CN114666074B

CN114666074B - Product identification authentication method and device

Info

Publication number: CN114666074B
Application number: CN202011410139.5A
Authority: CN
Inventors: 王敏; 习熹; 汪智慧; 赵辉
Original assignee: China Mobile Communications Group Co Ltd; China Mobile IoT Co Ltd
Current assignee: China Mobile Communications Group Co Ltd; China Mobile IoT Co Ltd
Priority date: 2020-12-04
Filing date: 2020-12-04
Publication date: 2024-04-09
Anticipated expiration: 2040-12-04
Also published as: CN114666074A

Abstract

The invention provides a product identification authentication method and device, wherein the method comprises the following steps: reading a target identifier of a target product stored in a security chip and an identifier key corresponding to the target identifier; performing authentication calculation on the target identifier by adopting an identifier key to obtain a first authentication calculation result; generating a first identification analysis authentication request message, wherein the first identification analysis authentication request message comprises the first authentication calculation result; sending the first identification analysis authentication request message to an identifiable identification analysis platform; and receiving a first identification authentication result fed back by the trusted identification analysis platform, wherein the first identification authentication result carries identification information corresponding to the target identification. In the invention, a product is supported to write a plurality of identifications and corresponding multiple groups of identification keys, and all enterprise product identifications, identification keys and enterprise information are uniformly managed by means of the capability of an identifiable identification analysis platform, so that safe data interaction is performed, and online maintenance and management of information in the whole life cycle of the product are realized.

Description

A product identification authentication method and device

技术领域Technical Field

本发明实施例涉及物联网安全认证领域，尤其涉及一种产品标识认证方法及装置。The embodiments of the present invention relate to the field of Internet of Things security authentication, and in particular to a product identification authentication method and device.

背景技术Background technique

为了让人机物互联更便捷高效，实现对重要产品的追溯及智能产品的全生命周期管理。目前对产品的追溯标识认证方式有两大类，一类是通过安装条码、二维码、RFID(Radio Frequency Identification，射频识别)电子标签等外部身份标识，其中RFID(Radio Frequency Identification，射频识别)电子标签需要终端嵌入射频模块来读取标识认证，条码或二维码需要扫描器来读取标识认证，这些都属于被动标识；二类是在产品内嵌入SIM(Subscriber Identity Module，用户身份识别模块卡)载体等内部身份标识，该标识只能在生产制造阶段随SIM载体的安装写到产品内，且不能实现一个SIM载体存储多个产品，且一个产品有多个标识的情况。In order to make the interconnection between people, machines and things more convenient and efficient, and to achieve the traceability of important products and the full life cycle management of smart products. At present, there are two major ways to trace the identification and authentication of products. One is to install external identification tags such as barcodes, QR codes, RFID (Radio Frequency Identification) electronic tags, among which RFID (Radio Frequency Identification) electronic tags require terminals to embed radio frequency modules to read identification authentication, and barcodes or QR codes require scanners to read identification authentication, which are all passive identification; the second is to embed internal identification tags such as SIM (Subscriber Identity Module) carriers in products. This identification can only be written into the product with the installation of the SIM carrier during the manufacturing stage, and it is not possible to store multiple products in one SIM carrier and have multiple identifications for one product.

而安全芯片作为主动标识载体具有一定的优势，能够快速帮助客户集成标识发行、存储能力，保障标识的不可篡改性，同时能够提供安全通信及认证服务，保障标识体系的安全可信。在产品的生产、仓储、物流、销售和服务等不同生命周期阶段，标识服务平台将相应阶段的产品可信标识和安全标识密钥写入安全芯片内，一个标识可索引到一个业务服务平台，通过标识认证后，可以对该产品进行该生命周期阶段的业务管理，通过多个可信标识关联，实现对智能产品的有效防伪认证及全生命周期管理。同时，集成安全芯片的主产品在服务提供阶段，可以通过多种接口连接多个附属产品，通过主产品也可向标识服务平台申请附属产品的可信标识和安全标识密钥，并写入到安全芯片中，并由处于窄带物联网、2G、4G、5G等网络中的主产品实现附属产品与标识服务平台的安全认证及与相应业务服务平台的业务交互等流程。As an active identification carrier, the security chip has certain advantages. It can quickly help customers integrate identification issuance and storage capabilities, ensure the non-tamperability of the identification, and provide secure communication and authentication services to ensure the security and reliability of the identification system. In different life cycle stages of products, such as production, warehousing, logistics, sales and services, the identification service platform writes the product's trusted identification and security identification key of the corresponding stage into the security chip. One identification can be indexed to a business service platform. After the identification is authenticated, the product can be managed for the business of the life cycle stage. Through the association of multiple trusted identifications, effective anti-counterfeiting authentication and full life cycle management of smart products can be achieved. At the same time, the main product with integrated security chip can connect multiple subsidiary products through multiple interfaces during the service provision stage. Through the main product, the trusted identification and security identification key of the subsidiary product can also be applied to the identification service platform through the main product, and written into the security chip. The main product in the narrowband Internet of Things, 2G, 4G, 5G and other networks can realize the security authentication of the subsidiary product and the identification service platform and the business interaction with the corresponding business service platform.

发明内容Summary of the invention

本发明实施例提供一种产品标识认证方法及装置，用于解决现有的基于SIM载体的产品标识认证方法中一个产品对应一个标识存储到一个SIM载体里，标识只能在生产制造阶段随SIM载体的安装写到产品内的问题。The embodiment of the present invention provides a product identification authentication method and device, which are used to solve the problem that in the existing product identification authentication method based on SIM carrier, one product corresponds to one identification and is stored in one SIM carrier, and the identification can only be written into the product during the production stage when the SIM carrier is installed.

为了解决上述技术问题，本发明是这样实现的：In order to solve the above-mentioned technical problems, the present invention is achieved as follows:

第一方面，本发明实施例提供了一种产品标识认证方法，应用于终端，包括：In a first aspect, an embodiment of the present invention provides a product identification authentication method, which is applied to a terminal and includes:

读取安全芯片中存储的目标产品的目标标识以及所述目标标识对应的标识密钥；Reading a target identification of a target product and an identification key corresponding to the target identification stored in a security chip;

采用所述标识密钥对所述目标标识进行认证计算，得到第一认证计算结果；Using the identification key to perform authentication calculation on the target identification to obtain a first authentication calculation result;

生成第一标识解析认证请求报文，所述第一标识解析认证请求报文包含所述第一认证计算结果；Generate a first identity resolution authentication request message, wherein the first identity resolution authentication request message includes the first authentication calculation result;

将所述第一标识解析认证请求报文发送至可信标识解析平台；Sending the first identity resolution authentication request message to the trusted identity resolution platform;

接收所述可信标识解析平台反馈的第一标识认证结果，所述第一标识认证结果中携带所述目标标识对应的标识信息。A first identification authentication result fed back by the trusted identification resolution platform is received, wherein the first identification authentication result carries identification information corresponding to the target identification.

可选的，读取安全芯片中存储的目标产品的目标标识以及所述目标标识对应的标识密钥之前还包括：Optionally, before reading the target identification of the target product and the identification key corresponding to the target identification stored in the security chip, the method further includes:

若所述安全芯片中存储有所述目标产品的多个标识，获取所述目标产品的当前激活的标识索引；If the security chip stores multiple identifications of the target product, obtaining the currently activated identification index of the target product;

读取所述安全芯片中存储的与所述标识索引对应的目标标识以及所述目标标识对应的标识密钥。The target identification corresponding to the identification index and the identification key corresponding to the target identification stored in the security chip are read.

可选的，通过所述安全芯片对所述目标产品的业务数据进行加密，得到加密业务数据；Optionally, the business data of the target product is encrypted by the security chip to obtain encrypted business data;

通过所述目标标识的标识密钥对加密业务数据进行认证计算；Performing authentication calculation on the encrypted business data using the identification key of the target identification;

生成业务数据报文，所述业务数据报文包含认证计算后的加密业务数据；Generate a business data message, wherein the business data message includes encrypted business data after authentication calculation;

将所述业务数据报文发送至业务服务平台。The business data message is sent to the business service platform.

可选的，所述安全芯片中存储的产品的标识采用预置的方式和后写入的方式写入。Optionally, the product identification stored in the security chip is written in a preset manner or a post-write manner.

可选的，与其他物联网终端连接；接收所述其他物联网终端发送的产品的标识写入申请；将接收到的产品的标识写入所述安全芯片。Optionally, connect with other Internet of Things terminals; receive product identification writing applications sent by the other Internet of Things terminals; and write the received product identification into the security chip.

可选的，所述将接收到的产品的标识写入所述安全芯片，包括：Optionally, writing the received product identifier into the security chip includes:

采用所述产品的标识中的标识密钥对所述产品的标识进行认证计算，得到第二认证计算结果；Performing an authentication calculation on the product identification using the identification key in the product identification to obtain a second authentication calculation result;

生成所述产品的标识的第二标识解析认证请求报文，所述第二标识解析认证请求报文包含所述第二认证计算结果；Generate a second identity resolution authentication request message for the identity of the product, wherein the second identity resolution authentication request message includes the second authentication calculation result;

将所述第二标识解析认证请求报文发送至可信标识解析平台；Sending the second identity resolution authentication request message to the trusted identity resolution platform;

接收所述可信标识解析平台反馈的第二标识认证结果；Receive a second identification authentication result fed back by the trusted identification resolution platform;

将所述产品标识及对应标识密钥写入所述安全芯片。The product identification and the corresponding identification key are written into the security chip.

可选的，采用通用异步收发传输器、二线制同步串行总线、串行外设接口、蓝牙、近距离无线通信技术与其他物联网终端连接。Optionally, a universal asynchronous receiver/transmitter, a two-wire synchronous serial bus, a serial peripheral interface, Bluetooth, or a short-range wireless communication technology can be used to connect to other IoT terminals.

可选的，所述安全芯片存储至少一个产品的标识，每个产品包括至少一个标识，每一标识对应一标识密钥。Optionally, the security chip stores at least one product identification, each product includes at least one identification, and each identification corresponds to an identification key.

可选的，所述安全芯片还存储包括以下至少一项：标识索引；可信标识解析平台地址。Optionally, the security chip further stores at least one of the following: an identification index; and an address of a trusted identification resolution platform.

第二方面，本发明实施例提供了一种产品标识认证方法，应用于可信标识解析平台，包括：In a second aspect, an embodiment of the present invention provides a product identification authentication method, which is applied to a trusted identification resolution platform, including:

接收终端发送的第一标识解析认证请求报文；所述第一标识解析认证请求报文包含采用目标标识的标识密钥对目标标识进行认证计算的第一认证计算结果；A first identity resolution authentication request message sent by a receiving terminal; the first identity resolution authentication request message includes a first authentication calculation result of performing an authentication calculation on a target identity using an identity key of the target identity;

将所述第一标识解析认证请求报文发送至安全认证服务平台进行标识认证；Sending the first identity resolution authentication request message to the security authentication service platform for identity authentication;

接收所述安全认证服务平台反馈的第一标识认证结果；Receive a first identification authentication result fed back by the security authentication service platform;

若标识认证通过，将所述标识认证结果发送至所述可信标识解析平台，所述第一标识认证结果中携带所述目标标识对应的标识信息。If the identification authentication is passed, the identification authentication result is sent to the trusted identification resolution platform, and the first identification authentication result carries the identification information corresponding to the target identification.

第三方面，本发明实施例提供了一种产品标识认证装置，包括：In a third aspect, an embodiment of the present invention provides a product identification authentication device, including:

读取模块，用于读取安全芯片中存储的目标产品的目标标识以及所述目标标识对应的标识密钥；A reading module, used for reading a target identification of a target product and an identification key corresponding to the target identification stored in a security chip;

认证计算模块，用于采用所述标识密钥对所述目标标识进行认证计算，得到第一认证计算结果；An authentication calculation module, used to perform authentication calculation on the target identifier using the identifier key to obtain a first authentication calculation result;

第一处理模块，用于生成第一标识解析认证请求报文，所述第一标识解析认证请求报文包含所述第一认证计算结果；A first processing module, configured to generate a first identity resolution authentication request message, wherein the first identity resolution authentication request message includes the first authentication calculation result;

第一发送模块，用于将所述第一标识解析认证请求报文发送至可信标识解析平台；A first sending module, used to send the first identity resolution authentication request message to a trusted identity resolution platform;

第一接收模块，用于接收所述可信标识解析平台反馈的第一标识认证结果，若标识认证通过，所述标识认证结果中携带所述目标标识对应的标识信息。The first receiving module is used to receive a first identification authentication result fed back by the trusted identification resolution platform. If the identification authentication is successful, the identification authentication result carries identification information corresponding to the target identification.

第四方面，本发明实施例提供了一种产品标识认证装置，包括：In a fourth aspect, an embodiment of the present invention provides a product identification authentication device, including:

第二接收模块，接收终端发送的标识解析认证请求报文；所述标识解析认证请求报文包含采用目标标识的标识密钥对目标标识进行认证计算的认证计算结果；A second receiving module receives an identity resolution authentication request message sent by a terminal; the identity resolution authentication request message includes an authentication calculation result of performing an authentication calculation on a target identity using an identity key of the target identity;

第二发送模块，用于将所述标识解析认证请求报文发送至安全认证服务平台进行标识认证；A second sending module is used to send the identity resolution authentication request message to the security authentication service platform for identity authentication;

第三接收模块，用于接收所述安全认证服务平台反馈的标识认证结果；A third receiving module is used to receive the identification authentication result fed back by the security authentication service platform;

第三发送模块，用于若标识认证通过，将所述标识认证结果发送至所述可信标识解析平台，所述标识认证结果中携带所述目标标识对应的标识信息。The third sending module is used to send the identification authentication result to the trusted identification resolution platform if the identification authentication passes, and the identification authentication result carries the identification information corresponding to the target identification.

第五方面，本发明实施例提供了一种产品标识认证装置，包括：收发机和处理器；In a fifth aspect, an embodiment of the present invention provides a product identification authentication device, including: a transceiver and a processor;

所述处理器，用于读取安全芯片中存储的目标产品的目标标识以及所述目标标识对应的标识密钥；The processor is used to read the target identification of the target product and the identification key corresponding to the target identification stored in the security chip;

所述处理器，用于生成标识解析认证请求报文，所述标识解析认证请求报文包含第一认证计算结果；The processor is configured to generate an identity resolution authentication request message, wherein the identity resolution authentication request message includes a first authentication calculation result;

所述处理器，用于生成第一标识解析认证请求报文，所述第一标识解析认证请求报文包含所述第一认证计算结果；The processor is configured to generate a first identity resolution authentication request message, wherein the first identity resolution authentication request message includes the first authentication calculation result;

所述收发机，用于将所述第一标识解析认证请求报文发送至可信标识解析平台；The transceiver is used to send the first identity resolution authentication request message to the trusted identity resolution platform;

所述收发机，用于接收所述可信标识解析平台反馈的第一标识认证结果，若标识认证通过，所述标识认证结果中携带所述目标标识对应的标识信息。The transceiver is used to receive the first identification authentication result fed back by the trusted identification resolution platform. If the identification authentication is successful, the identification authentication result carries the identification information corresponding to the target identification.

第六方面，本发明实施例提供了一种产品标识认证装置，包括：收发机和处理器；In a sixth aspect, an embodiment of the present invention provides a product identification authentication device, including: a transceiver and a processor;

所述收发机，用于接收终端发送的标识解析认证请求报文；所述标识解析认证请求报文包含采用目标标识的标识密钥对目标标识进行认证计算的认证计算结果；The transceiver is used to receive an identity resolution authentication request message sent by a terminal; the identity resolution authentication request message includes an authentication calculation result of performing an authentication calculation on a target identity using an identity key of the target identity;

所述收发机，用于将所述标识解析认证请求报文发送至安全认证服务平台进行标识认证；The transceiver is used to send the identity resolution authentication request message to the security authentication service platform for identity authentication;

所述收发机，用于接收所述安全认证服务平台反馈的标识认证结果；The transceiver is used to receive the identification authentication result fed back by the security authentication service platform;

所述收发机，用于若标识认证通过，将所述标识认证结果发送至所述可信标识解析平台，所述标识认证结果中携带所述目标标识对应的标识信息。The transceiver is used to send the identification authentication result to the trusted identification resolution platform if the identification authentication passes, and the identification authentication result carries the identification information corresponding to the target identification.

第七方面，提供了一种终端，其特征在于，包括：处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序，所述程序被所述处理器执行时实现如第一方面所述的产品标识认证方法的步骤。In the seventh aspect, a terminal is provided, characterized in that it includes: a processor, a memory, and a program stored in the memory and executable on the processor, wherein when the program is executed by the processor, the steps of the product identification authentication method described in the first aspect are implemented.

第八方面，提供了一种可信标识解析平台，包括：处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序，所述程序被所述处理器执行时实现如第一方面所述的产品标识认证方法的步骤。In an eighth aspect, a trusted identification resolution platform is provided, comprising: a processor, a memory, and a program stored in the memory and executable on the processor, wherein when the program is executed by the processor, the steps of the product identification authentication method as described in the first aspect are implemented.

第九方面，提供了一种计算机可读存储介质，其特征在于，所述计算机可读存储介质上存储有计算机程序，所述计算机程序被处理器执行时实现如第一方面所述的产品标识认证方法的步骤。In a ninth aspect, a computer-readable storage medium is provided, characterized in that a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the product identification authentication method as described in the first aspect are implemented.

在本发明实施例中，通过将一个产品写入多个标识及对应的多组标识密钥，并借助可信标识解析平台的能力，统一管理所有的企业产品标识及标识密钥和企业信息，进行安全数据交互，实现产品的全生命周期里信息的线上维护和管理。In an embodiment of the present invention, by writing multiple identifications and corresponding multiple groups of identification keys to a product, and relying on the capabilities of a trusted identification resolution platform, all enterprise product identifications, identification keys and enterprise information are uniformly managed, secure data interaction is performed, and online maintenance and management of information throughout the product life cycle is achieved.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

通过阅读下文优选实施方式的详细描述，各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的，而并不认为是对本发明的限制。而且在整个附图中，用相同的参考符号标识相同的部件。在附图中：Various other advantages and benefits will become apparent to those of ordinary skill in the art by reading the detailed description of the preferred embodiments below. The accompanying drawings are only for the purpose of illustrating the preferred embodiments and are not to be considered as limiting the present invention. Moreover, the same reference symbols are used to identify the same components throughout the accompanying drawings. In the accompanying drawings:

图1为本发明实施例提供的一种产品标识认证方法应用于终端的流程示意图；FIG1 is a schematic diagram of a process of applying a product identification authentication method provided by an embodiment of the present invention to a terminal;

图2为本发明实施例提供的一种产品标识认证方法中安全芯片存储结构示意图；FIG2 is a schematic diagram of a security chip storage structure in a product identification authentication method provided by an embodiment of the present invention;

图3为本发明实施例提供的一种产品标识认证方法中标识写入的流程示意图；FIG3 is a schematic diagram of a flow chart of identification writing in a product identification authentication method provided by an embodiment of the present invention;

图4为本发明实施例提供的一种产品标识认证方法应用于可信标识解析平台的流程示意图；FIG4 is a schematic diagram of a process of applying a product identification authentication method provided by an embodiment of the present invention to a trusted identification resolution platform;

图5为本发明实施例提供的一种产品标识认证装置应用于终端的结构示意图；FIG5 is a schematic diagram of the structure of a product identification authentication device provided by an embodiment of the present invention applied to a terminal;

图6为本发明实施例提供的一种产品标识认证装置应用于可信标识解析平台的结构示意图；FIG6 is a schematic diagram of the structure of a product identification authentication device provided by an embodiment of the present invention applied to a trusted identification resolution platform;

图7为本发明实施例提供的一种应用于终端的收发机结构示意图；FIG7 is a schematic diagram of a transceiver structure applied to a terminal provided by an embodiment of the present invention;

图8为本发明实施例提供的一种应用于可信标识解析平台的结构示意图；FIG8 is a schematic diagram of a structure of a trusted identity resolution platform provided by an embodiment of the present invention;

图9为本发明实施例提供的一种终端的结构示意图；FIG9 is a schematic diagram of the structure of a terminal provided by an embodiment of the present invention;

图10为本发明实施例提供的一种可信标识解析平台的结构示意图。FIG10 is a schematic diagram of the structure of a trusted identity resolution platform provided in an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图，对本发明实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例是本发明一部分实施例，而不是全部的实施例。基于本发明中的实施例，本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例，都属于本发明保护的范围。The following will be combined with the drawings in the embodiments of the present invention to clearly and completely describe the technical solutions in the embodiments of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.

请参考图1，本发明实施例提供一种产品标识认证方法，应用于终端，包括：Referring to FIG. 1 , an embodiment of the present invention provides a product identification authentication method, which is applied to a terminal and includes:

步骤11：读取安全芯片中存储的目标产品的目标标识以及所述目标标识对应的标识密钥；Step 11: Read the target identification of the target product and the identification key corresponding to the target identification stored in the security chip;

步骤12：采用所述标识密钥对所述目标标识进行认证计算，得到第一认证计算结果；Step 12: Using the identification key to perform authentication calculation on the target identification to obtain a first authentication calculation result;

步骤13：生成第一标识解析认证请求报文，所述第一标识解析认证请求报文包含所述第一认证计算结果；Step 13: Generate a first identity resolution authentication request message, where the first identity resolution authentication request message includes the first authentication calculation result;

步骤14：将所述第一标识解析认证请求报文发送至可信标识解析平台；Step 14: Send the first identity resolution authentication request message to a trusted identity resolution platform;

步骤15：接收所述可信标识解析平台反馈的第一标识认证结果，所述第一标识认证结果中携带所述目标标识对应的标识信息。Step 15: Receive a first identification authentication result fed back by the trusted identification resolution platform, wherein the first identification authentication result carries identification information corresponding to the target identification.

本发明实施例中，在步骤11中，若所述目标产品中有多个标识，通过标识索引只是到当前激活的目标标识；所述认证计算不限使用对称密钥、非对称密钥、国际算法、国密算法等；所述标识密钥不限于对称密钥、非对称密钥等；在步骤14中，所述可信标识解析平台通过安全认证服务平台对产品标识及标识解析认证请求进行认证计算校验，若校验通过，则表示当前解析请求来自合法的产品；在步骤15中，所述可信标识解析平台中存储有所述目标标识的标识信息，所述标识信息包括企业节点位置等信息。In an embodiment of the present invention, in step 11, if there are multiple identifiers in the target product, only the currently activated target identifier is found through the identifier index; the authentication calculation is not limited to the use of symmetric keys, asymmetric keys, international algorithms, national secret algorithms, etc.; the identification key is not limited to symmetric keys, asymmetric keys, etc.; in step 14, the trusted identification resolution platform performs an authentication calculation verification on the product identification and the identification resolution authentication request through the security authentication service platform. If the verification passes, it means that the current resolution request comes from a legitimate product; in step 15, the trusted identification resolution platform stores the identification information of the target identification, and the identification information includes information such as the enterprise node location.

本发明实施例中，通过将一个产品写入多个标识及对应的多组标识密钥，并借助可信标识解析平台的能力，统一管理所有的企业产品标识及标识密钥和企业信息，进行安全数据交互，实现产品的全生命周期里信息的线上维护和管理。In an embodiment of the present invention, by writing multiple identifications and corresponding multiple groups of identification keys to a product and leveraging the capabilities of a trusted identification resolution platform, all enterprise product identifications, identification keys, and enterprise information are uniformly managed, secure data interaction is performed, and online maintenance and management of information throughout the product life cycle is achieved.

本发明实施例中，可选的，读取安全芯片中存储的目标产品的目标标识以及所述目标标识对应的标识密钥之前还包括：In the embodiment of the present invention, optionally, before reading the target identification of the target product and the identification key corresponding to the target identification stored in the security chip, the method further includes:

本发明实施例中，目标产品的目标标识的存储结构，请参考图2，所述标识0～标识N标识所述目标产品不同生命周期或不同使用阶段的标识信息；所述标识索引表示产品当前激活的标识信息，用以标识产品当前的生命周期状态或服务阶段；可信标识解析平台地址用以存储产品对应标识解析服务的平台地址；其它信息为可选写入，可用于存储产品的安全配置信息等定制化信息，其中，所述产品如水表、电表、燃气表可通过家庭网关连接所述行业解析平台，进而索引到服务平台。In an embodiment of the present invention, the storage structure of the target identification of the target product, please refer to Figure 2, the identification 0 to identification N identify the identification information of the target product in different life cycles or different usage stages; the identification index represents the identification information currently activated by the product, which is used to identify the current life cycle status or service stage of the product; the trusted identification resolution platform address is used to store the platform address of the identification resolution service corresponding to the product; other information is optional to write, and can be used to store customized information such as the security configuration information of the product, wherein the products such as water meters, electricity meters, and gas meters can be connected to the industry resolution platform through a home gateway, and then indexed to the service platform.

本发明实施例中，可选的，通过所述安全芯片对所述目标产品的业务数据进行加密，得到加密业务数据；In the embodiment of the present invention, optionally, the business data of the target product is encrypted by the security chip to obtain encrypted business data;

本发明实施例中，所述业务服务平台可请求安全认证服务平台，根据所述目标产品的标识对所述业务数据报文进行认证计算认证，确认合法身份，同时使用对应的业务通信标识密钥，对所述业务数据报文进行解密得到业务数据，并将业务数据返回给业务服务平台，进而进行后续的业务交互流程。In an embodiment of the present invention, the business service platform may request a security authentication service platform to perform authentication calculations on the business data message according to the identification of the target product to confirm the legal identity, and at the same time use the corresponding business communication identification key to decrypt the business data message to obtain the business data, and return the business data to the business service platform to carry out subsequent business interaction processes.

本发明实施例中，可选的，所述安全芯片中存储的产品的标识采用预置的方式和后写入的方式写入。In the embodiment of the present invention, optionally, the product identification stored in the security chip is written in a preset manner or a post-write manner.

本发明实施例中，所述产品在生产制造阶段内嵌一个蜂窝模组和一个安全芯片，所述产品的标识写入通常可采用预置的方式和后写入的方式，但由于各个企业、行业的产品标识的定制化程度高，在安全芯片初始阶段写入个性化的信息将极大的降低生产效率；为了提升标识载体的生产效率并保障后续写入标识的安全等级，在安全芯片生产阶段由安全认证服务平台统一分配安全芯片的初始标识及其对应标识的标识密钥，并在安全的环境中将其联合认证中心标识一起预置到安全芯片里，完成生产；在之后产品的整个生命周期内都可以通过后写入的方式写入标识。In an embodiment of the present invention, the product embeds a cellular module and a security chip during the production and manufacturing stage. The identification writing of the product can usually be done by a preset method and a post-write method. However, due to the high degree of customization of product identifications of various enterprises and industries, writing personalized information in the initial stage of the security chip will greatly reduce production efficiency. In order to improve the production efficiency of the identification carrier and ensure the security level of the subsequent written identification, the security authentication service platform uniformly allocates the initial identification of the security chip and the identification key of its corresponding identification during the production stage of the security chip, and pre-sets the identification key together with the joint authentication center identification into the security chip in a secure environment to complete the production. The identification can be written by a post-write method throughout the entire life cycle of the product.

本发明实施例中，可选的，与其他物联网终端连接；接收所述其他物联网终端发送的产品的标识写入申请；将接收到的产品的标识写入所述安全芯片。In the embodiment of the present invention, optionally, connecting with other Internet of Things terminals; receiving a product identification writing application sent by the other Internet of Things terminals; and writing the received product identification into the security chip.

本发明实施例中，可通过通用异步收发传输器、二线制同步串行总线、串行外设接口、蓝牙、近距离无线通信技术与其他物联网终端连接，使得所述安全芯片存储多款产品的一个或多个标识及标识对应的标识密钥，搭载的这些产品均可通过所述搭载安全芯片的产品实现与安全认证服务平台和业务服务平台之间的交互。In an embodiment of the present invention, it can be connected to other Internet of Things terminals through a universal asynchronous receiver-transmitter, a two-wire synchronous serial bus, a serial peripheral interface, Bluetooth, and a short-range wireless communication technology, so that the security chip can store one or more identifications of multiple products and identification keys corresponding to the identifications. These products equipped with the security chip can interact with the security authentication service platform and the business service platform through the products equipped with the security chip.

本发明实施例中，可选的，所述将接收到的产品的标识写入所述安全芯片，包括：In the embodiment of the present invention, optionally, writing the received product identification into the security chip includes:

步骤31：采用所述产品的标识中的标识密钥对所述产品的标识进行认证计算，得到第二认证计算结果；Step 31: using the identification key in the identification of the product to perform authentication calculation on the identification of the product to obtain a second authentication calculation result;

步骤32：生成所述产品的标识的第二标识解析认证请求报文，所述第二标识解析认证请求报文包含所述第二认证计算结果；Step 32: Generate a second identity resolution authentication request message for the identity of the product, wherein the second identity resolution authentication request message includes the second authentication calculation result;

步骤33：将所述第二标识解析认证请求报文发送至可信标识解析平台；Step 33: Send the second identity resolution authentication request message to the trusted identity resolution platform;

步骤34：接收所述可信标识解析平台反馈的第二标识认证结果；Step 34: receiving the second identification authentication result fed back by the trusted identification resolution platform;

步骤35：将所述产品标识及对应标识密钥写入所述安全芯片。Step 35: Write the product identification and the corresponding identification key into the security chip.

本发明实施例中，所述其他互联网终端接入安全芯片后，主动获取所述安全芯片的初始标识，并将所述其他互联网终端的产品信息发送至安全芯片；在步骤33中，所述可信标识解析平台将接收到的信息发送至安全认证服务平台进行认证计算认证，若认证计算认证通过，则表示所述标识为可信标识，若认证失败，则表示所属表示为伪造设备发送，将拒绝后续流程；所述安全认证服务平台也会把所述产品信息推送至企业业务平台进行集中管理。In an embodiment of the present invention, after the other Internet terminals are connected to the security chip, they actively obtain the initial identification of the security chip and send the product information of the other Internet terminals to the security chip; in step 33, the trusted identification resolution platform sends the received information to the security authentication service platform for authentication calculation authentication. If the authentication calculation authentication passes, it means that the identification is a trusted identification. If the authentication fails, it means that the identification is sent by a counterfeit device and the subsequent process will be rejected. The security authentication service platform will also push the product information to the enterprise business platform for centralized management.

本发明实施例中，在标识写入过程中，标识的请求报文中采用初始标识进行认证计算，由安全认证服务平台对消息进行认证计算认证，完成平台对安全芯片的认证，使用安全认证服务平台对信息进行认证计算，由芯片对信息进行认证计算认证，完成芯片对平台的认证；由此构建了整个标识的安全信任链，实现标识的定制及安全标识密钥的发行；在标识解析过程中针对标识解析过程添加安全认证流程，确认解析请求来自合法的工业互联网产品终端，这样能够有效的防止伪造及篡改的标识发行解析请求，造成信息泄露及破坏；并且在业务交互流程中，基于标识解析的可信认证，同时利用安全芯片的标识密钥存储及运算能力，帮助企业客户实现安全数据的交互，实现端到端的安全能力。In an embodiment of the present invention, during the identification writing process, the initial identification is used in the identification request message for authentication calculation, the security authentication service platform performs authentication calculation and authentication on the message, completes the platform's authentication of the security chip, uses the security authentication service platform to authenticate and calculate the information, and the chip performs authentication calculation and authentication on the information, completes the chip's authentication of the platform; thereby, a security trust chain for the entire identification is constructed, and the customization of the identification and the issuance of security identification keys are realized; during the identification resolution process, a security authentication process is added to the identification resolution process to confirm that the resolution request comes from a legitimate industrial Internet product terminal, which can effectively prevent the issuance of resolution requests for forged and tampered identification, causing information leakage and damage; and in the business interaction process, based on the trusted authentication of identification resolution, while utilizing the identification key storage and computing capabilities of the security chip, it helps corporate customers to interact with secure data and achieve end-to-end security capabilities.

本发明实施例中，可选的，采用通用异步收发传输器、二线制同步串行总线、串行外设接口、蓝牙、近距离无线通信技术与其他物联网终端连接。In the embodiment of the present invention, optionally, a universal asynchronous receiver/transmitter, a two-wire synchronous serial bus, a serial peripheral interface, Bluetooth, or a short-range wireless communication technology is used to connect with other Internet of Things terminals.

本发明实施例中，可选的，所述安全芯片存储至少一个产品的标识，每个产品包括至少一个标识，每一标识对应一标识密钥。In the embodiment of the present invention, optionally, the security chip stores an identification of at least one product, each product includes at least one identification, and each identification corresponds to an identification key.

本发明实施例中，可选的，所述安全芯片还存储包括以下至少一项：标识索引；可信标识解析平台地址。In the embodiment of the present invention, optionally, the security chip further stores at least one of the following: an identification index; and an address of a trusted identification resolution platform.

本发明实施例中，通过将一个产品写入多个标识及对应的多组标识密钥，并借助可信标识解析平台的能力，统一管理所有的企业产品标识及标识密钥和企业信息，进行安全数据交互，实现产品的全生命周期里信息的线上维护和管理。In an embodiment of the present invention, by writing multiple identifiers and corresponding multiple groups of identification keys to a product and leveraging the capabilities of a trusted identification resolution platform, all enterprise product identifiers, identification keys, and enterprise information are uniformly managed, secure data interaction is performed, and online maintenance and management of information throughout the product life cycle is achieved.

请参考图4，本发明实施例提供了一种产品标识认证方法，应用于可信标识解析平台，包括：Referring to FIG. 4 , an embodiment of the present invention provides a product identification authentication method, which is applied to a trusted identification resolution platform, including:

步骤41：接收终端发送的第一标识解析认证请求报文；所述第一标识解析认证请求报文包含采用目标标识的标识密钥对目标标识进行认证计算的第一认证计算结果；Step 41: receiving a first identity resolution authentication request message sent by a terminal; the first identity resolution authentication request message includes a first authentication calculation result of performing an authentication calculation on a target identity using an identity key of the target identity;

步骤42：将所述第一标识解析认证请求报文发送至安全认证服务平台进行标识认证；Step 42: Send the first identity resolution authentication request message to the security authentication service platform for identity authentication;

步骤43：接收所述安全认证服务平台反馈的第一标识认证结果；Step 43: receiving the first identification authentication result fed back by the security authentication service platform;

步骤44：若标识认证通过，将所述标识认证结果发送至所述可信标识解析平台，所述第一标识认证结果中携带所述目标标识对应的标识信息。Step 44: If the identification authentication is passed, the identification authentication result is sent to the trusted identification resolution platform, and the first identification authentication result carries the identification information corresponding to the target identification.

本发明实施例中，借助可信标识解析平台的能力，统一管理所有的企业产品标识及标识密钥和企业信息，实现了标识解析和标识的可信认证，进而索引到业务平台，进行安全数据交互。In the embodiment of the present invention, with the help of the capabilities of the trusted identity resolution platform, all enterprise product identities, identity keys and enterprise information are managed in a unified manner, identity resolution and trusted authentication of identities are achieved, and then indexed to the business platform for secure data interaction.

请参考图5，本发明实施例提供了一种产品标识认证装置，包括：Referring to FIG. 5 , an embodiment of the present invention provides a product identification authentication device, including:

读取模块51，用于读取安全芯片中存储的目标产品的目标标识以及所述目标标识对应的标识密钥；A reading module 51, used to read the target identification of the target product and the identification key corresponding to the target identification stored in the security chip;

认证计算模块52，用于采用所述标识密钥对所述目标标识进行认证计算，得到第一认证计算结果；An authentication calculation module 52, configured to perform an authentication calculation on the target identifier using the identifier key to obtain a first authentication calculation result;

第一处理模块53，用于生成第一标识解析认证请求报文，所述第一标识解析认证请求报文包含所述第一认证计算结果；A first processing module 53 is configured to generate a first identity resolution authentication request message, wherein the first identity resolution authentication request message includes the first authentication calculation result;

第一发送模块54，用于将所述第一标识解析认证请求报文发送至可信标识解析平台；A first sending module 54, configured to send the first identity resolution authentication request message to a trusted identity resolution platform;

第一接收模块55，用于接收所述可信标识解析平台反馈的第一标识认证结果，若标识认证通过，所述标识认证结果中携带所述目标标识对应的标识信息。The first receiving module 55 is used to receive the first identification authentication result fed back by the trusted identification resolution platform. If the identification authentication is successful, the identification authentication result carries the identification information corresponding to the target identification.

本发明实施例中，在读取模块51中，若所述目标产品中有多个标识，通过标识索引只是到当前激活的目标标识；在第一发送模块54中，所述可信标识解析平台通过安全认证服务平台对产品标识及标识解析认证请求进行认证计算校验，若校验通过，则表示当前解析请求来自合法的产品；在第一接收模块55中，所述可信标识解析平台中存储有所述目标标识的标识信息，所述标识信息包括企业节点位置等信息。In an embodiment of the present invention, in the reading module 51, if there are multiple identifiers in the target product, only the currently activated target identifier is found through the identifier index; in the first sending module 54, the trusted identifier resolution platform performs authentication calculation verification on the product identifier and the identifier resolution authentication request through the security authentication service platform. If the verification passes, it means that the current resolution request comes from a legitimate product; in the first receiving module 55, the trusted identifier resolution platform stores the identification information of the target identifier, and the identification information includes information such as the enterprise node location.

第一处理子模块，用于若所述安全芯片中存储有所述目标产品的多个标识，获取所述目标产品的当前激活的标识索引；A first processing submodule, configured to obtain a currently activated identification index of the target product if multiple identifications of the target product are stored in the security chip;

第一读取子模块，用于读取所述安全芯片中存储的与所述标识索引对应的目标标识以及所述目标标识对应的标识密钥。The first reading submodule is used to read the target identification corresponding to the identification index and the identification key corresponding to the target identification stored in the security chip.

本发明实施例中，可选的，In the embodiment of the present invention, optionally,

第二处理子模块，用于通过所述安全芯片对所述目标产品的业务数据进行加密，得到加密业务数据；A second processing submodule, configured to encrypt the business data of the target product through the security chip to obtain encrypted business data;

第三处理子模块，用于通过所述目标标识的标识密钥对加密业务数据进行认证计算；A third processing submodule, configured to perform authentication calculation on the encrypted business data using the identification key of the target identification;

第四处理子模块，用于生成业务数据报文，所述业务数据报文包含认证计算后的加密业务数据；A fourth processing submodule, configured to generate a service data message, wherein the service data message includes encrypted service data after authentication calculation;

第一发送子模块，用于将所述业务数据报文发送至业务服务平台。The first sending submodule is used to send the business data message to the business service platform.

本发明实施例中，可选的，还包括：第五处理子模块，与其他物联网终端连接；接收所述其他物联网终端发送的产品的标识写入申请；将接收到的产品的标识写入所述安全芯片。In the embodiment of the present invention, optionally, it also includes: a fifth processing submodule, connected to other Internet of Things terminals; receiving a product identification writing application sent by the other Internet of Things terminals; and writing the received product identification into the security chip.

请参考图6，本发明实施例提供了一种产品标识认证装置，包括：Referring to FIG. 6 , an embodiment of the present invention provides a product identification authentication device, including:

第二接收模块61，接收终端发送的标识解析认证请求报文；所述标识解析认证请求报文包含采用目标标识的标识密钥对目标标识进行认证计算的认证计算结果；The second receiving module 61 receives an identity resolution authentication request message sent by a terminal; the identity resolution authentication request message includes an authentication calculation result of performing an authentication calculation on a target identity using an identity key of the target identity;

第二发送模块62，用于将所述标识解析认证请求报文发送至安全认证服务平台进行标识认证；The second sending module 62 is used to send the identity resolution authentication request message to the security authentication service platform for identity authentication;

第三接收模块63，用于接收所述安全认证服务平台反馈的标识认证结果；The third receiving module 63 is used to receive the identification authentication result fed back by the security authentication service platform;

第三发送模块64，用于若标识认证通过，将所述标识认证结果发送至所述可信标识解析平台，所述标识认证结果中携带所述目标标识对应的标识信息。The third sending module 64 is used to send the identification authentication result to the trusted identification resolution platform if the identification authentication is passed, and the identification authentication result carries the identification information corresponding to the target identification.

请参考图7，本发明实施例提供了一种产品标识认证装置，包括：收发机和处理器；Please refer to FIG. 7 , an embodiment of the present invention provides a product identification authentication device, including: a transceiver and a processor;

所述处理器，用于若所述安全芯片中存储有所述目标产品的多个标识，获取所述目标产品的当前激活的标识索引；The processor is configured to obtain a currently activated identification index of the target product if multiple identifications of the target product are stored in the security chip;

所述收发机，用于读取所述安全芯片中存储的与所述标识索引对应的目标标识以及所述目标标识对应的标识密钥。The transceiver is used to read the target identification corresponding to the identification index and the identification key corresponding to the target identification stored in the security chip.

本发明实施例中，可选的，还包括：In the embodiment of the present invention, optionally, the method further includes:

所述处理器，用于通过所述安全芯片对所述目标产品的业务数据进行加密，得到加密业务数据；The processor is used to encrypt the business data of the target product through the security chip to obtain encrypted business data;

所述处理器，用于通过所述目标标识的标识密钥对加密业务数据进行认证计算；The processor is used to perform authentication calculation on the encrypted business data through the identification key of the target identification;

所述处理器，用于生成业务数据报文，所述业务数据报文包含认证计算后的加密业务数据；The processor is used to generate a service data message, wherein the service data message includes encrypted service data after authentication calculation;

所述收发机，用于将所述业务数据报文发送至业务服务平台。The transceiver is used to send the business data message to the business service platform.

本发明实施例中，可选的，还包括：所述处理器，与其他物联网终端连接；接收所述其他物联网终端发送的产品的标识写入申请；将接收到的产品的标识写入所述安全芯片。In the embodiment of the present invention, optionally, it also includes: the processor is connected to other Internet of Things terminals; receives a product identification writing application sent by the other Internet of Things terminals; and writes the received product identification into the security chip.

请参考图8，本发明实施例提供了一种产品标识认证装置，包括：收发机和处理器；Please refer to FIG8 , an embodiment of the present invention provides a product identification authentication device, including: a transceiver and a processor;

请参考图9，本发明实施例还提供一种终端90，包括处理器91，存储器92，存储在存储器92上并可在所述处理器91上运行的计算机程序，该计算机程序被处理器91执行时实现上述应用于终端的产品标识认证方法实施例的各个过程，且能达到相同的技术效果，为避免重复，这里不再赘述。Please refer to Figure 9. An embodiment of the present invention further provides a terminal 90, including a processor 91, a memory 92, and a computer program stored in the memory 92 and executable on the processor 91. When the computer program is executed by the processor 91, the various processes of the above-mentioned product identification authentication method embodiment applied to the terminal are implemented, and the same technical effect can be achieved. To avoid repetition, it will not be repeated here.

请参考图10，本发明实施例还提供一种可信标识解析平台100，包括处理器101，存储器102，存储在存储器102上并可在所述处理器101上运行的计算机程序，该计算机程序被处理器101执行时实现上述应用于可信标识解析平台的产品标识认证方法实施例的各个过程，且能达到相同的技术效果，为避免重复，这里不再赘述。Please refer to Figure 10. An embodiment of the present invention further provides a trusted identity resolution platform 100, including a processor 101, a memory 102, and a computer program stored in the memory 102 and executable on the processor 101. When the computer program is executed by the processor 101, each process of the product identification authentication method embodiment applied to the trusted identity resolution platform is implemented, and the same technical effect can be achieved. To avoid repetition, it will not be described here.

本发明实施例还提供一种计算机可读存储介质，所述计算机可读存储介质上存储计算机程序，所述计算机程序被处理器执行时实现上述产品标识认证方法实施例的各个过程，且能达到相同的技术效果，为避免重复，这里不再赘述。其中，所述的计算机可读存储介质，如只读存储器(Read-Only Memory，ROM)、随机存取存储器(Random Access Memory，RAM)、磁碟或者光盘等。The embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, each process of the above-mentioned product identification authentication method embodiment is implemented, and the same technical effect can be achieved. To avoid repetition, it is not repeated here. The computer-readable storage medium is, for example, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk.

需要说明的是，在本文中，术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含，从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素，而且还包括没有明确列出的其他要素，或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下，由语句“包括一个……”限定的要素，并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It should be noted that, in this article, the terms "include", "comprises" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, article or device. In the absence of further restrictions, an element defined by the sentence "comprises a ..." does not exclude the existence of other identical elements in the process, method, article or device including the element.

通过以上的实施方式的描述，本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现，当然也可以通过硬件，但很多情况下前者是更佳的实施方式。基于这样的理解，本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来，该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中，包括若干指令用以使得一台终端(可以是手机，计算机，服务器，空调器，或者网络设备等)执行本发明各个实施例所述的方法。Through the description of the above implementation methods, those skilled in the art can clearly understand that the above-mentioned embodiment methods can be implemented by means of software plus a necessary general hardware platform, and of course by hardware, but in many cases the former is a better implementation method. Based on such an understanding, the technical solution of the present invention, or the part that contributes to the prior art, can be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, a magnetic disk, or an optical disk), and includes a number of instructions for enabling a terminal (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to execute the methods described in each embodiment of the present invention.

上面结合附图对本发明的实施例进行了描述，但是本发明并不局限于上述的具体实施方式，上述的具体实施方式仅仅是示意性的，而不是限制性的，本领域的普通技术人员在本发明的启示下，在不脱离本发明宗旨和权利要求所保护的范围情况下，还可做出很多形式，均属于本发明的保护之内。The embodiments of the present invention are described above in conjunction with the accompanying drawings, but the present invention is not limited to the above-mentioned specific implementation methods. The above-mentioned specific implementation methods are merely illustrative and not restrictive. Under the guidance of the present invention, ordinary technicians in this field can also make many forms without departing from the scope of protection of the present invention and the claims, all of which are within the protection of the present invention.

Claims

1. A product identification authentication method applied to a terminal, comprising the following steps:

reading a target identifier of a target product stored in a security chip and an identifier key corresponding to the target identifier;

performing authentication calculation on the target identifier by adopting the identifier key to obtain a first authentication calculation result;

generating a first identification analysis authentication request message, wherein the first identification analysis authentication request message comprises the first authentication calculation result;

sending the first identification analysis authentication request message to an identifiable identification analysis platform;

receiving a first identification authentication result fed back by the trusted identification analysis platform, wherein the first identification authentication result carries identification information corresponding to the target identification;

before reading the target identifier of the target product stored in the security chip and the identifier key corresponding to the target identifier, the method further comprises the following steps:

if a plurality of identifiers of the target product are stored in the security chip, acquiring a currently activated identifier index of the target product; the identification index represents the identification information of the current activation of the product and is used for identifying the current life cycle state or service stage of the target product;

And reading a target identifier corresponding to the identifier index and an identifier key corresponding to the target identifier stored in the security chip.

2. The product identification authentication method of claim 1, further comprising:

encrypting the service data of the target product through the security chip to obtain encrypted service data;

carrying out authentication calculation on the encrypted service data through the identification key of the target identification;

generating a service data message, wherein the service data message comprises encrypted service data after authentication calculation;

and sending the service data message to a service platform.

3. The product identification authentication method of claim 1, wherein the identification of the product stored in the security chip is written in a preset manner and a post-writing manner.

4. The product identification authentication method of claim 1, further comprising:

the terminal is connected with other terminals of the Internet of things;

receiving an identification writing application of a product sent by the other internet of things terminal;

and writing the identification of the product which is received and sent by the trusted identification analysis platform into the security chip.

5. The product identification authentication method of claim 4, wherein writing the received identification of the product to the security chip comprises:

Performing authentication calculation on the identification of the product by adopting an identification key in the identification of the product to obtain a second authentication calculation result;

generating a second identification analysis authentication request message of the identification of the product, wherein the second identification analysis authentication request message contains the second authentication calculation result;

sending the second identification analysis authentication request message to an identifiable identification analysis platform;

receiving a second identification authentication result fed back by the trusted identification analysis platform;

and writing the product identifier and the corresponding identifier key into the security chip.

6. The product identification authentication method as claimed in claim 4, wherein,

the universal asynchronous receiving and transmitting transmitter, the two-wire synchronous serial bus, the serial peripheral interface, the Bluetooth and the near field wireless communication technology are adopted to be connected with other terminals of the Internet of things.

7. The product identification authentication method as claimed in claim 1, wherein,

the security chip stores identifications of at least one product, each product including at least one identification, each identification corresponding to an identification key.

8. The product identification authentication method as claimed in claim 7, wherein,

the security chip further stores a memory comprising at least one of: identifying an index; the trusted identifier resolves the platform address.

9. The product identification authentication method is applied to an identifiable analysis platform and is characterized by comprising the following steps of:

receiving a first identification analysis authentication request message sent by a terminal; the first identification analysis authentication request message comprises a first authentication calculation result of performing authentication calculation on the target identification by adopting an identification key of the target identification; the terminal reads a target identifier of a target product stored in the security chip and an identifier key corresponding to the target identifier; performing authentication calculation on the target identifier by adopting the identifier key to obtain a first authentication calculation result; generating a first identification analysis authentication request message, wherein the first identification analysis authentication request message comprises the first authentication calculation result; if a plurality of identifiers of the target product are stored in the security chip, acquiring a currently activated identifier index of the target product; the identification index represents the identification information of the current activation of the product and is used for identifying the current life cycle state or service stage of the target product; reading a target identifier corresponding to the identifier index and an identifier key corresponding to the target identifier stored in the security chip;

The first identification analysis authentication request message is sent to a security authentication service platform for identification authentication;

receiving a first identification authentication result fed back by the security authentication service platform;

if the identification authentication is passed, the identification authentication result is sent to an identifiable identification analysis platform, and the first identification authentication result carries identification information corresponding to the target identification.

10. A product identification authentication device, comprising:

the reading module is used for reading the target identifier of the target product stored in the security chip and the identification key corresponding to the target identifier;

the authentication calculation module is used for carrying out authentication calculation on the target identifier by adopting the identifier key to obtain a first authentication calculation result;

the first processing module is used for generating a first identification analysis authentication request message which contains the first authentication calculation result;

the first sending module is used for sending the first identification analysis authentication request message to an identifiable identification analysis platform;

the first receiving module is used for receiving a first identification authentication result fed back by the identification analysis platform, and if the identification authentication is passed, the identification authentication result carries identification information corresponding to the target identification;

Further comprises:

the first processing sub-module is used for acquiring the currently activated identification index of the target product if a plurality of identifications of the target product are stored in the security chip; the identification index represents the identification information of the current activation of the product and is used for identifying the current life cycle state or service stage of the target product;

and the first reading submodule is used for reading the target identifier corresponding to the identifier index and the identifier key corresponding to the target identifier stored in the security chip.

11. A product identification authentication device, comprising:

the second receiving module is used for receiving an identification analysis authentication request message sent by the terminal; the identification analysis authentication request message comprises an authentication calculation result of performing authentication calculation on the target identification by adopting an identification key of the target identification; the terminal reads a target identifier of a target product stored in the security chip and an identifier key corresponding to the target identifier; performing authentication calculation on the target identifier by adopting the identifier key to obtain a first authentication calculation result; generating a first identification analysis authentication request message, wherein the first identification analysis authentication request message comprises the first authentication calculation result; if a plurality of identifiers of the target product are stored in the security chip, acquiring a currently activated identifier index of the target product; the identification index represents the identification information of the current activation of the product and is used for identifying the current life cycle state or service stage of the target product; reading a target identifier corresponding to the identifier index and an identifier key corresponding to the target identifier stored in the security chip;

The second sending module is used for sending the identification analysis authentication request message to a security authentication service platform for identification authentication;

the third receiving module is used for receiving the identification authentication result fed back by the security authentication service platform;

and the third sending module is used for sending the identification authentication result to the bearable identification analysis platform if the identification authentication is passed, wherein the identification authentication result carries identification information corresponding to the target identification.

12. A product identification authentication device, comprising: a transceiver and a processor;

the processor is used for reading a target identifier of a target product stored in the security chip and an identification key corresponding to the target identifier; if a plurality of identifiers of the target product are stored in the security chip, acquiring a currently activated identifier index of the target product; the identification index represents the identification information of the current activation of the product and is used for identifying the current life cycle state or service stage of the target product; reading a target identifier corresponding to the identifier index and an identifier key corresponding to the target identifier stored in the security chip;

the processor is used for generating an identification analysis authentication request message which contains a first authentication calculation result;

The processor is configured to generate a first identifier resolution authentication request packet, where the first identifier resolution authentication request packet includes the first authentication calculation result;

the transceiver is used for sending the first identification analysis authentication request message to an identifiable identification analysis platform;

the transceiver is configured to receive a first identifier authentication result fed back by the trusted identifier analysis platform, and if the identifier authentication is passed, the identifier authentication result carries identifier information corresponding to the target identifier.

13. A product identification authentication device, comprising: a transceiver and a processor;

the transceiver is used for receiving an identification analysis authentication request message sent by the terminal; the identification analysis authentication request message comprises an authentication calculation result of performing authentication calculation on the target identification by adopting an identification key of the target identification; the terminal reads a target identifier of a target product stored in the security chip and an identifier key corresponding to the target identifier; performing authentication calculation on the target identifier by adopting the identifier key to obtain a first authentication calculation result; generating a first identification analysis authentication request message, wherein the first identification analysis authentication request message comprises the first authentication calculation result; if a plurality of identifiers of the target product are stored in the security chip, acquiring a currently activated identifier index of the target product; the identification index represents the identification information of the current activation of the product and is used for identifying the current life cycle state or service stage of the target product; reading a target identifier corresponding to the identifier index and an identifier key corresponding to the target identifier stored in the security chip;

The transceiver is used for sending the identification analysis authentication request message to a security authentication service platform for identification authentication;

the transceiver is used for receiving the identification authentication result fed back by the security authentication service platform;

and the transceiver is used for sending the identification authentication result to the bearable identification analysis platform if the identification authentication is passed, wherein the identification authentication result carries identification information corresponding to the target identification.

14. A terminal, comprising: a processor, a memory and a program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the product identification authentication method according to any one of claims 1 to 9.

15. An trusted identification resolution platform, comprising: a processor, a memory and a program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the product identification authentication method according to any one of claims 1 to 9.

16. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the product identification authentication method according to any of claims 1 to 9.