives a server certificate and a first challenge number sent by a server.
S102, the intelligent lock signs and checks the signature of the server by using the preset root public key corresponding to the preset root private key, and extracts the server public key.
As described above, the server certificate includes the server public key and the server certificate signature value signed by the preset root private key, and the smart lock stores the preset root public key, so that the preset root public key can be used to verify the signature of the server certificate signature value, and the server public key in the server certificate is extracted.
S103, the intelligent lock signs the first challenge number by using the private key of the intelligent lock to obtain a first challenge number signature value.
After the intelligent lock obtains the first challenge number sent by the server, the intelligent lock signs the first challenge number by using the intelligent lock private key stored in the intelligent lock, and then obtains a first challenge number signature value.
And S104, the intelligent lock sends the production line certificate, the intelligent lock certificate, the first challenge number signature value and the second challenge number to the server.
Similar to the first challenge number, the second challenge number may be a random number, but of course, a random number different from the first challenge number.
S105, the server obtains the production line certificate, the intelligent lock certificate, the first challenge number signature value and the second challenge number sent by the intelligent lock.
S106, the server checks the production line certificate, the intelligent lock certificate and the first challenge number signature value respectively.
Optionally, as mentioned above, the production line certificate includes a production line public key and a production line signature value, the production line signature value is obtained by signing with a preset root private key, the intelligent lock certificate includes an intelligent lock public key and an intelligent lock signature value, and the intelligent lock signature value is obtained by signing with a production line private key corresponding to the production line public key.
Based on the method, the server firstly checks the signature of the production line signature value by using the preset root public key corresponding to the preset root private key and extracts the production line public key. It should be particularly noted that, as shown in fig. 2, the association between the server and the production line is that the server and the production line are signed based on the same root of trust, but there is no direct information interaction between the server and the production line, and the smart lock certificate is issued by the production line, and the smart lock can provide the production line certificate, so that the server can verify whether the same root of trust is used as the production line producing the smart lock by using the production line certificate provided by the smart lock, i.e. initially determine whether the smart lock is produced by a regular production line.
Further, the server checks the signature of the intelligent lock signature value by using the production line public key, extracts the intelligent lock public key, and checks the signature of the first challenge number signature value by using the intelligent lock public key after obtaining the intelligent lock public key.
And S107, the server judges whether the production line certificate, the intelligent lock certificate and the first challenge number signature value pass the signature verification, if so, S108 is executed.
In this step, if any one of the production line certificate, the smart lock certificate and the first challenge number signature value fails to be verified, the verification is determined to be failed. As an optional feedback manner, the server may send a notification message indicating that the signature verification fails to the smart lock. Conversely, if each item passes the check, S108 is executed.
And S108, the server signs the second challenge number by using the server private key to obtain a second challenge number signature value.
And S109, the server sends the second challenge number signature value to the intelligent lock.
And after signing the second challenge number and obtaining a corresponding second challenge number signature value, the server sends the second signature challenge number signature value to the intelligent lock.
And S110, the intelligent lock acquires a second challenge number signature value, and the public key of the server is used for verifying the signature of the second challenge number signature value.
In S102, the smart lock already obtains the server public key, so the server public key may be used to verify the signature of the second challenge number signature value in this step.
And S111, after the signature of the second challenge number signature value passes the verification, the intelligent lock can confirm that the authentication is successful.
It is conceivable that, if the second challenge number signature value fails to pass the signature verification in this step, the smart lock determines that the authentication fails, and may also send notification information representing that the authentication fails to pass the signature verification to the server.
It should be noted that if any of the above-mentioned signature verifications fail, it is determined that the authentication fails. In addition, for the signature and signature verification processes described in the above steps, specific implementation manners can be implemented based on the prior art, and the present invention is not limited thereto.
In summary, the security authentication method provided by the present invention authenticates the legitimacy of the smart lock, the server, and the production line for producing the smart lock by using the asymmetric encryption key, and only after the authentication of each authentication object is passed, the authentication is confirmed to be successful, thereby ensuring that the smart lock and the legitimate server establish a communication relationship, and further ensuring data security.
Furthermore, the encryption, decryption, signature and signature verification operations of the transmission data are realized based on the asymmetric key, so that the security is higher; and a multi-level signature authentication mechanism is adopted, a certificate chain can be formed, and the certificate chain is verified step by step, so that the protection of the whole process of production, use, operation and maintenance is realized.
Optionally, referring to fig. 3, fig. 3 is a flowchart of another security authentication method provided in an embodiment of the present invention, and on the basis of the embodiment shown in fig. 1, this embodiment specifically provides a method for enabling a server and an intelligent lock to perform key agreement, where in a case that both the server and the intelligent lock pass authentication, the flow of the security authentication method provided in this embodiment may include:
s200, the server encrypts the first random number by using the public key of the intelligent lock and sends a first ciphertext obtained by encryption.
In this step, the first random number is generated by the server, and the server encrypts the first random number by using the public key of the smart lock to obtain a first ciphertext, and then sends the first ciphertext to the smart lock.
S201, the intelligent lock acquires the first ciphertext, and decrypts the first ciphertext by using the private key of the intelligent lock to obtain a first random number.
Because the first ciphertext is obtained by encrypting the public key of the intelligent lock, the intelligent lock can decrypt the first ciphertext by using the self-stored private key of the intelligent lock after obtaining the first ciphertext, thereby obtaining the first random number.
S202, the intelligent lock encrypts the second random number by using the server public key to obtain a second ciphertext.
After the security authentication process shown in fig. 1, the smart lock already obtains the server public key, and after the second random number is generated, the second random number may be encrypted to obtain a second ciphertext.
S203, the intelligent lock encrypts the second random number by taking the first random number and the second random number as keys to obtain a third ciphertext.
Optionally, the specific way of establishing the key based on the first random number and the second random number may have various forms, for example, the first random number may be before the second random number, and the first random number and the second random number may be after the second random number, and the first random number and the second random number are combined to form the key; for another example, the second random number may precede the first random number, and the first random number may follow the second random number, and the second random number and the first random number may be combined to form the key. Of course, other combinations are possible and are not listed here. It should be noted that, since the server side in the subsequent step also involves building a key based on the first random number and the second random number, when the application is specific, the specific way of building a key based on the first random number and the second random number should be agreed by the server and the smart lock in advance.
And S204, the intelligent lock sends the second ciphertext and the third ciphertext to the server.
S205, the server acquires the second ciphertext and the third ciphertext.
S206, the server decrypts the second ciphertext by using the server private key to obtain a second random number.
As described above, the second ciphertext is obtained by encrypting the smart lock with the server public key, and the server naturally obtains the second random number corresponding to the second ciphertext after decrypting with the server private key.
S207, the server decrypts the third ciphertext based on the key consisting of the first random number and the second random number to obtain a decrypted plaintext.
As described above, a way of establishing a key based on the first random number and the second random number is defined in advance between the server and the smart lock, and after the server decrypts the second random number, the server may establish a key in an agreed way based on the first random number and the second random number generated in the previous step, and decrypt the third ciphertext by using the obtained key to obtain a corresponding decrypted plaintext.
S208, the server judges whether the decrypted plaintext is equal to the second random number, if so, S209 is executed.
According to the foregoing implementation process, the plaintext corresponding to the second ciphertext and the third ciphertext is actually the same and is the second random number, but the two are encrypted based on different keys, and if the communication between the server and the smart lock is secure, the decrypted plaintext obtained by decryption in S207 should be equal to the second random number, and conversely, the decrypted plaintext should not be equal to the second random number.
If the decrypted plaintext and the second random number are not equal, the communication between the server and the intelligent lock is not safe.
S209, the server takes the first random number and the second random number as symmetric keys for communication with the intelligent lock.
Optionally, after determining that the first random number and the second random number are used as symmetric keys, the server may further send notification information to the smart lock, so that the smart lock simultaneously uses the first random number and the second random number as symmetric keys, and uses the symmetric keys in a subsequent communication process.
In summary, the security authentication method provided in this embodiment can not only implement bidirectional security authentication, but also perform key agreement, determine a symmetric key based on asymmetric key agreement, and the interaction process between the server and the smart lock is simple and fast.
The following introduces a security authentication apparatus provided in the embodiment of the present invention, where the security authentication apparatus described below may be regarded as a functional module architecture that needs to be set in a central device to implement the security authentication method provided in the embodiment of the present invention; the following description may be cross-referenced with the above.
Fig. 4 is a block diagram of a security authentication apparatus according to an embodiment of the present invention, and referring to fig. 4, the apparatus may include:
a first sending unit 10, configured to send the server certificate and the first challenge number when authentication starts, so that the smart lock obtains a server public key included in the server certificate and obtains a first challenge number signature value after signing the first challenge number;
the first obtaining unit 20 is configured to obtain a production line certificate, an intelligent lock certificate, a first challenge number signature value, and a second challenge number sent by an intelligent lock;
the first signature verification unit 30 is configured to verify a production line certificate, an intelligent lock certificate, and a first challenge number signature value, respectively;
the production line certificate is a certificate of a production line for producing the intelligent lock;
the first signature unit 40 is configured to, if the production line certificate, the smart lock certificate, and the first challenge number signature value pass the signature verification, sign a second challenge number by using a server private key corresponding to the server public key to obtain a second challenge number signature value;
and the second sending unit 50 is configured to send the second challenge number signature value to the smart lock, so that the smart lock verifies the second challenge number signature value by using the server public key, and confirms that the authentication is successful after the verification passes.
Optionally, referring to fig. 5, fig. 5 is another security authentication apparatus provided in an embodiment of the present invention, where the apparatus includes:
a receiving unit 60 configured to receive, when authentication is started, a server certificate and a first challenge number transmitted by a server; the server certificate comprises a server public key and a server certificate signature value, and the server certificate signature value is obtained by signature of a preset root private key;
a second signature verification unit 70, configured to verify a signature of the server certificate signature value by using a preset root public key corresponding to the preset root private key, and extract the server public key;
the second signature unit 80 is configured to sign the first challenge number by using the private key of the intelligent lock, so as to obtain a first challenge number signature value;
a third sending unit 90, configured to send the production line certificate, the smart lock certificate, the second challenge number, and the first challenge number signature value to the server, so that the server verifies the production line certificate, the smart lock certificate, and the first challenge number signature value, respectively;
the production line certificate is a certificate of a production line for producing the intelligent lock;
a second obtaining unit 100, configured to obtain a second challenge number signature value;
the second challenge number signature value is obtained by the server by utilizing a server private key to sign the second challenge number under the condition that the production line certificate, the intelligent lock certificate and the first challenge number signature value are verified and signed;
a third verification unit 110, configured to verify the signature of the second challenge number signature value by using the server public key;
and the confirming unit 120 is configured to confirm that the authentication is successful if the second challenge number signature value passes the signature verification.
Referring to fig. 6, fig. 6 is a block diagram of a server according to an embodiment of the present invention, and as shown in fig. 6, the server may include: at least one processor 100, at least one communication interface 200, at least one memory 300, and at least one communication bus 400;
in the embodiment of the present invention, the number of the processor 100, the communication interface 200, the memory 300, and the communication bus 400 is at least one, and the processor 100, the communication interface 200, and the memory 300 complete the communication with each other through the communication bus 400; it is clear that the communication connections shown by the processor 100, the communication interface 200, the memory 300 and the communication bus 400 shown in fig. 6 are only optional;
optionally, the communication interface 200 may be an interface of a communication module, such as an interface of a GSM module;
the processor 100 may be a central processing unit CPU or an application Specific Integrated circuit asic or one or more Integrated circuits configured to implement embodiments of the present invention.
The memory 300, which stores application programs, may include a high-speed RAM memory, and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory.
The processor 100 is specifically configured to execute an application program in the memory, so as to implement the operations executed by the server in the security authentication method provided in any of the above embodiments.
Referring to fig. 7, fig. 7 is a block diagram of an intelligent lock according to an embodiment of the present invention, and as shown in fig. 7, the intelligent lock may include: at least one processor 500, at least one communication interface 600, at least one memory 700, and at least one communication bus 800;
in the embodiment of the present invention, the number of the processor 500, the communication interface 600, the memory 700, and the communication bus 800 is at least one, and the processor 500, the communication interface 600, and the memory 700 complete the communication with each other through the communication bus 800; it should be apparent that the communication connections shown by processor 500, communication interface 600, memory 700, and communication bus 800 shown in FIG. 7 are merely optional;
optionally, the communication interface 600 may be an interface of a communication module, such as an interface of a GSM module;
the processor 500 may be a central processing unit CPU or an application Specific Integrated circuit asic or one or more Integrated circuits configured to implement embodiments of the present invention.
The memory 700, which stores application programs, may include a high-speed RAM memory, and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory.
The processor 500 is specifically configured to execute an application program in the memory, so as to implement the operation executed by the smart lock in the security authentication method provided in any of the above embodiments.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A security authentication method applied to a server, the method comprising:
under the condition of starting authentication, sending a server certificate and a first challenge number to enable an intelligent lock to obtain a server public key contained in the server certificate and obtain a first challenge number signature value after signing the first challenge number;
acquiring a production line certificate, an intelligent lock certificate, the first challenge number signature value and a second challenge number which are sent by the intelligent lock;
verifying the production line certificate, the intelligent lock certificate and the first challenge number signature value respectively;
the production line certificate is a certificate of a production line for producing the intelligent lock;
if the production line certificate, the intelligent lock certificate and the first challenge number signature value pass the verification, signing the second challenge number by using a server private key corresponding to the server public key to obtain a second challenge number signature value;
and sending the second challenge number signature value to the intelligent lock so that the intelligent lock verifies the signature of the second challenge number signature value by using the server public key, and confirming that the authentication is successful after the signature verification is passed.
2. The security authentication method of claim 1, wherein the production line certificate comprises a production line public key and a production line signature value, and the production line signature value is signed by a preset root private key;
the intelligent lock certificate comprises an intelligent lock public key and an intelligent lock signature value, and the intelligent lock signature value is obtained by signature of a production line private key corresponding to the production line public key;
the verifying the production line certificate, the intelligent lock certificate and the first challenge number signature value respectively comprises:
checking the signature of the production line signature value by using a preset root public key corresponding to the preset root private key, and extracting the production line public key;
checking the signature of the intelligent lock signature value by using the production line public key, and extracting the intelligent lock public key;
and verifying the signature of the first challenge number signature value by using the public key of the intelligent lock.
3. The secure authentication method of claim 2, wherein after the authentication is successful, the method further comprises:
encrypting the first random number by using the public key of the intelligent lock to obtain a first ciphertext;
sending the first ciphertext to the intelligent lock, so that the intelligent lock obtains the first random number by utilizing an intelligent lock private key corresponding to the intelligent lock public key for decryption, obtains a second ciphertext by utilizing the server public key for encrypting a second random number, and obtains a third ciphertext by utilizing the first random number and the second random number as keys for encrypting the second random number;
acquiring the second ciphertext and the third ciphertext;
decrypting the second ciphertext by using the server private key to obtain the second random number;
decrypting the third ciphertext based on a key consisting of the first random number and the second random number to obtain a decrypted plaintext;
and if the decrypted plaintext is equal to the second random number, using the first random number and the second random number as symmetric keys for communication with the intelligent lock.
4. A security authentication method is applied to an intelligent lock, and comprises the following steps:
receiving a server certificate and a first challenge number sent by a server when authentication starts; the server certificate comprises a server public key and a server certificate signature value, and the server certificate signature value is obtained by signature of a preset root private key;
verifying the signature of the server certificate signature value by using a preset root public key corresponding to the preset root private key, and extracting the server public key;
signing the first challenge number by using an intelligent lock private key to obtain a first challenge number signature value;
sending a production line certificate, an intelligent lock certificate, a second challenge number and the first challenge number signature value to the server, so that the server verifies the production line certificate, the intelligent lock certificate and the first challenge number signature value respectively;
the production line certificate is a certificate of a production line for producing the intelligent lock;
acquiring a second challenge number signature value;
the second challenge number signature value is obtained by the server after signing a second challenge number by using a server private key under the condition that the production line certificate, the intelligent lock certificate and the first challenge number signature value pass verification;
verifying the signature of the second challenge number signature value by using the server public key;
and if the second challenge number signature value passes the signature verification, the authentication is confirmed to be successful.
5. The security authentication method of claim 4, wherein the production line certificate comprises a production line public key and a production line signature value, and the production line signature value is signed by a preset root private key;
the intelligent lock certificate comprises an intelligent lock public key and an intelligent lock signature value, and the intelligent lock signature value is obtained by signature of a production line private key corresponding to the production line public key.
6. The secure authentication method of claim 4, wherein after the authentication is successful, the method further comprises:
acquiring a first ciphertext, wherein the first ciphertext is obtained by encrypting a first random number by the server by using the public key of the intelligent lock;
decrypting the first ciphertext by using the intelligent lock private key to obtain the first random number;
encrypting a second random number by using the server public key to obtain a second ciphertext;
encrypting the second random number by taking the first random number and the second random number as keys to obtain a third ciphertext;
and sending the second ciphertext and the third ciphertext to the server, so that the server uses the first random number and the second random number as symmetric keys for communication with the intelligent lock under the condition that the second ciphertext and the third ciphertext are respectively decrypted and the decryption results are consistent.
7. A security authentication apparatus, comprising:
the intelligent lock comprises a first sending unit, a second sending unit and a third sending unit, wherein the first sending unit is used for sending a server certificate and a first challenge number under the condition that authentication starts so that the intelligent lock obtains a server public key contained in the server certificate and obtains a first challenge number signature value after signing the first challenge number;
the first acquisition unit is used for acquiring the production line certificate, the intelligent lock certificate, the first challenge number signature value and the second challenge number which are sent by the intelligent lock;
the first verification unit is used for verifying the production line certificate, the intelligent lock certificate and the first challenge number signature value respectively;
the production line certificate is a certificate of a production line for producing the intelligent lock;
the first signing unit is used for signing the second challenge number by using a server private key corresponding to the server public key to obtain a second challenge number signature value if the production line certificate, the intelligent lock certificate and the first challenge number signature value pass the signature verification;
and the second sending unit is used for sending the second challenge number signature value to the intelligent lock so that the intelligent lock verifies the signature of the second challenge number signature value by using the server public key, and confirms that the authentication is successful after the verification passes.
8. A security authentication apparatus, comprising:
a receiving unit configured to receive a server certificate and a first challenge number transmitted by a server when authentication is started; the server certificate comprises a server public key and a server certificate signature value, and the server certificate signature value is obtained by signature of a preset root private key;
the second signature verification unit is used for verifying the signature of the server certificate signature value by using a preset root public key corresponding to the preset root private key and extracting the server public key;
the second signature unit is used for signing the first challenge number by using a private key of the intelligent lock to obtain a first challenge number signature value;
a third sending unit, configured to send a production line certificate, an intelligent lock certificate, a second challenge number, and the first challenge number signature value to the server, so that the server verifies the production line certificate, the intelligent lock certificate, and the first challenge number signature value, respectively;
the production line certificate is a certificate of a production line for producing the intelligent lock;
a second obtaining unit configured to obtain a second challenge number signature value;
the second challenge number signature value is obtained by the server after signing a second challenge number by using a server private key under the condition that the production line certificate, the intelligent lock certificate and the first challenge number signature value pass verification;
the third signature verification unit is used for verifying the signature of the second challenge number signature value by using the server public key;
and the confirmation unit is used for confirming that the authentication is successful if the second challenge number signature value passes the signature verification.
9. A server, comprising: a memory and a processor; the memory stores a program adapted to be executed by the processor to implement the secure authentication method of any one of claims 1 to 3.
10. An intelligent lock, comprising: a memory and a processor; the memory stores a program adapted to be executed by the processor to implement the secure authentication method of any one of claims 4 to 6.
CN202110438844.4A 2021-04-23 2021-04-23 Security authentication method and application device thereof Active CN112995213B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110438844.4A CN112995213B (en) 2021-04-23 2021-04-23 Security authentication method and application device thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110438844.4A CN112995213B (en) 2021-04-23 2021-04-23 Security authentication method and application device thereof

Publications (2)

Publication Number Publication Date
CN112995213A CN112995213A (en) 2021-06-18
CN112995213B true CN112995213B (en) 2021-08-03

Family

ID=76339981

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110438844.4A Active CN112995213B (en) 2021-04-23 2021-04-23 Security authentication method and application device thereof

Country Status (1)

Country Link
CN (1) CN112995213B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789024A (en) * 2016-12-30 2017-05-31 深圳市文鼎创数据科技有限公司 A kind of remote de-locking method, device and system
CN110660145A (en) * 2019-09-05 2020-01-07 广东纬德信息科技有限公司 Lock control method, system, lock and storage medium based on mobile terminal
CN112184960A (en) * 2020-09-28 2021-01-05 杭州安恒信息技术股份有限公司 Intelligent lock control method and device, intelligent lock system and storage medium
CN112565213A (en) * 2020-11-25 2021-03-26 青岛海尔科技有限公司 Authentication method and device, storage medium, and electronic device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101238846B1 (en) * 2011-06-10 2013-03-04 한국전자통신연구원 System and method for verifying certificate
US10008061B2 (en) * 2016-10-24 2018-06-26 Sera4 Ltd. Secure access to physical resources using asymmetric cryptography
CN108377190B (en) * 2018-02-14 2020-11-24 飞天诚信科技股份有限公司 Authentication equipment and working method thereof
CN109670289B (en) * 2018-11-20 2020-12-15 福建联迪商用设备有限公司 Method and system for identifying legality of background server

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789024A (en) * 2016-12-30 2017-05-31 深圳市文鼎创数据科技有限公司 A kind of remote de-locking method, device and system
CN110660145A (en) * 2019-09-05 2020-01-07 广东纬德信息科技有限公司 Lock control method, system, lock and storage medium based on mobile terminal
CN112184960A (en) * 2020-09-28 2021-01-05 杭州安恒信息技术股份有限公司 Intelligent lock control method and device, intelligent lock system and storage medium
CN112565213A (en) * 2020-11-25 2021-03-26 青岛海尔科技有限公司 Authentication method and device, storage medium, and electronic device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
目录 智能锁安全体系的设计与研究;胡飞;《万方学位论文》;20181218;全文 *

Also Published As

Publication number Publication date
CN112995213A (en) 2021-06-18

Similar Documents

Publication Publication Date Title
CN108768664B (en) Key management method, device, system, storage medium and computer equipment
KR101298562B1 (en) System and method for implementing digital signature using one time private keys
US6732270B1 (en) Method to authenticate a network access server to an authentication server
CN110401615B (en) Identity authentication method, device, equipment, system and readable storage medium
CN101212293B (en) Identity authentication method and system
CN109728909A (en) Identity identifying method and system based on USBKey
CN107733636B (en) Authentication method and authentication system
CN112448941B (en) Authentication system and method for authenticating a microcontroller
JP2003521154A (en) How to issue electronic identification information
CN103067402A (en) Method and system for digital certificate generation
WO2014187206A1 (en) Method and system for backing up private key in electronic signature token
CN112396735B (en) Internet automobile digital key safety authentication method and device
KR20120053929A (en) The agent system for digital signature using sign private key with double encryption and method thereof features to store in web storage
US11743053B2 (en) Electronic signature system and tamper-resistant device
CN113612852A (en) Communication method, device, equipment and storage medium based on vehicle-mounted terminal
CN110929231A (en) Digital asset authorization method and device and server
CN112583588A (en) Communication method and device and readable storage medium
WO2014187208A1 (en) Method and system for backing up private key in electronic signature token
JP2008234143A (en) Subject limited mail opening system using biometrics, method therefor, and program therefor
CN112995213B (en) Security authentication method and application device thereof
KR101256114B1 (en) Message authentication code test method and system of many mac testserver
JP5393594B2 (en) Efficient mutual authentication method, program, and apparatus
CN112367329B (en) Communication connection authentication method, device, computer equipment and storage medium
CN116633530A (en) Quantum key transmission method, device and system
CN114268502A (en) Intelligent device activation method, server, terminal device and intelligent device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant