CN113099443B - Equipment authentication method, device, equipment and system - Google Patents

Equipment authentication method, device, equipment and system Download PDF

Info

Publication number
CN113099443B
CN113099443B CN201911342516.3A CN201911342516A CN113099443B CN 113099443 B CN113099443 B CN 113099443B CN 201911342516 A CN201911342516 A CN 201911342516A CN 113099443 B CN113099443 B CN 113099443B
Authority
CN
China
Prior art keywords
key
internet
equipment
things
terminal equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911342516.3A
Other languages
Chinese (zh)
Other versions
CN113099443A (en
Inventor
肖月振
王路
熊江江
路绪光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201911342516.3A priority Critical patent/CN113099443B/en
Publication of CN113099443A publication Critical patent/CN113099443A/en
Application granted granted Critical
Publication of CN113099443B publication Critical patent/CN113099443B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention provides a device authentication method, a device and a system, wherein the method comprises the following steps: a terminal device connected with the Internet of things device acquires a device identifier of the Internet of things device, and sends a key acquisition request to a server, wherein the key acquisition request comprises the device identifier of the Internet of things device and identity information of the terminal device; the method comprises the steps that a first key fed back by a server after the terminal equipment is determined to have the authority to communicate with the Internet of things equipment according to the identity information of the terminal equipment is received; encrypting the authentication request information according to the first key; and sending the encrypted authentication request information to the Internet of things equipment, and determining that the identity of the terminal equipment meets the condition if the Internet of things equipment can decrypt according to the locally obtained second key to obtain the authentication request information, so that the identity authentication of the Internet of things equipment to the connected terminal equipment is realized with the aid of the cloud server.

Description

Equipment authentication method, device, equipment and system
Technical Field
The present invention relates to the field of internet of things, and in particular, to a device authentication method, apparatus, device and system.
Background
With the continuous development of internet of things, more and more electronic devices can perform network communication through various internet of things communication protocols, such as bluetooth low energy (Bluetooth Low Energy, BLE for short), wiFi, zigbee, and other communication protocols.
A common practical application scene is as follows: the user establishes communication connection with the Internet of things equipment such as a sound box and a sweeping robot in the home through the mobile phone, and then the Internet of things equipment is controlled.
In the above application scenario, in order to ensure the security of the internet of things devices such as the sound box and the sweeping robot, the internet of things device needs to perform identity authentication on the devices connected with the internet of things device such as the mobile phone to authenticate whether the mobile phone can communicate with the mobile phone.
Disclosure of Invention
The embodiment of the invention provides a device authentication method, device, equipment and system, which are used for realizing identity authentication of equipment connected with equipment of the Internet of things.
In a first aspect, an embodiment of the present invention provides a device authentication method, applied to a terminal device connected to an internet of things device, including:
Acquiring the equipment identifier of the equipment of the Internet of things;
sending a key acquisition request to a server, wherein the key acquisition request comprises the equipment identifier and the identity information of the terminal equipment;
Receiving a first key fed back by the server after determining that the terminal equipment has the authority to communicate with the internet of things equipment according to the identity information;
encrypting authentication request information according to the first key;
and sending the encrypted authentication request information to the internet of things equipment, wherein if the internet of things equipment can decrypt according to the locally obtained second key to obtain the authentication request information, the identity of the terminal equipment is determined to meet the condition.
In a second aspect, an embodiment of the present invention provides an apparatus authentication device, applied to a terminal apparatus connected to an internet of things apparatus, including:
the acquisition module is used for acquiring the equipment identifier of the equipment of the Internet of things;
the sending module is used for sending a key acquisition request to the server, wherein the key acquisition request comprises the equipment identifier and the identity information of the terminal equipment;
The receiving module is used for receiving a first key fed back by the server after determining that the terminal equipment has the authority to communicate with the Internet of things equipment according to the identity information;
The first encryption module is used for encrypting the authentication request information according to the first key;
the sending module is further configured to send the encrypted authentication request information to the internet of things device, where if the internet of things device can decrypt according to the locally obtained second key to obtain the authentication request information, it is determined that the identity of the terminal device meets the condition.
In a third aspect, an embodiment of the present invention provides a terminal device, where the terminal device is connected to an internet of things device, and the terminal device includes a first processor and a first memory, where the first memory stores executable code, and when the executable code is executed by the first processor, the first processor is caused to execute the device authentication method in the first aspect.
Embodiments of the present invention provide a non-transitory machine-readable storage medium having stored thereon executable code which, when executed by a processor of a terminal device, causes the processor to perform the device authentication method in the first aspect.
In a fourth aspect, an embodiment of the present invention provides a device authentication method, applied to an internet of things device connected to a terminal device, where the method includes:
receiving authentication request information encrypted by the terminal equipment by using a first key, wherein the first key is obtained by the terminal equipment according to equipment identification of the Internet of things equipment and identity information of the terminal equipment, and the server obtains the first key according to the equipment identification after determining that the terminal equipment has permission to communicate with the Internet of things equipment according to the identity information;
acquiring a second key;
and if the authentication request information is obtained through decryption according to the second key, determining that the identity of the terminal equipment meets the condition.
In a fifth aspect, an embodiment of the present invention provides an apparatus authentication device, applied to an internet of things device connected to a terminal device, including:
The terminal equipment comprises a receiving module, a receiving module and a processing module, wherein the receiving module is used for receiving authentication request information encrypted by the terminal equipment by using a first key, the first key is obtained by the terminal equipment according to equipment identification of the Internet of things equipment and identity information of the terminal equipment, wherein the server determines that the terminal equipment has permission to communicate with the Internet of things equipment according to the identity information and then obtains the first key according to the equipment identification;
The acquisition module is used for acquiring the second secret key;
And the determining module is used for determining that the identity of the terminal equipment meets the condition if the authentication request information is obtained through decryption according to the second secret key.
In a sixth aspect, an embodiment of the present invention provides an internet of things device, where the internet of things device is connected to a terminal device, and the internet of things device includes a second processor and a second memory, where the second memory stores executable code, and when the executable code is executed by the second processor, the second processor is caused to execute the device authentication method in the fourth aspect.
Embodiments of the present invention provide a non-transitory machine-readable storage medium having executable code stored thereon, which when executed by a processor of an internet of things device, causes the processor to perform the device authentication method in the fourth aspect.
In a seventh aspect, an embodiment of the present invention provides a device authentication system, including:
The system comprises Internet of things equipment, terminal equipment and a server, wherein the terminal equipment and the server are connected with the Internet of things equipment;
The terminal equipment is used for acquiring equipment identification of the Internet of things equipment, sending a key acquisition request to the server, wherein the key acquisition request comprises the equipment identification and identity information of the terminal equipment, receiving a first key fed back by the server, encrypting authentication request information according to the first key, and sending the encrypted authentication request information to the Internet of things equipment;
the server is used for feeding back the first key to the terminal equipment after determining that the terminal equipment has the authority to communicate with the internet of things equipment according to the identity information;
And the internet of things equipment is used for determining that the identity of the terminal equipment meets the condition if the authentication request information can be obtained through decryption according to the locally obtained second secret key.
The embodiment of the invention provides a general equipment authentication scheme, in which equipment of the Internet of things needs to carry out identity authentication on terminal equipment connected with the equipment. Specifically, the terminal device first needs to request, from the server, a key required for communication with the internet of things device, called a first key, based on the device identifier of the internet of things device. The premise that the server provides the first key to the terminal equipment is that the server determines that the terminal equipment has the authority to communicate with the internet of things equipment according to the identity information of the terminal equipment and the equipment identifier of the internet of things equipment, namely, the server performs identity authentication on the terminal equipment. After the terminal equipment obtains the first key fed back by the server, the set authentication request information is encrypted by using the first key, and the encrypted authentication request information is sent to the Internet of things equipment. If the internet of things device can decrypt according to the locally obtained second key (the second key corresponds to the first key) to obtain the set authentication request information, the terminal device is really encrypted with the agreed authentication request information by the correct key, so that the identity of the terminal device is finally determined to meet the condition, and the identity authentication of the terminal device is completed.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a workflow of a device authentication system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of another workflow of a device authentication system according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of another workflow of a device authentication system according to an embodiment of the present invention;
Fig. 4 is a schematic structural diagram of an apparatus authentication device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a terminal device corresponding to the device authentication apparatus provided in the embodiment shown in fig. 4;
Fig. 6 is a schematic structural diagram of another device authentication apparatus according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an internet of things device corresponding to the device authentication apparatus provided in the embodiment shown in fig. 6.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise, the "plurality" generally includes at least two.
The words "if", as used herein, may be interpreted as "at … …" or "at … …" or "in response to a determination" or "in response to a detection", depending on the context. Similarly, the phrase "if determined" or "if detected (stated condition or event)" may be interpreted as "when determined" or "in response to determination" or "when detected (stated condition or event)" or "in response to detection (stated condition or event), depending on the context.
In addition, the sequence of steps in the method embodiments described below is only an example and is not strictly limited.
Before describing the device authentication scheme provided by the embodiment of the present invention in detail, several concepts related herein will be described.
The servers herein may be separate physical hosts or clusters of hosts located in the cloud.
The internet of things device herein may be a device such as a refrigerator, a speaker, a robot, etc., which may support any one of communication protocols such as bluetooth low energy (Bluetooth Low Energy, simply BLE), wiFi, zigbee, etc.
The terminal device connected with the internet of things device can be a user terminal device such as a mobile phone or a tablet computer, and the connection between the terminal device and the internet of things device can be realized through any one of the above-mentioned communication protocols, for example, through BLE protocol connection.
In some practical application scenarios, the purpose of connecting the terminal device with the internet of things device may be: and the terminal equipment controls the operation of the Internet of things equipment. For example, the terminal device is a mobile phone of a user, the internet of things device is a sound box in the home of the user, the user can establish bluetooth connection between the mobile phone and the sound box, and further, control instructions such as a switch and the like are issued to the sound box based on the bluetooth connection so as to control the operation of the sound box.
Based on the above example of application scenario, a control APP may actually be run in the terminal device, and the terminal device may specifically perform communication interaction with the internet of things device through the control APP.
The purpose of device authentication herein is further described below: the internet of things equipment needs to carry out identity authentication on the terminal equipment connected with the internet of things equipment, and normal data communication can be carried out with the internet of things equipment only if the terminal equipment passes the identity authentication.
The following describes an execution procedure of the device authentication scheme provided by the embodiment of the present invention.
Fig. 1 is a schematic workflow diagram of a device authentication system according to an embodiment of the present invention, where, as shown in fig. 1, the device authentication system includes: the system comprises the Internet of things equipment, terminal equipment connected with the Internet of things equipment and a server.
First, it should be noted that, before performing the device authentication procedure illustrated in the following steps, the terminal device has already established a communication connection, such as a BLE connection, with the internet of things device. Secondly, after a certain terminal device is connected with a certain internet of things device, identity authentication of the terminal device by the internet of things device can be completed based on the following device authentication process provided by the embodiment, but optionally, the identity authentication of the terminal device by the internet of things device can be completed only after the terminal device is connected with the internet of things device for the first time according to the following device authentication process provided by the embodiment, and when the terminal device is subsequently connected with the internet of things device again, the internet of things device can complete local identity authentication of the terminal device based on related information generated by authenticating the terminal device last time, which will be described in other embodiments later.
The device authentication process provided in this embodiment may include the following steps:
101. the terminal equipment acquires the equipment identification of the equipment of the Internet of things.
In this embodiment, it is assumed that the internet of things device has been burned with a device identifier and a private key mentioned below in advance. The device identifier may be a string of characters for distinguishing between different internet of things devices.
Optionally, the terminal device may send a request to the internet of things device based on the communication connection that has been established with the internet of things device, to request a device identification of the internet of things device.
Optionally, the internet of things device may be further configured to continuously broadcast and send a management frame when a certain trigger condition is met, where the management frame carries its own device identifier, so that the terminal device that detects the management frame may parse the device identifier of the internet of things device from the management frame. The triggering condition may be, for example, powering on the internet of things device, establishing communication connection between the internet of things device and the terminal device, and so on.
The management frame is matched with a communication protocol supported by the internet of things, for example, when a BLE communication protocol is adopted, the management frame may be a beacon (beacon) frame and a probe response (probe) frame which conform to the BLE protocol.
102. The terminal equipment sends a key acquisition request to the server, wherein the key acquisition request comprises equipment identification of the Internet of things equipment and identity information of the terminal equipment.
103. And the server acquires a first key corresponding to the Internet of things equipment after determining that the terminal equipment has the authority to communicate with the Internet of things equipment according to the identity information of the terminal equipment.
104. The server sends the first key to the terminal device.
In this embodiment, in summary, the internet of things device may assist in completing identity authentication on a terminal device connected to the internet of things device by means of a cloud server.
Specifically, first, after acquiring the device identifier of the connected internet of things device, the terminal device may send a key acquisition request including the device identifier of the internet of things device and its own identity information to the server. The purpose of the key acquisition request is to acquire an encryption key required for data transmission with the internet of things device.
The server assists the internet of things equipment to finish identity authentication of the terminal equipment, and the assistance effect is mainly reflected in: the server authenticates whether the terminal equipment has the authority to communicate with the Internet of things equipment, wherein the method specifically comprises the following two aspects: first, whether the terminal device is already registered in the server; and second, whether the terminal equipment has the authority to communicate with the Internet of things equipment.
Specifically, as described above, in practical application, the terminal device may specifically perform communication interaction with the internet of things device through a control APP. When the user installs the control APP in the terminal equipment, relevant registration information such as user name, login password and the like is filled in the control APP, and the registration information is submitted to a server for storage. Thus, in the first aspect described above: the server determines whether the terminal device is registered in the server, in fact, the server prompts the user of the terminal device to perform an APP login operation, and if login information input by the user matches with registration information stored in the server, the terminal device is considered to be registered.
In addition, in the registration process, the user can register the operation authority of the internet of things equipment according to the actual requirement besides the user name and the login password, namely, the registration can operate the internet of things equipment. For example, if a user purchases a XUZ brand air conditioner and wants to intelligently control the air conditioner, a control APP corresponding to the air conditioner may be installed in a mobile phone, and registration of a user name and a login password and registration of operation authority of the air conditioner may be performed in the control APP. Specifically, for example, a two-dimensional code including the device identifier of the air conditioner may be provided in the air conditioner, and the user may scan the two-dimensional code by operating the control APP to automatically obtain the device identifier of the air conditioner, and then submit the user name, the login password, and the device identifier of the air conditioner registered by the user to the server, so that the server completes the registration process.
Based on this, the server determining whether the terminal device has the authority to communicate with the internet of things device in the second aspect refers to that if the user name and the login password input by the user are correct, whether the device identifier corresponding to the user name exists can be queried, and if the queried device identifier is consistent with the device identifier of the internet of things device included in the key acquisition request received by the server, the terminal device is considered to have the authority to communicate with the internet of things device.
Based on the above description, the identity information of the terminal device in step 102 may be the user name and the login password as exemplified above.
After determining that the terminal equipment has the authority to communicate with the Internet of things equipment, the server acquires a first key corresponding to the Internet of things equipment and feeds the first key back to the terminal equipment so as to be used for encrypted communication between the terminal equipment and the Internet of things equipment.
Optionally, as described above, the private key of the internet of things device may be burned in advance in the internet of things device, and in response to this, the public key corresponding to the private key may be stored in advance in the server, so the first key may be the public key.
In addition, alternatively, the private key may be stored in advance in the server, and at this time, the first key may also be acquired as follows:
Before sending the key acquisition request to the server, the terminal device generates a series of random numbers, which are called first random numbers, and further carries the first random numbers in the key acquisition request sent to the server. After determining that the terminal device has the authority to communicate with the internet of things device, the server can query the private key of the internet of things device according to the device identifier of the internet of things device carried in the key acquisition request, and then encrypt and calculate the first random number and the private key to obtain the first key. The encryption calculation can be implemented by adopting algorithms such as MD5, SHA1, SHA256 and the like.
It can be understood that if the server determines that the terminal device does not have the authority to communicate with the internet of things device, the key acquisition request of the terminal device can be directly refused, at this time, the terminal device cannot acquire the first key provided by the server, and the terminal device cannot pass the identity authentication of the internet of things device due to failure in acquiring the first key, so that the terminal device cannot perform communication interaction with the internet of things device.
In addition, a secure transport layer protocol (Transport Layer Security, abbreviated TLS) may be employed to ensure the security of communications between the terminal device (i.e., control APP) and the server.
105. The terminal device encrypts the set authentication request information according to the first key.
The set authentication request information may be a preset string of characters, for example: hi, server, etc. The encryption algorithm used for encrypting the authentication request information by using the first key may be any symmetric encryption and decryption algorithm such as AES128-CBD and AES256-CBC, which is not limited to this.
106. And the terminal equipment sends the encrypted authentication request information to the Internet of things equipment.
107. And if the internet of things equipment can decrypt according to the locally acquired second key to acquire the authentication request information, determining that the identity of the terminal equipment meets the condition.
Corresponding to the two modes of acquiring the first key by the terminal equipment, the mode of acquiring the second key by the internet of things equipment can also have the following two optional modes:
First, when a first key fed back to the terminal device by the server is a prestored public key corresponding to the internet of things device, the internet of things device directly uses a locally stored private key as a second key to decrypt encrypted authentication request information sent by the terminal device.
Second, if the first key fed back to the terminal device by the server is generated by the server according to the first random number generated by the terminal device and the private key corresponding to the internet of things device, the terminal device may specifically send the encrypted authentication request information and the first random number to the internet of things device. Thus, the internet of things device may generate the second key from the locally stored private key and the first random number. The algorithm used to generate the second key is the same as the algorithm used to generate the first key.
After the internet of things device obtains the second key, the encrypted authentication request information obtained from the terminal device is decrypted by using the second key, if the authentication request information can be decrypted and the authentication request information is found to be the preset content, the internet of things device finally determines that the identity of the terminal device passes the authentication (the identity meets the condition, namely, the identity passes the authentication), otherwise, if the decryption cannot be successfully performed or the decrypted content is not the preset content, the identity of the terminal device is finally determined to be illegal, and at the moment, the internet of things device can directly disconnect the communication connection with the terminal device.
After the internet of things device determines that the terminal device passes the identity authentication, the internet of things device and the terminal device can perform encrypted data communication based on the first key and the second key. That is, the messages sent to the internet of things device by the subsequent terminal device are encrypted by the first key, and the internet of things device decrypts the messages sent by the terminal device by using the second key.
In summary, if the internet of things device can successfully decrypt the set content sent by the terminal device, the terminal device passes the identity authentication of the internet of things device, otherwise, the identity authentication of the terminal device does not pass. And the key of the terminal device to encrypt the set content is generated by the server,
In addition, the device authentication scheme provided by the embodiment can also avoid the problem of man-in-the-middle attack. The problem of man-in-the-middle attacks is simply for example: a and B are communicated, C is used as an attacker, if the message sent by A to B is intercepted and disguised as A, other messages are sent to B, serious threat is definitely caused to the communication security between A and B, and C is the middleman used as the attacker.
Corresponding to the device authentication scheme provided in this embodiment, a corresponds to a terminal device, and B corresponds to an internet of things device. The reason for avoiding man-in-the-middle attacks is: assuming that an attacker C wants to impersonate a terminal device to attack the internet of things device, the attacker C needs to obtain the first key. The first key is generated by the server, and the attacker C cannot obtain the first key through the server, so that the device of the internet of things cannot be attacked.
In summary, by the device authentication scheme provided by the embodiment, not only can the identity authentication of the internet of things device to the terminal device connected with the internet of things device be realized by means of the server, but also the problem of man-in-the-middle attack can be avoided.
The embodiment shown in fig. 1 mainly describes the core execution process of the device authentication scheme from the technical core point of view, and a specific execution process of the device authentication scheme in practical application is described below with reference to the embodiment shown in fig. 2.
Fig. 2 is another workflow diagram of a device authentication system according to an embodiment of the present invention, and as shown in fig. 2, the device authentication process may include the following steps:
201. And the terminal equipment and the Internet of things equipment establish Bluetooth communication connection.
202. The method comprises the steps that the Internet of things equipment broadcasts and sends a beacon frame, and the beacon frame comprises equipment identifiers of the Internet of things equipment.
203. The terminal device analyzes the device identification of the internet of things device from the beacon frame to generate a first random number.
204. The terminal equipment sends a key acquisition request to the server, wherein the key acquisition request comprises equipment identification of the Internet of things equipment, identity information of the terminal equipment and a first random number.
205. After the server determines that the terminal equipment has the authority to communicate with the Internet of things equipment according to the identity information of the terminal equipment, inquiring the private key of the Internet of things equipment according to the equipment identification, and calculating the first random number and the private key to obtain a first secret key.
206. The server sends the first key to the terminal device.
207. The terminal device encrypts the set authentication request information according to the first key.
208. And the terminal equipment sends the first random number and the encrypted authentication request information to the Internet of things equipment.
209. And the internet of things equipment generates a second secret key according to the private key and the first random number, and if the set authentication request information is obtained through decryption according to the second secret key, the identity of the terminal equipment is determined to meet the condition.
The execution of the above steps may be referred to the description in the foregoing embodiments, and are not repeated here.
210. The internet of things device generates a first number corresponding to the second key and stores the corresponding relation between the first number and the second key.
The first number serves to identify the second key.
211. The internet of things device encrypts the first number and the authentication response information using the second key to obtain encrypted information.
Similarly to the authentication request information, the authentication response information is also a preset content, and may be, for example: yes, IAM SERVER.
In practical application, the authentication response information is optional, and the authentication response information is used for informing the terminal equipment that the terminal equipment passes the identity authentication of the internet of things equipment.
212. And the internet of things equipment sends the encryption information to the terminal equipment.
213. The terminal equipment decrypts the first number and the authentication response information according to the first key, and stores the corresponding relation between the first key and the first number.
Since the first key and the second key are actually corresponding, the terminal device can decrypt the encrypted information encrypted by the second key through the first key.
214. And the terminal equipment uses the first secret key to carry out data transmission of the ciphertext with the Internet of things equipment.
215. And if the connection interruption condition is met, the terminal equipment disconnects the Bluetooth communication connection with the Internet of things equipment.
The connection interruption condition may be that the terminal device temporarily has no message to be sent to the internet of things device, so that the user actively triggers an operation of interrupting the bluetooth communication connection between the terminal device and the internet of things device, or may be that the terminal device or the internet of things device interrupts the bluetooth communication connection with the opposite party when finding that there is no message transmission with the opposite party for a certain period of time.
In this embodiment, after the terminal device establishes communication connection with the internet of things device for the first time, identity authentication of the internet of things device to the terminal device may be completed through the steps 201-212. Through steps 210-213, the corresponding relation between the first key and the first number generated in the current authentication process can be stored on the terminal device side, so that the corresponding relation between the second key and the first number generated in the current authentication process is stored on the internet of things device side, and the corresponding relation acts on the internet of things device in the re-identity authentication process of the terminal device under the condition that the terminal device is subsequently connected with the internet of things device again, and the assistance of a server is not needed in the subsequent re-identity authentication process of the internet of things device to the terminal device.
The process of re-authenticating the terminal device by the internet of things device is described below with reference to fig. 3.
In fig. 3, based on the premise that the correspondence between the first key and the first number is stored in the terminal device, and the correspondence between the second key and the first number is stored in the internet of things device, as shown in fig. 3, at this time, the identity authentication process of the internet of things device to the terminal device may include the following steps:
301. and responding to the re-establishment of the communication connection with the Internet of things equipment, and inquiring the locally stored first key and the first number corresponding to the Internet of things equipment by the terminal equipment.
In practice, the communication connection is for example a bluetooth communication connection.
It may be appreciated that after the terminal device establishes communication connection with the internet of things device, the device identifier of the internet of things device or other information characterizing the internet of things device, such as a MAC address, may be stored, and further, when the correspondence between the first key and the first number is stored, the correspondence may be associated with the information (such as the MAC address). Therefore, when the device is connected with the Internet of things again, the corresponding relation between the first key and the first number can be queried according to the information.
302. The terminal device encrypts the authentication request information according to the first key.
The authentication request information is still the preset content indicated in the foregoing.
303. And the terminal equipment sends the encrypted authentication request information and the first number to the Internet of things equipment.
304. The internet of things equipment generates a second random number when the authentication request information is decrypted according to the locally queried second key corresponding to the first number, generates a third key according to the second random number and the second key, and generates a second number corresponding to the third key.
After receiving the first number sent by the terminal equipment, the internet of things equipment inquires whether the first number exists locally, and if not, the identity of the terminal equipment is directly judged to be illegal. If the first number exists, inquiring a key corresponding to the first number: a second key. And further decrypting the authentication request information encrypted by the terminal device using the second key. If the decrypted authentication request information is found to be the preset content, the identity of the terminal equipment can be considered legal, namely, the identity authentication is passed.
However, in order to further increase the information transmission security of both parties during the communication connection between the internet of things device and the terminal device, in this embodiment, the internet of things device and the terminal device may generate a new key for use in the current communication process.
Specifically, the internet of things device first generates a second random number, and then generates a third key according to the second random number and the second key, and generates a second number corresponding to the third key. The third key is used for subsequent data transmission between the internet of things device and the terminal device. The second number is used to identify the third key.
305. And the internet of things equipment encrypts the second random number and the second number according to the second key to obtain encrypted information.
306. And the internet of things equipment sends the encryption information to the terminal equipment.
307. The terminal device decrypts the encrypted information according to the first key to obtain the second random number and the second number.
308. The terminal equipment generates a fourth key according to the second random number and the first key, stores the corresponding relation between the fourth key and the second number, and deletes the corresponding relation between the first key and the first number.
After the terminal device generates a new fourth key according to the second random number and the first key, the terminal device may store only the latest key and the corresponding number thereof: i.e. the correspondence of the fourth key and the second number, whereby the correspondence of the first key and the first number that have expired is deleted.
309. And the terminal equipment sends a confirmation notice to the Internet of things equipment.
310. The internet of things device stores the corresponding relation between the third key and the second number, and deletes the corresponding relation between the second key and the first number.
Similarly to the terminal device may store only the latest key and its corresponding number, the internet of things device may also store only the latest key and its corresponding number: i.e. the correspondence of the third key and the second number.
311. And the terminal equipment uses the fourth secret key to carry out data transmission of the ciphertext with the Internet of things equipment.
The terminal device and the internet of things device subsequently transmit such as control instructions and the like, and the new generated fourth key can be used for encryption transmission, and accordingly, the internet of things device adopts the new third key for decryption.
Based on the scheme provided by the embodiment, once the internet of things equipment completes one-time identity authentication with the terminal equipment, the follow-up identity authentication of the internet of things equipment on the terminal equipment does not need participation of a cloud server any more, and the method is efficient and quick. Moreover, a new key is generated during each authentication process for secure data transmission during local communication, with a higher level of data security.
It should be noted that, from the perspective of authentication efficiency, once the internet of things device completes one-time identity authentication with the terminal device, the subsequent authentication process of the internet of things device on the terminal device may not need to be performed by a server, but the server may be introduced to participate in the authentication process under the condition that the security or different application scenarios are met, and at this time, the authentication process under the participation of the server may refer to the embodiments shown in fig. 1-2. The setting condition may be, for example, a periodic condition (participation of the server is introduced every set period of time or set authentication number).
The device authentication apparatus of one or more embodiments of the present invention will be described in detail below. Those skilled in the art will appreciate that these device authentication means may be configured by the steps taught by the present solution using commercially available hardware components.
Fig. 4 is a schematic structural diagram of an apparatus authentication device provided in an embodiment of the present invention, which is located in a terminal device connected to an internet of things apparatus, as shown in fig. 4, where the apparatus includes: the system comprises an acquisition module 11, a transmission module 12, a receiving module 13 and a first encryption module 14.
And the obtaining module 11 is used for obtaining the equipment identifier of the equipment of the internet of things.
And the sending module 12 is configured to send a key obtaining request to a server, where the key obtaining request includes the device identifier and identity information of the terminal device.
And the receiving module 13 is used for receiving a first key fed back by the server after determining that the terminal equipment has the authority to communicate with the internet of things equipment according to the identity information.
The first encryption module 14 is configured to encrypt the authentication request information according to the first key.
The sending module 12 is further configured to send the encrypted authentication request information to the internet of things device, where if the internet of things device can decrypt according to the locally obtained second key to obtain the authentication request information, it is determined that the identity of the terminal device meets the condition.
Optionally, the apparatus further comprises:
the first generation module is used for generating a first random number. At this time, the key obtaining request further includes the first random number; and the first key is obtained by the server inquiring the private key of the Internet of things equipment according to the equipment identifier and then carrying out encryption calculation on the first random number and the private key.
Based on this, the transmitting module 12 specifically functions to: and sending the encrypted authentication request information and the first random number to the Internet of things equipment so that the Internet of things equipment can generate the second key according to the private key of the Internet of things equipment and the first random number.
Optionally, the acquiring module 11 is specifically configured to: and intercepting a management frame broadcasted and sent by the Internet of things equipment by adopting a set communication protocol, wherein the management frame comprises the equipment identifier.
Wherein, the management frame is a beacon frame or a probe request frame; the communication protocol includes a bluetooth communication protocol.
Optionally, the receiving module 13 is further configured to: and receiving a first number which is sent by the Internet of things equipment and is encrypted by the second key, wherein the first number is a number which is generated by the Internet of things equipment and corresponds to the second key. At this time, the apparatus further includes: the device comprises a first decryption module and a first storage module.
And the first decryption module is used for decrypting the first number according to the first key.
And the first storage module is used for storing the corresponding relation between the first key and the first number.
Optionally, the sending module 12 is further configured to: and carrying out data transmission of ciphertext by using the first secret key and the Internet of things equipment.
Optionally, the apparatus further comprises: and the connection control module is used for disconnecting the communication connection with the Internet of things equipment if the connection interruption condition is met.
Optionally, the apparatus further comprises: the system comprises a query module, a second encryption module, a second decryption module, a second generation module and a second storage module. Wherein:
and the inquiring module is used for inquiring the first key and the first number which are stored locally and correspond to the internet of things equipment in response to the fact that the communication connection is established with the internet of things equipment again.
And the second encryption module is also used for encrypting the authentication request information according to the first key.
The sending module 12 is further configured to send the encrypted authentication request information and the first number to the internet of things device, so that the internet of things device generates a second random number when decrypting the authentication request information according to the second key corresponding to the first number, which is queried locally, and generates a third key and a second number corresponding to the third key according to the second random number and the second key.
The receiving module 13 is further configured to receive encryption information sent by the internet of things device, where the encryption information is obtained by encrypting, by the internet of things device, the second random number and the second number according to the second key.
And the second decryption module is used for decrypting the encrypted information according to the first key so as to obtain the second random number and the second number.
And the second generation module is used for generating a fourth key according to the second random number and the first key.
And the second storage module is used for storing the corresponding relation between the fourth key and the second number and deleting the corresponding relation between the first key and the first number.
Optionally, the sending module 12 is further configured to: and carrying out data transmission of ciphertext by using the fourth secret key and the Internet of things equipment.
The apparatus shown in fig. 4 may perform steps performed by the terminal device in the foregoing embodiments, and for those portions of this embodiment that are not described in detail, reference may be made to the description related to the foregoing embodiments, which are not described herein.
In one possible design, the structure of the device authentication apparatus shown in fig. 4 may be implemented as a terminal device, where the terminal device is connected to an internet of things device, and the terminal device is a mobile phone, a tablet computer, a notebook computer, or the like. As shown in fig. 5, the terminal device may include: a first processor 21, and a first memory 22. Wherein the first memory 22 stores executable code, which when executed by the first processor 21, causes at least the first processor 21 to implement the steps executed by the terminal device in the foregoing embodiments.
The structure of the terminal device may further include a first communication interface 23, which is used for communicating with other devices or a communication network.
Further, embodiments of the present invention provide a non-transitory machine-readable storage medium having stored thereon executable code that, when executed by a processor of a terminal device, causes the processor to perform the steps performed by the terminal device in the foregoing embodiments.
Fig. 6 is a schematic structural diagram of another device authentication apparatus provided in an embodiment of the present invention, which is located in an internet of things device connected to a terminal device, as shown in fig. 6, and the apparatus includes: a receiving module 31, an acquiring module 32, a determining module 33.
The receiving module 31 is configured to receive authentication request information encrypted by the terminal device using a first key, where the first key is obtained by the terminal device according to a device identifier of the internet of things device and identity information of the terminal device by requesting from a server, and the server determines, according to the identity information, that the terminal device has permission to communicate with the internet of things device, and then obtains the first key according to the device identifier.
An acquisition module 32 for acquiring the second key.
And the determining module 33 is configured to determine that the identity of the terminal device meets a condition if the authentication request information is obtained by decrypting according to the second key.
Optionally, the receiving module 31 is specifically configured to: and receiving authentication request information encrypted by the terminal equipment by using the first key and a first random number generated by the terminal equipment. The obtaining module 32 is specifically configured to: and generating the second key according to the private key of the Internet of things device and the first random number. At this time, the first key is obtained by the server inquiring the private key of the internet of things device according to the device identifier and then performing encryption calculation on the first random number and the private key.
Optionally, the apparatus further comprises: and the sending module is used for broadcasting and sending a management frame by adopting a set communication protocol, wherein the management frame comprises the equipment identifier so that the terminal equipment acquires the equipment identifier by monitoring the management frame.
Wherein, optionally, the management frame is a beacon frame or a probe request frame; the communication protocol includes a bluetooth communication protocol.
Optionally, the apparatus further comprises: the device comprises a generation module, a storage module and an encryption module.
And the generation module is used for generating a first number corresponding to the second key.
And the storage module is used for storing the corresponding relation between the second secret key and the first number.
And the encryption module is used for encrypting the first number by using the second key.
The sending module is further configured to send the encrypted first number to the terminal device, so that the terminal device decrypts the first number according to the first key, and then stores a correspondence between the first key and the first number.
Optionally, the sending module is further configured to: and carrying out data transmission of ciphertext by using the second secret key and the Internet of things equipment.
Optionally, the apparatus further comprises: and the connection control module is used for disconnecting the communication connection with the terminal equipment if the connection interruption condition is met.
Optionally, the receiving module 31 is further configured to: and receiving the first number sent by the terminal equipment and authentication request information encrypted by the terminal equipment by using the first key in response to the re-establishment of communication connection with the terminal equipment. At this time, the apparatus further includes: and a decryption module.
And the decryption module is used for decrypting the authentication request information according to the second key when the second key corresponding to the first number exists.
The generation module is further configured to generate a second random number, generate a third key according to the second random number and the second key, and generate a second number corresponding to the third key.
The encryption module is further configured to encrypt the second random number and the second number according to the second key, so as to obtain encrypted information.
The sending module is further configured to send the encryption information to the terminal device, so that the terminal device decrypts according to the first key to obtain the second random number and the second number, generates a fourth key according to the second random number and the first key, stores a corresponding relationship between the fourth key and the second number, and deletes the corresponding relationship between the first key and the first number.
The storage module is further configured to store a correspondence between the third key and the second number, and delete a correspondence between the second key and the first number.
Optionally, the sending module is further configured to: and carrying out data transmission of ciphertext with the terminal equipment by using the third secret key.
The apparatus shown in fig. 6 may perform the steps performed by the internet of things device in the foregoing embodiments, and for the parts not described in detail in this embodiment, reference may be made to the related descriptions in the foregoing embodiments, which are not repeated herein.
In one possible design, the structure of the device authentication apparatus shown in fig. 6 may be implemented as an internet of things device, where the internet of things device is connected to a terminal device, and the internet of things device may be, for example, an intelligent home device, an intelligent wearable device, or the like. As shown in fig. 7, the internet of things device may include: a second processor 41 and a second memory 42. Wherein executable code is stored in the second memory 42, and when the executable code is executed by the second processor 41, at least the second processor 41 is caused to implement the steps executed by the internet of things device in the foregoing embodiment.
The structure of the internet of things device may further include a second communication interface 43, which is used for communicating with other devices or a communication network.
In addition, embodiments of the present invention provide a non-transitory machine-readable storage medium having executable code stored thereon, which when executed by a processor of an internet of things device, causes the processor to perform the steps performed by the internet of things device in the foregoing embodiments.
The apparatus embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separate. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by adding necessary general purpose hardware platforms, or may be implemented by a combination of hardware and software. Based on such understanding, the foregoing aspects, in essence and portions contributing to the art, may be embodied in the form of a computer program product, which may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The device authentication method provided by the embodiment of the present invention may be performed by one or more programs/software, where the programs/software may be provided by a network side, and the terminal device and the internet of things device mentioned in the foregoing embodiments may download the required corresponding programs/software to a local nonvolatile storage medium, and when the terminal device and the internet of things device need to perform the foregoing device authentication method, the CPU reads the programs/software into a memory, and then the CPU executes the programs/software to implement the device authentication method provided in the foregoing embodiment, where the execution process may refer to the schematic diagrams in fig. 1 to 3.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (31)

1. The device authentication method is characterized by being applied to terminal devices connected with the Internet of things device, and the method comprises the following steps:
Acquiring the equipment identifier of the equipment of the Internet of things;
sending a key acquisition request to a server, wherein the key acquisition request comprises the equipment identifier and the identity information of the terminal equipment;
Receiving a first key fed back by the server after determining that the terminal equipment has the authority to communicate with the internet of things equipment according to the identity information;
encrypting authentication request information according to the first key;
And sending the encrypted authentication request information to the internet of things equipment, wherein if the internet of things equipment can decrypt according to the locally obtained second key to obtain the authentication request information, the identity of the terminal equipment is determined to meet the condition.
2. The method according to claim 1, wherein the method further comprises:
Generating a first random number;
The key acquisition request also comprises the first random number; and the first key is obtained by the server inquiring the private key of the Internet of things equipment according to the equipment identifier and then carrying out encryption calculation on the first random number and the private key.
3. The method of claim 2, wherein the sending the encrypted authentication request information to the internet of things device comprises:
And sending the encrypted authentication request information and the first random number to the Internet of things equipment so that the Internet of things equipment can generate the second key according to the private key of the Internet of things equipment and the first random number.
4. The method of claim 1, wherein the obtaining the device identifier of the internet of things device comprises:
and intercepting a management frame broadcasted and sent by the Internet of things equipment by adopting a set communication protocol, wherein the management frame comprises the equipment identifier.
5. The method of claim 4, wherein the management frame is a beacon frame or a probe request frame; the communication protocol includes a bluetooth communication protocol.
6. The method according to claim 1, wherein the method further comprises:
Receiving a first number encrypted by the second key, which is sent by the internet of things equipment, wherein the first number is a number which is generated by the internet of things equipment and corresponds to the second key;
Decrypting the first number according to the first key;
storing the corresponding relation between the first key and the first number.
7. The method of claim 6, wherein the method further comprises:
and carrying out data transmission of ciphertext by using the first secret key and the Internet of things equipment.
8. The method of claim 6, wherein the method further comprises:
And if the connection interruption condition is met, disconnecting the communication connection with the Internet of things equipment.
9. The method of claim 8, wherein the method further comprises:
Responding to the re-establishment of communication connection with the Internet of things equipment, and inquiring the first key and the first number which are stored locally and correspond to the Internet of things equipment;
Encrypting the authentication request information according to the first key;
Sending the encrypted authentication request information and the first number to the internet of things equipment, so that the internet of things equipment generates a second random number when decrypting the authentication request information according to the second key corresponding to the first number, which is queried locally, and generates a third key and a second number corresponding to the third key according to the second random number and the second key;
receiving encryption information sent by the internet of things device, wherein the encryption information is obtained by encrypting the second random number and the second number by the internet of things device according to the second key;
Decrypting the encrypted information according to the first key to obtain the second random number and the second number;
generating a fourth key according to the second random number and the first key;
storing the corresponding relation between the fourth key and the second number, and deleting the corresponding relation between the first key and the first number.
10. The method according to claim 9, wherein the method further comprises:
and carrying out data transmission of ciphertext by using the fourth secret key and the Internet of things equipment.
11. The device authentication method is characterized by being applied to the Internet of things device connected with the terminal device, and comprises the following steps:
receiving authentication request information encrypted by the terminal equipment by using a first key, wherein the first key is obtained by the terminal equipment according to equipment identification of the Internet of things equipment and identity information of the terminal equipment, and the server obtains the first key according to the equipment identification after determining that the terminal equipment has permission to communicate with the Internet of things equipment according to the identity information;
acquiring a second key;
and if the authentication request information is obtained through decryption according to the second key, determining that the identity of the terminal equipment meets the condition.
12. The method of claim 11, wherein the receiving authentication request information encrypted by the terminal device using the first key comprises:
receiving authentication request information encrypted by the terminal equipment by using a first key and a first random number generated by the terminal equipment;
The obtaining the second key includes:
Generating the second key according to the private key of the internet of things device and the first random number;
and the first key is obtained by the server inquiring the private key of the Internet of things equipment according to the equipment identifier and then carrying out encryption calculation on the first random number and the private key.
13. The method of claim 11, wherein the method further comprises:
And broadcasting and transmitting a management frame by adopting a set communication protocol, wherein the management frame comprises the equipment identifier, so that the terminal equipment acquires the equipment identifier by monitoring the management frame.
14. The method of claim 13, wherein the management frame is a beacon frame or a probe request frame; the communication protocol includes a bluetooth communication protocol.
15. The method of claim 11, wherein the method further comprises:
generating a first number corresponding to the second key;
storing the corresponding relation between the second key and the first number;
encrypting the first number using the second key;
And sending the encrypted first number to the terminal equipment, so that the terminal equipment decrypts the first number according to the first key, and then stores the corresponding relation between the first key and the first number.
16. The method of claim 15, wherein the method further comprises:
and carrying out data transmission of ciphertext with the terminal equipment by using the second secret key.
17. The method of claim 15, wherein the method further comprises:
and if the connection interruption condition is met, disconnecting the communication connection with the terminal equipment.
18. The method of claim 17, wherein the method further comprises:
Receiving the first number sent by the terminal equipment and authentication request information encrypted by the terminal equipment by using the first key in response to the re-establishment of communication connection with the terminal equipment;
Decrypting the authentication request information according to the second key when the second key corresponding to the first number exists;
generating a second random number, generating a third key according to the second random number and the second key, and generating a second number corresponding to the third key;
encrypting the second random number and the second number according to the second key to obtain encrypted information;
the encryption information is sent to the terminal equipment, so that the terminal equipment generates a fourth key according to the second random number and the first key after decrypting according to the first key to obtain the second random number and the second number, stores the corresponding relation between the fourth key and the second number, and deletes the corresponding relation between the first key and the first number;
Storing the corresponding relation between the third key and the second number, and deleting the corresponding relation between the second key and the first number.
19. The method of claim 18, wherein the method further comprises:
And carrying out data transmission of ciphertext with the terminal equipment by using the third secret key.
20. A device authentication apparatus, characterized in that it is applied to a terminal device connected to an internet of things device, the apparatus comprising:
the acquisition module is used for acquiring the equipment identifier of the equipment of the Internet of things;
the sending module is used for sending a key acquisition request to the server, wherein the key acquisition request comprises the equipment identifier and the identity information of the terminal equipment;
The receiving module is used for receiving a first key fed back by the server after determining that the terminal equipment has the authority to communicate with the Internet of things equipment according to the identity information;
The first encryption module is used for encrypting the authentication request information according to the first key;
The sending module is further configured to send the encrypted authentication request information to the internet of things device, where if the internet of things device can decrypt according to the locally obtained second key to obtain the authentication request information, it is determined that the identity of the terminal device meets the condition.
21. The apparatus of claim 20, wherein the apparatus further comprises:
the first generation module is used for generating a first random number;
The key acquisition request also comprises the first random number; and the first key is obtained by the server inquiring the private key of the Internet of things equipment according to the equipment identifier and then carrying out encryption calculation on the first random number and the private key.
22. The apparatus of claim 21, wherein the sending module is specifically configured to:
And sending the encrypted authentication request information and the first random number to the Internet of things equipment so that the Internet of things equipment can generate the second key according to the private key of the Internet of things equipment and the first random number.
23. The apparatus of claim 20, wherein the receiving module is further configured to: receiving a first number encrypted by the second key, which is sent by the internet of things equipment, wherein the first number is a number which is generated by the internet of things equipment and corresponds to the second key;
The apparatus further comprises:
the first decryption module is used for decrypting the first number according to the first key;
and the first storage module is used for storing the corresponding relation between the first key and the first number.
24. The apparatus as recited in claim 23, further comprising:
the inquiring module is used for responding to the fact that communication connection is established again with the Internet of things equipment, and inquiring the first secret key and the first number which are stored locally and correspond to the Internet of things equipment;
the second encryption module is further used for encrypting the authentication request information according to the first key;
The sending module is further configured to send the encrypted authentication request information and the first number to the internet of things device, so that the internet of things device generates a second random number when decrypting the authentication request information according to the second key corresponding to the first number, which is queried locally, and generates a third key and a second number corresponding to the third key according to the second random number and the second key;
The receiving module is further configured to receive encryption information sent by the internet of things device, where the encryption information is obtained by encrypting the second random number and the second number by the internet of things device according to the second key;
The second decryption module is used for decrypting the encrypted information according to the first key so as to obtain the second random number and the second number;
a second generation module, configured to generate a fourth key according to the second random number and the first key;
and the second storage module is used for storing the corresponding relation between the fourth key and the second number and deleting the corresponding relation between the first key and the first number.
25. A terminal device, wherein the terminal device is connected with an internet of things device, the terminal device comprising: a memory, a processor; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to perform the device authentication method of any of claims 1 to 10.
26. A device authentication apparatus, applied to an internet of things device to which a terminal device is connected, the apparatus comprising:
The terminal equipment comprises a receiving module, a receiving module and a processing module, wherein the receiving module is used for receiving authentication request information encrypted by the terminal equipment by using a first key, the first key is obtained by the terminal equipment according to equipment identification of the Internet of things equipment and identity information of the terminal equipment, wherein the server determines that the terminal equipment has permission to communicate with the Internet of things equipment according to the identity information and then obtains the first key according to the equipment identification;
The acquisition module is used for acquiring the second secret key;
And the determining module is used for determining that the identity of the terminal equipment meets the condition if the authentication request information is obtained through decryption according to the second secret key.
27. The apparatus of claim 26, wherein the receiving module is specifically configured to: receiving authentication request information encrypted by the terminal equipment by using a first key and a first random number generated by the terminal equipment;
the acquisition module is specifically configured to: generating the second key according to the private key of the internet of things device and the first random number;
and the first key is obtained by the server inquiring the private key of the Internet of things equipment according to the equipment identifier and then carrying out encryption calculation on the first random number and the private key.
28. The apparatus of claim 26, wherein the apparatus further comprises:
The generation module is used for generating a first number corresponding to the second key;
The storage module is used for storing the corresponding relation between the second secret key and the first number;
an encryption module for encrypting the first number using the second key;
And the sending module is used for sending the encrypted first number to the terminal equipment so that the terminal equipment can store the corresponding relation between the first key and the first number after decrypting the first number according to the first key.
29. The apparatus of claim 28, wherein the receiving module is further configured to: receiving the first number sent by the terminal equipment and authentication request information encrypted by the terminal equipment by using the first key in response to the re-establishment of communication connection with the terminal equipment;
The apparatus further comprises:
The decryption module is used for decrypting the authentication request information according to the second key when the second key corresponding to the first number exists;
the generation module is further used for generating a second random number, generating a third key according to the second random number and the second key, and generating a second number corresponding to the third key;
the encryption module is further configured to encrypt the second random number and the second number according to the second key, so as to obtain encrypted information;
The sending module is further configured to send the encryption information to the terminal device, so that the terminal device decrypts according to the first key to obtain the second random number and the second number, generates a fourth key according to the second random number and the first key, stores a corresponding relationship between the fourth key and the second number, and deletes the corresponding relationship between the first key and the first number;
the storage module is further configured to store a correspondence between the third key and the second number, and delete a correspondence between the second key and the first number.
30. The utility model provides an thing networking device, its characterized in that, thing networking device is connected with terminal equipment, thing networking device includes: a memory, a processor; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to perform the device authentication method of any of claims 11 to 19.
31. A device authentication system, comprising:
The system comprises Internet of things equipment, terminal equipment and a server, wherein the terminal equipment and the server are connected with the Internet of things equipment;
The terminal equipment is used for acquiring equipment identification of the Internet of things equipment, sending a key acquisition request to the server, wherein the key acquisition request comprises the equipment identification and identity information of the terminal equipment, receiving a first key fed back by the server, encrypting authentication request information according to the first key, and sending the encrypted authentication request information to the Internet of things equipment;
the server is used for feeding back the first key to the terminal equipment after determining that the terminal equipment has the authority to communicate with the internet of things equipment according to the identity information;
And the internet of things device is used for determining that the identity of the terminal device meets the condition if the authentication request information can be obtained through decryption according to the locally obtained second key.
CN201911342516.3A 2019-12-23 2019-12-23 Equipment authentication method, device, equipment and system Active CN113099443B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911342516.3A CN113099443B (en) 2019-12-23 2019-12-23 Equipment authentication method, device, equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911342516.3A CN113099443B (en) 2019-12-23 2019-12-23 Equipment authentication method, device, equipment and system

Publications (2)

Publication Number Publication Date
CN113099443A CN113099443A (en) 2021-07-09
CN113099443B true CN113099443B (en) 2024-05-17

Family

ID=76663263

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911342516.3A Active CN113099443B (en) 2019-12-23 2019-12-23 Equipment authentication method, device, equipment and system

Country Status (1)

Country Link
CN (1) CN113099443B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113612747B (en) * 2021-07-26 2024-02-09 深圳Tcl新技术有限公司 Method and device for setting device control authority, computer device and storage medium
CN113596141B (en) * 2021-07-26 2023-07-25 深圳Tcl新技术有限公司 Method and device for setting device control authority, computer device and storage medium
CN114158043A (en) * 2021-11-11 2022-03-08 珠海格力电器股份有限公司 Network distribution method, system and storage medium
CN114553592B (en) * 2022-03-23 2024-03-22 深圳市美科星通信技术有限公司 Method, equipment and storage medium for equipment identity verification
WO2023184262A1 (en) * 2022-03-30 2023-10-05 北京小米移动软件有限公司 Secure transmission method and apparatus for data frames, electronic device and storage medium
CN114980116B (en) * 2022-05-17 2023-09-19 中移互联网有限公司 Target number identification method based on 5G message and electronic equipment
CN114978712B (en) * 2022-05-25 2023-08-22 中南财经政法大学 Remote secure communication method, system, equipment and terminal of touch Internet of things
CN115021994A (en) * 2022-05-26 2022-09-06 深圳Tcl新技术有限公司 Identity authentication method and device, electronic equipment and computer readable storage medium
CN115277240A (en) * 2022-08-03 2022-11-01 河海大学 Authentication method and device for Internet of things equipment
CN116545658A (en) * 2022-11-09 2023-08-04 阿里巴巴(中国)有限公司 Method, system and device for confirming authority

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106656481A (en) * 2016-10-28 2017-05-10 美的智慧家居科技有限公司 Identity authentication method, apparatus and system
CN107277061A (en) * 2017-08-08 2017-10-20 四川长虹电器股份有限公司 End cloud security communication means based on IOT equipment
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN108347404A (en) * 2017-01-24 2018-07-31 中国移动通信有限公司研究院 A kind of identity identifying method and device
CN108600176A (en) * 2018-03-27 2018-09-28 中南大学 A kind of intelligent terminal safety certifying method, equipment, server and system
CN109936547A (en) * 2017-12-18 2019-06-25 阿里巴巴集团控股有限公司 Identity identifying method, system and calculating equipment
KR20190133972A (en) * 2017-12-28 2019-12-04 (주)드림시큐리티 TERMMINAL DEVICE, SERVER, SYSTEM AND METHOD FOR OPERATING MESSAGE ENCRYPTION KEY USING DEVICE AUTHENTICATION KEY IN IoT ENVIRONMENT

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106656481A (en) * 2016-10-28 2017-05-10 美的智慧家居科技有限公司 Identity authentication method, apparatus and system
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN108347404A (en) * 2017-01-24 2018-07-31 中国移动通信有限公司研究院 A kind of identity identifying method and device
CN107277061A (en) * 2017-08-08 2017-10-20 四川长虹电器股份有限公司 End cloud security communication means based on IOT equipment
CN109936547A (en) * 2017-12-18 2019-06-25 阿里巴巴集团控股有限公司 Identity identifying method, system and calculating equipment
KR20190133972A (en) * 2017-12-28 2019-12-04 (주)드림시큐리티 TERMMINAL DEVICE, SERVER, SYSTEM AND METHOD FOR OPERATING MESSAGE ENCRYPTION KEY USING DEVICE AUTHENTICATION KEY IN IoT ENVIRONMENT
CN108600176A (en) * 2018-03-27 2018-09-28 中南大学 A kind of intelligent terminal safety certifying method, equipment, server and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
物联网环境下的身份认证方案;张曼君;邮电设计技术;全文 *

Also Published As

Publication number Publication date
CN113099443A (en) 2021-07-09

Similar Documents

Publication Publication Date Title
CN113099443B (en) Equipment authentication method, device, equipment and system
JP6612358B2 (en) Method, network access device, application server, and non-volatile computer readable storage medium for causing a network access device to access a wireless network access point
US11729612B2 (en) Secure BLE just works pairing method against man-in-the-middle attack
US8559633B2 (en) Method and device for generating local interface key
EP3308519B1 (en) System, apparatus and method for transferring ownership of a device from manufacturer to user using an embedded resource
CN107113173B (en) Method and apparatus for providing service based on identifier of user equipment
EP3700124B1 (en) Security authentication method, configuration method, and related device
US20160269176A1 (en) Key Configuration Method, System, and Apparatus
US10834170B2 (en) Cloud authenticated offline file sharing
US8583809B2 (en) Destroying a secure session maintained by a server on behalf of a connection owner
CN111149334A (en) Remote device control
TW201706900A (en) Method and device for authentication using dynamic passwords
US10693879B2 (en) Methods, devices and management terminals for establishing a secure session with a service
EP3972293B1 (en) Bluetooth device connection methods and bluetooth devices
CN110933484A (en) Management method and device of wireless screen projection equipment
CN108259460B (en) Equipment control method and device
WO2018120217A1 (en) Verification method and apparatus for key requester
WO2014127751A1 (en) Wireless terminal configuration method, apparatus and wireless terminal
CN112566119A (en) Terminal authentication method and device, computer equipment and storage medium
JP2016111660A (en) Authentication server, terminal and authentication method
CN110635901A (en) Local Bluetooth dynamic authentication method and system for Internet of things equipment
WO2015144042A1 (en) Method and device for network authentication certification
CN109565441B (en) Method for configuring a first communication device by using a second communication device
CN111654481A (en) Identity authentication method, identity authentication device and storage medium
CN111132167B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant