CN114095256A - Terminal authentication method, system, equipment and storage medium based on edge calculation - Google Patents

Terminal authentication method, system, equipment and storage medium based on edge calculation Download PDF

Info

Publication number
CN114095256A
CN114095256A CN202111390371.1A CN202111390371A CN114095256A CN 114095256 A CN114095256 A CN 114095256A CN 202111390371 A CN202111390371 A CN 202111390371A CN 114095256 A CN114095256 A CN 114095256A
Authority
CN
China
Prior art keywords
terminal
authentication
key agreement
equipment
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111390371.1A
Other languages
Chinese (zh)
Other versions
CN114095256B (en
Inventor
贾顺飞
李方亮
龙志亮
张天乐
郭云飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Node Electronics Co ltd
Original Assignee
Guangzhou Node Electronics Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Node Electronics Co ltd filed Critical Guangzhou Node Electronics Co ltd
Priority to CN202111390371.1A priority Critical patent/CN114095256B/en
Publication of CN114095256A publication Critical patent/CN114095256A/en
Application granted granted Critical
Publication of CN114095256B publication Critical patent/CN114095256B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention relates to a terminal authentication method, a system, equipment and a storage medium based on edge calculation, and the technical scheme is as follows: receiving an access request sent by a first terminal, wherein the access request carries equipment information of the first terminal; judging whether to establish connection with the first terminal according to the equipment information of the first terminal, and if so, performing bidirectional identity authentication with the first terminal; after the bidirectional identity authentication with the first terminal is successful, carrying out key negotiation exchange with the first terminal; after the key agreement exchange with the first terminal, carrying out key agreement authentication with the first terminal; the invention realizes the authentication key agreement of the light-weight and safe intelligent terminal equipment and ensures the data transmission safety between the intelligent terminal equipment.

Description

Terminal authentication method, system, equipment and storage medium based on edge calculation
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method, a system, a device, and a storage medium for authenticating a terminal based on edge computing.
Background
Along with the increasingly busy of water traffic, more and more boats and ships of navigating on water, wherein, there is not rare boats and ships and has the problem of violating transportation, speeding, leads to the fact the influence to the safe navigation on water, consequently, the boats and ships of navigating on water need carry out the safety supervision urgently.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a terminal authentication method, a system, equipment and a storage medium based on edge calculation, which have the functional advantages of realizing light-weight and safe authentication key agreement of intelligent terminal equipment and ensuring the data transmission safety between the intelligent terminal equipment.
The technical purpose of the invention is realized by the following technical scheme:
a terminal authentication method based on edge calculation comprises the following steps:
receiving an access request sent by a first terminal, wherein the access request carries equipment information of the first terminal;
judging whether to establish connection with the first terminal according to the equipment information of the first terminal, and if so, performing bidirectional identity authentication with the first terminal;
after the bidirectional identity authentication with the first terminal is successful, carrying out key negotiation exchange with the first terminal;
and after the key agreement exchange is carried out with the first terminal, carrying out key agreement authentication with the first terminal.
Optionally, the performing bidirectional identity authentication with the first terminal includes:
receiving the equipment fingerprint ID sent by the first terminal, and verifying the validity of the first terminal according to the equipment fingerprint ID;
after the first terminal is verified to be legal, generating a second response value according to the equipment fingerprint ID;
and sending the second response value to the first terminal so that the first terminal generates a first response value according to the equipment fingerprint ID, comparing the first response value with the second response value to obtain a comparison result, and if the comparison result is the same, successfully authenticating the two-way identity with the first terminal.
Optionally, the performing key negotiation exchange with the first terminal includes:
receiving the random number and the base number sent by the first terminal; the random number is generated by a first terminal, and is used for enabling the first terminal to search a corresponding encryption algorithm according to the random number to encrypt a preset base number to obtain a first ciphertext;
and searching a corresponding encryption algorithm according to the random number to encrypt the base number to obtain a second ciphertext, and sending the second ciphertext to the first terminal.
Optionally, the performing key agreement authentication with the first terminal includes:
sending the second ciphertext to a first terminal so that the first terminal compares the second ciphertext with the first ciphertext to obtain a first comparison result, if the first comparison result is different, performing key agreement exchange again, and if the first comparison result is the same, entering a secure communication stage by the first terminal;
and receiving a first ciphertext sent by the first terminal, comparing the first ciphertext with a second ciphertext to obtain a second comparison result, if the second comparison result is different, performing key agreement exchange again, and if the second comparison result is the same, entering a secure communication stage.
Optionally, the device information includes: device ID and MAC address.
Optionally, the determining whether to establish a connection with the first terminal according to the device information of the first terminal includes:
and receiving the equipment ID and the MAC address sent by the first terminal, searching whether the corresponding equipment ID and the MAC address exist in a local database according to the equipment ID and the MAC address, if so, establishing connection with the first terminal, and if not, registering the first terminal in the local database.
A terminal authentication method based on edge calculation comprises the following steps:
sending an access request to a second terminal, wherein the access request carries equipment information; the device information is used for enabling the second terminal to judge whether to establish connection or not according to the device information;
after establishing connection with the second terminal, performing bidirectional identity authentication with the second terminal;
after the bidirectional identity authentication with the second terminal is successful, carrying out key negotiation exchange with the second terminal;
and after the key agreement exchange is carried out with the second terminal, carrying out key agreement authentication with the second terminal.
A terminal authentication system based on edge computing, comprising:
the device comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving an access request sent by a first terminal, and the access request carries equipment information of the first terminal;
the judging and authenticating module is used for judging whether to establish connection with the first terminal according to the equipment information of the first terminal, and if so, performing bidirectional identity authentication with the first terminal;
the key agreement exchange module is used for carrying out key agreement exchange with the first terminal after the bidirectional identity authentication with the first terminal is successful;
and the key agreement authentication module is used for carrying out key agreement authentication with the first terminal after the key agreement exchange with the first terminal is carried out.
A computer device comprising a memory storing a computer program and a processor implementing the steps of the method described above when executing the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method.
In conclusion, the invention has the following beneficial effects: an authentication key agreement mechanism with end-end cooperation is provided, and a policy of putting tasks of security authentication and key agreement from a cloud end to an intelligent terminal device for edge authentication is provided. The authentication mechanism realizes end-to-end safety authentication and key agreement between intelligent terminal equipment, thereby greatly reducing authentication delay and avoiding huge burden caused by mass data transmission to a server. The invention realizes the authentication key agreement of the light-weight and safe intelligent terminal equipment and ensures the data transmission safety between the intelligent terminal equipment.
Drawings
FIG. 1 is a schematic flow diagram of a method provided by the present invention;
fig. 2 is a block diagram of a terminal authentication system based on edge computing according to the present invention;
fig. 3 is an internal structural diagram of a computer device in the embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below. Several embodiments of the invention are presented in the drawings. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein.
In the present invention, unless explicitly specified or limited otherwise, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature.
The invention is described in detail below with reference to the figures and examples.
The invention provides a terminal authentication method based on edge calculation, as shown in fig. 1, comprising:
step 100, receiving an access request sent by a first terminal, wherein the access request carries equipment information of the first terminal;
step 200, judging whether to establish connection with a first terminal according to the equipment information of the first terminal, and if so, performing bidirectional identity authentication with the first terminal;
step 300, after the bidirectional identity authentication with the first terminal, performing key agreement exchange with the first terminal;
step 400, after the key agreement exchange with the first terminal, performing key agreement authentication with the first terminal.
In practical application, a second terminal receives an access request sent by a first terminal, the second terminal judges whether the first terminal is registered in the second terminal or not through equipment information carried in the access request, if so, the second terminal establishes connection with the first terminal, then the first terminal sends an identity authentication request to the second terminal, the first terminal and the second terminal perform bidirectional identity authentication, after the bidirectional identity authentication of the first terminal and the second terminal is successful, the first terminal and the second terminal perform key agreement exchange and key agreement authentication so that the first terminal and the second terminal perform security authentication and management, after the first terminal and the second terminal pass the key agreement authentication, a security channel is constructed between the first terminal and the second terminal to perform encryption protection on subsequent transmission data, thereby realizing a security authentication key agreement mechanism of end-end cooperation, the first terminal and the second terminal can be intelligent terminal devices such as smart phones and iPads, and through the method, any intelligent terminal device can independently perform security authentication, only exist in cooperation with each other, and can establish secure communication between any intelligent terminal devices through light-weight edge computing.
Further, the performing bidirectional identity authentication with the first terminal includes:
receiving an equipment fingerprint ID sent by the first terminal, and verifying the validity of the first terminal according to the equipment fingerprint ID;
after the first terminal is verified to be legal, generating a second response value according to the equipment fingerprint ID;
and sending the second response value to the first terminal so that the first terminal generates a first response value according to the equipment fingerprint ID, comparing the first response value with the second response value to obtain a comparison result, and if the comparison result is the same, successfully authenticating the two-way identity with the first terminal.
Specifically, the device fingerprint ID is data preset in the first terminal, the first terminal sends a two-way identity authentication request to the second terminal, that is, the first terminal sends its device fingerprint ID to the second terminal, after the second terminal receives the device fingerprint ID sent by the first terminal, the second terminal verifies whether the first device is the device type which can be recognized by the second terminal through the device fingerprint ID, if the verification is successful, the second terminal searches the corresponding device type in the local database and generates a second response value according to the device type, the first terminal receives the second response value and generates a first response value according to the device type, then comparing the first response value with the second response value to obtain a comparison result, if the comparison result is different, the first terminal sends the bidirectional identity authentication request to the second terminal again, and if the comparison result is the same, the first terminal and the second terminal are successfully authenticated.
Further, the performing a key agreement exchange with the first terminal includes:
the second terminal receives the random number and the base number sent by the first terminal; the random number is generated by a first terminal, and is used for enabling the first terminal to search a corresponding encryption algorithm in a local library function of the first terminal according to the random number to encrypt a preset base number to obtain a first ciphertext;
and the second terminal searches a corresponding encryption algorithm in the local library function of the random number to encrypt the base number to obtain a second ciphertext and sends the second ciphertext to the first terminal.
Specifically, the encryption algorithm is a library function encryption calculation interface formed by improving an AES encryption algorithm, a DES encryption algorithm, an RSA encryption algorithm, an EIGamal encryption algorithm, a Rabin encryption algorithm, an elliptic curve encryption algorithm and/or a knapsack password or other encryption algorithms, so that bidirectional key agreement is performed. In practical application, a library function is carried in a local server of each intelligent terminal device, and the library function has a plurality of self-defined key negotiation algorithms.
Further, the performing key agreement authentication with the first terminal includes:
sending the second ciphertext to the first terminal, so that the first terminal compares the second ciphertext with the first ciphertext to obtain a first comparison result, if the first comparison result is different, the first terminal and the second terminal perform key negotiation again, and if the first comparison result is the same, the first terminal enters a secure communication stage;
and the second terminal receives the first ciphertext sent by the first terminal, compares the first ciphertext with the second ciphertext to obtain a second comparison result, if the second comparison result is different, the first terminal and the second terminal perform key negotiation again, and if the second comparison result is the same, the second terminal enters a secure communication stage.
Specifically, under the condition that the first comparison result is different or the second comparison result is different, the key agreement authentication of the first terminal and the second terminal fails, and the first terminal and the second terminal perform key agreement exchange again; after the first terminal and the second terminal finish the key agreement authentication, the key agreement between the first terminal and the second terminal based on the edge calculation is realized, that is, firstly, the intelligent terminal equipment selects a corresponding algorithm in a library function through a random number to exchange key materials, then, the authentication of the key agreement is carried out, and then, the first terminal and the second terminal both enter a secure communication stage to finish the whole key agreement process.
In the application, CryptoNets are used in the key agreement authentication process and can be applied to encrypted data, a polynomial of an encryption algorithm in the library function is encrypted through nonlinear homomorphic encryption, the first terminal can send the data to the cloud service of the managed network in an encrypted form, the cloud service cannot access a key required for decryption, the cloud service cannot obtain any information related to original data and any information related to prediction of the original data, the encrypted data can be sent back to an owner who can decrypt the encrypted data, and accordingly security of data authentication of the two parties is guaranteed.
Further, the device information includes: device ID and MAC address. Specifically, the device ID may be a device number or a device number, or the like.
Further, the determining whether to establish a connection with the first terminal according to the device information of the first terminal includes:
and the second terminal receives the equipment ID and the MAC address sent by the first terminal, then searches whether a corresponding equipment ID and a corresponding MAC address exist in a local database according to the equipment ID and the MAC address, if so, the second terminal establishes connection with the first terminal, and if not, the first terminal is registered in the local database of the second terminal.
In the application, a first terminal sends a device ID and an MAC address of the first terminal to a second terminal, the second terminal checks whether a corresponding device ID exists in a local database according to the device ID sent by the first terminal, then confirms the MAC address, if the corresponding device ID and the corresponding MAC address are found, the second terminal and the first terminal are connected, and if the corresponding device ID and the corresponding MAC address do not exist, the first terminal is registered in the local database of the second terminal through third-party service software.
The invention discloses a terminal authentication method based on edge calculation, and provides an 'end-end' cooperative authentication key agreement mechanism, which puts down a task of security authentication and key agreement from a cloud end to an intelligent terminal device for edge authentication. The authentication mechanism realizes end-to-end safety authentication and key agreement between intelligent terminal equipment, thereby greatly reducing authentication delay and avoiding huge burden caused by mass data transmission to a server. The invention realizes the authentication key agreement of the light-weight and safe intelligent terminal equipment and ensures the data transmission safety between the intelligent terminal equipment.
The invention also provides a terminal authentication method based on edge calculation, which comprises the following steps:
step one, sending an access request to a second terminal, wherein the access request carries equipment information; the device information is used for enabling the second terminal to judge whether to establish connection or not according to the device information;
step two, after establishing connection with the second terminal, performing bidirectional identity authentication with the second terminal;
step three, after the bidirectional identity authentication with the second terminal is successful, the key negotiation exchange is carried out with the second terminal;
and fourthly, after the key agreement exchange is carried out with the second terminal, carrying out key agreement authentication with the second terminal.
In practical application, a first terminal sends an access request to a first terminal, the access request carries equipment information of the first terminal, a second terminal judges whether the first terminal is registered in the second terminal or not through the equipment information of the first terminal, if so, the first terminal and the second terminal establish connection, then the first terminal sends an identity authentication request to the second terminal, the first terminal and the second terminal carry out bidirectional identity authentication, after the bidirectional identity authentication of the first terminal and the second terminal is successful, the first terminal and the second terminal carry out key agreement exchange and key agreement authentication, so that the first terminal and the second terminal carry out security authentication and management, after the first terminal and the second terminal pass the key agreement authentication, a security channel is established between the first terminal and the second terminal to carry out encryption protection on subsequent transmission data, thereby realizing a security authentication key agreement mechanism of end-end cooperation, by the method, any intelligent terminal device can independently perform security authentication, only exist in the cooperation of each other, and establish secure communication between any intelligent terminal devices through light-weight edge calculation.
As shown in fig. 2, the present invention further provides a terminal authentication system based on edge calculation, including:
a receiving module 10, configured to receive an access request sent by a first terminal, where the access request carries device information of the first terminal;
the judging and authenticating module 20 is configured to judge whether to establish a connection with the first terminal according to the device information of the first terminal, and perform bidirectional identity authentication with the first terminal if the connection is established with the first terminal;
the key agreement exchange module 30 is configured to perform key agreement exchange with the first terminal after the bidirectional identity authentication with the first terminal is successful;
and the key agreement authentication module 40 is configured to perform key agreement authentication with the first terminal after performing key agreement exchange with the first terminal.
For the specific definition of the edge-based terminal authentication system, reference may be made to the above definition of the edge-based terminal authentication method, which is not described herein again. The respective modules of the edge computing-based terminal authentication system described above may be implemented in whole or in part by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
Further, the judgment and authentication module 20 includes:
the verification unit is used for receiving the equipment fingerprint ID sent by the first terminal and verifying the validity of the first terminal according to the equipment fingerprint ID;
and the comparison unit is used for generating a second response value according to the equipment fingerprint ID after verifying that the first terminal is legal, then sending the second response value to the first terminal, generating a first response value according to the equipment fingerprint ID by the first terminal, comparing the first response value with the second response value to obtain a comparison result, and if the comparison result is the same, successfully authenticating the identity with the first terminal in a two-way manner.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 3. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of edge-computed terminal authentication.
Those skilled in the art will appreciate that the architecture shown in fig. 3 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, there is provided a computer device comprising a memory storing a computer program and a processor implementing the following steps when the processor executes the computer program:
receiving an access request sent by a first terminal, wherein the access request carries equipment information of the first terminal;
judging whether to establish connection with the first terminal according to the equipment information of the first terminal, and if so, performing bidirectional identity authentication with the first terminal;
after the bidirectional identity authentication with the first terminal is successful, carrying out key negotiation exchange with the first terminal;
and after the key agreement exchange is carried out with the first terminal, carrying out key agreement authentication with the first terminal.
In one embodiment, the performing bidirectional identity authentication with the first terminal includes:
receiving an equipment fingerprint ID sent by the first terminal, and verifying the validity of the first terminal according to the equipment fingerprint ID;
and after the first terminal is verified to be legal, generating a second response value according to the equipment fingerprint ID, then sending the second response value to the first terminal, generating a first response value by the first terminal according to the equipment fingerprint ID, comparing the first response value with the second response value to obtain a comparison result, and if the comparison result is the same, successfully authenticating the identity with the first terminal in a two-way manner.
In one embodiment, the performing the key agreement exchange with the first terminal includes:
the first terminal generates a random number, and the first terminal searches a corresponding encryption algorithm from a library function according to the random number to encrypt a preset base number to obtain a first ciphertext;
and receiving the random number and the base number, searching a corresponding encryption algorithm from a library function of the second terminal according to the random number, encrypting the base number to obtain a second ciphertext, and sending the second ciphertext to the first terminal.
In one embodiment, the performing key agreement authentication with the first terminal includes:
the first terminal compares the second ciphertext with the first ciphertext to obtain a first comparison result, if the first comparison result is different, key negotiation exchange is carried out again, if the first comparison result is the same, the first terminal enters a secure communication stage, and then the first terminal sends the first ciphertext to the second terminal;
and the second terminal compares the first ciphertext with the second ciphertext to obtain a second comparison result, if the second comparison result is different, the first terminal and the second terminal perform key negotiation exchange again, and if the second comparison result is the same, the second terminal enters a secure communication stage.
In one embodiment, the device information includes: device ID and MAC address.
In one embodiment, the determining whether to establish a connection with the first terminal according to the device information of the first terminal includes:
and receiving the equipment ID and the MAC address sent by the first terminal, searching whether the corresponding equipment ID and the MAC address exist in a local database according to the equipment ID and the MAC address, if so, establishing connection with the first terminal, and if not, registering the first terminal in the local database of the second terminal.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.

Claims (10)

1. A terminal authentication method based on edge calculation is characterized by comprising the following steps:
receiving an access request sent by a first terminal, wherein the access request carries equipment information of the first terminal;
judging whether to establish connection with the first terminal according to the equipment information of the first terminal, and if so, performing bidirectional identity authentication with the first terminal;
after the bidirectional identity authentication is successfully carried out with the first terminal, carrying out key agreement exchange with the first terminal;
and after the key agreement exchange is carried out with the first terminal, carrying out key agreement authentication with the first terminal.
2. The edge computing-based terminal authentication method according to claim 1, wherein the bidirectional identity authentication with the first terminal comprises:
receiving an equipment fingerprint ID sent by the first terminal, and verifying the validity of the first terminal according to the equipment fingerprint ID;
after the first terminal is verified to be legal, generating a second response value according to the equipment fingerprint ID;
and sending the second response value to the first terminal so that the first terminal generates a first response value according to the equipment fingerprint ID, comparing the first response value with the second response value to obtain a comparison result, and if the comparison result is the same, successfully authenticating the two-way identity with the first terminal.
3. The edge computing-based terminal authentication method according to claim 1, wherein the performing a key agreement exchange with the first terminal comprises:
receiving the random number and the base number sent by the first terminal; the random number is generated by a first terminal, and is used for enabling the first terminal to search a corresponding encryption algorithm according to the random number to encrypt a preset base number to obtain a first ciphertext;
and searching a corresponding encryption algorithm according to the random number to encrypt the base number to obtain a second ciphertext, and sending the second ciphertext to the first terminal.
4. The edge computing-based terminal authentication method according to claim 3, wherein the performing key agreement authentication with the first terminal comprises:
sending the second ciphertext to a first terminal so that the first terminal compares the second ciphertext with the first ciphertext to obtain a first comparison result, if the first comparison result is different, performing key agreement exchange again, and if the first comparison result is the same, entering a secure communication stage by the first terminal;
and receiving a first ciphertext sent by the first terminal, comparing the first ciphertext with a second ciphertext to obtain a second comparison result, if the second comparison result is different, performing key agreement exchange again, and if the second comparison result is the same, entering a secure communication stage.
5. The edge computing-based terminal authentication method according to claim 1, wherein the device information includes: device ID and MAC address.
6. The edge computing-based terminal authentication method according to claim 5, wherein the determining whether to establish a connection with the first terminal according to the device information of the first terminal comprises:
and receiving the equipment ID and the MAC address sent by the first terminal, searching whether the corresponding equipment ID and the MAC address exist in a local database according to the equipment ID and the MAC address, if so, establishing connection with the first terminal, and if not, registering the first terminal in the local database.
7. A terminal authentication method based on edge calculation is characterized by comprising the following steps:
sending an access request to a second terminal, wherein the access request carries equipment information; the device information is used for enabling the second terminal to judge whether to establish connection or not according to the device information;
after establishing connection with the second terminal, performing bidirectional identity authentication with the second terminal;
after the bidirectional identity authentication with the second terminal is successful, carrying out key negotiation exchange with the second terminal;
and after the key agreement exchange is carried out with the second terminal, carrying out key agreement authentication with the second terminal.
8. A terminal authentication system based on edge computing, comprising:
the device comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving an access request sent by a first terminal, and the access request carries equipment information of the first terminal;
the judging and authenticating module is used for judging whether to establish connection with the first terminal according to the equipment information of the first terminal, and if so, performing bidirectional identity authentication with the first terminal;
the key agreement exchange module is used for carrying out key agreement exchange with the first terminal after the bidirectional identity authentication with the first terminal is successful;
and the key agreement authentication module is used for carrying out key agreement authentication with the first terminal after the key agreement exchange with the first terminal is carried out.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 6.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.
CN202111390371.1A 2021-11-23 2021-11-23 Terminal authentication method, system, equipment and storage medium based on edge calculation Active CN114095256B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111390371.1A CN114095256B (en) 2021-11-23 2021-11-23 Terminal authentication method, system, equipment and storage medium based on edge calculation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111390371.1A CN114095256B (en) 2021-11-23 2021-11-23 Terminal authentication method, system, equipment and storage medium based on edge calculation

Publications (2)

Publication Number Publication Date
CN114095256A true CN114095256A (en) 2022-02-25
CN114095256B CN114095256B (en) 2023-09-26

Family

ID=80303177

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111390371.1A Active CN114095256B (en) 2021-11-23 2021-11-23 Terminal authentication method, system, equipment and storage medium based on edge calculation

Country Status (1)

Country Link
CN (1) CN114095256B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114786177A (en) * 2022-04-07 2022-07-22 武汉联影医疗科技有限公司 Edge node access processing method, mobile terminal and edge node
CN115700857A (en) * 2022-11-28 2023-02-07 广州万协通信息技术有限公司 Vehicle key sharing method of security chip and security chip device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101800734A (en) * 2009-02-09 2010-08-11 华为技术有限公司 Session information interacting method, device and system
CN106470104A (en) * 2015-08-20 2017-03-01 阿里巴巴集团控股有限公司 For generating method, device, terminal unit and the system of shared key
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN112073379A (en) * 2020-08-12 2020-12-11 国网江苏省电力有限公司南京供电分公司 Lightweight Internet of things security key negotiation method based on edge calculation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101800734A (en) * 2009-02-09 2010-08-11 华为技术有限公司 Session information interacting method, device and system
CN106470104A (en) * 2015-08-20 2017-03-01 阿里巴巴集团控股有限公司 For generating method, device, terminal unit and the system of shared key
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN112073379A (en) * 2020-08-12 2020-12-11 国网江苏省电力有限公司南京供电分公司 Lightweight Internet of things security key negotiation method based on edge calculation

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114786177A (en) * 2022-04-07 2022-07-22 武汉联影医疗科技有限公司 Edge node access processing method, mobile terminal and edge node
CN114786177B (en) * 2022-04-07 2023-05-30 武汉联影医疗科技有限公司 Edge node access processing method, mobile terminal and edge node
CN115700857A (en) * 2022-11-28 2023-02-07 广州万协通信息技术有限公司 Vehicle key sharing method of security chip and security chip device
CN115700857B (en) * 2022-11-28 2023-11-24 广州万协通信息技术有限公司 Vehicle key sharing method of security chip and security chip device

Also Published As

Publication number Publication date
CN114095256B (en) 2023-09-26

Similar Documents

Publication Publication Date Title
CN110380852B (en) Bidirectional authentication method and communication system
CN111031047B (en) Device communication method, device, computer device and storage medium
CN111541551B (en) Threshold signature message processing method, system, storage medium and server
CN107040513B (en) Trusted access authentication processing method, user terminal and server
CN114095256B (en) Terminal authentication method, system, equipment and storage medium based on edge calculation
CN110266656B (en) Secret-free authentication identity identification method and device and computer equipment
CN109347813B (en) Internet of things equipment login method and system, computer equipment and storage medium
CN110942382A (en) Electronic contract generating method and device, computer equipment and storage medium
CN111552935A (en) Block chain data authorization access method and device
CN113239363A (en) Firmware updating method, device, equipment, readable storage medium and memory system
CN112422516B (en) Trusted connection method and device based on power edge calculation and computer equipment
CN114499999A (en) Identity authentication method, device, platform, vehicle, equipment and medium
CN113872990A (en) VPN network certificate authentication method and device based on SSL protocol and computer equipment
CN110225511B (en) Method, device and system for acquiring IMEI number of terminal and computer equipment
CN113115309A (en) Data processing method and device for Internet of vehicles, storage medium and electronic equipment
US11101975B2 (en) Ciphertext matching system and ciphertext matching method
CN110418345B (en) Identity authentication method and device and computer equipment
CN111383110A (en) Cross-block-chain evidence transfer method and device and hardware equipment
CN113472544B (en) Digital identity verification method and device, computer equipment and storage medium
CN115604034A (en) Encryption and decryption method and system for communication connection and electronic equipment
CN111541642B (en) Bluetooth encryption communication method and device based on dynamic secret key
CN114582048B (en) NFC-based vehicle door control method, mobile terminal and vehicle
CN114662073A (en) Verification method and device for LED system, computer equipment and medium
CN114065170A (en) Method and device for acquiring platform identity certificate and server
CN111385266B (en) Data sharing method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant