CN113271320A - Terminal authentication method, device, system, medium and equipment - Google Patents

Terminal authentication method, device, system, medium and equipment Download PDF

Info

Publication number
CN113271320A
CN113271320A CN202110817566.3A CN202110817566A CN113271320A CN 113271320 A CN113271320 A CN 113271320A CN 202110817566 A CN202110817566 A CN 202110817566A CN 113271320 A CN113271320 A CN 113271320A
Authority
CN
China
Prior art keywords
information
target
authentication
target terminal
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110817566.3A
Other languages
Chinese (zh)
Other versions
CN113271320B (en
Inventor
杨彦召
曹阳
薛信钊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Automotive Innovation Co Ltd
Original Assignee
China Automotive Innovation Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Automotive Innovation Co Ltd filed Critical China Automotive Innovation Co Ltd
Priority to CN202110817566.3A priority Critical patent/CN113271320B/en
Publication of CN113271320A publication Critical patent/CN113271320A/en
Application granted granted Critical
Publication of CN113271320B publication Critical patent/CN113271320B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Abstract

The application relates to the technical field of automobile diagnosis, and particularly discloses a terminal authentication method, a device, a system, a medium and equipment, wherein the method comprises the following steps: receiving a route activation request message sent by a target terminal, wherein the route activation request message comprises identification information of the target terminal and authentication information of the target terminal; acquiring target terminal authentication configuration information corresponding to the identification information of the target terminal, and determining a target information abstract corresponding to the identification information according to the target terminal authentication configuration information; determining corresponding target authentication information according to the target information abstract; and if the authentication information is consistent with the target authentication information, determining that the target terminal passes the authentication. On the basis of a diagnosis mechanism of a route activation request message in the automobile diagnosis process, the consistency of the target authentication information corresponding to the target information abstract of the target terminal and the authentication information of the target terminal is determined, the legality authentication of the terminal can be realized without additionally introducing other mechanisms, and the resource overhead is saved.

Description

Terminal authentication method, device, system, medium and equipment
Technical Field
The present application relates to the field of vehicle diagnosis technologies, and in particular, to a terminal authentication method, apparatus, system, medium, and device.
Background
With the rapid development of technology and the demand of people for more diversification of automobiles, the automobile electronic technology is also rapidly developed, a large number of automobile electronic systems are used on automobiles, and other subject knowledge such as electronics, communication, computers and the like is added, so that the technology content of the automobile technology is greatly deepened, and the research on the problem of fault diagnosis of automobile electronics is more and more concerned. Vehicle fault diagnosis may improve vehicle performance. Along with the increase of the driving mileage of the automobile, the performance or technical condition of the automobile is gradually deteriorated, which is represented by the reduction of dynamic property and economy and the increase of exhaust emission; especially, the deterioration of braking performance causes traffic accidents. Therefore, the fault diagnosis is carried out regularly, so that the automobile can be kept in a good technical condition, the automobile performance is improved, and the service life is prolonged.
However, at present, the identity of the terminal is at risk of being untrusted and therefore needs to be authenticated. However, most existing methods for authenticating terminals adopt authentication services of transport Layer security protocol tls (transport Layer security) or unified diagnostic service uds (unified diagnostic services), which results in high overhead of software and hardware resources.
Disclosure of Invention
In order to solve the technical problem, the application provides a terminal authentication method, device, system, medium and equipment.
According to one aspect of the application, a terminal authentication method is disclosed, which is applied to an edge node, and the method comprises the following steps:
receiving a route activation request message sent by a target terminal, wherein the route activation request message comprises identification information of the target terminal and authentication information of the target terminal;
acquiring target terminal authentication configuration information corresponding to the identification information of the target terminal;
determining a target information abstract corresponding to the identification information of the target terminal according to the target terminal authentication configuration information;
determining corresponding target authentication information according to the target information abstract;
and if the authentication information is consistent with the target authentication information, determining that the target terminal passes the authentication.
In a possible implementation scheme, after determining that the target terminal passes authentication, the method further includes:
based on the route activation request message, performing route activation processing;
and if the route activation is successful, sending a route activation response message including route activation duration information to the target terminal.
In a possible implementation scheme, the determining, according to the target information digest, corresponding target authentication information includes:
and extracting corresponding target authentication information from the target information abstract according to preset extraction information.
According to another aspect of the present application, another terminal authentication method is disclosed, the method including:
the target terminal sends the route activation duration information and the terminal information to the server;
the server determines an information abstract of the target terminal according to the terminal information and the route activation duration information;
the server determines target terminal authentication configuration information according to the identification information of the target terminal and the information abstract in the terminal information, wherein the target terminal authentication configuration information comprises the corresponding relation between the identification information of the target terminal and the information abstract;
the server sends the target terminal authentication configuration information to an edge node;
the target terminal sends a route activation request message to the edge node, wherein the route activation request message comprises identification information of the target terminal and authentication information of the target terminal;
the edge node determines a target information abstract corresponding to the identification information of the target terminal according to the target terminal authentication configuration information, and determines corresponding target authentication information according to the target information abstract; and when the authentication information is consistent with the target authentication information, determining that the target terminal passes the authentication.
Further, the method further comprises:
the server acquires registration check information corresponding to the identification information of the target terminal, and determines that the target terminal meets the registration requirement when the terminal information of the target terminal is consistent with the registration check information;
and the server registers the target terminal meeting the registration requirement.
In one possible implementation scheme, the sending, by the server, the target terminal authentication configuration information to the edge node includes:
the server sends update information of the target terminal authentication configuration information to the edge node through a vehicle-mounted terminal, wherein the update information comprises at least one recommended update mode;
the server receives response information returned by the edge node through the vehicle-mounted terminal, wherein the response information comprises a target updating mode, and the target updating mode is one of the at least one recommended updating mode;
the server sends resource node information to the edge node based on the target updating mode;
and the edge node acquires the terminal authentication configuration information based on the resource node information.
According to another aspect of the present application, there is disclosed a terminal authentication apparatus including:
a request message receiving module, configured to receive a route activation request message sent by a target terminal, where the route activation request message includes identification information of the target terminal and authentication information of the target terminal;
the configuration information acquisition module is used for acquiring target terminal authentication configuration information corresponding to the identification information of the target terminal;
the target information abstract determining module is used for determining a target information abstract corresponding to the identification information of the target terminal according to the target terminal authentication configuration information;
the target authentication information determining module is used for determining corresponding target authentication information according to the target information abstract;
and the authentication processing module is used for determining that the target terminal passes the authentication when the authentication information is consistent with the target authentication information.
According to another aspect of the present application, there is disclosed a terminal authentication system including:
the target terminal is used for sending route activation duration information and terminal information to a server so that the server determines an information abstract of the target terminal according to the terminal information and the route activation duration information, determines target terminal authentication configuration information according to identification information of the target terminal in the terminal information and the information abstract, and sends the target terminal authentication configuration information to an edge node, wherein the target terminal authentication configuration information comprises a corresponding relation between the identification information of the target terminal and the information abstract;
and a route activation request message used for sending the identification information of the target terminal and the authentication information of the target terminal to the edge node, so that the edge node determines a target information abstract corresponding to the identification information of the target terminal according to the authentication configuration information of the target terminal, determines corresponding target authentication information according to the target information abstract, and determines that the target terminal passes authentication when the authentication information is consistent with the target authentication information;
the server is used for receiving the route activation duration information and the terminal information sent by the target terminal, determining an information abstract of the target terminal according to the terminal information and the route activation duration information, determining target terminal authentication configuration information according to the identification information of the target terminal and the information abstract, and sending the target terminal authentication configuration information to an edge node; the target terminal authentication configuration information comprises the corresponding relation between the identification information of the target terminal and the information abstract;
and the edge node is used for receiving the target terminal authentication configuration information sent by the server and receiving a route activation request message which is sent by the target terminal and comprises the identification information of the target terminal and the authentication information of the target terminal, determining a target information abstract corresponding to the identification information of the target terminal according to the target terminal authentication configuration information, determining corresponding target authentication information according to the target information abstract, and determining that the target terminal passes the authentication when the authentication information is consistent with the target authentication information.
According to another aspect of the present application, a computer-readable storage medium is disclosed, in which at least one instruction or at least one program is stored, the at least one instruction or the at least one program being loaded and executed by a processor to implement the terminal authentication method as described above.
According to another aspect of the present application, a computer device is disclosed, the computer device comprising a processor and a memory, the memory having stored therein at least one instruction or at least one program, the at least one instruction or at least one program being loaded by the processor and executing the terminal authentication method as described above.
The method comprises the steps that a route activation request message sent by a target terminal is received, wherein the route activation request message comprises identification information of the target terminal and authentication information of the target terminal; acquiring target terminal authentication configuration information corresponding to the identification information of the target terminal, and determining a target information abstract corresponding to the identification information of the target terminal according to the target terminal authentication configuration information; determining corresponding target authentication information according to the target information abstract; and if the authentication information is consistent with the target authentication information, determining that the target terminal passes the authentication. On the basis of a diagnosis mechanism of a route activation request message in the automobile diagnosis process, the consistency of target authentication information corresponding to the target information abstract of the target terminal and the authentication information of the target terminal is determined, so that the terminal is authenticated legally, the legality authentication of the terminal can be realized without additionally introducing other mechanisms, and the resource overhead is saved.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
In order to more clearly illustrate the technical solutions and advantages of the embodiments of the present application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic diagram of an implementation environment of a terminal authentication method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a terminal authentication method according to an embodiment of the present application;
fig. 3 is a flowchart illustrating a method for sending target terminal authentication configuration information according to an embodiment of the present application;
fig. 4 is a flowchart illustrating a terminal authentication method according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a terminal authentication device according to an embodiment of the present application;
fig. 6 is a schematic hardware structure diagram of an apparatus for implementing a terminal authentication method according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application. Examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar function throughout.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Referring to fig. 1, which is a schematic diagram of an implementation environment of a terminal authentication method according to an embodiment of the present disclosure, as shown in fig. 1, the implementation environment may at least include a terminal 01, a server 02, and an edge node 03, where the terminal 02 and the edge node 03 are in communication connection.
Specifically, the terminal 01 may include smart phones, desktop computers, tablet computers, notebook computers, digital assistants, smart wearable devices, monitoring devices, voice interaction devices, and other types of devices, and may also include software running in the devices, such as web pages provided by some service providers to users, and applications provided by the service providers to users. In particular, the terminal 01 may be used to communicate with an edge node 03 on the car to perform diagnostics of devices on the car.
Specifically, the server 02 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and artificial intelligence server, and the like. Or may be a remote diagnostic platform or a terminal Service platform of an OEM (automotive equipment manufacturer), such as a terminal Service platform tsp (telematics Service provider). The server 02 may comprise a network communication unit, a processor and a memory, etc. The terminal and the server may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein. Specifically, the server 02 may be used for platform registration before the terminal 01 performs diagnosis.
The embodiment of the present application may also be implemented by combining a Cloud technology, where the Cloud technology (Cloud technology) refers to a hosting technology for unifying series resources such as hardware, software, and a network in a wide area network or a local area network to implement data calculation, storage, processing, and sharing, and may also be understood as a generic term of a network technology, an information technology, an integration technology, a management server technology, an application technology, and the like applied based on a Cloud computing business model. Cloud technology requires cloud computing as a support. Cloud computing is a computing model that distributes computing tasks over a resource pool of large numbers of computers, enabling various application systems to obtain computing power, storage space, and information services as needed. The network that provides the resources is referred to as the "cloud". Specifically, the server 02 and the database are located in the cloud, and the server 02 may be an entity machine or a virtualization machine.
The present application provides method steps as in examples or flowcharts, but may include more or fewer steps based on conventional or non-inventive labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. In practice, the system or server product may be implemented in a sequential or parallel manner (e.g., parallel processor or multi-threaded environment) according to the embodiments or methods shown in the figures.
A terminal authentication method provided by the present application is described below. Fig. 2 is a flowchart of a terminal authentication method according to an embodiment of the present application, please refer to fig. 2, where the method may include the following steps:
s101, the target terminal sends the route activation duration information and the terminal information to the server.
Specifically, in the embodiment of the specification, the target terminal may be a device which is currently accessed to the automobile and communicates with the automobile based on the edge node to diagnose each device on the automobile. Specifically, after the target terminal is in communication connection with the automobile based on the edge node, in the process of diagnosing the equipment of the automobile by the target terminal, the target terminal sends a routing activation message request to the edge node and receives a routing activation response message returned by the edge node, so that the diagnosis of the equipment on the automobile by the target terminal is realized.
In one possible implementation, the route activation duration information may be understood as an effective communication duration between the target terminal and an edge node on the vehicle during the vehicle diagnosis process. For example, the route activation duration information may be zero, which indicates that the target terminal has not been connected to the edge node before registering and is not currently in the vehicle. For example, the initial route activation duration may be 0, and the route activation duration Information may be set to be 4 bytes in length and expressed based on American Standard Code for Information Interchange (ASCII), for example, 0x 000 x 000 x 000 x 00.
Specifically, in one possible implementation scheme, as shown in table 1, the terminal information of the target terminal may include, but is not limited to, identification information, password information, and attribute information of the target terminal.
Figure 480581DEST_PATH_IMAGE001
The identification information of the target terminal is used to uniquely identify the target terminal, and in a possible implementation scheme, the identification information of the target terminal may be a Media Access Control Address (MAC) Address or a source Address of the target terminal, and the identification information of the target terminal may be, for example, a MAC Address 01:23:45:67:89: AB.
In one possible implementation, the attribute information of the target terminal may include, but is not limited to, name, size, shape, style, and the like of the terminal. The password information of the target terminal may be key information set in advance for preventing counterfeit terminal registration. Preferably, the attribute information of the target terminal may be expressed in a manner based on ASCII code. For example, the attribute information of the target terminal expressed in ASCII code may be: 0x 430 x 480 x 490 x4e 0x 410 x 200 x 410 x 550 x 540 x4f 0x4d 0x4f 0x 540 x 490 x 560 x 450 x 200 x 490 x4e 0x4e 0x4f 0x 560 x 410 x 540 x 490 x4f 0x4e 0x 200 x 430 x4f 0x 520 x 500 x4f 0x 520 x 410 x 540 x4f 0x4 e.
In a possible implementation scheme, the password information of the target terminal may be preset by a manufacturer of the target terminal, and the password information and the identification information of the target terminal are mapped and then sent to the server. For example, the password information of the target terminal may be preset and expressed in ASCII code, for example: 0x 310 x 390 x 390 x 340 x 300 x 340 x 320 x 35.
S103, the server determines the information abstract of the target terminal according to the terminal information and the route activation duration information.
In a possible implementation scheme, a one-way hash function may be used to calculate information composed of the terminal information of the target terminal and the route activation duration information, so as to obtain an information digest of the target terminal. Preferably, the calculation can be performed by using, but not limited to, SM3 cryptographic Hash Algorithm, SHA-256 Algorithm, Secure Hash Algorithm (SHA, Secure Hash Algorithm), or the like.
In a possible implementation scheme, the SHA-256 may be specifically used to calculate the message digest, based on the above example of the ASCII code of the signaling information, the attribute information, and the route activation duration, the calculation result is:
3A8C1CFDD10204652976A68F744C734353BBEFBEB5B8C0828AFFEBC859B5D5A7。
in one possible implementation scheme, the information digest of the target terminal integrated by the identification information, the attribute information, the password information, and the route activation duration information is not less than 32 bits.
It can be understood that, because the information abstract is calculated based on the route activation duration information and the terminal information of the target terminal, the password information, the attribute information and the route activation duration information of the target terminal participate in the calculation of the information abstract, and because the password information is preset and lacks regularity, the difficulty in cracking the acquired information abstract is increased, and the authentication security of the acquired information abstract is improved. Even if the attribute information of the target terminal is illegally stolen or the route activation duration updating mechanism of the target terminal is acquired, the difficulty of cracking the acquired information abstract can be increased based on the irregularity of the password, and the authentication security is improved.
S105, the server determines target terminal authentication configuration information according to the identification information and the information abstract of the target terminal in the terminal information, wherein the target terminal authentication configuration information comprises the corresponding relation between the identification information and the information abstract of the target terminal.
Specifically, after the information abstract of the target terminal is determined, the terminal identifier of the target terminal and the information abstract may be correspondingly stored in the server. Preferably, the identification information and the information summary of the target terminal are correspondingly stored in a local disk of the server. In a possible implementation scheme, the identification information and the information digest of the target terminal may be stored in a local disk of the server in a table form, and the table may include a correspondence relationship between the identification information and the information digest of the target terminal.
In a possible implementation scheme, when the server stores the correspondence between the terminal identifier of the other terminal and the information summary in advance, the correspondence between the identifier information of the target terminal and the information summary may be added to the lower side of the stored terminal identifier of the terminal and the information summary, respectively. For example, as shown in table 2, if the terminal identifier a1 and the information digest B1 corresponding to the terminal 1 and the terminal identifier a2 and the information digest B3 corresponding to the terminal 2 are stored in the server in advance, if the terminal identifier A3 and the information digest B3 corresponding to the target terminal 3 are determined, the terminal identifier A3 and the information digest B3 of the target terminal 3 may be correspondingly added below the terminal identifier a2 and the information digest B2 of the terminal 2, respectively.
Figure 813473DEST_PATH_IMAGE002
S107, the server sends the target terminal authentication configuration information to the edge node.
In a possible implementation scheme, the sending, by the server, the target terminal authentication configuration information to the edge node may be directly sending, by the server, the target terminal authentication configuration information stored in the local disk to the edge node. In another possible implementation scheme, the server sends the target terminal authentication configuration information to the edge node, or the server sends a table stored in a local disk to the edge node, where the table may include a correspondence between the terminal information of the target terminal and the information digest.
In another possible implementation scheme, the server may also implement sending of the target terminal authentication configuration information to the edge node based on a method shown in fig. 3, where as shown in fig. 3, the method includes:
s700, the server sends the update information of the authentication configuration information of the target terminal to the edge node through the vehicle-mounted terminal, and the update information comprises at least one recommended update mode of the authentication configuration information of the target terminal.
Specifically, the server pushes update information of the terminal authentication configuration information to the edge node through the vehicle-mounted terminal, and specifically, the server sends the update information to the vehicle-mounted terminal through a Message queue Telemetry Transport security protocol (mqts), and then the vehicle-mounted terminal forwards the update information to the edge node. By the information pushing mode of the network topology, the network structure is simple to construct, easy to implement and convenient to manage, and faults of the connection points are easy to monitor and eliminate.
Further, the update information includes at least one recommended update mode of the terminal authentication configuration information. In a possible implementation scheme, the recommended updating manner may include, but is not limited to, an incremental updating manner, a differential updating manner, or a full updating manner, so as to update the terminal authentication configuration information.
S702, receiving response information returned by the edge node through the vehicle-mounted terminal, wherein the response information comprises a target updating mode, and the target updating mode is one of at least one recommended updating mode.
Specifically, the response information returned by the edge node includes a finally determined target update mode, so that the terminal updates the terminal authentication configuration information based on the target update mode after receiving the target update mode.
S704, based on the target updating mode, sending resource node information to the edge node, so that the edge node obtains terminal authentication configuration information based on the resource node information.
In a more possible implementation scheme, the Resource node information may be a Uniform Resource Locator (URL), and after receiving the URL, the edge node may download, through the vehicle-mounted terminal, terminal authentication configuration information based on a hypertext Transfer Protocol over secure key Layer (HTTPS).
S109, the target terminal sends a routing activation request message to the edge node, wherein the routing activation request message comprises identification information of the target terminal and authentication information of the target terminal.
In one possible implementation scheme, after the target terminal is in communication connection with the vehicle based on the edge node, the target terminal sends a route activation request message with a structure shown in table 3 to the edge node.
Figure 627845DEST_PATH_IMAGE003
Further, in order to implement the validity authentication of the identity of the target terminal before diagnosis, the route activation request message sent by the target terminal carries the identification information and the authentication information of the target terminal, so that the edge node implements the authentication of the target terminal based on the authentication information. Specifically, the identification information of the target terminal is the unique identification of the target terminal, and the authentication information is obtained by the target terminal based on the information abstract of the target terminal. Specifically, the target terminal performs digest calculation based on its own terminal information to obtain an information digest, and extracts corresponding target authentication information from the information digest according to preset extraction information after obtaining the information digest.
In one possible implementation, the preset extraction information may be a preset extraction rule, and in one possible implementation, the extraction rule may be: and sequentially extracting letters existing in the information abstract.
In another possible implementation scheme, the extraction rule may also be: and cutting the information abstract according to a first preset cutting condition to obtain a first cutting value, and using the first cutting value as the authentication information of the target terminal. Specifically, the first truncation value is a part of information in the target information digest. Preferably, the first preset truncation condition may be to begin truncating the message digest from lower bits, or to begin truncating the message digest from higher bits, or to begin truncating from specified bits to lower bits, or to begin truncating from specified bits to higher bits. The first preset cutoff condition may be preset according to requirements, and is not specifically limited herein. Preferably, the number of bits of the truncated value may be 32 bits.
S111, the edge node determines a target information abstract corresponding to the identification information of the target terminal according to the target terminal authentication configuration information, determines corresponding target authentication information according to the target information abstract, and determines that the target terminal passes authentication when the authentication information is consistent with the target authentication information.
It can be understood that the target terminal may be a legal terminal or an illegal terminal, and when the target terminal is a legal terminal, the terminal information of the target terminal will not be changed, so that the information digest determined based on the terminal information and the authentication information determined based on the information digest will not be changed. When the target terminal is an illegal terminal, the terminal information of the target terminal may be changed, for example, any one or more of the identification information, the attribute information, and the password information of the illegal target terminal may be changed. It should be noted that, since the terminal configuration information includes the corresponding relationship between the identification information of the terminal and the information digest, when the identification information of an illegal target terminal is changed, the information digest corresponding to the current identification information (changed identification information) cannot be determined based on the target terminal authentication configuration information, and thus, it is not necessary to perform authentication again, and it can be determined that the current identification information is illegal identification information, and the target terminal is an illegal target terminal.
When the identification information in the target terminal is not changed, the information abstract corresponding to the identification information of the target terminal can be determined based on the authentication configuration information of the target terminal, and the information abstract corresponding to the identification information of the target terminal is used as the target information abstract.
Further, after the target information abstract is determined, corresponding target authentication information is determined according to the target information abstract, and when the authentication information is consistent with the target authentication information, the target terminal is determined to pass the authentication. In a possible implementation scheme, the determining, according to the target information digest, the corresponding target authentication information may specifically be to truncate the target information digest according to a second preset truncation condition to obtain a second truncation value, and use the second truncation value as the target authentication information, specifically, the second truncation value is part of information in the target information digest. It is to be understood that the second truncation condition may be predetermined.
It will be appreciated that the second cut-off condition may be the same as the first cut-off condition, under the same cut-off condition. And when the target terminal is a legal terminal, the determined authentication information is obviously consistent with the target authentication information, and the target terminal is determined to pass the authentication.
Further, under the same truncation condition, if the target terminal is an illegal terminal, at this time, the terminal information of the target terminal will be changed, for example, the attribute information will be changed, at this time, an information digest obtained based on the terminal information of the illegal terminal will be different from a target information digest determined from the target terminal configuration information based on the identification information, so that a first truncation value determined based on the information digest will be different from a second truncation value determined based on the target information digest, and thus there will be authentication information of the target terminal different from target authentication information of the target terminal. Therefore, when the authentication information does not match the target authentication information, the target terminal may be considered as an illegal terminal, and the target terminal may be considered as not authenticated.
On the basis of a diagnosis mechanism of a route activation request message in the automobile diagnosis process, the consistency between the target authentication information corresponding to the target information abstract of the target terminal and the authentication information of the target terminal is determined, so that the terminal is authenticated legally, the terminal can be authenticated legally without additionally introducing other mechanisms, and the resource overhead is saved.
Further, the method may further include registering a target terminal that needs to be authenticated, and specifically, the method may include:
the server responds to the registration request of the target terminal, acquires registration checking information corresponding to the identification information of the target terminal, and determines that the target terminal meets the registration requirement when the terminal information of the target terminal is consistent with the registration checking information.
And the server registers the target terminal meeting the registration requirement.
Specifically, a registration request is sent from the target terminal to the server to request a pre-registration in the server. By pre-registering the target terminal, whether the target terminal meets the registration condition can be determined, so that terminal information of the terminal meeting the condition is pre-stored and documented, when the target terminal is truly diagnosed, legal terminal information is provided for authentication in the process of authentication before diagnosis of the target terminal and serves as an authentication reference, and the authentication accuracy of the target terminal is improved.
In a possible implementation scheme, the target terminal may implement sending of the registration request based on a hypertext Transfer Protocol over Secure Socket Layer (HTTPS) or the like, so as to improve security in the sending process of the registration request, and avoid that terminal information of the target terminal carried in the registration request is stolen or cracked, which affects security of the target terminal.
In a possible implementation scheme, after receiving the registration request sent by the target terminal, the server may obtain the registration checking information from the local. In a possible implementation scheme, the registration request carries terminal information of the target terminal; after the server acquires the registration check information, the server compares the terminal information of the target terminal carried in the registration request with the registration check information, when the terminal information meets the registration check information, the server determines that the target terminal meets the registration requirement, and the server can register the target terminal.
It will be appreciated that in one possible implementation, the enrollment verification information may include enrollment password information, enrollment attribute information, and enrollment identification information. The consistency between the terminal information of the target terminal and the registration check information specifically means that attribute information in the terminal information is consistent with registration attribute information in the registration check information, or password information in the terminal information is consistent with registration password information in the registration check information, or the password information is consistent with the registration password information and the attribute information is consistent with the registration attribute information, and a specific meeting condition can be set according to an actual situation, and is not specifically limited here.
A specific embodiment of a terminal authentication method in this specification is described below with an edge node as an execution subject, and fig. 4 is a schematic flow chart of a terminal authentication method provided in an embodiment of the present invention, and specifically, with reference to fig. 4, the method may include:
s301, receiving a route activation request message sent by a target terminal, wherein the route activation request message comprises identification information of the target terminal and authentication information of the target terminal.
S303, acquiring target terminal authentication configuration information corresponding to the identification information of the target terminal.
S305, determining a target information abstract corresponding to the identification information of the target terminal according to the target terminal authentication configuration information.
It can be understood that the target terminal authentication configuration information includes a corresponding relationship between the identification information of the target terminal and the information digest, and therefore, the information digest corresponding to the identification information of the target terminal can be determined based on the identification information of the target terminal, and the information digest can be used as the target information digest.
And S307, determining corresponding target authentication information according to the target information abstract.
In one possible implementation, determining the corresponding target authentication information according to the target information digest may include:
and extracting corresponding target authentication information from the target information abstract according to preset extraction information.
The preset extraction information may be a preset extraction rule, and in a possible implementation scheme, the extraction rule may be: and sequentially extracting letters existing in the information abstract. In another possible implementation scheme, the extraction rule may also be: and cutting the information abstract according to a first preset cutting condition to obtain a first cutting value, and using the first cutting value as the authentication information of the target terminal. Specifically, the first truncation value is a part of information in the target information digest. Preferably, the first preset truncation condition may be to truncate the message digest from lower bits, or to truncate the message digest from higher bits, or to truncate the message digest from lower bits, or to truncate the message digest from higher bits. The first preset cutoff condition may be preset according to requirements, and is not specifically limited herein. Preferably, the number of bits of the truncated value is not less than 32 bits.
S309, if the authentication information is consistent with the target authentication information, determining that the target terminal passes the authentication.
The non-introduced parts of the above steps can refer to the above steps S101 to S111, and are not described herein again.
Further, in other implementable schemes, the method may further include:
after the target terminal passes the authentication, performing route activation processing based on the route activation request message;
and if the route activation is successful, sending a route activation response message including the route activation duration to the target terminal.
Specifically, the route activation response message returned by the edge node to the target terminal includes the route activation duration. The route activation duration here may be an updated reason to activate the response message. For example, after the route activation is successful, a preset duration is increased on the basis of the original route activation duration, and the preset duration may be 10min, 15min or other times.
Specifically, based on the route activation request message and the route activation response message mechanism in the automobile diagnosis process, after the route activation is successful, the edge node returns a route activation response message with a structure shown in table 4 to the target terminal.
Figure 387991DEST_PATH_IMAGE004
Fig. 5 is a schematic diagram showing a configuration of a terminal authentication apparatus, which includes, as shown in fig. 5:
the request message receiving module is used for receiving a route activation request message sent by a target terminal, wherein the route activation request message comprises identification information of the target terminal and authentication information of the target terminal;
the configuration information acquisition module is used for acquiring target terminal authentication configuration information corresponding to the identification information of the target terminal;
the target information abstract determining module is used for determining a target information abstract corresponding to the identification information of the target terminal according to the target terminal authentication configuration information;
the target authentication information determining module is used for determining corresponding target authentication information according to the target information abstract;
and the authentication processing module is used for determining that the target terminal passes the authentication when the authentication information is consistent with the target authentication information.
The device and method embodiments in the device embodiment are based on the same inventive concept.
It should be noted that, when the apparatus provided in the foregoing embodiment implements the functions thereof, only the division of the functional modules is illustrated, and in practical applications, the functions may be distributed by different functional modules according to needs, that is, the internal structure of the apparatus may be divided into different functional modules to implement all or part of the functions described above. In addition, the apparatus and method embodiments provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments for details, which are not described herein again.
An embodiment of the present application further provides a terminal authentication system, including:
the target terminal is used for sending route activation duration information and terminal information to the server so that the server determines an information abstract of the target terminal according to the terminal information and the route activation duration information, determines target terminal authentication configuration information according to identification information and the information abstract of the target terminal in the terminal information and sends the target terminal authentication configuration information to the edge node, wherein the target terminal authentication configuration information comprises a corresponding relation between the identification information and the information abstract of the target terminal;
and a route activation request message used for sending identification information of the target terminal and authentication information of the target terminal to the edge node, so that the edge node determines a target information abstract corresponding to the identification information of the target terminal according to the authentication configuration information of the target terminal, determines corresponding target authentication information according to the target information abstract, and determines that the target terminal passes authentication when the authentication information is consistent with the target authentication information;
the server is used for receiving the route activation duration information and the terminal information sent by the target terminal, determining an information abstract of the target terminal according to the terminal information and the route activation duration information, determining target terminal authentication configuration information according to the identification information and the information abstract of the target terminal, and sending the target terminal authentication configuration information to the edge node; the target terminal authentication configuration information comprises the corresponding relation between the identification information of the target terminal and the information abstract;
the edge node is used for receiving target terminal authentication configuration information sent by the server and a route activation request message which is sent by the target terminal and comprises identification information of the target terminal and authentication information of the target terminal, determining a target information abstract corresponding to the identification information of the target terminal according to the target terminal authentication configuration information, determining corresponding target authentication information according to the target information abstract, and determining that the target terminal passes authentication when the authentication information is consistent with the target authentication information.
The embodiment of the present application provides a computer device, which includes a processor and a memory, where the memory stores at least one instruction or at least one program, and the at least one instruction or the at least one program is loaded and executed by the processor to implement a terminal authentication method as provided in the above method embodiment.
Fig. 6 is a schematic hardware structure diagram of an apparatus for implementing a method provided in the embodiment of the present application, and the apparatus may participate in forming or incorporating the device or system provided in the embodiment of the present application. As shown in fig. 6, the device 10 may include one or more (shown with 1002a, 1002b, … …, 1002 n) processors 1002 (the processors 1002 may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA), a memory 1004 for storing data, and a transmission device 1006 for communication functions. Besides, the method can also comprise the following steps: a display, an input/output interface (I/O interface), a Universal Serial Bus (USB) port (which may be included as one of the ports of the I/O interface), a network interface, a power source, and/or a camera. It will be understood by those skilled in the art that the structure shown in fig. 6 is only an illustration and is not intended to limit the structure of the electronic device. For example, device 10 may also include more or fewer components than shown in FIG. 6, or have a different configuration than shown in FIG. 6.
It should be noted that the one or more processors 1002 and/or other data processing circuitry described above may be referred to generally herein as "data processing circuitry". The data processing circuitry may be embodied in whole or in part in software, hardware, firmware, or any combination thereof. Further, the data processing circuitry may be a single, stand-alone processing module, or incorporated in whole or in part into any of the other elements in the device 10 (or mobile device). As referred to in the embodiments of the application, the data processing circuit acts as a processor control (e.g. selection of a variable resistance termination path connected to the interface).
The memory 1004 can be used for storing software programs and modules of application software, such as program instructions/data storage devices corresponding to the methods in the embodiments of the present application, and the processor 1002 executes various functional applications and data processing by running the software programs and modules stored in the memory 1004, so as to implement one of the methods described above. The memory 1004 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 1004 may further include memory located remotely from the processor 1002, which may be connected to the device 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 1006 is used for receiving or sending data via a network. Specific examples of such networks may include wireless networks provided by the communication provider of the device 10. In one example, the transmission device 1006 includes a network adapter (NIC) that can be connected to other network devices through a base station so as to communicate with the internet. In one example, the transmission device 1006 can be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
The Display may be, for example, a touch screen type Liquid Crystal Display (LCD) that may enable a user to interact with a user interface of the device 10 (or mobile device).
Embodiments of the present application also provide a computer program product or computer program comprising computer instructions stored in a computer-readable storage medium. The processor of the operation end reads the computer instruction from the computer readable storage medium, and executes the computer instruction, so that the operation end executes the terminal authentication method in the method embodiment; or, the processor of the server reads the computer instruction from the computer-readable storage medium, and the processor of the server executes the computer instruction, so that the server executes the terminal authentication method on the server side in the above method embodiments.
Embodiments of the present application further provide a non-transitory computer-readable storage medium, for example, a memory, including instructions, which are executable by a processor of an operation end to perform the steps of the operation end side in the above method embodiments, or which are executable by a processor of a service end to perform the steps of the service end side in the above method embodiments. For example, the non-transitory computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a Compact Disc Read-Only Memory (CD-ROM), a magnetic tape, a floppy disk, an optical data storage device, and the like.
It should be noted that: the sequence of the embodiments of the present application is only for description, and does not represent the advantages and disadvantages of the embodiments. And specific embodiments thereof have been described above. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The embodiments in the present application are described in a progressive manner, and the same and similar parts among the embodiments can be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
It will be understood by those skilled in the art that all or part of the steps of implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, and the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The present invention is not limited to the above preferred embodiments, and any modifications, equivalent replacements, improvements, etc. within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A terminal authentication method is applied to an edge node, and the method comprises the following steps:
receiving a route activation request message sent by a target terminal, wherein the route activation request message comprises identification information of the target terminal and authentication information of the target terminal;
acquiring target terminal authentication configuration information corresponding to the identification information of the target terminal;
determining a target information abstract corresponding to the identification information of the target terminal according to the target terminal authentication configuration information;
determining corresponding target authentication information according to the target information abstract;
and if the authentication information is consistent with the target authentication information, determining that the target terminal passes the authentication.
2. The terminal authentication method according to claim 1, wherein after determining that the target terminal is authenticated, the method further comprises:
based on the route activation request message, performing route activation processing;
and if the route activation is successful, sending a route activation response message including route activation duration information to the target terminal.
3. The terminal authentication method according to claim 1, wherein the determining the corresponding target authentication information according to the target information digest comprises:
and extracting corresponding target authentication information from the target information abstract according to preset extraction information.
4. A terminal authentication method, characterized in that the method comprises:
the target terminal sends the route activation duration information and the terminal information to the server;
the server determines an information abstract of the target terminal according to the terminal information and the route activation duration information;
the server determines target terminal authentication configuration information according to the identification information of the target terminal and the information abstract in the terminal information, wherein the target terminal authentication configuration information comprises the corresponding relation between the identification information of the target terminal and the information abstract;
the server sends the target terminal authentication configuration information to an edge node;
the target terminal sends a route activation request message to the edge node, wherein the route activation request message comprises identification information of the target terminal and authentication information of the target terminal;
the edge node determines a target information abstract corresponding to the identification information of the target terminal according to the target terminal authentication configuration information, and determines corresponding target authentication information according to the target information abstract; and when the authentication information is consistent with the target authentication information, determining that the target terminal passes the authentication.
5. The terminal authentication method according to claim 4, further comprising:
the server responds to the registration request of the target terminal, acquires registration check information corresponding to the identification information of the target terminal, and determines that the target terminal meets the registration requirement when the terminal information of the target terminal is consistent with the registration check information;
and the server registers the target terminal meeting the registration requirement.
6. The terminal authentication method according to claim 4, wherein the server sending target terminal authentication configuration information to the edge node comprises:
the server sends update information of the target terminal authentication configuration information to the edge node through a vehicle-mounted terminal, wherein the update information comprises at least one recommended update mode;
the server receives response information returned by the edge node through the vehicle-mounted terminal, wherein the response information comprises a target updating mode, and the target updating mode is one of the at least one recommended updating mode;
the server sends resource node information to the edge node based on the target updating mode;
and the edge node acquires the terminal authentication configuration information based on the resource node information.
7. A terminal authentication apparatus, characterized in that the terminal authentication apparatus comprises:
a request message receiving module, configured to receive a route activation request message sent by a target terminal, where the route activation request message includes identification information of the target terminal and authentication information of the target terminal;
the configuration information acquisition module is used for acquiring target terminal authentication configuration information corresponding to the identification information of the target terminal;
the target information abstract determining module is used for determining a target information abstract corresponding to the identification information of the target terminal according to the target terminal authentication configuration information;
the target authentication information determining module is used for determining corresponding target authentication information according to the target information abstract;
and the authentication processing module is used for determining that the target terminal passes the authentication when the authentication information is consistent with the target authentication information.
8. A terminal authentication system, characterized in that the terminal authentication system comprises:
the target terminal is used for sending route activation duration information and terminal information to a server so that the server determines an information abstract of the target terminal according to the terminal information and the route activation duration information, determines target terminal authentication configuration information according to identification information of the target terminal in the terminal information and the information abstract, and sends the target terminal authentication configuration information to an edge node, wherein the target terminal authentication configuration information comprises a corresponding relation between the identification information of the target terminal and the information abstract;
and a route activation request message used for sending the identification information of the target terminal and the authentication information of the target terminal to the edge node, so that the edge node determines a target information abstract corresponding to the identification information of the target terminal according to the authentication configuration information of the target terminal, determines corresponding target authentication information according to the target information abstract, and determines that the target terminal passes authentication when the authentication information is consistent with the target authentication information;
the server is used for receiving the route activation duration information and the terminal information sent by the target terminal, determining an information abstract of the target terminal according to the terminal information and the route activation duration information, determining target terminal authentication configuration information according to the identification information of the target terminal and the information abstract, and sending the target terminal authentication configuration information to an edge node; the target terminal authentication configuration information comprises the corresponding relation between the identification information of the target terminal and the information abstract;
and the edge node is used for receiving the target terminal authentication configuration information sent by the server and receiving a route activation request message which is sent by the target terminal and comprises the identification information of the target terminal and the authentication information of the target terminal, determining a target information abstract corresponding to the identification information of the target terminal according to the target terminal authentication configuration information, determining corresponding target authentication information according to the target information abstract, and determining that the target terminal passes the authentication when the authentication information is consistent with the target authentication information.
9. A computer-readable storage medium, in which at least one instruction or at least one program is stored, the at least one instruction or the at least one program being loaded and executed by a processor to implement the terminal authentication method according to any one of claims 1 to 3 or claims 4 to 6.
10. A computer device, characterized in that the computer device comprises a processor and a memory, wherein at least one instruction or at least one program is stored in the memory, and the at least one instruction or at least one program is loaded by the processor and executes the terminal authentication method according to any one of claims 1 to 3 or claims 4 to 6.
CN202110817566.3A 2021-07-20 2021-07-20 Terminal authentication method, device, system, medium and equipment Active CN113271320B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110817566.3A CN113271320B (en) 2021-07-20 2021-07-20 Terminal authentication method, device, system, medium and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110817566.3A CN113271320B (en) 2021-07-20 2021-07-20 Terminal authentication method, device, system, medium and equipment

Publications (2)

Publication Number Publication Date
CN113271320A true CN113271320A (en) 2021-08-17
CN113271320B CN113271320B (en) 2021-11-02

Family

ID=77236848

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110817566.3A Active CN113271320B (en) 2021-07-20 2021-07-20 Terminal authentication method, device, system, medium and equipment

Country Status (1)

Country Link
CN (1) CN113271320B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050238171A1 (en) * 2004-04-26 2005-10-27 Lidong Chen Application authentication in wireless communication networks
CN101867929A (en) * 2010-05-25 2010-10-20 北京星网锐捷网络技术有限公司 Authentication method, system, authentication server and terminal equipment
CN109286638A (en) * 2018-11-28 2019-01-29 深圳市元征科技股份有限公司 A kind of automotive diagnostic installation authentication method and relevant apparatus
CN112787893A (en) * 2021-02-18 2021-05-11 三一汽车起重机械有限公司 Remote diagnosis method, device, electronic equipment and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050238171A1 (en) * 2004-04-26 2005-10-27 Lidong Chen Application authentication in wireless communication networks
CN101867929A (en) * 2010-05-25 2010-10-20 北京星网锐捷网络技术有限公司 Authentication method, system, authentication server and terminal equipment
CN109286638A (en) * 2018-11-28 2019-01-29 深圳市元征科技股份有限公司 A kind of automotive diagnostic installation authentication method and relevant apparatus
CN112787893A (en) * 2021-02-18 2021-05-11 三一汽车起重机械有限公司 Remote diagnosis method, device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN113271320B (en) 2021-11-02

Similar Documents

Publication Publication Date Title
US11088854B2 (en) Securing blockchain access through a gateway on behalf of a communication device
US8793759B2 (en) Authentication collaboration system and ID provider device
CN110086755B (en) Method for realizing service of Internet of things, application server, Internet of things equipment and medium
CN110311983B (en) Service request processing method, device and system, electronic equipment and storage medium
CN101478396B (en) Uni-directional cross-domain identity verification based on low correlation of private cipher key and application thereof
US11012860B2 (en) Method and an apparatus for publishing assertions in a distributed database of a mobile telecommunication network and for personalising internet-of-things devices
US20100077467A1 (en) Authentication service for seamless application operation
CN113094062A (en) Upgrading method and device
CN112311779B (en) Data access control method and device applied to block chain system
CN114827161B (en) Service call request sending method and device, electronic equipment and readable storage medium
CN107635221A (en) A kind of car-mounted terminal identifying processing method and device
CN114615642A (en) Vehicle identity authentication method and device in vehicle-to-vehicle communication, vehicle and storage medium
WO2020259519A1 (en) Certificate update method and related device
CN111866993B (en) Wireless local area network connection management method, device, software program and storage medium
CN113271320B (en) Terminal authentication method, device, system, medium and equipment
CN110852711A (en) Signing method, signing device, storage medium and electronic equipment
CN113807968B (en) Block chain user request processing method and device, entrusting server and storage medium
CN115174645A (en) Automobile OTA (over the air) vehicle cloud interaction method and system
CN114826772A (en) Data integrity verification system
CN114125812A (en) Data synchronization method, device, server and storage medium
CN113364821A (en) Functional service access method, device and storage medium
CN115001805B (en) Single sign-on method, device, equipment and storage medium
CN117579325A (en) Digital certificate verification method and related device
CN111917575B (en) Gateway offline configuration method, system, terminal equipment and storage medium
CN116010442A (en) Internet of vehicles and vehicle data query method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant