CN113992416A - Internet of things perception terminal authentication method and internet of things perception terminal - Google Patents
Internet of things perception terminal authentication method and internet of things perception terminal Download PDFInfo
- Publication number
- CN113992416A CN113992416A CN202111265554.0A CN202111265554A CN113992416A CN 113992416 A CN113992416 A CN 113992416A CN 202111265554 A CN202111265554 A CN 202111265554A CN 113992416 A CN113992416 A CN 113992416A
- Authority
- CN
- China
- Prior art keywords
- internet
- things
- terminal
- sensing terminal
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 73
- 230000008447 perception Effects 0.000 title claims abstract description 47
- 230000002457 bidirectional effect Effects 0.000 claims abstract description 8
- 238000004364 calculation method Methods 0.000 claims description 53
- 238000012795 verification Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 abstract description 3
- 238000013461 design Methods 0.000 description 7
- 238000004519 manufacturing process Methods 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 208000033748 Device issues Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 239000007943 implant Substances 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000000523 sample Substances 0.000 description 1
- 239000000779 smoke Substances 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000003466 welding Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/50—Safety; Security of things, users, data or systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses an Internet of things perception terminal authentication method and an Internet of things perception terminal, and relates to the technical field of terminal access authentication. The specific method comprises the following steps: 1. the method comprises the steps that an Internet of things perception terminal collects self equipment hardware information and generates a unique equipment fingerprint; 2. performing bidirectional authentication between the Internet of things sensing terminal and the server, and turning to step 3 after the authentication is successful; 3. the Internet of things perception terminal sends the device fingerprint to the server side, so that the server side can generate a corresponding personalized security plug-in according to the device fingerprint; 4. the server side feeds the personalized safety plug-in back to the Internet of things sensing terminal for binding, and the identity identification of the Internet of things sensing terminal is achieved. The problems of identity identification and safe access authentication of the polymorphic Internet of things sensing terminal are effectively solved, and a hardware chip space is not needed. The password chip does not need to be purchased in advance; the support of a hardware chip is not needed, and the physical accessories are not needed to be replaced or upgraded; no clamping groove is required to be reserved; no specific operating system is required, nor is higher processing performance required.
Description
Technical Field
The invention relates to the technical field of access authentication of an internet of things sensing terminal, in particular to an authentication method of the internet of things sensing terminal and the internet of things sensing terminal.
Background
At present, the solution for the polymorphic Internet of things perception terminal identity in the industry is to issue a digital certificate to equipment through a PKI system and then use the digital certificate as the identity of the equipment. The implementation modes mainly include three types: the first one is to implant hardware cipher chip in the hardware of the device, and then to issue digital certificate to the cipher chip through PKI system; the second method is that a TF card or a SIM card with a password chip is inserted into an expansion card slot (such as a TF card slot, an SIM card slot and the like) of the equipment, and the equipment issues a digital certificate to the TF card or the SIM card through a PKI system before use; the third method is to pre-install a soft cryptographic module (such as a cryptographic algorithm SDK) in an operating system built in the device, and the device issues an identification certificate (such as SM9) to the soft cryptographic module through a PKI system before use.
Through analytical research on three modes of the current mainstream scheme, the following problems mainly exist:
the first method is as follows: the method has the main problems that a terminal equipment manufacturer needs to pre-arrange a hardware password chip on a hardware mainboard of the terminal equipment manufacturer in advance in a product design stage, and the method has several problems that 1, the equipment needs to design and reserve a hardware chip space in advance during design, and the design cost is increased; 2. when the terminal is produced, the password chip needs to be purchased in advance and handed to a professional packaging manufacturer for chip welding, so that the production cost is increased; 3. after the hardware chip is successfully packaged, the hardware chip cannot be subsequently physically replaced or upgraded, so that the operation and maintenance cost of a manufacturer and the purchase cost of a user are increased; 4. after the certificate is successfully issued, the subsequent certificate is not favorable for real-time upgrading and replacing.
The second method comprises the following steps: the method mainly has several problems that 1, equipment manufacturers need to reserve a clamping groove on hardware during production, and design cost and production cost are increased; 2. because the TF card or the SIM card is physically inserted and is influenced by the complex use scene of the terminal equipment, the TF card or the SIM card is easy to be manually removed in the use process of the terminal, and the TF card or the SIM card is uncontrollable and easy to lose and damage in the use process; 3. influenced by the working principle of an external card slot, the TF card or the SIM card is easy to have poor contact, low running stability and the like after being used for a long time.
The third method comprises the following steps: although the soft password module does not have the problems related to the first mode and the second mode, the soft password module also has certain problems due to the influence of the characteristics of the soft password module, 1, the terminal equipment needs to be a specific operating system, and the scheme is not suitable for part of lightweight equipment (such as smoke detectors); 2. the processing performance of the terminal equipment is high (such as main frequency of a processor, built-in storage and the like), and the method is not suitable for low-end sensing terminals (such as a pocket-size probe, a tracker and the like).
Disclosure of Invention
Based on the above problems in the prior art, a technical scheme of an internet of things perception terminal authentication method and an internet of things perception terminal is provided, and the purpose that identity authentication in the access process of the internet of things perception terminal is not interfered by encrypted hardware is achieved.
The technical scheme specifically comprises the following steps:
an authentication method for an internet of things perception terminal comprises an identity identification process, and specifically comprises the following steps:
a1, the Internet of things perception terminal collects own equipment hardware information and generates a unique equipment fingerprint;
step A2, performing bidirectional authentication between the Internet of things sensing terminal and the server, and turning to step A3 after the bidirectional authentication is successful;
step A3, the Internet of things perception terminal sends the device fingerprint to the server side, so that the server side can generate a corresponding personalized security plug-in according to the device fingerprint;
step A4, the server feeds the personalized security plug-in back to the IOT sensing terminal for the binding of the IOT sensing terminal, thereby realizing the identity of the IOT sensing terminal;
the method further comprises an access authentication process, which specifically comprises:
step B1, the Internet of things perception terminal sends an identity authentication request to the server;
and step B2, the server side authenticates the identity authentication request according to the personalized security plug-in corresponding to the IOT sensing terminal, and allows the IOT sensing terminal to access the server side after passing the identity authentication.
Preferably, the method for authenticating the internet of things sensing terminal, wherein the device hardware information includes at least one of a motherboard serial number, an MAC address, a CPU architecture, and a CPU core number of the internet of things sensing terminal.
Preferably, in the step a1, a Z algorithm module is adopted to collect the hardware information of the device and generate the device fingerprint.
Preferably, step a2 specifically includes:
step A21, the IOT sensing terminal sends a connection request to the server, and the connection request includes the hardware ID information and the current time information of the IOT sensing terminal;
step A22, after receiving the connection request, the server sends a random challenge value to the IOT sensing terminal;
step A23, the IOT sensing terminal adopts a default password calculation module to calculate the challenge value to obtain a first calculation result and sends the first calculation result to the server; and
the server side adopts the default password calculation module to calculate the challenge value to obtain a second calculation result;
step a24, the server compares the first operation result with the second operation result:
if the authentication is the same, the authentication process of the server is passed, and then the process goes to step A25;
if not, the authentication process of the server side is not passed, and then quitting is carried out;
step A25, the server side adopts the default password calculation module, performs operation according to the current time information included in the connection request to obtain an intermediate value, and sends the intermediate value to the Internet of things perception terminal;
step A26, the IOT sensing terminal adopts the default password calculation module to calculate the intermediate value to obtain a third calculation result; and
the server side adopts the default password calculation module to calculate the intermediate value to obtain a fourth calculation result and sends the fourth calculation result to the Internet of things perception terminal;
step A27, the Internet of things perception terminal compares the third operation result with the fourth operation result:
if the two are the same, passing the authentication process of the internet of things sensing terminal, and then turning to the step A3;
if not, the authentication process of the Internet of things perception terminal is not passed, and then quitting is carried out.
Preferably, in the method for authenticating the internet of things sensing terminal, the default cryptographic calculation module is implemented by using a Z algorithm module.
Preferably, in the method for authenticating the internet of things sensing terminal, in step a3, the server generates the corresponding personalized security plug-in according to the device fingerprint by using a Z algorithm module.
Preferably, the method for authenticating the internet of things sensing terminal, wherein the step a4 further includes:
and the server stores the personalized safety plug-in and the Internet of things perception terminal in the server in an associated manner.
Preferably, in the method for authenticating an internet of things sensing terminal, in step B1, the identity authentication request sent by the internet of things sensing terminal includes at least one of a current time, an equipment code, and a random number of the internet of things sensing terminal.
Preferably, the method for authenticating the internet of things sensing terminal, wherein the step B2 specifically includes:
step B21, the server side calculates a first authentication value according to the identity authentication request by adopting the personalized security plug-in corresponding to the IOT sensing terminal and feeds the first authentication value back to the IOT sensing terminal;
step B22, the Internet of things perception terminal adopts the personalized security plug-in to calculate the first authentication value to obtain a second authentication value and feeds the second authentication value back to the server;
and step B23, the server side adopts the personalized security plug-in to carry out verification calculation on the second authentication value, and judges whether the Internet of things perception terminal passes identity authentication according to the result of the verification calculation.
An internet of things perception terminal is connected with an external server, and identity authentication is carried out between the internet of things perception terminal authentication method and the server.
The beneficial effects of the above technical scheme are: the scheme can effectively solve the problems of identity identification and safe access authentication of the polymorphic Internet of things sensing terminal through test and inspection, and the space of a reserved hardware chip is not required to be designed in advance, so that the design cost is saved; the password chip does not need to be purchased in advance, so that the production cost is saved; the support of a hardware chip is not needed, and the physical accessories are not needed to be replaced or upgraded, so that the operation and maintenance cost is saved; no clamping groove is required to be reserved, so that the working stability is improved; the method does not need a specific operating system, adapts to lightweight equipment, does not need high processing performance, and is suitable for low-end sensing equipment.
Drawings
Fig. 1 is a schematic flow chart illustrating an identity process in a method for authenticating an internet of things sensing terminal according to a preferred embodiment of the present invention;
fig. 2 is a schematic flowchart illustrating an access authentication process in a method for authenticating an internet of things aware terminal according to a preferred embodiment of the present invention;
FIG. 3 is a flowchart illustrating a detailed process of step A2 according to a preferred embodiment of the present invention;
FIG. 4 is a flowchart illustrating the step B2 according to the preferred embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
The invention is further described with reference to the following drawings and specific examples, which are not intended to be limiting.
In a preferred embodiment of the invention, the method for authenticating the internet of things sensing terminal is suitable for performing terminal access authentication on a polymorphic internet of things sensing terminal, wherein the internet of things sensing terminal is remotely connected with a server;
the process includes an identity identification process, as shown in fig. 1, including:
a1, the Internet of things sensing terminal collects the hardware information of the device and generates a unique device fingerprint;
step A2, performing bidirectional authentication between the Internet of things sensing terminal and the server, and turning to step A3 after the bidirectional authentication is successful;
step A3, the Internet of things perception terminal sends the device fingerprint to the server side, so that the server side can generate a corresponding personalized security plug-in according to the device fingerprint;
step A4, the server side feeds back the personalized security plug-in to the IOT sensing terminal for the binding of the IOT sensing terminal, thereby realizing the identity of the IOT sensing terminal;
further comprising an access authentication procedure of the internet of things aware terminal, as shown in fig. 2 specifically, comprising:
step B1, the Internet of things perception terminal sends an identity authentication request to the server;
and step B2, the server side authenticates the identity authentication request according to the personalized security plug-in corresponding to the IOT sensing terminal, and the IOT sensing terminal is allowed to access the server side after the identity authentication.
Specifically, in step a1, the internet of things sensing terminal acquires device hardware information of the internet of things sensing terminal, specifically, a password is embedded in the internet of things sensing terminal, and the function authority of the password module is to acquire hardware device information of the internet of things sensing terminal, and meanwhile, the internet of things sensing terminal is responsible for upgrading and maintaining software configuration of the internet of things sensing terminal in combination with update information provided by the server.
Further, the bidirectional authentication in step a2 is specifically that the internet of things sensing terminal sends a connection application, and sends the device fingerprint and the current time to the server, at this time, the server receives the application from the internet of things sensing terminal, and sends a numerical value number for calculation to the internet of things sensing terminal, the internet of things sensing terminal uses the first challenge value and the device fingerprint as calculation parameters, selects a specific algorithm using the Z algorithm, calculates the first characteristic value to the server, the server performs a calculation through the above steps to obtain a second characteristic value, and by comparing the first characteristic value with the second characteristic value,
if the two are equal, the authentication is passed;
and if not, exiting.
In a preferred embodiment of the present invention, the device hardware information includes at least one of a motherboard serial number, an MAC address, a CPU architecture, and a CPU core number of the internet of things sensing terminal.
Specifically, the device hardware information is generated by extracting a feature value of the device, where the feature value includes, but is not limited to, a motherboard serial number, an MAC address, a CPU architecture of the internet of things sensing terminal, and a value, a code, a device number, and the like included in a CPU core number.
In a preferred embodiment of the present invention, in the step a1, a Z algorithm module is adopted to collect the hardware information of the device and generate the fingerprint of the device
Specifically, the device fingerprint generation steps are as follows:
a, a Z password module acquires hardware parameters related to equipment according to an operating system interface;
b, summarizing the acquired hardware parameters into integral parameter data of the equipment according to a key value pair form;
c, performing abstract calculation on the whole parameter data of the equipment by adopting an SM3 algorithm;
and D, obtaining the abstract calculation result as the unique fingerprint of the equipment.
In a preferred embodiment of the present invention, step a2 specifically includes:
step A21, the IOT sensing terminal sends a connection request to the server, and the connection request includes the hardware ID information and the current time information of the IOT sensing terminal;
step A22, after receiving the connection request, the server sends a random challenge value to the Internet of things sensing terminal;
step A23, the Internet of things sensing terminal adopts a default password calculation module to calculate the challenge value to obtain a first calculation result and sends the first calculation result to the server; and
the server side adopts a default password calculation module to calculate the challenge value to obtain a second calculation result;
step a24, the server compares the first operation result with the second operation result:
if the two are the same, the authentication process of the server is passed, and then the process goes to step A25;
if not, the authentication process of the server side is not passed, and then quitting is carried out;
step A25, the server side adopts a default password calculation module, calculates according to the current time information included in the connection request to obtain an intermediate value, and sends the intermediate value to the Internet of things perception terminal;
step A26, the Internet of things sensing terminal adopts a default password calculation module to calculate the intermediate value to obtain a third calculation result; and
the server side adopts a default password calculation module to calculate the intermediate value to obtain a fourth calculation result and sends the fourth calculation result to the Internet of things sensing terminal;
step A27, the Internet of things perception terminal compares the third operation result with the fourth operation result:
if the two are the same, the authentication process of the Internet of things sensing terminal is passed, and then the step A3 is turned to;
if not, the authentication process of the IOT sensing terminal is not passed, and then the operation is quitted.
Specifically, the current time information is the time information acquired by the internet of things sensing terminal when the hardware ID is extracted, in other words, when the time information is applied to the server as the calculation parameter, the time information should be consistent with the time information used as the calculation parameter in the internet of things sensing terminal.
Specifically, the challenge value is generated by the server side based on a specific rule by using a built-in numerical value generation module.
In the preferred embodiment of the present invention, the default cryptographic module is implemented using a Z algorithm module.
Specifically, the default state of the cryptographic module means that the cryptographic module is not modified by any other instruction, and is the default of the server.
In a preferred embodiment of the present invention, in the step a3, the server side generates the corresponding personalized security plug-in according to the device fingerprint by using a Z algorithm module.
Specifically, the personalized security plug-in is characterized in that the device fingerprint is used as a parameter, a corresponding unique algorithm is selected by utilizing a built-in algorithm module, and the plug-in is not only applied to the sensing terminal of the Internet of things, but also stored and backed up in the server.
Furthermore, the server-side crypto engine generates the personalized security plug-in according to the device fingerprint of the terminal and in combination with a random key generated by the crypto engine as a calculation factor, the generation process of the personalized security plug-in is common knowledge in the field and can be performed according to the Z cryptographic algorithm design scheme in the 12 month code statement in 2018, so that the details are not repeated, and the personalized security plug-in is generated by taking the device fingerprint as the calculation factor, so that the terminal and the device fingerprint have a one-to-one mapping relationship, and the personalized security plug-in generated by the device fingerprint also generates a one-to-one mapping relationship with the terminal, thereby realizing the effect of one device and one algorithm.
In a preferred embodiment of the present invention, step a4 further includes:
and the server stores the personalized security plug-in and the Internet of things perception terminal in a related manner.
Specifically, the personalized safety plug-in is stored in a memory in the internet of things sensing terminal and the server, after the two parties pass authentication, equipment identity identification is carried out through the personalized safety plug-in every time, the safety plug-in is based on a Z algorithm module and generated by utilizing equipment fingerprints, and the plug-ins corresponding to different equipment are different.
In a preferred embodiment of the present invention, in step B1, the identity authentication request sent by the internet of things sensing terminal includes at least one of a current time, a device code, and a random number of the internet of things sensing terminal.
Specifically, the identity authentication request is only used as a first record of the access of the internet of things sensing terminal to the service end system, and may be at least one of a current time, a device code, and a random number, or any permutation and combination thereof.
In a preferred embodiment of the present invention, step B2 specifically includes:
step B21, the server side adopts the personalized security plug-in corresponding to the Internet of things sensing terminal, calculates a first authentication value according to the identity authentication request and feeds the first authentication value back to the Internet of things sensing terminal;
step B22, the Internet of things perception terminal adopts the personalized security plug-in to calculate the first authentication value to obtain a second authentication value and feeds the second authentication value back to the server;
and step B23, the server side adopts the personalized security plug-in to carry out verification calculation on the second authentication value, and judges whether the Internet of things sensing terminal passes the identity authentication according to the result of the verification calculation.
Specifically, step B2 is performed after the server and the internet of things sensing terminal both generate the personalized security plug-ins, in other words, after the server identifies the identity of the internet of things sensing terminal, an access authentication process of the internet of things sensing terminal can be performed.
Specifically, in the step B21, the first authentication value is that the server queries the personalized security plug-in of the internet of things sensing terminal according to the identity, and invokes the corresponding personalized security plug-in the server to select the corresponding algorithm for calculation.
Specifically, in step B23, the calculation method of the verification calculation is generated based on the personalized security plug-in, and since the internet of things sensing terminal also has the corresponding personalized security plug-in of the same type, in other words, the server and the internet of things sensing terminal simultaneously adopt the personalized security plug-in to calculate the first authentication value and generate the second authentication value, and the server compares the second authentication value of the internet of things sensing terminal after receiving the first authentication value, and determines whether the second authentication value passes the identity verification.
In a preferred embodiment of the present invention, an internet of things sensing terminal is further provided, which is connected to an external server and performs identity authentication between the server and the internet of things sensing terminal authentication method described above.
Specifically, thing allies oneself with perception terminal has multiple form, including but not limited to unmanned aerial vehicle, intelligent glasses, intelligent helmet, wireless camera, law enforcement appearance, intelligent bracelet etc..
While the present invention has been described in detail, it will be apparent to those skilled in the art that the present invention is not limited to the embodiments described in the present specification. The present invention can be implemented as modifications and variations without departing from the spirit and scope of the present invention defined by the claims. Therefore, the description of the present specification is for illustrative purposes and is not intended to be in any limiting sense.
Claims (10)
1. A method for authenticating an Internet of things perception terminal is suitable for authenticating terminal access of a polymorphic Internet of things perception terminal, wherein the Internet of things perception terminal is remotely connected with a server;
the method is characterized in that:
the method comprises an identity identification process, and specifically comprises the following steps:
a1, the Internet of things perception terminal collects own equipment hardware information and generates a unique equipment fingerprint;
step A2, performing bidirectional authentication between the Internet of things sensing terminal and the server, and turning to step A3 after the bidirectional authentication is successful;
step A3, the Internet of things perception terminal sends the device fingerprint to the server side, so that the server side can generate a corresponding personalized security plug-in according to the device fingerprint;
step A4, the server feeds the personalized security plug-in back to the IOT sensing terminal for the binding of the IOT sensing terminal, thereby realizing the identity of the IOT sensing terminal;
the method further comprises an access authentication process of the Internet of things sensing terminal, and specifically comprises the following steps:
step B1, the Internet of things perception terminal sends an identity authentication request to the server;
and step B2, the server side authenticates the identity authentication request according to the personalized security plug-in corresponding to the IOT sensing terminal, and allows the IOT sensing terminal to access the server side after passing the identity authentication.
2. The method for authenticating the internet of things sensing terminal according to claim 1, wherein the device hardware information includes at least one of a motherboard serial number, a MAC address, a CPU architecture and a CPU core number of the internet of things sensing terminal.
3. The method for authenticating the internet of things sensing terminal according to claim 1, wherein in the step a1, a Z algorithm module is adopted to collect the hardware information of the device and generate the fingerprint of the device.
4. The method for authenticating the internet of things sensing terminal according to claim 1, wherein the step a2 specifically comprises:
step A21, the IOT sensing terminal sends a connection request to the server, and the connection request includes the hardware ID information and the current time information of the IOT sensing terminal;
step A22, after receiving the connection request, the server sends a random challenge value to the IOT sensing terminal;
step A23, the IOT sensing terminal adopts a default password calculation module to calculate the challenge value to obtain a first calculation result and sends the first calculation result to the server; and
the server side adopts the default password calculation module to calculate the challenge value to obtain a second calculation result;
step a24, the server compares the first operation result with the second operation result:
if the authentication is the same, the authentication process of the server is passed, and then the process goes to step A25;
if not, the authentication process of the server side is not passed, and then quitting is carried out;
step A25, the server side adopts the default password calculation module, performs operation according to the current time information included in the connection request to obtain an intermediate value, and sends the intermediate value to the Internet of things perception terminal;
step A26, the IOT sensing terminal adopts the default password calculation module to calculate the intermediate value to obtain a third calculation result; and
the server side adopts the default password calculation module to calculate the intermediate value to obtain a fourth calculation result and sends the fourth calculation result to the Internet of things perception terminal;
step A27, the Internet of things perception terminal compares the third operation result with the fourth operation result:
if the two are the same, passing the authentication process of the internet of things sensing terminal, and then turning to the step A3;
if not, the authentication process of the Internet of things perception terminal is not passed, and then quitting is carried out.
5. The method for authenticating the internet of things perception terminal as claimed in claim 4, wherein the default cryptographic calculation module is implemented by a Z algorithm module.
6. The method for authenticating the internet of things sensing terminal according to claim 1, wherein in the step a3, the server side generates the corresponding personalized security plug-in according to the device fingerprint by using a Z algorithm module.
7. The method for authenticating the internet of things perception terminal as claimed in claim 1, wherein the step a4 further includes:
and the server stores the personalized safety plug-in and the Internet of things perception terminal in the server in an associated manner.
8. The method for authenticating the internet of things sensing terminal according to claim 1, wherein in the step B1, the identity authentication request sent by the internet of things sensing terminal includes at least one of a current time, a device code, and a random number of the internet of things sensing terminal.
9. The method for authenticating the internet of things sensing terminal according to claim 1, wherein the step B2 specifically includes:
step B21, the server side calculates a first authentication value according to the identity authentication request by adopting the personalized security plug-in corresponding to the IOT sensing terminal and feeds the first authentication value back to the IOT sensing terminal;
step B22, the Internet of things perception terminal adopts the personalized security plug-in to calculate the first authentication value to obtain a second authentication value and feeds the second authentication value back to the server;
and step B23, the server side adopts the personalized security plug-in to carry out verification calculation on the second authentication value, and judges whether the Internet of things perception terminal passes identity authentication according to the result of the verification calculation.
10. An internet of things sensing terminal, characterized in that the internet of things sensing terminal is connected with an external server and adopts the authentication method of the internet of things sensing terminal as claimed in any one of claims 1 to 9 to perform identity authentication with the server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111265554.0A CN113992416A (en) | 2021-10-28 | 2021-10-28 | Internet of things perception terminal authentication method and internet of things perception terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111265554.0A CN113992416A (en) | 2021-10-28 | 2021-10-28 | Internet of things perception terminal authentication method and internet of things perception terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113992416A true CN113992416A (en) | 2022-01-28 |
Family
ID=79743703
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111265554.0A Pending CN113992416A (en) | 2021-10-28 | 2021-10-28 | Internet of things perception terminal authentication method and internet of things perception terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113992416A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105959942A (en) * | 2016-04-25 | 2016-09-21 | 上海众人网络安全技术有限公司 | Identification authentication system and identification authentication method based on wireless access |
| WO2017185450A1 (en) * | 2016-04-29 | 2017-11-02 | 宇龙计算机通信科技(深圳)有限公司 | Method and system for authenticating terminal |
| CN108989318A (en) * | 2018-07-26 | 2018-12-11 | 中国电子科技集团公司第三十研究所 | A kind of lightweight safety certification and key exchange method towards narrowband Internet of Things |
| CN112887282A (en) * | 2021-01-13 | 2021-06-01 | 国网新疆电力有限公司电力科学研究院 | Identity authentication method, device and system and electronic equipment |
-
2021
- 2021-10-28 CN CN202111265554.0A patent/CN113992416A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105959942A (en) * | 2016-04-25 | 2016-09-21 | 上海众人网络安全技术有限公司 | Identification authentication system and identification authentication method based on wireless access |
| WO2017185450A1 (en) * | 2016-04-29 | 2017-11-02 | 宇龙计算机通信科技(深圳)有限公司 | Method and system for authenticating terminal |
| CN108989318A (en) * | 2018-07-26 | 2018-12-11 | 中国电子科技集团公司第三十研究所 | A kind of lightweight safety certification and key exchange method towards narrowband Internet of Things |
| CN112887282A (en) * | 2021-01-13 | 2021-06-01 | 国网新疆电力有限公司电力科学研究院 | Identity authentication method, device and system and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109150835B (en) | Cloud data access method, device, equipment and computer readable storage medium | |
| CN106464499B (en) | Communication network system, transmission node, reception node, message checking method, transmission method, and reception method | |
| CN109359601A (en) | Authentication recognition methods, electronic device and computer readable storage medium | |
| US20090193151A1 (en) | Optimized Biometric Authentication Method and System | |
| CN103108327B (en) | Checking terminal unit and the method for subscriber card security association, Apparatus and system | |
| CN104579649A (en) | Identity recognition method and system | |
| CN105307172B (en) | Bluetooth base. station legality identification method based on dynamic time | |
| CN107818253B (en) | Face template data entry control method and related product | |
| US20230192034A1 (en) | Method for connecting bluetooth key to vehicle, vehicle bluetooth system, and bluetooth key | |
| CN111065101A (en) | 5G communication information encryption and decryption method and device based on block chain and storage medium | |
| US11809540B2 (en) | System and method for facilitating authentication via a short-range wireless token | |
| CN111918263A (en) | Bluetooth connection method and device and Internet of things equipment | |
| CN107437996B (en) | Identity authentication method, device and terminal | |
| CN110798432A (en) | Security authentication method, device and system and mobile terminal | |
| CN113992416A (en) | Internet of things perception terminal authentication method and internet of things perception terminal | |
| CN113038464B (en) | Information transmission method and equipment | |
| CN109086624A (en) | login method and device | |
| WO2021077627A1 (en) | Intelligent key device and verification method therefor | |
| CN103345595B (en) | Program encryption method and program encryption system | |
| CN108574658B (en) | Application login method and device | |
| CA2712525C (en) | Optimized biometric authentication method and system | |
| KR102582683B1 (en) | Method for verifying the target person, and server and program using the same | |
| CN115225293B (en) | Authentication method, system, device, equipment and computer storage medium | |
| CN112948786B (en) | Identity verification method and device, electronic equipment and storage medium | |
| CN105207987A (en) | Fingerprint identification system based on Bluetooth mobile phone terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |