CN114372241A - Internet of things terminal identity authentication method, system, device and storage medium - Google Patents
Internet of things terminal identity authentication method, system, device and storage medium Download PDFInfo
- Publication number
- CN114372241A CN114372241A CN202111527557.7A CN202111527557A CN114372241A CN 114372241 A CN114372241 A CN 114372241A CN 202111527557 A CN202111527557 A CN 202111527557A CN 114372241 A CN114372241 A CN 114372241A
- Authority
- CN
- China
- Prior art keywords
- terminal
- authentication
- operation result
- identity
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses an identity authentication method, a system, a device and a storage medium for a terminal of the Internet of things, wherein the method comprises the following steps: acquiring first authentication information of a terminal; the first authentication information comprises authentication information obtained by encrypting a terminal ID and a product operation certificate; decrypting the first authentication information to obtain a first hash operation result and a decryption timestamp; acquiring a terminal ID and a product operation certificate; obtaining a second hash operation result according to the terminal ID and the product operation certificate; authenticating the identity of the terminal according to the first hash operation result, the second hash operation result and the decryption timestamp; the method can encrypt the terminal ID and the product operation certificate of the terminal of the Internet of things during the identity authentication of the Internet of things, and can finish the identity authentication of the terminal of the Internet of things after decryption at the platform end, thereby reducing the risks of stealing and tampering of authentication information during the authentication. The method and the device can be widely applied to the technical field of the Internet of things.
Description
Technical Field
The application relates to the technical field of Internet of things, in particular to a method, a system, a device and a storage medium for authenticating the identity of a terminal of the Internet of things.
Background
At present, identity authentication of an internet of things terminal is mostly based on an IMEI authentication or Token authentication mode. The platform uses IMEI legality as the only standard of terminal identity authentication. The IMEI is transmitted in a clear text in a network, and the risk of being stolen and tampered exists. And the LTE scene mostly adopts a Token authentication mode, the platform allocates a Token for the terminal, and the terminal needs to preset the Token or acquire the Token in an online mode. In practical application, the preset Token increases the difficulty of batch production of the terminals, and the Token of each terminal is different, so that batch operation cannot be performed, and the terminals need to be filled one by one. And acquiring the Token online, wherein the Token has a risk of being stolen in the transmission process. Therefore, a new identity authentication method for the terminal of the internet of things is needed.
Disclosure of Invention
The present application aims to solve at least to some extent one of the technical problems existing in the prior art.
Therefore, an object of the embodiments of the present application is to provide a method, a system, a device, and a storage medium for authenticating an identity of an internet of things terminal, where the method encrypts a terminal ID and a product operation certificate of the internet of things terminal during authentication of the internet of things terminal, and completes authentication of the identity of the internet of things terminal after decryption at a platform end, so as to reduce risks of theft and tampering of authentication information during authentication.
In order to achieve the technical purpose, the technical scheme adopted by the embodiment of the application comprises the following steps:
in a first aspect, an embodiment of the present application provides an identity authentication method for an internet of things terminal, including the following steps:
acquiring first authentication information of a terminal; the first authentication information comprises authentication information obtained by encrypting a terminal ID and a product operation certificate;
decrypting the first authentication information to obtain a first hash operation result and a decryption timestamp;
acquiring a terminal ID and a product operation certificate;
obtaining a second hash operation result according to the terminal ID and the product operation certificate;
and authenticating the identity of the terminal according to the first hash operation result, the second hash operation result and the decryption timestamp.
In addition, according to the method for authenticating the identity of the terminal of the internet of things in the embodiment of the invention, the following additional technical features can be provided:
further, in this embodiment of the application, the step of encrypting the terminal ID and the product operation certificate specifically includes: obtaining first original data and a first time stamp according to the terminal ID and the product operation certificate; calculating the first original data and the first time stamp to obtain a first calculation result; and carrying out encryption calculation on the first operation result to obtain first authentication information.
Further, in this embodiment of the application, the step of obtaining the first original data according to the terminal ID and the product operation certificate specifically includes: and splicing the terminal ID and the product operation certificate to obtain first original data.
Further, in this embodiment of the application, the step of performing an operation on the first original data and the first timestamp to obtain a first operation result specifically includes: performing hash operation on the first original data to obtain a first hash operation result; and splicing the first hash operation result and the first time stamp to obtain a first operation result.
Further, in this embodiment of the application, the authenticating the identity of the terminal according to the first hash operation result, the second hash operation result, and the decryption timestamp specifically includes: presetting a time error; obtaining an authentication time difference according to the first time stamp and the decryption time stamp; obtaining a time authentication result according to the authentication time difference and the time error; comparing the first hash operation result with the second hash operation result to obtain a comparison result; and authenticating the identity of the terminal according to the comparison result and the time authentication result.
Further, in this embodiment of the present application, the step of obtaining a time authentication result according to the authentication time difference and the time error specifically includes: comparing the authentication time difference with the time error; if the authentication time difference is smaller than the time error, the authentication is successful; and if the authentication time difference is larger than the time error, the authentication is unsuccessful.
Further, in this embodiment of the application, the step of obtaining a second hash operation result according to the terminal ID and the product operation certificate specifically includes: obtaining second original data according to the terminal ID and the product operation certificate; and carrying out Hash operation on the second original data to obtain a second Hash operation result.
On the other hand, the embodiment of the application also provides an identity authentication system for the terminal of the internet of things, which comprises a first obtaining module, a second obtaining module and a third obtaining module, wherein the first obtaining module is used for obtaining first authentication information of the terminal; the second acquisition module is used for acquiring the terminal ID and the product operation certificate; the decryption module is used for decrypting the first authentication information to obtain a first hash operation result and a decryption timestamp; and the authentication module is used for authenticating the identity of the terminal according to the first hash operation result, the second hash operation result and the decryption timestamp.
On the other hand, this application still provides a thing networking terminal authentication device, includes:
at least one processor;
at least one memory for storing at least one program;
when the at least one program is executed by the at least one processor, the at least one processor is enabled to implement the method for authenticating the identity of the terminal in the internet of things according to any one of the contents of the invention.
The application also provides a storage medium, wherein processor-executable instructions are stored in the storage medium, and when the processor-executable instructions are executed by a processor, the storage medium is used for executing the internet of things terminal identity authentication method.
Advantages and benefits of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application:
according to the method and the device, the terminal ID and the product operation certificate of the terminal of the Internet of things can be encrypted during identity authentication of the Internet of things, authentication of the identity of the terminal of the Internet of things is achieved by comparing the hash operation result and the authentication timestamp after decryption is carried out at the platform end, the risks of stealing and tampering of authentication information during authentication can be reduced, and the security of identity authentication is improved.
Drawings
Fig. 1 is a schematic diagram illustrating steps of a method for authenticating an identity of an internet of things terminal according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating steps for encrypting a terminal ID and a product operation certificate in an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating a step of performing an operation on the first original data and the first timestamp to obtain a first operation result according to an embodiment of the present invention;
fig. 4 is a schematic diagram illustrating a step of authenticating the identity of the terminal according to the first hash operation result, the second hash operation result, and the decryption timestamp in an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an internet of things terminal identity authentication system in an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an internet of things terminal identity authentication device in an embodiment of the present invention.
Detailed Description
The following describes in detail the principles and processes of the method, system, apparatus, and storage medium for authenticating the identity of the terminal in the internet of things according to the embodiments of the present invention with reference to the accompanying drawings.
Firstly, the identity authentication mode of the traditional internet of things terminal is explained: in the traditional identity authentication mode of the terminal of the internet of things, when the terminal is registered on a platform of the internet of things, the platform allocates Token to the terminal, and when the terminal logs in for requesting, the ID and Token of the terminal are sent to the platform of the internet of things; and the Internet of things platform performs corresponding authentication verification through the terminal ID and the Token and then performs login response. In practical application, the preset Token in the traditional method increases the difficulty of terminal batch production, and the Token of each terminal is different, so that batch operation cannot be performed, and the terminals need to be filled one by one. And acquiring the Token online, wherein the Token has a risk of being stolen in the transmission process.
Therefore, the present application provides a new identity authentication method for an internet of things terminal, and referring to fig. 1, the identity authentication method for the internet of things terminal of the present application includes the following steps:
s1, acquiring first authentication information of the terminal; the first authentication information comprises authentication information obtained by encrypting a terminal ID and a product operation certificate;
in the embodiment of the application, the first authentication information may be authentication information obtained by encrypting the terminal ID and the product operation certificate; and the terminal ID and the product operation certificate can be registered on the Internet of things platform through the Internet of things terminal, the terminal ID and the product operation certificate of the Internet of things terminal can be obtained through platform distribution, when the identity verification is carried out on the Internet of things terminal again, the Internet of things terminal can encrypt the terminal ID and the product operation certificate into first authentication information, and sends the first authentication information and the terminal ID to the Internet of things terminal.
S2, decrypting the first authentication information to obtain a first hash operation result and a decryption timestamp;
in this application embodiment, use the platform private key to decrypt first authentication information and can obtain the operation result, the operation result is first hash operation result and the result of timestamp through the concatenation, consequently can take out the first hash operation result after the decryption and the decryption timestamp according to the operation result, because network congestion condition and platform data processing rate, there may be the error in the timestamp before and after the decryption, according to the timestamp when decrypting timestamp and encrypting, can carry out validity check to the time.
S3, acquiring a terminal ID and a product operation certificate;
in the embodiment of the application, after the terminal completes registration of the platform, the platform can acquire the ID and the product operation certificate of the terminal.
S4, obtaining a second hash operation result by the terminal ID and the product operation certificate;
in the embodiment of the application, unlike the first hash operation result, the second hash operation result is data obtained by the platform performing hash operation according to the terminal ID and the terminal product operation certificate during terminal registration
S5, authenticating the identity of the terminal according to the first hash operation result, the second hash operation result and the decryption timestamp;
in the embodiment of the application, a first hash operation result obtained by decrypting the authentication information can be compared with a second hash operation result obtained by performing operation on the platform registration information, and identity authentication can be completed according to the comparison result; and the authentication of the terminal identity can be realized by combining the decryption timestamp and the authentication of the timestamp before decryption.
Further, referring to fig. 2, the step of encrypting the terminal ID and the product operation certificate may specifically include:
s11, obtaining first original data and a first time stamp according to the terminal ID and the product operation certificate;
in the self-device embodiment, the first raw data may be obtained according to a formula, where the formula is specifically: the first original data is the terminal ID + the product operation certificate, the first original data of the identity information can be obtained by splicing the product operation certificate through the terminal ID, and the first timestamp is a timestamp for obtaining the first original data.
S12, operating the first original data and the first timestamp to obtain a first operation result;
in the implementation of the application, hash operation can be performed on the first original data and the first timestamp, and the hash result is used to splice and encrypt the timestamp to obtain a calculation result, specifically, taking the first original data as raw data, the first operation result as r, and the timestamp as an example; the operation formula is r ═ hash (rawdata) + timeframe; hash () represents a hash operation on a parameter in parentheses, and the hash function is a mathematical equation that can be used to generate a code called a message digest using text (e.g., an email message); the well-known hash function is as follows: MD4, MD5, and SHS; a hash function that can be used for digital authentication must have certain properties that make it sufficiently secure with respect to cryptographic use.
S13, carrying out encryption calculation on the first operation result to obtain first authentication information;
in this embodiment of the present application, a platform public key is used to perform encryption calculation on the first operation result obtained in the above step to obtain first authentication information, where the first operation result is r and the first authentication information is authInfo, and according to a formula: encrypting the operation result by authInfo (encrypt) (r); encrypt () is an encrypted function.
Further, the step of obtaining the first original data according to the terminal ID and the product operation certificate may specifically include: in the embodiment of the present application, the terminal ID and the product operation certificate may be spliced to obtain first original data, and specifically, the formula may be referred to: and the raw data represents the original data obtained according to the terminal ID and the product operation certificate in the encryption process, and the Master-Key is the product operation certificate.
Further, referring to fig. 3, the step of performing an operation on the first original data and the first timestamp to obtain a first operation result may specifically include:
s121, performing hash operation on the first original data to obtain a first hash operation result;
in this embodiment of the present application, a hash operation may be performed on the first raw data to obtain a first hash operation result, and the hash operation result may be obtained according to a formula: h hash (rawdata); h is a hash result, the first hash operation result in the present application may be a hash operation result in an encryption process, and rawData is the first original data.
S122, splicing the first Hash operation result and the first timestamp to obtain a first operation result;
in this embodiment of the present application, a first hash operation result may be spliced with the first timestamp to obtain a first operation result; may be according to the formula r ═ h + timestamp; wherein h is a first operation result, and timestamp is a timestamp, and the first timestamp can be a timestamp during hash operation in this embodiment of the present application.
Further, referring to fig. 4, the authenticating the identity of the terminal according to the first hash operation result, the second hash operation result, and the decryption timestamp may specifically include:
s51, presetting a time error;
in the embodiment of the present application, since a network congestion condition may exist in the whole authentication process and time is required to be consumed when the platform performs data processing, a certain time error needs to be set, and the specific time error can be adjusted according to the actual situation.
S52, obtaining an authentication time difference according to the first time stamp and the decryption time stamp;
in this embodiment of the present application, the first timestamp may be a timestamp during hash operation during encryption, and the decryption timestamp is a decrypted timestamp; due to the existence of the network congestion condition and the data processing time of the platform, a certain error exists between the network congestion condition and the data processing time, the error is the authentication time difference, and specifically, the authentication time difference can be obtained by subtracting the decryption time stamp from the first time stamp.
S53, obtaining a time authentication result according to the authentication time difference and the time error;
in the embodiment of the application, a time authentication result can be obtained according to the preset time error and the calculation result of the authentication time difference, and the time authentication result can be used for verifying the time of identity authentication.
S54, comparing the first hash operation result with the second hash operation result to obtain a comparison result;
in the embodiment of the present application, the first hash operation result and the second hash operation result may be compared to obtain a comparison result.
S55, according to the comparison result and the time authentication result, authenticating the identity of the terminal;
in this embodiment of the application, if the comparison result of the first hash operation result and the second hash operation result is that both are consistent, the authentication is deemed to pass by combining the time authentication result of the timestamp, and the error between the decryption timestamp and the first timestamp is within the preset time error, and if the comparison result of the first hash operation result and the second hash operation result is that both are inconsistent, or the error between the decryption timestamp and the first timestamp is outside the preset time error, the authentication is deemed to not pass.
Further, the step of obtaining a time authentication result according to the authentication time difference and the time error may specifically include:
s531, comparing the authentication time difference with the time error;
in the embodiment of the application, the authentication time difference can be obtained by subtracting the decryption time stamp from the first time stamp, and whether the time authentication passes or not can be judged by comparing the authentication time difference with a preset time error.
S532, if the authentication time difference is smaller than the time error, the authentication is successful; if the authentication time difference is larger than the time error, the authentication is unsuccessful;
in the embodiment of the application, if the authentication time difference is smaller than the time error, the authentication is considered to be successful; and if the authentication time difference is larger than the time error, the authentication is unsuccessful. Specifically, a time error of 5 seconds may be preset; if the authentication time difference is less than 5 seconds, the authentication of the timestamp is considered to be successful, and if the authentication time difference is more than 5 seconds, the authentication of the timestamp is considered to be failed.
Further, in some embodiments of the present application, the method further comprises the steps of: returning the authentication result to the terminal; after the internet of things platform completes identity authentication, the internet of things platform needs to return an authentication result to the internet of things terminal to complete identity login.
To sum up, the method for authenticating the identity of the terminal of the internet of things has the following advantages:
1. the maintenance cost of the terminal of the Internet of things is reduced; different from the traditional identity authentication method using Token, by using the identity authentication method of the application, the platform does not need to allocate and maintain Token for each terminal.
2. The complexity of the application is reduced; the terminal calculates the data required by the authentication information: the terminal ID, the product operation certificate and the platform encryption public key can be injected into the terminal in batch, so that the complexity of terminal production is reduced, and the application universality is improved;
3. the safety terminal added with the identity information only carries the terminal ID and the encrypted first authentication information in the login process, and the product operation certificate cannot be transmitted in the network, so that the safety of the identity information is ensured not to be stolen; the identity information is encrypted and transmitted after Hash operation, so that the data security is further improved;
4. the method can effectively resist replay attack, the time stamp is added into the authentication information, and the platform can effectively resist replay attack by checking the time stamp.
In addition, corresponding to the method in fig. 1, referring to fig. 5, an embodiment of the present application further provides an identity authentication system for a terminal in the internet of things, including a first obtaining module, configured to obtain first authentication information of the terminal; the second acquisition module is used for acquiring the terminal ID and the product operation certificate; the decryption module is used for decrypting the first authentication information to obtain a first hash operation result and a decryption timestamp; and the authentication module is used for authenticating the identity of the terminal according to the first hash operation result, the second hash operation result and the decryption timestamp.
Corresponding to the method in fig. 1, an embodiment of the present application further provides an identity authentication device for a terminal in the internet of things, where a specific structure of the identity authentication device may refer to fig. 6, and the identity authentication device includes:
at least one processor;
at least one memory for storing at least one program;
when the at least one program is executed by the at least one processor, the at least one processor is enabled to implement the method for authenticating the identity of the terminal of the internet of things.
The contents in the above method embodiments are all applicable to the present apparatus embodiment, the functions specifically implemented by the present apparatus embodiment are the same as those in the above method embodiments, and the advantageous effects achieved by the present apparatus embodiment are also the same as those achieved by the above method embodiments.
Corresponding to the method in fig. 1, an embodiment of the present invention further provides a storage medium, in which processor-executable instructions are stored, and when the processor-executable instructions are executed by a processor, the storage medium is configured to perform the method for authenticating the identity of the terminal in the internet of things.
In alternative embodiments, the functions/acts noted in the block diagrams may occur out of the order noted in the operational illustrations. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved. Furthermore, the embodiments presented and described in the flowcharts of the present application are provided by way of example in order to provide a more thorough understanding of the technology. The disclosed methods are not limited to the operations and logic flows presented herein. Alternative embodiments are contemplated in which the order of various operations is changed and in which sub-operations described as part of larger operations are performed independently.
Furthermore, although the present application is described in the context of functional modules, it should be understood that, unless otherwise stated to the contrary, one or more of the functions and/or features may be integrated in a single physical device and/or software module, or one or more functions and/or features may be implemented in separate physical devices or software modules. It will also be appreciated that a detailed discussion regarding the actual implementation of each module is not necessary for an understanding of the present application. Rather, the actual implementation of the various functional modules in the apparatus disclosed herein will be understood within the ordinary skill of an engineer, given the nature, function, and internal relationship of the modules. Accordingly, those skilled in the art can, using ordinary skill, practice the present application as set forth in the claims without undue experimentation. It is also to be understood that the specific concepts disclosed are merely illustrative of and not intended to limit the scope of the application, which is defined by the appended claims and their full scope of equivalents.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium, which includes programs for enabling a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The logic and/or steps represented in the flowcharts or otherwise described herein, such as an ordered listing of executable programs that can be considered for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with a program execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the programs from the program execution system, apparatus, or device and execute the programs. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the program execution system, apparatus, or device.
More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable program execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the foregoing description of the specification, reference to the description of "one embodiment/example," "another embodiment/example," or "certain embodiments/examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the present application have been shown and described, it will be understood by those of ordinary skill in the art that: numerous changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the application, the scope of which is defined by the claims and their equivalents.
While the present application has been described with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. An identity authentication method for an Internet of things terminal is characterized by comprising the following steps:
acquiring first authentication information of a terminal; the first authentication information comprises authentication information obtained by encrypting a terminal ID and a product operation certificate;
decrypting the first authentication information to obtain a first hash operation result and a decryption timestamp;
acquiring a terminal ID and a product operation certificate;
obtaining a second hash operation result according to the terminal ID and the product operation certificate;
and authenticating the identity of the terminal according to the first hash operation result, the second hash operation result and the decryption timestamp.
2. The internet of things terminal identity authentication method according to claim 1, wherein the step of encrypting the terminal ID and the product operation certificate specifically comprises:
obtaining first original data and a first time stamp according to the terminal ID and the product operation certificate;
calculating the first original data and the first time stamp to obtain a first calculation result;
and carrying out encryption calculation on the first operation result to obtain first authentication information.
3. The internet of things terminal identity authentication method according to claim 2, wherein the step of obtaining first original data according to the terminal ID and the product operation certificate specifically includes:
and splicing the terminal ID and the product operation certificate to obtain first original data.
4. The internet of things terminal identity authentication method according to claim 2, wherein the step of performing an operation on the first original data and the first timestamp to obtain a first operation result specifically includes:
performing hash operation on the first original data to obtain a first hash operation result;
and splicing the first hash operation result and the first time stamp to obtain a first operation result.
5. The identity authentication method for the terminal of the internet of things according to claim 2, wherein the step of authenticating the identity of the terminal according to the first hash operation result, the second hash operation result and the decryption timestamp specifically comprises:
presetting a time error;
obtaining an authentication time difference according to the first time stamp and the decryption time stamp;
obtaining a time authentication result according to the authentication time difference and the time error;
comparing the first hash operation result with the second hash operation result to obtain a comparison result;
and authenticating the identity of the terminal according to the comparison result and the time authentication result.
6. The identity authentication method of the terminal of the internet of things according to claim 5, wherein the step of obtaining the time authentication result according to the authentication time difference and the time error specifically comprises:
comparing the authentication time difference with the time error;
if the authentication time difference is smaller than the time error, the authentication is successful; and if the authentication time difference is larger than the time error, the authentication is unsuccessful.
7. The method for authenticating the identity of the terminal in the internet of things according to claim 1, wherein the step of obtaining a second hash operation result according to the terminal ID and the product operation certificate specifically comprises:
obtaining second original data according to the terminal ID and the product operation certificate;
and carrying out Hash operation on the second original data to obtain a second Hash operation result.
8. The utility model provides a thing networking terminal authentication system which characterized in that includes:
the first acquisition module is used for acquiring first authentication information of the terminal;
the second acquisition module is used for acquiring the terminal ID and the product operation certificate;
the decryption module is used for decrypting the first authentication information to obtain a first hash operation result and a decryption timestamp;
and the authentication module is used for authenticating the identity of the terminal according to the first hash operation result, the second hash operation result and the decryption timestamp.
9. The utility model provides a thing networking terminal authentication device which characterized in that includes:
at least one processor;
at least one memory for storing at least one program;
when the at least one program is executed by the at least one processor, the at least one processor is enabled to implement the method for authenticating the identity of the terminal in the internet of things according to any one of claims 1 to 7.
10. A storage medium having stored therein processor-executable instructions, wherein the processor-executable instructions, when executed by a processor, are configured to perform a method for authenticating an identity of an internet of things terminal according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111527557.7A CN114372241A (en) | 2021-12-14 | 2021-12-14 | Internet of things terminal identity authentication method, system, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111527557.7A CN114372241A (en) | 2021-12-14 | 2021-12-14 | Internet of things terminal identity authentication method, system, device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114372241A true CN114372241A (en) | 2022-04-19 |
Family
ID=81141154
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111527557.7A Pending CN114372241A (en) | 2021-12-14 | 2021-12-14 | Internet of things terminal identity authentication method, system, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114372241A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114978542A (en) * | 2022-05-20 | 2022-08-30 | 深圳大学 | Full-life-cycle-oriented Internet of things equipment identity authentication method, system and storage medium |
-
2021
- 2021-12-14 CN CN202111527557.7A patent/CN114372241A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114978542A (en) * | 2022-05-20 | 2022-08-30 | 深圳大学 | Full-life-cycle-oriented Internet of things equipment identity authentication method, system and storage medium |
| CN114978542B (en) * | 2022-05-20 | 2023-05-26 | 深圳大学 | Full life cycle-oriented internet of things equipment identity authentication method, system and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106899410B (en) | A kind of method and device of equipment identities certification | |
| CN109309565B (en) | Security authentication method and device | |
| EP2221742B1 (en) | Authenticated communication between security devices | |
| US8171527B2 (en) | Method and apparatus for securing unlock password generation and distribution | |
| CN106571951B (en) | Audit log obtaining method, system and device | |
| EP1886438A1 (en) | Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method | |
| CN111800378B (en) | Login authentication method, device, system and storage medium | |
| CN111030814A (en) | Key negotiation method and device | |
| CN113395406B (en) | Encryption authentication method and system based on power equipment fingerprint | |
| CN113609213B (en) | Method, system, device and storage medium for synchronizing device keys | |
| CN112241527B (en) | Secret key generation method and system of terminal equipment of Internet of things and electronic equipment | |
| US8220059B2 (en) | Method and apparatus for generating rights object by reauthorization | |
| CN110929231A (en) | Digital asset authorization method and device and server | |
| CN110191467B (en) | Authentication method, equipment, device and storage medium for Internet of things equipment | |
| CN113766450A (en) | Vehicle virtual key sharing method, mobile terminal, server and vehicle | |
| CN114372241A (en) | Internet of things terminal identity authentication method, system, device and storage medium | |
| CN112887099B (en) | Data signing method, electronic device and computer readable storage medium | |
| CN111147471B (en) | Terminal network access authentication method, device, system and storage medium | |
| CN110798447B (en) | Intelligent terminal local authorization method, device and system based on network communication | |
| CN116707983A (en) | Authorization authentication method and device, access authentication method and device, equipment and medium | |
| CN102882882B (en) | A kind of user resources authorization method | |
| CN115766192A (en) | UKEY-based offline security authentication method, device, equipment and medium | |
| CN114500150A (en) | Communication method and device based on CAN bus and operation machine | |
| CN109104393B (en) | Identity authentication method, device and system | |
| CN114679284A (en) | Trusted remote attestation system, storage method, verification method and storage medium thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |