CN114095256B - Terminal authentication method, system, equipment and storage medium based on edge calculation - Google Patents
Terminal authentication method, system, equipment and storage medium based on edge calculation Download PDFInfo
- Publication number
- CN114095256B CN114095256B CN202111390371.1A CN202111390371A CN114095256B CN 114095256 B CN114095256 B CN 114095256B CN 202111390371 A CN202111390371 A CN 202111390371A CN 114095256 B CN114095256 B CN 114095256B
- Authority
- CN
- China
- Prior art keywords
- terminal
- key negotiation
- authentication
- ciphertext
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The application relates to a terminal authentication method, a system, equipment and a storage medium based on edge calculation, which has the technical scheme that: receiving an access request sent by a first terminal, wherein the access request carries equipment information of the first terminal; judging whether to establish connection with a first terminal according to the equipment information of the first terminal, and if so, performing bidirectional identity authentication with the first terminal; after the two-way identity authentication with the first terminal is successful, carrying out key negotiation exchange with the first terminal; after the key negotiation exchange is carried out with the first terminal, key negotiation authentication is carried out with the first terminal; the application realizes the authentication key negotiation of the lightweight and safe intelligent terminal equipment and ensures the data transmission safety between the intelligent terminal equipment.
Description
Technical Field
The application relates to the technical field of information security, in particular to a terminal authentication method, a system, equipment and a storage medium based on edge calculation.
Background
With increasingly busy water traffic, there are more and more ships sailing on water, wherein, the problems of illegal transportation and overspeed sailing of the ships are not spent, and the safety sailing on water is influenced, so that the safety supervision of the ships sailing on water is urgently needed.
Disclosure of Invention
Aiming at the defects existing in the prior art, the application aims to provide a terminal authentication method, a system, equipment and a storage medium based on edge calculation, which have the functional advantages of realizing lightweight and safe authentication key negotiation of intelligent terminal equipment and ensuring the safety of data transmission between the intelligent terminal equipment.
The technical aim of the application is realized by the following technical scheme:
a terminal authentication method based on edge calculation comprises the following steps:
receiving an access request sent by a first terminal, wherein the access request carries equipment information of the first terminal;
judging whether to establish connection with a first terminal according to the equipment information of the first terminal, and if so, performing bidirectional identity authentication with the first terminal;
after the two-way identity authentication with the first terminal is successful, carrying out key negotiation exchange with the first terminal;
and after the key negotiation exchange is carried out with the first terminal, carrying out key negotiation authentication with the first terminal.
Optionally, the performing bidirectional identity authentication with the first terminal includes:
receiving an equipment fingerprint ID sent by the first terminal, and verifying the legitimacy of the first terminal according to the equipment fingerprint ID;
after verifying that the first terminal is legal, generating a second response value according to the equipment fingerprint ID;
and sending the second response value to the first terminal so that the first terminal generates a first response value according to the equipment fingerprint ID, comparing the first response value with the second response value to obtain a comparison result, and if the comparison result is the same, performing bidirectional identity authentication with the first terminal.
Optionally, the performing key negotiation exchange with the first terminal includes:
receiving a random number and a base number sent by the first terminal; the random number is generated by a first terminal, and is used for enabling the first terminal to encrypt a preset base number according to an encryption algorithm corresponding to the random number search to obtain a first ciphertext;
and encrypting the base number according to the encryption algorithm corresponding to the random number search to obtain a second ciphertext, and sending the second ciphertext to the first terminal.
Optionally, the performing key negotiation authentication with the first terminal includes:
the second ciphertext is sent to a first terminal, so that the first terminal compares the second ciphertext with the first ciphertext to obtain a first comparison result, if the first comparison result is different, key negotiation exchange is conducted again, and if the first comparison result is the same, the first terminal enters a secure communication stage;
and receiving a first ciphertext sent by the first terminal, comparing the first ciphertext with a second ciphertext to obtain a second comparison result, if the second comparison result is different, re-performing key negotiation exchange, and if the second comparison result is the same, entering a secure communication stage.
Optionally, the device information includes: device ID and MAC address.
Optionally, the determining whether to establish connection with the first terminal according to the device information of the first terminal includes:
and receiving the equipment ID and the MAC address sent by the first terminal, searching whether the corresponding equipment ID and the corresponding MAC address exist in a local database according to the equipment ID and the MAC address, if so, establishing connection with the first terminal, and if not, registering the first terminal in the local database.
A terminal authentication method based on edge calculation comprises the following steps:
sending an access request to a second terminal, wherein the access request carries equipment information; the equipment information is used for enabling the second terminal to judge whether to establish connection according to the equipment information;
after establishing connection with the second terminal, performing bidirectional identity authentication with the second terminal;
after the two-way identity authentication with the second terminal is successful, carrying out key negotiation exchange with the second terminal;
and after the key negotiation exchange is carried out with the second terminal, carrying out key negotiation authentication with the second terminal.
A terminal authentication system based on edge computation, comprising:
the receiving module is used for receiving an access request sent by a first terminal, wherein the access request carries equipment information of the first terminal;
the judging and authenticating module is used for judging whether to establish connection with the first terminal according to the equipment information of the first terminal, and if so, carrying out bidirectional identity authentication with the first terminal;
the key negotiation exchange module is used for carrying out key negotiation exchange with the first terminal after the two-way identity authentication with the first terminal is successful;
and the key negotiation authentication module is used for carrying out key negotiation authentication with the first terminal after carrying out key negotiation exchange with the first terminal.
A computer device comprising a memory storing a computer program and a processor implementing the steps of the method described above when the processor executes the computer program.
A computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method described above.
In summary, the application has the following beneficial effects: an authentication key negotiation mechanism of 'end-to-end' coordination is provided, and tasks of security authentication and key negotiation are lowered from a cloud to an intelligent terminal device for edge authentication. The authentication mechanism realizes end-to-end safety authentication and key negotiation between intelligent terminal equipment, thereby greatly reducing authentication time delay and avoiding huge burden brought to a server by mass data transmission. The application realizes the authentication key negotiation of the lightweight and safe intelligent terminal equipment and ensures the data transmission safety between the intelligent terminal equipment.
Drawings
FIG. 1 is a schematic flow chart of the method provided by the application;
FIG. 2 is a block diagram of a terminal authentication system based on edge computation according to the present application;
fig. 3 is an internal structural view of a computer device in an embodiment of the present application.
Detailed Description
In order that the objects, features and advantages of the application will be readily understood, a more particular description of the application will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. Several embodiments of the application are presented in the figures. This application may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein.
In the present application, the terms "first," "second," and "second" are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated unless otherwise explicitly specified and defined. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature.
The present application will be described in detail below with reference to the accompanying drawings and examples.
The application provides a terminal authentication method based on edge calculation, as shown in figure 1, comprising the following steps:
step 100, receiving an access request sent by a first terminal, wherein the access request carries equipment information of the first terminal;
step 200, judging whether to establish connection with a first terminal according to the equipment information of the first terminal, and if so, performing bidirectional identity authentication with the first terminal;
step 300, after the bidirectional identity authentication is performed with the first terminal, performing key negotiation exchange with the first terminal;
step 400, after the key negotiation exchange is performed with the first terminal, the key negotiation authentication is performed with the first terminal.
In practical application, the second terminal receives the access request sent by the first terminal, the second terminal judges whether the first terminal is registered in the second terminal through the equipment information carried in the access request, if yes, the second terminal and the first terminal establish connection, then the first terminal sends an identity authentication request to the second terminal, the first terminal and the second terminal perform bidirectional identity authentication, after the bidirectional identity authentication of the first terminal and the second terminal succeeds, the first terminal and the second terminal perform key negotiation exchange and key negotiation authentication, so that the first terminal and the second terminal perform security authentication and management, a security channel is established between the first terminal and the second terminal after the first terminal and the second terminal pass the key negotiation authentication, and the subsequent transmission data is encrypted and protected, so that the security authentication key negotiation mechanism of end-end cooperation is realized, the first terminal and the second terminal can be intelligent terminal equipment such as smart phones, iPad, and the like.
Further, the performing bidirectional identity authentication with the first terminal includes:
receiving an equipment fingerprint ID sent by the first terminal, and verifying the legitimacy of the first terminal according to the equipment fingerprint ID;
after verifying that the first terminal is legal, generating a second response value according to the equipment fingerprint ID;
and sending the second response value to the first terminal so that the first terminal generates a first response value according to the equipment fingerprint ID, comparing the first response value with the second response value to obtain a comparison result, and if the comparison result is the same, performing bidirectional identity authentication with the first terminal.
Specifically, the device fingerprint ID is data preset in the first terminal, the first terminal sends a bidirectional identity authentication request to the second terminal, that is, the first terminal sends the device fingerprint ID to the second terminal, after receiving the device fingerprint ID sent by the first terminal, the second terminal verifies whether the first device is a device type identifiable by the second terminal through the device fingerprint ID, if verification is successful, the second terminal searches a local database for a corresponding device type and generates a second response value according to the device type, the first terminal receives the second response value, generates a first response value according to the device type, then compares the first response value with the second response value to obtain a comparison result, if the comparison result is different, the first terminal sends the bidirectional identity authentication request to the second terminal again, and if the comparison result is the same, the authentication of the first terminal and the second terminal is successful.
Further, the performing key negotiation exchange with the first terminal includes:
the second terminal receives the random number and the base number sent by the first terminal; the random number is generated by a first terminal, and is used for enabling the first terminal to search a corresponding encryption algorithm in a local library function of the random number according to the random number so as to encrypt a preset base number to obtain a first ciphertext;
and the second terminal encrypts the base number according to the encryption algorithm which corresponds to the random number in the local library function, so as to obtain a second ciphertext, and sends the second ciphertext to the first terminal.
Specifically, the encryption algorithm is an own library function encryption algorithm interface formed after an AES encryption algorithm, a DES encryption algorithm, an RSA encryption algorithm, an EIGamal encryption algorithm, a Rabin encryption algorithm, an elliptic curve encryption algorithm and/or a knapsack password or the like are improved, so that bidirectional key negotiation is performed. In practical application, a library function is carried in a local server of each intelligent terminal device, and a plurality of custom key negotiation algorithms are arranged in the library function.
Further, the performing key negotiation authentication with the first terminal includes:
the second ciphertext is sent to the first terminal, so that the first terminal compares the second ciphertext with the first ciphertext to obtain a first comparison result, if the first comparison result is different, the first terminal and the second terminal carry out key negotiation exchange again, and if the first comparison result is the same, the first terminal enters a secure communication stage;
and the second terminal receives the first ciphertext sent by the first terminal, compares the first ciphertext with the second ciphertext to obtain a second comparison result, and if the second comparison result is different, the first terminal and the second terminal carry out key negotiation exchange again, and if the second comparison result is the same, the second terminal enters a secure communication stage.
Specifically, under the condition that the first comparison result is different or the second comparison result is different, the key negotiation authentication of the first terminal and the second terminal fails, and the first terminal and the second terminal carry out key negotiation exchange again; after the first terminal and the second terminal finish key negotiation authentication, the key negotiation based on edge calculation between the first terminal and the second terminal is realized, namely, in general, the intelligent terminal equipment firstly selects a corresponding algorithm in a library function through a random number to exchange key materials, then performs authentication of key negotiation, and then both the first terminal and the second terminal enter a secure communication stage to finish the whole key negotiation process.
In the application, cryptoNets, cryptoNets can be applied to encrypted data in the key negotiation authentication process, the data can be sent to cloud service of a managed network in an encrypted form by the first terminal through nonlinear homomorphic encryption of a polynomial of an encryption algorithm in the library function, and the cloud service cannot access a key required for decryption, so that the cloud service cannot obtain any information about original data or any information about predictions made by the cloud service, and the encrypted data can be sent back to an owner capable of decrypting, thereby ensuring the security of data authentication of both parties.
Further, the device information includes: device ID and MAC address. Specifically, the device ID may be a device number or a device number, or the like.
Further, the determining whether to establish connection with the first terminal according to the device information of the first terminal includes:
and the second terminal receives the equipment ID and the MAC address sent by the first terminal, searches whether the corresponding equipment ID and the corresponding MAC address exist in a local database according to the equipment ID and the MAC address, establishes connection with the first terminal if the corresponding equipment ID and the corresponding MAC address exist in the local database, and registers the first terminal in the local database of the second terminal if the corresponding equipment ID and the corresponding MAC address do not exist in the local database.
In the application, a first terminal sends the equipment ID and the MAC address thereof to a second terminal, the second terminal checks whether the corresponding equipment ID exists in a local database according to the equipment ID sent by the first terminal, then confirms the MAC address, if the corresponding equipment ID and the MAC address are found, the second terminal establishes connection with the first terminal, and if the corresponding equipment ID and the MAC address do not exist, the first terminal is registered in the local database of the second terminal through third party service software.
The application provides a terminal authentication method based on edge calculation, which provides an authentication key negotiation mechanism of 'end-to-end' cooperation, and the tasks of security authentication and key negotiation are lowered from a cloud to a policy of performing edge authentication on intelligent terminal equipment. The authentication mechanism realizes end-to-end safety authentication and key negotiation between intelligent terminal equipment, thereby greatly reducing authentication time delay and avoiding huge burden brought to a server by mass data transmission. The application realizes the authentication key negotiation of the lightweight and safe intelligent terminal equipment and ensures the data transmission safety between the intelligent terminal equipment.
The application also provides a terminal authentication method based on edge calculation, which comprises the following steps:
step one, sending an access request to a second terminal, wherein the access request carries equipment information; the equipment information is used for enabling the second terminal to judge whether to establish connection according to the equipment information;
step two, after establishing connection with the second terminal, performing bidirectional identity authentication with the second terminal;
step three, after the two-way identity authentication with the second terminal is successful, carrying out key negotiation exchange with the second terminal;
and step four, after the key negotiation exchange is carried out with the second terminal, carrying out key negotiation authentication with the second terminal.
In practical application, the first terminal sends an access request to the first terminal, the access request carries the device information of the first terminal, the second terminal judges whether the first terminal is registered in the second terminal or not through the device information of the first terminal, if yes, the first terminal and the second terminal establish connection, then the first terminal sends an identity authentication request to the second terminal, the first terminal and the second terminal perform bidirectional identity authentication, after the bidirectional identity authentication of the first terminal and the second terminal succeeds, the first terminal and the second terminal perform key negotiation exchange and key negotiation authentication, so that security authentication and management are performed between the first terminal and the second terminal, a security channel is established between the first terminal and the second terminal after the key negotiation authentication is performed, and encryption protection is performed on subsequent transmission data, so that end-end cooperative security authentication key negotiation mechanism is realized.
As shown in fig. 2, the present application further provides a terminal authentication system based on edge calculation, including:
a receiving module 10, configured to receive an access request sent by a first terminal, where the access request carries device information of the first terminal;
the judging authentication module 20 is configured to judge whether to establish connection with the first terminal according to the device information of the first terminal, and if yes, perform bidirectional identity authentication with the first terminal;
a key negotiation exchange module 30, configured to perform key negotiation exchange with the first terminal after the two-way identity authentication with the first terminal is successful;
and the key negotiation authentication module 40 is configured to perform key negotiation authentication with the first terminal after the key negotiation exchange with the first terminal.
For specific limitations on the edge-based computing terminal authentication system, reference may be made to the above limitations on the edge-based computing terminal authentication method, and no further description is given here. The above-described respective modules of the edge-calculation-based terminal authentication system may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
Further, the judgment authentication module 20 includes:
the verification unit is used for receiving the equipment fingerprint ID sent by the first terminal and verifying the legitimacy of the first terminal according to the equipment fingerprint ID;
and the comparison unit is used for generating a second response value according to the equipment fingerprint ID after verifying that the first terminal is legal, then sending the second response value to the first terminal, generating a first response value according to the equipment fingerprint ID by the first terminal, comparing the first response value with the second response value to obtain a comparison result, and if the comparison result is the same, successfully authenticating the two-way identity with the first terminal.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 3. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a terminal authentication method for edge computation.
It will be appreciated by those skilled in the art that the structure shown in FIG. 3 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, a computer device is provided comprising a memory storing a computer program and a processor that when executing the computer program performs the steps of:
receiving an access request sent by a first terminal, wherein the access request carries equipment information of the first terminal;
judging whether to establish connection with a first terminal according to the equipment information of the first terminal, and if so, performing bidirectional identity authentication with the first terminal;
after the two-way identity authentication with the first terminal is successful, carrying out key negotiation exchange with the first terminal;
and after the key negotiation exchange is carried out with the first terminal, carrying out key negotiation authentication with the first terminal.
In one embodiment, the performing bidirectional identity authentication with the first terminal includes:
receiving an equipment fingerprint ID sent by the first terminal, and verifying the legitimacy of the first terminal according to the equipment fingerprint ID;
after verifying that the first terminal is legal, generating a second response value according to the equipment fingerprint ID, then sending the second response value to the first terminal, generating a first response value by the first terminal according to the equipment fingerprint ID, comparing the first response value with the second response value to obtain a comparison result, and if the comparison result is the same, successfully authenticating the two-way identity with the first terminal.
In one embodiment, the performing a key agreement exchange with the first terminal includes:
the first terminal generates a random number, and the first terminal searches a corresponding encryption algorithm from a library function according to the random number to encrypt a preset base number to obtain a first ciphertext;
and receiving the random number and the base number, searching a corresponding encryption algorithm from a library function of the second terminal according to the random number, encrypting the base number to obtain a second ciphertext, and transmitting the second ciphertext to the first terminal.
In one embodiment, the performing key agreement authentication with the first terminal includes:
the first terminal compares the second ciphertext with the first ciphertext to obtain a first comparison result, if the first comparison result is different, key negotiation exchange is conducted again, if the first comparison result is the same, the first terminal enters a secure communication stage, and then the first terminal sends the first ciphertext to the second terminal;
and the second terminal compares the first ciphertext with the second ciphertext to obtain a second comparison result, if the second comparison result is different, the first terminal and the second terminal carry out key negotiation exchange again, and if the second comparison result is the same, the second terminal enters a secure communication stage.
In one embodiment, the device information includes: device ID and MAC address.
In one embodiment, the determining whether to establish a connection with the first terminal according to the device information of the first terminal includes:
and receiving the equipment ID and the MAC address sent by the first terminal, searching whether the corresponding equipment ID and the corresponding MAC address exist in a local database according to the equipment ID and the MAC address, if so, establishing connection with the first terminal, and if not, registering the first terminal in the local database of the second terminal.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
Claims (8)
1. A terminal authentication method based on edge computation, comprising:
receiving an access request sent by a first terminal, wherein the access request carries equipment information of the first terminal;
judging whether to establish connection with a first terminal according to the equipment information of the first terminal, and if so, performing bidirectional identity authentication with the first terminal;
after the two-way identity authentication with the first terminal is successful, carrying out key negotiation exchange with the first terminal; the key negotiation exchange with the first terminal comprises the following steps:
receiving a random number and a base number sent by the first terminal; the random number is generated by a first terminal, and is used for enabling the first terminal to encrypt a preset base number according to an encryption algorithm corresponding to the random number search to obtain a first ciphertext;
encrypting the base number according to the encryption algorithm corresponding to the random number search to obtain a second ciphertext, and sending the second ciphertext to the first terminal;
after the key negotiation exchange is carried out with the first terminal, key negotiation authentication is carried out with the first terminal; the key negotiation authentication with the first terminal comprises the following steps:
the second ciphertext is sent to a first terminal, so that the first terminal compares the second ciphertext with the first ciphertext to obtain a first comparison result, if the first comparison result is different, key negotiation exchange is conducted again, and if the first comparison result is the same, the first terminal enters a secure communication stage;
and receiving a first ciphertext sent by the first terminal, comparing the first ciphertext with a second ciphertext to obtain a second comparison result, if the second comparison result is different, re-performing key negotiation exchange, and if the second comparison result is the same, entering a secure communication stage.
2. The edge computing-based terminal authentication method according to claim 1, wherein the performing bidirectional identity authentication with the first terminal includes:
receiving an equipment fingerprint ID sent by the first terminal, and verifying the legitimacy of the first terminal according to the equipment fingerprint ID;
after verifying that the first terminal is legal, generating a second response value according to the equipment fingerprint ID;
and sending the second response value to the first terminal so that the first terminal generates a first response value according to the equipment fingerprint ID, comparing the first response value with the second response value to obtain a comparison result, and if the comparison result is the same, performing bidirectional identity authentication with the first terminal.
3. The edge calculation-based terminal authentication method according to claim 1, wherein the device information includes: device ID and MAC address.
4. The edge computing-based terminal authentication method according to claim 3, wherein the determining whether to establish a connection with the first terminal according to the device information of the first terminal comprises:
and receiving the equipment ID and the MAC address sent by the first terminal, searching whether the corresponding equipment ID and the corresponding MAC address exist in a local database according to the equipment ID and the MAC address, if so, establishing connection with the first terminal, and if not, registering the first terminal in the local database.
5. The edge computing-based terminal authentication method of claim 1, further comprising:
sending an access request to a second terminal, wherein the access request carries equipment information; the equipment information is used for enabling the second terminal to judge whether to establish connection according to the equipment information;
after establishing connection with the second terminal, performing bidirectional identity authentication with the second terminal;
after the two-way identity authentication with the second terminal is successful, carrying out key negotiation exchange with the second terminal;
and after the key negotiation exchange is carried out with the second terminal, carrying out key negotiation authentication with the second terminal.
6. A terminal authentication system based on edge computation, comprising:
the receiving module is used for receiving an access request sent by a first terminal, wherein the access request carries equipment information of the first terminal;
the judging and authenticating module is used for judging whether to establish connection with the first terminal according to the equipment information of the first terminal, and if so, carrying out bidirectional identity authentication with the first terminal;
the key negotiation exchange module is used for carrying out key negotiation exchange with the first terminal after the two-way identity authentication with the first terminal is successful; the key negotiation exchange with the first terminal comprises the following steps: receiving a random number and a base number sent by the first terminal; the random number is generated by a first terminal, and is used for enabling the first terminal to encrypt a preset base number according to an encryption algorithm corresponding to the random number search to obtain a first ciphertext; encrypting the base number according to the encryption algorithm corresponding to the random number search to obtain a second ciphertext, and sending the second ciphertext to the first terminal;
the key negotiation authentication module is used for carrying out key negotiation authentication with the first terminal after carrying out key negotiation exchange with the first terminal; the key negotiation authentication with the first terminal comprises the following steps: the second ciphertext is sent to a first terminal, so that the first terminal compares the second ciphertext with the first ciphertext to obtain a first comparison result, if the first comparison result is different, key negotiation exchange is conducted again, and if the first comparison result is the same, the first terminal enters a secure communication stage; and receiving a first ciphertext sent by the first terminal, comparing the first ciphertext with a second ciphertext to obtain a second comparison result, if the second comparison result is different, re-performing key negotiation exchange, and if the second comparison result is the same, entering a secure communication stage.
7. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 4 when the computer program is executed.
8. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111390371.1A CN114095256B (en) | 2021-11-23 | 2021-11-23 | Terminal authentication method, system, equipment and storage medium based on edge calculation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111390371.1A CN114095256B (en) | 2021-11-23 | 2021-11-23 | Terminal authentication method, system, equipment and storage medium based on edge calculation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114095256A CN114095256A (en) | 2022-02-25 |
| CN114095256B true CN114095256B (en) | 2023-09-26 |
Family
ID=80303177
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111390371.1A Active CN114095256B (en) | 2021-11-23 | 2021-11-23 | Terminal authentication method, system, equipment and storage medium based on edge calculation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114095256B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114786177B (en) * | 2022-04-07 | 2023-05-30 | 武汉联影医疗科技有限公司 | Edge node access processing method, mobile terminal and edge node |
| CN115700857B (en) * | 2022-11-28 | 2023-11-24 | 广州万协通信息技术有限公司 | Vehicle key sharing method of security chip and security chip device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101800734A (en) * | 2009-02-09 | 2010-08-11 | 华为技术有限公司 | Session information interacting method, device and system |
| CN106470104A (en) * | 2015-08-20 | 2017-03-01 | 阿里巴巴集团控股有限公司 | For generating method, device, terminal unit and the system of shared key |
| WO2018076365A1 (en) * | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
| CN112073379A (en) * | 2020-08-12 | 2020-12-11 | 国网江苏省电力有限公司南京供电分公司 | Lightweight Internet of things security key negotiation method based on edge calculation |
-
2021
- 2021-11-23 CN CN202111390371.1A patent/CN114095256B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101800734A (en) * | 2009-02-09 | 2010-08-11 | 华为技术有限公司 | Session information interacting method, device and system |
| CN106470104A (en) * | 2015-08-20 | 2017-03-01 | 阿里巴巴集团控股有限公司 | For generating method, device, terminal unit and the system of shared key |
| WO2018076365A1 (en) * | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
| CN112073379A (en) * | 2020-08-12 | 2020-12-11 | 国网江苏省电力有限公司南京供电分公司 | Lightweight Internet of things security key negotiation method based on edge calculation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114095256A (en) | 2022-02-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108768664B (en) | Key management method, device, system, storage medium and computer equipment | |
| CN109325342B (en) | Identity information management method, device, computer equipment and storage medium | |
| CN111541551B (en) | Threshold signature message processing method, system, storage medium and server | |
| CN114095256B (en) | Terminal authentication method, system, equipment and storage medium based on edge calculation | |
| CN111031047B (en) | Device communication method, device, computer device and storage medium | |
| CN109614825B (en) | Contract signing method, contract signing device, computer equipment and storage medium | |
| CN110266656B (en) | Secret-free authentication identity identification method and device and computer equipment | |
| CN109347813B (en) | Internet of things equipment login method and system, computer equipment and storage medium | |
| CN111368340A (en) | Block chain-based evidence-based security verification method and device and hardware equipment | |
| CN110942382A (en) | Electronic contract generating method and device, computer equipment and storage medium | |
| CN113239363A (en) | Firmware updating method, device, equipment, readable storage medium and memory system | |
| KR20200104084A (en) | APPARATUS AND METHOD FOR AUTHENTICATING IoT DEVICE BASED ON PUF | |
| CN110958266A (en) | Data processing method, system, computer device and storage medium | |
| CN113115309B (en) | Data processing method and device for Internet of vehicles, storage medium and electronic equipment | |
| US11101975B2 (en) | Ciphertext matching system and ciphertext matching method | |
| US10785193B2 (en) | Security key hopping | |
| CN110225511B (en) | Method, device and system for acquiring IMEI number of terminal and computer equipment | |
| CN111148213A (en) | Registration method of 5G user terminal, user terminal equipment and medium | |
| CN115604034A (en) | Encryption and decryption method and system for communication connection and electronic equipment | |
| CN111541642B (en) | Bluetooth encryption communication method and device based on dynamic secret key | |
| CN114662073A (en) | Verification method and device for LED system, computer equipment and medium | |
| CN111132156B (en) | Registration method of 5G user terminal, user terminal equipment and medium | |
| CN114065170A (en) | Method and device for acquiring platform identity certificate and server | |
| CN111385266B (en) | Data sharing method and device, computer equipment and storage medium | |
| Abbdal et al. | An Efficient Public Verifiability and Data Integrity Using Multiple TPAs in Cloud Data Storage |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |