CN115001864B - Communication authentication method and device for intelligent furniture, computer equipment and storage medium - Google Patents
Communication authentication method and device for intelligent furniture, computer equipment and storage medium Download PDFInfo
- Publication number
- CN115001864B CN115001864B CN202210888420.2A CN202210888420A CN115001864B CN 115001864 B CN115001864 B CN 115001864B CN 202210888420 A CN202210888420 A CN 202210888420A CN 115001864 B CN115001864 B CN 115001864B
- Authority
- CN
- China
- Prior art keywords
- hash
- public key
- data
- target data
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The application relates to a communication authentication method and device for intelligent furniture, computer equipment and a storage medium. The method comprises the following steps: sending an authentication request to the server so that the server returns combined data obtained by combining the public key and the ciphertext hash; the ciphertext hash is obtained by encrypting the hash of the public key; receiving the combined data, judging whether the public key in the combined data is matched with the ciphertext hash, if so, authenticating the public key in the combined data to obtain an authenticated public key; when data interaction is carried out, calculating the hash of target data, and encrypting the hash of the target data to obtain the ciphertext hash of the target data; encrypting the target data and the ciphertext hash of the target data through the authenticated public key to obtain communication authentication data; and sending the communication authentication data to a server to perform communication authentication on the intelligent furniture based on the communication authentication data. By adopting the method, the safe communication between the intelligent furniture and the cloud server can be ensured when the intelligent furniture is more and the computing power is limited.
Description
Technical Field
The present application relates to the field of digital information transmission technologies, and in particular, to a communication authentication method and apparatus for smart furniture, a computer device, a storage medium, and a computer program product.
Background
With the development of equipment intellectualization, the furniture is also intelligentized and networked. Data recorded by intelligent furniture such as an intelligent seat comprise information related to user privacy such as weight, sitting time and preference, channel safety and identity safety during communication are guaranteed, communication is not monitored by a third party, and the user privacy is prevented from being stolen.
Moreover, the number of devices under the intelligent furniture line is very large, and the requirement on cost control is high, so that the universality and the mass production performance of a safety communication scheme need to be considered during design, and intellectual property protection is performed. In the prior art, the communication safety of the intelligent furniture cannot be ensured completely and reliably while the mass production cost is controlled.
Disclosure of Invention
In view of the above, it is necessary to provide a communication authentication method, apparatus, computer device, computer readable storage medium and computer program product for smart furniture, which can securely communicate with a cloud server with limited computing power.
In a first aspect, the present application provides a communication authentication method for smart furniture, which is executed by a security chip of the smart furniture, and the method includes:
sending an authentication request to a server so that the server returns combined data obtained by combining public key and ciphertext hash; the ciphertext hash is obtained by encrypting the hash of the public key;
receiving the combined data, judging whether a public key in the combined data is matched with a cipher text hash, and if so, authenticating the public key in the combined data to obtain an authenticated public key;
when data interaction is carried out, calculating the hash of target data, and encrypting the hash of the target data to obtain the ciphertext hash of the target data;
carrying out hash encryption on the target data and the ciphertext of the target data through the authenticated public key to obtain communication authentication data;
and sending the communication authentication data to the server so as to carry out communication authentication on the intelligent furniture based on the communication authentication data.
In one embodiment, the calculating a hash of the target data and encrypting the hash of the target data to obtain a ciphertext hash of the target data includes:
receiving target data sent by a control unit of the intelligent furniture;
performing hash operation on the target data to obtain a hash of the target data;
and carrying out asymmetric encryption on the hash of the target data to obtain the ciphertext hash of the target data.
In one embodiment, the asymmetrically encrypting the hash of the target data to obtain the ciphertext hash of the target data includes:
carrying out asymmetric encryption on the hash of the target data through a private key of the security chip to obtain a ciphertext hash of the target data;
the private key of the security chip corresponds to the public key of the security chip, and the public key of the security chip is used for performing communication authentication on the intelligent furniture.
In one embodiment, the ciphertext hash in the combined data is obtained by encrypting the hash of the public key according to a private key of the server; the judging whether the public key and the ciphertext hash in the combined data are matched comprises:
splitting the combined data to obtain a public key in the combined data and a ciphertext hash in the combined data;
performing hash operation on the public key in the combined data to obtain a verification hash of the public key in the combined data;
decrypting the ciphertext hash in the combined data through the public key of the server to obtain a plaintext hash corresponding to the ciphertext hash;
and judging whether the verification hash of the public key in the combined data is consistent with the plaintext hash corresponding to the ciphertext hash.
The application also provides a communication authentication method of the intelligent furniture, which is executed by a server and comprises the following steps:
receiving an authentication request sent by a security chip;
in response to the authentication request, sending combined data obtained by combining public key and ciphertext hash to the security chip so that the security chip authenticates the public key in the combined data; the ciphertext hash is obtained by encrypting the hash of the public key;
receiving communication authentication data sent by the security chip; the communication authentication data is obtained by the security chip through the authenticated public key to hash and encrypt the target data and the ciphertext of the target data;
analyzing the communication authentication data through a private key matched with the authenticated public key to obtain ciphertext hash of the target data and the target data;
and judging whether the target data is matched with the ciphertext hash of the target data or not to obtain a communication authentication result of the intelligent furniture.
In one embodiment, the sending, to the secure chip in response to the authentication request, combined data obtained by combining a public key and a ciphertext hash includes:
generating a public key and a private key adapted to the public key in response to the authentication request;
carrying out hash operation on the public key to obtain the hash of the public key;
encrypting the hash of the public key based on the private key of the server to obtain a ciphertext hash;
and combining the public key and the ciphertext hash to obtain combined data corresponding to the authentication request.
In one embodiment, the ciphertext hash of the target data is obtained by encrypting the hash of the target data through a private key of the security chip; the determining whether the target data matches the ciphertext hash of the target data includes:
performing hash operation on the target data to obtain a verification hash of the target data;
decrypting the ciphertext hash of the target data based on the public key of the security chip to obtain the plaintext hash of the target data;
and judging whether the verification hash of the target data is matched with the plaintext hash of the target data.
In a second aspect, the present application provides a communication authentication device for smart furniture. The device comprises:
the authentication request sending module is used for sending an authentication request to the server so as to enable the server to return combined data obtained by combining the public key and the ciphertext hash; the ciphertext hash is obtained by encrypting the hash of the public key;
the public key authentication module is used for receiving the combined data and judging whether a public key in the combined data is matched with a ciphertext hash or not, if so, the public key in the combined data passes authentication to obtain an authenticated public key;
the data encryption module is used for calculating the hash of target data and encrypting the hash of the target data to obtain the ciphertext hash of the target data when data interaction is carried out;
the communication authentication data generation module is used for encrypting the target data and the ciphertext hash of the target data through the authenticated public key to obtain communication authentication data;
and the communication authentication data sending module is used for sending the communication authentication data to the server so as to carry out communication authentication on the intelligent furniture based on the communication authentication data.
The application also provides a communication authentication device of the intelligent furniture. The device comprises:
the authentication request receiving module is used for receiving an authentication request sent by the security chip;
a public key returning module, configured to send, in response to the authentication request, combined data obtained by combining a public key and a ciphertext hash to the secure chip, so that the secure chip authenticates the public key in the combined data; the ciphertext hash is obtained by encrypting the hash of the public key;
the communication authentication data receiving module is used for receiving the communication authentication data sent by the security chip; the communication authentication data is obtained by the security chip through the authenticated public key to encrypt the target data and the ciphertext hash of the target data;
the communication authentication data analysis module is used for analyzing the communication authentication data through a private key matched with the authenticated public key to obtain ciphertext hash of the target data and the target data;
and the communication authentication module is used for judging whether the target data is matched with the ciphertext hash of the target data to obtain a communication authentication result of the intelligent furniture.
In a third aspect, the present application also provides a computer device. The computer equipment comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the steps of communication authentication of the intelligent furniture when executing the computer program.
In a fourth aspect, the present application further provides a computer-readable storage medium. The computer-readable storage medium has stored thereon a computer program which, when executed by a processor, implements communication authentication of the smart furniture described above.
In a fifth aspect, the present application further provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of communication authentication of the smart furniture described above.
The communication authentication method of the intelligent furniture comprises the steps of sending an authentication request to a server so that the server returns combined data obtained by combining public key hashes and ciphertext hashes; the ciphertext hash is obtained by encrypting the hash of the public key, and the request process of the combined data occupies less computing resources; and receiving the combined data, judging whether the public key in the combined data is matched with the ciphertext hash, if so, authenticating the public key in the combined data to obtain an authenticated public key, and judging whether the public key in the combined data is changed in the transmission process through less calculation so as to perform the safety authentication of the public key through less calculation resources. When data interaction is carried out, the hash of the target data is calculated, and the hash of the target data is encrypted to obtain the ciphertext hash of the target data; encrypting the target data and the ciphertext hash of the target data through the authenticated public key to obtain communication authentication data; the communication authentication data of the target data are obtained through fewer computing resources, the server can directly check through the communication authentication data, whether the target data are changed by a third party in the transmission process is detected, and the communication authentication data are sent to the server so as to carry out communication authentication on the intelligent furniture based on the communication authentication data.
Drawings
FIG. 1 is a diagram of an application environment of a communication authentication method for smart furniture in an embodiment;
FIG. 2 is a schematic flow chart diagram illustrating a method for communication authentication of smart furniture in one embodiment;
FIG. 3 is a flowchart illustrating a communication authentication method for smart furniture according to an embodiment;
FIG. 4 is a diagram of an application environment for communication authentication of smart furniture in another embodiment;
FIG. 5 is a schematic flow chart illustrating an embodiment of an intelligent furniture temporary storage public key;
FIG. 6 is a schematic diagram of a data interaction of smart furniture in one embodiment;
FIG. 7 is a block diagram showing the structure of a communication authentication apparatus for smart furniture according to an embodiment;
FIG. 8 is a block diagram showing the structure of a communication authentication apparatus for smart furniture according to an embodiment;
FIG. 9 is a diagram of an internal structure of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more clearly understood, the present application is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of and not restrictive on the broad application. In the following description, "A and/or B" means "at least one of A and B".
The communication authentication method for the intelligent furniture provided by the embodiment of the application can be applied to the application environment shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. The data storage system may store data that the server 104 needs to process. The data storage system may be integrated on the server 104, or may be located on the cloud or other network server.
The terminal 102 may be, but is not limited to, various intelligent chairs with security chips installed therein, and intelligent furniture such as a control device externally connected to the intelligent chairs. The server 104 may be implemented as a stand-alone server or as a server cluster comprised of multiple servers. The scheme provided by the embodiment of the application is cooperatively realized by the terminal 102 and the server 104.
In one embodiment, the security chip is an embedded data security chip for intellectual property protection and data protection. The safety chip stores the secret key and the check information, and can store the user-defined data and operate the user-defined algorithm. In one embodiment, the custom data and algorithm stored in the security chip cannot be read and analyzed by the outside world, so as to ensure the data security. The security chip is a chip with a built-in smart card kernel, supports downloading and running of a custom algorithm, and has a function of resisting various attacks, such as differential attack, power consumption analysis and fragmentation attack, on a chip hardware level. When the security level of the chip is at the bank card level, the user-defined data and the user-defined algorithm stored in the chip can be regarded as a black box, the outside cannot acquire the information, and the analysis and the cloning of the internal algorithm cannot be further performed. It can be understood that the cost of the chip is not high, and the number of home-made manufacturers of the chip is not high, so that the chip has obvious advantages in the aspect of supply chain safety, and is very suitable for the mass production requirements of intelligent furniture such as intelligent seats. The security chip can be specifically SMEC90ST of Juwei industry in Shenzhen, LKT4306 of Beijing Lingkean, and the like.
In an embodiment, under the condition of considering cost, the cost of part of security can be reduced, a special security chip is not arranged, an algorithm in the security chip is arranged in a control unit, and the control unit can be replaced by an element or a combination which can realize the same function, such as an MCU, an FPGA, a CPLD, a CPU, a DSP, a logic circuit, a memory chip and the like.
In one embodiment, as shown in fig. 2, a communication authentication method for smart furniture is provided, which is described by taking the method as an example applied to the terminal 102 in fig. 1, in which a security chip is installed, and the security chip performs the following steps:
step 202, sending an authentication request to the server so that the server returns combined data obtained by combining the public key and the ciphertext hash; the ciphertext hash is obtained by encrypting a hash of the public key.
The authentication request is a security authentication request for communication between the intelligent furniture and the server, and when the security authentication request passes the verification of the server, the server returns the combined data obtained by combining the public key and the ciphertext hash. The authentication request can be in a form of an authentication request plaintext or an authentication request ciphertext, and the server judges whether the authentication flow is terminated according to whether the authentication request in the form meets the corresponding condition. For example: sending an authentication request plaintext to a cloud server, and if the server determines that the authentication request plaintext is preset and fixed, returning combined data obtained by combining public key and ciphertext hash; otherwise, the authentication procedure is terminated.
In one embodiment, the secure chip sends an authentication request to the server, comprising: with the starting of the intelligent furniture, after the security chip generates an authentication request, the newly generated authentication request is sent to a certain server through the control unit MCE and the communication module, and the newly generated authentication request is used for informing the server to return a public key of the communication after the intelligent furniture is started.
Correspondingly, after the server receives the authentication request, the server verifies the authentication request; and if the verification of the authentication request is passed, generating a hash of the public key and the public key, combining a ciphertext hash obtained by asymmetrically encrypting the hash of the public key and the public key, and transmitting the combined data to a security chip sending the authentication request. Therefore, after each time of starting the intelligent furniture, the public key of the communication used by the start is obtained through the authentication request, so that the public key of the temporary communication is temporarily stored, and the safety of the communication is improved.
And 204, receiving the combined data, judging whether the public key in the combined data is matched with the ciphertext hash, and if so, authenticating the public key in the combined data to obtain an authenticated public key.
The combined data received by the security chip may be modified by a third party in the communication process, and in order to ensure data security, the public key in the received combined data is checked, and when the public key in the combined data passes authentication, the public key in the combined data is the authenticated public key. The authenticated public key is the public key in the combined data that is not modified by the third party during the communication.
The process of verifying the public key in the received combined data is a process of judging whether the public key in the combined data is matched with the ciphertext hash, and in the process, the process is used for judging whether the public key in the received combined data is matched with the public key in the combined data returned by the server; if not, the public key in the received combined data is modified, and the authentication fails; if the data is matched, the public key in the combined data is determined to be unmodified through the process, and the authenticated public key is obtained.
In one embodiment, determining whether the public key and the ciphertext hash in the combined data match comprises: splitting the combined data into a public key to be verified and a ciphertext hash of the public key; matching a result obtained by carrying out encryption operation on the public key to be verified and a result obtained by carrying out decryption on the ciphertext hash of the public key to obtain a public key verification result; and judging whether the public key and the ciphertext hash in the combined data are matched or not based on the public key verification result. For example: and when the public key verification result is represented, the result obtained by performing encryption operation on the public key to be verified and the result obtained by performing decryption on the ciphertext hash of the public key are not matched, judging that the public key and the ciphertext hash in the combined data are not matched.
In one embodiment, the ciphertext hash in the combined data is a hash of the public key encrypted under the server's private key. The private key of the server is stored in the server, and the public key of the server is stored in the security chip. Both the public key of the server and the private key of the server have a correspondence of asymmetric encryption. The asymmetric encryption corresponding relation means that data encrypted by a public key of the server can be decrypted by a private key of the server; and the data encrypted by the private key of the server can be decrypted by the public key of the server. The private key of the server is an encrypted private key for signature verification in the combined data, and the security chip is decrypted by the public key of the server to verify whether the combined data is sent by a legal cloud server.
Correspondingly, judging whether the public key and the ciphertext hash in the combined data are matched comprises the following steps: splitting the combined data to obtain a public key in the combined data and a ciphertext hash in the combined data; carrying out hash operation on the public key in the combined data to obtain a verification hash of the public key in the combined data; decrypting the ciphertext hash in the combined data through a public key of the server to obtain a plaintext hash corresponding to the ciphertext hash; and judging whether the verification hash of the public key in the combined data is consistent with the plaintext hash corresponding to the ciphertext hash.
In one embodiment, splitting the combined data is to split the combined data based on a splitting manner corresponding to a combining manner of the combined data to obtain a public key in the combined data and a public key ciphertext in the combined data. When the combined data is obtained by splicing, the combined data is directly split; and when the combined data is obtained by asymmetrically encrypting the spliced data, decrypting the combined data and splitting the combined data.
When the verification hash of the public key in the combined data is consistent with the plaintext hash corresponding to the ciphertext hash, the public key in the combined data passes the authentication, the public key in the combined data is the authenticated public key, and the authenticated public key is the public key which is not modified by a third party. After the authenticated public key is obtained, the authenticated public key is stored in the security chip to enhance the security.
And step 206, during data interaction, calculating the hash of the target data, and encrypting the hash of the target data to obtain the ciphertext hash of the target data.
The target data is data transmitted to the server through the terminal for communication. The ciphertext hash of the target data is obtained by calculating the hash of the target data and carrying out reversible encryption on the hash of the target data. The ciphertext hash of the target data is used to verify the target data to determine whether the target data is altered during transmission.
In one embodiment, calculating a hash of the target data and encrypting the hash of the target data to obtain a ciphertext hash of the target data includes: receiving target data sent by a control unit of the intelligent furniture; performing hash operation on the target data to obtain the hash of the target data; and carrying out asymmetric encryption on the hash of the target data to obtain the ciphertext hash of the target data.
In one embodiment, the hash operation is performed on the target data, and the hash of the target data is obtained by performing calculation on the target data according to any hash algorithm such as MD5, SHA1, SHA3, and the like, and the hash of the target data cannot be obtained by inverse operation. And after the hash of the target data is obtained, asymmetrically encrypting the hash of the target data to obtain a ciphertext hash of the target data which can be decrypted.
In one embodiment, asymmetrically encrypting the hash of the target data to obtain the ciphertext hash of the target data comprises: performing asymmetric encryption on the hash of the target data through a private key of a security chip to obtain a ciphertext hash of the target data; the private key of the security chip corresponds to the public key of the security chip, and the public key of the security chip is used for carrying out communication authentication on the intelligent furniture. Therefore, the terminal encrypts the data through the private key of the security chip, the server receives the communication authentication data, and the data is analyzed through the private key matched with the public key to obtain the ciphertext hash of the target data and the target data; and then, the ciphertext hash is split from the communication authentication data, the ciphertext hash in the communication authentication data is decrypted through a public key of the safety chip, and the decryption result is matched with the target data in the communication authentication data, so that the communication authentication of the intelligent furniture is realized.
And step 208, carrying out hash encryption on the target data and the ciphertext of the target data through the authenticated public key to obtain communication authentication data.
In one embodiment, encrypting the target data with a ciphertext hash of the target data with the authenticated public key comprises: splicing the target data and the ciphertext hash of the target data to obtain spliced data of the target data; and encrypting the spliced data of the target data through the authenticated public key to obtain communication authentication data. The communication authentication data is used for transmitting the target data to the server, and the server is enabled to authenticate whether the target data is changed in the transmission process based on the communication authentication data so as to judge whether the target data is changed in the transmission process.
And step 210, sending the communication authentication data to a server so as to perform communication authentication on the intelligent furniture based on the communication authentication data.
In one embodiment, sending the communication authentication data to the server comprises: after the communication authentication data are generated through the security chip, the communication authentication data are sent to the cloud server through the MCU and the communication module, so that the cloud server can carry out communication authentication on the intelligent furniture based on the communication authentication data.
In the communication authentication method for the intelligent furniture, an authentication request is sent to a server so that the server returns combined data obtained by combining public key and ciphertext hash; the ciphertext hash is obtained by encrypting the hash of the public key, and the request process of the combined data occupies less computing resources; and receiving the combined data, judging whether the public key in the combined data is matched with the ciphertext hash, if so, authenticating the public key in the combined data to obtain an authenticated public key, and judging whether the public key in the combined data is changed in the transmission process through less calculation so as to perform the safety authentication of the public key through less calculation resources. When data interaction is carried out, the hash of the target data is calculated, and the hash of the target data is encrypted to obtain the ciphertext hash of the target data; encrypting the target data and the ciphertext hash of the target data through the authenticated public key to obtain communication authentication data; the communication authentication data of the target data are obtained through fewer computing resources, the server can directly check through the communication authentication data, whether the target data are changed by a third party in the transmission process is detected, and the communication authentication data are sent to the server so as to carry out communication authentication on the intelligent furniture based on the communication authentication data.
In one embodiment, as shown in fig. 3, a communication authentication method for smart furniture is provided, which is described by taking the method as an example applied to the server 104 in fig. 1, and includes the following steps:
step 302, receiving an authentication request sent by a security chip.
After receiving an authentication request sent by a certain security chip, verifying the authentication request. In the process of verifying the authentication request, comparing the received authentication request with a corresponding verification value to obtain a verification result of the authentication request of the security chip; if the verification result of the authentication request represents and the authentication request passes the verification, the server responds to the authentication request and executes corresponding steps; otherwise, the security authentication is finished.
Step 304, responding to the authentication request, sending the combined data obtained by the hash combination of the public key and the ciphertext to the security chip so that the security chip authenticates the public key in the combined data; the ciphertext hash is obtained by encrypting a hash of the public key.
The ciphertext hash is obtained by asymmetrically encrypting the public key. The ciphertext hash can be analyzed to be a hash plaintext corresponding to the ciphertext hash, the public key is subjected to hash calculation in the same way, a hash for verification can also be obtained, and whether the public key in the combined data is changed by a third party or not is judged according to a matching result of the hash plaintext corresponding to the ciphertext hash and the hash for verification.
In one embodiment, in response to the authentication request, sending combined data resulting from the combination of the public key and the ciphertext hash to the secure chip comprises: generating a public key and a private key adapted to the public key in response to the authentication request; carrying out hash operation on the public key to obtain the hash of the public key; encrypting the hash of the public key based on a private key of the server to obtain a ciphertext hash; and combining the public key and the ciphertext hash to obtain combined data corresponding to the authentication request.
In one embodiment, generating a public key and a private key to which the public key is adapted in response to an authentication request includes: the server responds to an authentication request of certain intelligent furniture, and generates a public key corresponding to the authentication request and a private key matched with the public key based on a certain public key algorithm. The public key algorithm includes, but is not limited to, an RSA algorithm, an elliptic curve algorithm, and the like.
The process of performing hash calculation on the public key adopts a process of performing calculation according to a certain hash algorithm. The hashing algorithm may be any one algorithm, or any combination of algorithms, not limited to MD5, SHA1, SHA3, etc., to take into account security and computational effort. For example: in order to reduce the calculation amount, a hash algorithm with less calculation resources can be used for operation; in order to improve the security, a more complex hash algorithm may be used, or a combination of multiple hash algorithms may be used.
Step 306, receiving communication authentication data sent by the security chip; the communication authentication data is obtained by the security chip through the authenticated public key to hash and encrypt the target data and the ciphertext of the target data.
The generation process, the sending process of the communication authentication data are executed in the terminal, and the process, the definition and the related effects thereof can refer to the embodiments of step 206-step 210 in the present application.
And 308, analyzing the communication authentication data through a private key matched with the public key to obtain a ciphertext hash of the target data and the target data.
In one embodiment, parsing the communication authentication data with a public key adapted private key comprises: and analyzing the communication authentication data through a private key matched with the public key to obtain the ciphertext hash of the received target data and the target data. The private key adapted to the public key is used for decrypting a ciphertext obtained by encrypting the public key.
And step 310, judging whether the target data is matched with the ciphertext hash of the target data, and obtaining a communication authentication result of the intelligent furniture.
The target data is interactive data, and when the target data is not sent, the target data cannot be changed in the transmission process; when the server receives the communication authentication data, the target data may be changed in the course of propagation. Thus, the target data is concatenated with the ciphertext hash of the target data and encrypted to detect whether the target data is altered.
In one embodiment, determining whether the target data matches the ciphertext hash of the target data comprises: matching a result obtained by performing encryption operation on the received target data and a result obtained by performing decryption on the ciphertext hash of the target data to obtain a target data verification result; and judging whether the received target data is matched with the ciphertext hash of the target data or not based on the target data checking result. For example: and when the target data verification result is represented, the received target data is subjected to the result of encryption operation, and the result of decryption of the ciphertext hash of the target data is unmatched, judging that the public key and the ciphertext hash in the combined data are unmatched.
In one embodiment, the ciphertext hash of the target data is obtained by encrypting the hash of the target data with a private key of the security chip. The private key of the security chip is stored in the security chip, and the public key of the security chip is stored in the server. The public key of the security chip and the private key of the security chip have a corresponding relationship of asymmetric encryption. The asymmetric encryption corresponding relation means that the data encrypted by the public key of the security chip can be decrypted by the private key of the security chip; and the data encrypted by the private key of the security chip can be decrypted by the public key of the security chip. The private key of the security chip is an encrypted private key for target data verification, the server uses the public key of the security chip for decryption to verify whether the target data in the communication authentication data is sent by legal intelligent furniture or not, and to verify whether the target data is changed in the transmission process or not.
Correspondingly, judging whether the ciphertext hash of the target data is matched with the ciphertext hash of the target data comprises the following steps: performing hash operation on the target data to obtain a verification hash of the target data; decrypting the ciphertext hash of the target data based on the public key of the security chip to obtain the plaintext hash of the target data; and judging whether the verification hash of the target data is matched with the plaintext hash of the target data.
If the verification hash of the target data is matched with the plaintext hash of the target data, determining that the target data is data capable of being communicated; and if the data are not matched, determining that the target data are data which cannot be communicated.
In the communication authentication method of the intelligent furniture, an authentication request sent by a security chip is received; and sending combined data obtained by combining the public key and the ciphertext hash to the security chip in response to the authentication request so that the security chip authenticates the public key in the combined data, the request process of the combined data occupies less computing resources, and whether the public key in the combined data is changed in the transmission process is judged through less computation so as to perform the security authentication of the public key through less computing resources. When data interaction is carried out, communication authentication data sent by the security chip are received; the communication authentication data is obtained by the security chip through the authenticated public key to hash and encrypt the target data and the ciphertext of the target data; the communication authentication data is analyzed through the private key matched with the public key to obtain the ciphertext hash of the target data and the target data, so that the ciphertext hash of the target data and the target data in the communication authentication data can be directly checked, and the target data is detected to be changed by a third party in the transmission process, so that the safety is improved.
In one embodiment, the steps 202 to 210, and the steps 302 to 310 are discussed together to understand the overall scheme of the present application, and specifically include the following steps:
the intelligent furniture sends an authentication request to a server;
the server receives an authentication request sent by the security chip;
the server responds to the authentication request and sends combined data obtained by combining public key and ciphertext hash to the security chip;
the intelligent furniture receives the combined data and judges whether a public key in the combined data is matched with the ciphertext hash or not, if so, the public key in the combined data passes the authentication to obtain an authenticated public key;
when the intelligent furniture carries out data interaction with a server, calculating the hash of target data, and encrypting the hash of the target data to obtain the ciphertext hash of the target data;
the intelligent furniture encrypts the target data and the ciphertext hash of the target data through the authenticated public key to obtain communication authentication data;
the smart furniture sends the communication authentication data to the server so as to carry out communication authentication on the smart furniture based on the communication authentication data.
The server receives communication authentication data sent by the security chip;
the server analyzes the communication authentication data through a private key matched with the authenticated public key to obtain ciphertext hash of the target data and the target data;
and the server judges whether the target data is matched with the ciphertext hash of the target data or not to obtain a communication authentication result of the intelligent furniture.
In the embodiment, the ciphertext hash is obtained by encrypting the hash of the public key, the request process of the combined data occupies less computing resources, and when the public key is verified, whether the public key in the combined data is changed in the transmission process is judged through less computation, so that the safe authentication of the public key is performed through less computing resources; when data interaction is carried out, communication authentication data of the target data are obtained through fewer computing resources, and the server can directly check the target data in the communication authentication data and the ciphertext hash of the target data, so that both communication cost and communication safety are considered.
Specifically, the communication authentication method for smart furniture provided by the embodiment of the present application may be applied to an application environment shown in fig. 1. Wherein:
a security chip: an embedded data security chip for intellectual property protection and data protection, hereinafter referred to as security chip. The safety chip can store self-defined data and run a self-defined algorithm. In the security authentication scheme, the custom data and the algorithm stored in the security chip can not be read and analyzed by the outside, so that the security algorithm can be stored in the security chip.
A control unit: the chip is a general MCU chip, FPGA chip or the like, and is referred to as MCU in the following. The program running in the system has the danger of being exported and analyzed by a third party, so that the system is used for storing and running data and codes which have low requirements on safety. In the security authentication scheme, the data and algorithm stored in the MCU can be considered as transparent to the outside, so that the security algorithm is prohibited from being placed in the MCU.
A communication module: the embedded communication module has networking functions such as 4G (fourth generation mobile communication technology) or WiFi (wireless network communication technology), the control port is communicated with the MCU, and the embedded communication module has a function of networking equipment.
Cloud server: cloud server or internet of things platform, hereinafter referred to as cloud server for short. The cloud server is kept in a special machine room, and an encryption interaction algorithm is operated on the cloud server. In the security authentication scheme, it can be considered that the security algorithm and the interaction logic operated in the cloud server cannot be read and analyzed by the outside.
In one embodiment, as shown in FIG. 5, the implementation of the present solution is discussed by the application environment shown in FIG. 4, which includes the following steps:
1. generating a group of key pairs of the server according to a public key algorithm PKA1, wherein the public key of the server is marked as PubKey1 and stored in a security chip; the private key of the server is marked as PrivKey1 and stored in the cloud server;
2. generating a group of key pairs of the security chips according to a public key algorithm PKA3, wherein the public key of the security chip is marked as PubKey3 and stored in a cloud server; and the private key of the security chip is recorded as PrivKey3 and stored in the security chip.
3. The security chip sends an authentication request to the cloud server through the MCU and the communication module, the plaintext of the authentication request is a fixed value and is marked as AuthReq, and the fixed value is ASCII (American Standard code for information interchange) of AuthRequest.
4. And after receiving the AuthReq, the cloud server judges whether the Auth is ASCII of the AuthRequest, and if not, the authentication process is terminated.
5. If the value of AuthReq is equal to ASCII of AuthRequest, the cloud server generates a group of key pairs according to a public key algorithm PKA2, wherein the public key is marked as PubKey2, and the private key is marked as PrivKey2.
6. The cloud server calculates the hash of the public key PubKey2 through a hash algorithm HA1, and the obtained hash value of the public key is recorded as HashB1.
7. The cloud server encrypts the hash value HashB1 of the public key by using a public key algorithm PKA1, the encrypted key is the private key PrivKey1 of the server, and the ciphertext hash CipherHash1 is obtained.
8. And splicing the public key PubKey2 generated by the cloud server with the CipherText hash CipherHash1 to obtain combined data CipherText1, and returning the combined data CipherText1 to the security chip through the communication module and the MCU.
9. The security chip obtains the combined data CipherText1, and does not know whether the received combined data CipherText1 is modified by a third party in the communication process. The CipherText is recorded as received combined data CipherText2, and is split into a public key PubKey2 to be verified and a CipherText hash CipherHash1 of the public key to be verified.
10. The security chip uses the same hash algorithm HA1 to hash the public key PubKey2 to be verified, and a verification hash HashB1 of the public key in the combined data is obtained.
11. The security chip uses the same public key algorithm PKA1, and uses the public key PubKey1 of the server to decrypt the ciphertext hash CipherHash1 of the public key to be verified, so as to obtain the plaintext hash Hash B1 corresponding to the ciphertext hash.
12. And the safety chip compares whether the verification hash HashB1 of the public key in the combined data is completely the same as the plaintext hash HashB1 corresponding to the ciphertext hash, and if not, the authentication process is terminated.
13. If the verification hash HashB1 of the public key in the combined data is completely the same as the plaintext hash HashB1 corresponding to the ciphertext hash, the security chip writes PubKey2 into the internal storage space of the security chip.
In this embodiment, in the steps 1 to 13, each time the smart seat is started, the public key PubKey2 and the private key PrivKey2 are not changed during the power-on period of the smart furniture, but the public key PubKey2 and the private key PrivKey2 are updated as long as the system is reinitialized every time the smart seat is powered on again.
Further, after step 13, as shown in fig. 6, the method further comprises an interacting step, wherein:
14. when the control unit MCU in the intelligent seat needs to upload the target Data to the cloud server, the target Data which needs to be uploaded is transmitted to the security chip.
15. After the security chip receives the target Data, the hash algorithm HA2 is utilized to hash the target Data to obtain a hash HashA1 of the target Data.
16. The safety chip encrypts the hash value HashA1 of the target data by using a public key algorithm PKA3, the encrypted key is a private key PrivKey3 of the safety chip, and the ciphertext hash CipherHash2 of the target data is obtained.
17. The security chip splices the Data of the target Data and the CipherText hash CipherHash2 of the target Data to obtain combined Data CipherText2 of the target Data.
18. The security chip encrypts the combined data CipherText2 of the target data by using a public key algorithm PKA2, and the encrypted key is an authenticated public key PubKey2 to obtain communication authentication data CipherText3.
19. Communication authentication data CipherText3 is uploaded to the cloud server through the MCU and the communication module.
20. When the cloud server receives the sent communication authentication data, the cloud server does not know whether the communication authentication data is modified by a third party in the communication process. The communication authentication data is communication authentication data CipherText3 received by the server.
21. The cloud server decrypts the communication authentication data CipherText3 received by the server by using a public key algorithm PKA2 and a private key PrivKey2 matched with an authenticated public key to obtain spliced data CipherText2 of the target data, wherein the spliced data of the target data is obtained by hashing and splicing the target data and a CipherText of the target data.
22. The cloud server splits the spliced Data CipherText2 of the target Data into the target Data parsed by the server and the CipherText hash CipherHash2 of the target Data parsed by the server.
23. The cloud server uses the same hash algorithm HA2 to calculate the hash of the target Data analyzed by the server, and the verification hash HashA1 of the target Data is obtained.
24. The cloud server uses the same public key algorithm PKA3, and decrypts the ciphertext hash CipherHash2 of the target data by using the public key PubKey3 of the security chip to obtain a plaintext hash Hash A1 of the target data.
25. And the cloud server compares whether the verification hash HashA1 of the target data is completely the same as the plaintext hash HashA1 of the target data or not, and if not, the authentication process is terminated.
26. And if the verification hash HashA1 of the target Data is completely the same as the plaintext hash HashA1 of the target Data, the cloud server judges that the target Data analyzed by the server is Data transmitted by legal equipment and is not modified by a third party.
In this embodiment, the related important data includes:
AuthReq: and sending the authentication request plaintext generated by the security chip to the cloud server.
CipherHash1: the cloud server encrypts a ciphertext hash obtained by HashB1 by using the PrivKey 1; cirpherhash 1: the security chip hashes a CipherText obtained by splitting the CipherText 1; cipherHash2: the security chip encrypts a ciphertext hash obtained by HashA1 by using the PrivKey 3; cirpherhash 2: the cloud server hashes a CipherText obtained by splitting the CipherText 2; cipherText1: the cloud server sends a ciphertext to the security chip; cipherText1: the security chip receives the ciphertext through the insecure communication channel; cipherText2: the security chip splices the Data and the ciphertext CipherHash2 to obtain a ciphertext; cipherText2: cipherText3 is the content obtained by decrypting PKA2 and PrivKey 2; cipherText3: the security chip encrypts a CipherText obtained by the CipherText2 by using PubKey 2; cipherText3: the cloud server receives the ciphertext through an unsafe communication channel;
data: the method comprises the following steps that original data plaintext needing to be sent to a cloud server by an intelligent seat is obtained; data is as follows: and the cloud server splits the CipherText2 to obtain a plaintext.
HA1: a hashing algorithm; HA2: a hashing algorithm.
HashA1: the security chip performs hash obtained after HA2 on the Data; hashA1: the cloud server obtains hashes by making HA2 on Data; hashA1 ×: the cloud server uses a PKA3 algorithm, and uses a public key PubKey3 to decrypt a plaintext hash obtained by CipherHash 2;
HashB1: the cloud server performs hash calculation on the PubKey2 to obtain a plaintext hash; hashB1 ×: the safety chip obtains hash after HA1 is carried out on PubKey 2; hashB1 ×: the security chip uses a PKA1 algorithm to decrypt a plaintext hash obtained by CipherHash1 by using a public key PubKey 1.
PKA1: a public key algorithm; PKA2: a public key algorithm; PKA3: a public key algorithm.
PrivKey1: a secret key stored in a cloud server in advance; privKey2: a key generated by the cloud server; privKey3: a key stored in the secure chip in advance.
PubKey1: a secret key stored in the security chip in advance; pubKey2: a key generated by the cloud server; pubKey2 ×: the security chip splits the CipherText1 to obtain a key; pubKey3: and the key is stored in the cloud server in advance.
The hashing algorithm may be selected and is not limited to MD5, SHA1, SHA3, etc. PKA1, PKA2, PKA3: the three public key algorithms may be the same or different, and the public key algorithms are optional and not limited to RSA, elliptic curve, and the like.
Therefore, the encryption transmission and tampering detection of information are completed by utilizing the encryption and signature verification functions of the asymmetric algorithm, the validity of both communication parties can be verified, if a third party makes a cloud server or an intelligent seat in a fake mode, a safety authentication mechanism can detect and terminate an authentication process in time, and intellectual property is protected.
Specifically, firstly, the key interaction logic of the embodiment occurs between the security chip and the cloud server, and the two components can be completely considered as black boxes, and the possibility of malicious cracking and reverse analysis by a third party is almost 0. Compared with the situation that the MCU is put into the interactive logic, the safety is improved. Secondly, the application does not require the adoption of the MCU with high safety, thereby reducing the cost and having mass production feasibility. Moreover, compared with the situation that the X509 certificate is put into the communication module, the method and the system avoid man-in-the-middle attack and communication plaintext leakage caused by replacement of the certificate, do not need an Internet of things platform to support verification of the X509 certificate, and enhance universality.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not limited to being performed in the exact order illustrated and, unless explicitly stated herein, may be performed in other orders. Moreover, at least a part of the steps in the flowcharts related to the embodiments described above may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the execution order of the steps or stages is not necessarily sequential, but may be rotated or alternated with other steps or at least a part of the steps or stages in other steps.
Based on the same inventive concept, the embodiment of the application also provides a communication authentication device for the intelligent furniture, which is used for realizing the communication authentication method for the intelligent furniture. The implementation scheme for solving the problem provided by the device is similar to the implementation scheme recorded in the method, so specific limitations in the following embodiments of the communication authentication device for one or more intelligent furniture can be referred to the limitations of the communication authentication method for the intelligent furniture, and are not described again here.
In one embodiment, as shown in fig. 7, there is provided a communication authentication apparatus for smart furniture, including: an authentication request sending module 702, a public key authentication module 704, a data encryption module 706, a communication authentication data generation module 708, and a communication authentication data sending module 710, wherein:
an authentication request sending module 702, configured to send an authentication request to a server, so that the server returns combined data obtained by combining public key and ciphertext hashes; the ciphertext hash is obtained by encrypting the hash of the public key;
a public key authentication module 704, configured to receive the combined data, and determine whether a public key in the combined data matches a ciphertext hash, if yes, the public key in the combined data passes authentication, so as to obtain an authenticated public key;
the data encryption module 706 is configured to calculate a hash of target data during data interaction, and encrypt the hash of the target data to obtain a ciphertext hash of the target data;
a communication authentication data generation module 708, configured to hash and encrypt the target data and the ciphertext of the target data through the authenticated public key to obtain communication authentication data;
a communication authentication data sending module 710, configured to send the communication authentication data to the server, so as to perform communication authentication on the smart furniture based on the communication authentication data.
In one embodiment, the data encryption module 706 includes:
the target data acquisition unit is used for receiving the target data sent by the control unit of the intelligent furniture;
the hash calculation unit of the target data is used for carrying out hash operation on the target data to obtain the hash of the target data;
and the ciphertext hash calculation unit is used for asymmetrically encrypting the hash of the target data to obtain the ciphertext hash of the target data.
In one embodiment, the ciphertext hash calculation unit is specifically configured to: performing asymmetric encryption on the hash of the target data through a private key of the security chip to obtain a ciphertext hash of the target data; the private key of the security chip corresponds to the public key of the security chip, and the public key of the security chip is used for carrying out communication authentication on the intelligent furniture.
In one embodiment, the ciphertext hash in the combined data is obtained by encrypting the hash of the public key according to a private key of the server; the public key authentication module 704 includes:
the combined data splitting unit is used for splitting the combined data to obtain a public key in the combined data and a ciphertext hash in the combined data;
the verification hash generation unit is used for carrying out hash operation on the public key in the combined data to obtain a verification hash of the public key in the combined data;
the ciphertext hash decryption unit is used for decrypting the ciphertext hash in the combined data through the public key of the server to obtain a plaintext hash corresponding to the ciphertext hash;
and the target data verification unit is used for judging whether the verification hash of the public key in the combined data is consistent with the plaintext hash corresponding to the ciphertext hash.
In one embodiment, as shown in fig. 8, the present application further provides a communication authentication device for smart furniture. The device comprises:
an authentication request receiving module 802, configured to receive an authentication request sent by a security chip;
a public key returning module 804, configured to send, in response to the authentication request, combined data obtained by combining a public key and a ciphertext hash to the secure chip, so that the secure chip authenticates the public key in the combined data; the ciphertext hash is obtained by encrypting the hash of the public key;
a communication authentication data receiving module 806, configured to receive communication authentication data sent by the security chip; the communication authentication data is obtained by the security chip through the authenticated public key to encrypt the target data and the ciphertext hash of the target data;
a communication authentication data analysis module 808, configured to analyze the communication authentication data through a private key adapted to the authenticated public key to obtain a ciphertext hash of the target data and the target data;
and the communication authentication module 810 is configured to determine whether the target data is matched with the ciphertext hash of the target data, so as to obtain a communication authentication result of the intelligent furniture.
In one embodiment, the public key returning module 804 includes:
a key generation unit, configured to generate a public key and a private key adapted to the public key in response to the authentication request;
the public key hash calculation unit is used for carrying out hash operation on the public key to obtain the hash of the public key;
the ciphertext hash generating unit is used for encrypting the hash of the public key based on the private key of the server to obtain a ciphertext hash;
and the public key combination unit is used for combining the public key and the ciphertext hash to obtain the combined data corresponding to the authentication request.
In one embodiment, the ciphertext hash of the target data is obtained by encrypting the hash of the target data through a private key of the security chip; the communication authentication module 810 includes:
the verification hash generation unit is used for carrying out hash operation on the target data to obtain a verification hash of the target data;
the plaintext hash unit of the target data is used for decrypting the ciphertext hash of the target data based on the public key of the security chip to obtain the plaintext hash of the target data;
a target data verification unit to determine whether a verification hash of the target data matches a plaintext hash of the target data.
From this, through the communication authentication device of intelligent furniture, utilize asymmetric algorithm's encryption and verify signing function, accomplish the encryption transmission and the detection of falsifying of information, this embodiment can check up the legality of communication both sides, if the pseudo-cloud server or the intelligent seat of making of third party, the security authentication mechanism can both detect and in time terminate the authentication flow, has protected intellectual property right. The key interaction logic of the embodiment occurs between the security chip and the cloud server, and the two components can be completely considered as black boxes, and the possibility of malicious cracking and reverse analysis by a third party is almost 0. Compared with the situation that the MCU is put into the interactive logic, the safety is improved. Secondly, the application does not require the adoption of the MCU with high safety, thereby reducing the cost and having mass production feasibility. Moreover, compared with the situation that the X509 certificate is put into the communication module, the method and the system avoid man-in-the-middle attack and communication plaintext leakage caused by replacement of the certificate, do not need an Internet of things platform to support verification of the X509 certificate, and enhance universality.
The modules in the communication authentication device of the intelligent furniture can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 9. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WI-FI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program is executed by the security chip to realize a communication authentication method of intelligent furniture.
Those skilled in the art will appreciate that the architecture shown in fig. 9 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In an embodiment, a computer device is further provided, which includes a secure chip, where a computer program is stored in the secure chip, and when the computer program is executed by a processor, the steps in the foregoing method embodiments are implemented.
In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
In an embodiment, a computer program product is provided, comprising a computer program which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
It should be noted that, the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, databases, or other media used in the embodiments provided herein can include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high-density embedded nonvolatile Memory, resistive Random Access Memory (ReRAM), magnetic Random Access Memory (MRAM), ferroelectric Random Access Memory (FRAM), phase Change Memory (PCM), graphene Memory, and the like. Volatile Memory can include Random Access Memory (RAM), external cache Memory, and the like. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others. The databases referred to in various embodiments provided herein may include at least one of relational and non-relational databases. The non-relational database may include, but is not limited to, a block chain based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic devices, quantum computing based data processing logic devices, etc., without limitation.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.
Claims (11)
1. A communication authentication method for smart furniture, which is executed by a security chip of the smart furniture, the method comprising:
when the intelligent furniture is started, the security chip generates an authentication request and sends the authentication request to a server so that the server returns combined data obtained by combining public key and ciphertext hash; the ciphertext hash is obtained by encrypting the hash of the public key; the public key is updated after the intelligent furniture is started; the authentication request is used for controlling the server to feed back the public key after the intelligent furniture is started at this time;
receiving the combined data, judging whether a public key in the combined data is matched with a ciphertext hash, if so, authenticating the public key in the combined data to obtain an authenticated public key; temporarily storing the authenticated public key in the security chip;
when data interaction is carried out, calculating the hash of target data, and encrypting the hash of the target data to obtain the ciphertext hash of the target data; the target data is data which is sent to a server through the intelligent furniture for communication; the ciphertext hash of the target data is a reversible encryption, and the hash of the target data is an irreversible encryption;
encrypting the target data and the ciphertext hash of the target data through the authenticated public key to obtain communication authentication data;
and sending the communication authentication data to the server to perform communication authentication on the intelligent furniture based on the communication authentication data.
2. The method of claim 1, wherein the computing a hash of the target data and encrypting the hash of the target data to obtain a ciphertext hash of the target data comprises:
receiving target data sent by a control unit of the intelligent furniture;
performing hash operation on the target data to obtain a hash of the target data;
and carrying out asymmetric encryption on the hash of the target data to obtain the ciphertext hash of the target data.
3. The method of claim 2, wherein the asymmetrically encrypting the hash of the target data to obtain the ciphertext hash of the target data comprises:
performing asymmetric encryption on the hash of the target data through a private key of the security chip to obtain a ciphertext hash of the target data;
the private key of the security chip corresponds to the public key of the security chip, and the public key of the security chip is used for performing communication authentication on the intelligent furniture.
4. The method according to claim 1, wherein the ciphertext hash in the combined data is obtained by encrypting a hash of the public key with a private key of the server; the judging whether the public key and the ciphertext hash in the combined data are matched comprises:
splitting the combined data to obtain a public key in the combined data and a ciphertext hash in the combined data;
performing hash operation on the public key in the combined data to obtain a verification hash of the public key in the combined data;
decrypting the ciphertext hash in the combined data through the public key of the server to obtain a plaintext hash corresponding to the ciphertext hash;
and judging whether the verification hash of the public key in the combined data is consistent with the plaintext hash corresponding to the ciphertext hash.
5. A communication authentication method for smart furniture, performed by a server, the method comprising:
receiving an authentication request sent by a security chip; the authentication request is generated and sent by the security chip when the intelligent furniture is started, and the authentication request is used for controlling the server to feed back an updated public key of the current start of the intelligent furniture;
in response to the authentication request, sending combined data obtained by combining public key and ciphertext hash to the security chip so that the security chip authenticates the public key in the combined data; the ciphertext hash is obtained by encrypting the hash of the public key; the public key is updated after the intelligent furniture is started, so that the authenticated public key is temporarily stored in the security chip;
receiving communication authentication data sent by the security chip when data interaction is carried out; the communication authentication data is obtained by the security chip through the authenticated public key to hash and encrypt the target data and the ciphertext of the target data; the target data is data which is sent to a server through the intelligent furniture for communication; the ciphertext hash of the target data is a reversible encryption, and the hash of the target data is an irreversible encryption;
analyzing the communication authentication data through a private key matched with the authenticated public key to obtain ciphertext hash of the target data and the target data;
and judging whether the target data is matched with the ciphertext hash of the target data or not to obtain a communication authentication result of the intelligent furniture.
6. The method of claim 5, wherein sending combined data resulting from a combination of public key and ciphertext hashes to the secure chip in response to the authentication request comprises:
generating a public key and a private key adapted to the public key in response to the authentication request;
carrying out hash operation on the public key to obtain the hash of the public key;
encrypting the hash of the public key based on the private key of the server to obtain a ciphertext hash;
and combining the public key and the ciphertext hash to obtain combined data corresponding to the authentication request.
7. The method according to claim 5, wherein the ciphertext hash of the target data is obtained by encrypting the hash of the target data by a private key of the security chip; the determining whether the target data matches the ciphertext hash of the target data includes:
performing hash operation on the target data to obtain a verification hash of the target data;
decrypting the ciphertext hash of the target data based on the public key of the security chip to obtain the plaintext hash of the target data;
and judging whether the verification hash of the target data is matched with the plaintext hash of the target data.
8. A communication authentication apparatus for smart furniture, the apparatus comprising:
when the intelligent furniture is started, the authentication request sending module is used for generating an authentication request through a security chip and sending the authentication request to a server so that the server returns combined data obtained by hashing a public key and a ciphertext; the ciphertext hash is obtained by encrypting the hash of the public key; the public key is updated after the intelligent furniture is started; the authentication request is used for controlling the server to feed back the public key after the intelligent furniture is started at this time;
the public key authentication module is used for receiving the combined data and judging whether a public key in the combined data is matched with a ciphertext hash or not, if so, the public key in the combined data passes authentication to obtain an authenticated public key; temporarily storing the authenticated public key in the security chip;
the data encryption module is used for calculating the hash of target data during data interaction and encrypting the hash of the target data to obtain the ciphertext hash of the target data; the target data is data which is sent to a server through the intelligent furniture for communication; the ciphertext hash of the target data is a reversible encryption, and the hash of the target data is an irreversible encryption;
the communication authentication data generation module is used for encrypting the target data and the ciphertext hash of the target data through the authenticated public key to obtain communication authentication data;
and the communication authentication data sending module is used for sending the communication authentication data to the server so as to carry out communication authentication on the intelligent furniture based on the communication authentication data.
9. A communication authentication apparatus for smart furniture, the apparatus comprising:
the system comprises an authentication request receiving module, a security chip and a server, wherein the authentication request receiving module is used for receiving an authentication request generated and sent by the security chip when the intelligent furniture is started, the authentication request is generated and sent by the security chip when the intelligent furniture is started, and the authentication request is used for controlling the server to feed back an updated public key of the intelligent furniture when the intelligent furniture is started;
a public key returning module, configured to send, in response to the authentication request, combined data obtained by combining a public key and a ciphertext hash to the secure chip, so that the secure chip authenticates the public key in the combined data; the ciphertext hash is obtained by encrypting the hash of the public key; the public key is updated after the intelligent furniture is started, so that the authenticated public key is temporarily stored in the security chip;
the communication authentication data receiving module is used for receiving the communication authentication data sent by the security chip; the communication authentication data is obtained by the security chip through the authenticated public key to encrypt the target data and the ciphertext hash of the target data;
the communication authentication data analysis module is used for analyzing the communication authentication data through a private key matched with the authenticated public key to obtain a ciphertext hash of the target data and the target data; the target data is data which is sent to a server through the intelligent furniture for communication; the ciphertext hash of the target data is a reversible encryption, and the hash of the target data is an irreversible encryption;
and the communication authentication module is used for judging whether the target data is matched with the ciphertext hash of the target data to obtain a communication authentication result of the intelligent furniture.
10. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 7.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210888420.2A CN115001864B (en) | 2022-07-27 | 2022-07-27 | Communication authentication method and device for intelligent furniture, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210888420.2A CN115001864B (en) | 2022-07-27 | 2022-07-27 | Communication authentication method and device for intelligent furniture, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115001864A CN115001864A (en) | 2022-09-02 |
| CN115001864B true CN115001864B (en) | 2023-03-10 |
Family
ID=83022534
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210888420.2A Active CN115001864B (en) | 2022-07-27 | 2022-07-27 | Communication authentication method and device for intelligent furniture, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115001864B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116702177B (en) * | 2023-06-21 | 2024-02-20 | 王芹生 | System and method for safely transmitting big data of computer |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017131775A1 (en) * | 2016-01-29 | 2017-08-03 | Hewlett Packard Enterprise Development Lp | Device attestation |
| CN107040369B (en) * | 2016-10-26 | 2020-02-11 | 阿里巴巴集团控股有限公司 | Data transmission method, device and system |
| CN110113745A (en) * | 2019-04-29 | 2019-08-09 | 中兴新能源汽车有限责任公司 | Verification method, server, mobile unit and the storage medium of mobile unit |
| CN111541677B (en) * | 2020-04-17 | 2021-08-13 | 中国科学院上海微系统与信息技术研究所 | Safe hybrid encryption method based on narrowband Internet of things |
| CN111931158A (en) * | 2020-08-10 | 2020-11-13 | 深圳大趋智能科技有限公司 | Bidirectional authentication method, terminal and server |
| CN112202556B (en) * | 2020-10-30 | 2023-07-04 | 联通物联网有限责任公司 | Security authentication method, device and system |
| CN112637166B (en) * | 2020-12-15 | 2022-07-22 | 平安科技(深圳)有限公司 | Data transmission method, device, terminal and storage medium |
| CN112733107B (en) * | 2021-04-02 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Information verification method, related device, equipment and storage medium |
-
2022
- 2022-07-27 CN CN202210888420.2A patent/CN115001864B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN115001864A (en) | 2022-09-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11323275B2 (en) | Verification of identity using a secret key | |
| US7697691B2 (en) | Method of delivering Direct Proof private keys to devices using an on-line service | |
| US20190007215A1 (en) | In-vehicle information communication system and authentication method | |
| US11050562B2 (en) | Target device attestation using a trusted platform module | |
| US7693286B2 (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
| CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
| US11153074B1 (en) | Trust framework against systematic cryptographic | |
| CN114257376B (en) | Digital certificate updating method, device, computer equipment and storage medium | |
| US20060013399A1 (en) | Method of delivering direct proof private keys to devices using a distribution CD | |
| CN117155549A (en) | Key distribution method, key distribution device, computer equipment and storage medium | |
| CN115348107A (en) | Internet of things equipment secure login method and device, computer equipment and storage medium | |
| CN115001864B (en) | Communication authentication method and device for intelligent furniture, computer equipment and storage medium | |
| CN117081736A (en) | Key distribution method, key distribution device, communication method, and communication device | |
| CN115514492A (en) | BIOS firmware verification method, device, server, storage medium and program product | |
| CN116049802B (en) | Application single sign-on method, system, computer equipment and storage medium | |
| CN116232639B (en) | Data transmission method, device, computer equipment and storage medium | |
| CN108390758B (en) | User password processing method and device and internal control security monitoring system | |
| CN114553557B (en) | Key calling method, device, computer equipment and storage medium | |
| CN108242997B (en) | Method and apparatus for secure communication | |
| US20240187262A1 (en) | Encrypted and authenticated firmware provisioning with root-of-trust based security | |
| CN115694833A (en) | Collaborative signature method | |
| CN115361198A (en) | Decryption method, encryption method, device, computer equipment and storage medium | |
| CN114065170A (en) | Method and device for acquiring platform identity certificate and server | |
| CN114238915A (en) | Digital certificate adding method and device, computer equipment and storage medium | |
| CN116980228B (en) | Method and system for realizing anonymous identity login in Internet environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |