CN115051871A - Authentication method and device, and storage medium - Google Patents
Authentication method and device, and storage medium Download PDFInfo
- Publication number
- CN115051871A CN115051871A CN202210762998.3A CN202210762998A CN115051871A CN 115051871 A CN115051871 A CN 115051871A CN 202210762998 A CN202210762998 A CN 202210762998A CN 115051871 A CN115051871 A CN 115051871A
- Authority
- CN
- China
- Prior art keywords
- authentication
- ciphertext data
- data
- key
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 239000000047 product Substances 0.000 claims description 62
- 238000004590 computer program Methods 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 7
- 230000006870 function Effects 0.000 claims description 6
- 239000007795 chemical reaction product Substances 0.000 claims description 2
- 238000012790 confirmation Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 4
- 230000008859 change Effects 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of data communication, and discloses an authentication method, authentication equipment and a storage medium. The authentication method comprises the following steps: the encryption and decryption server generates a private key and a public key which are matched, the private key is stored at the local terminal, and the public key and a corresponding secret key ID are distributed to the terminal product; the control equipment sends a key inquiry command and an authentication random number application to the terminal product; the terminal product generates a random number and encrypts the random number to obtain first ciphertext data and returns the first ciphertext data and the secret key ID to the control equipment, and the control equipment uploads the first ciphertext data and the secret key ID to the encryption and decryption server; the encryption and decryption server decrypts the first ciphertext data to obtain first plaintext data, encrypts the first plaintext data through a private key to form second ciphertext data, sends the second ciphertext data to the control device, and sends the second ciphertext data to the terminal product through the control device; and the terminal product decrypts the second ciphertext data to obtain second plaintext data, and compares the second plaintext data with the random number to obtain an authentication result. The embodiment of the invention has the advantages of no region limitation in application, higher safety and flexible key change.
Description
Technical Field
The present invention relates to the field of data communication technologies, and in particular, to an authentication method and device, and a storage medium.
Background
The mobile terminal needs to be controlled by the control device in the whole life cycle to complete actions such as data burning, data writing and reading. The common control methods are: the control equipment issues instruction data of a protocol with the terminal product, and the terminal product responds to the action of the protocol. The risks associated with this approach are: if the protocol is cracked, the terminal product is controlled by the illegal equipment according to the protocol to perform corresponding illegal operation, so that the original functions of the terminal product, such as the special data function of the terminal and the specific parameter data of the product, are damaged, the safety of the terminal product cannot be guaranteed, and finally the terminal product is damaged.
In order to reduce the risk of illegal control, authentication is often required for the control device, and a common authentication method mainly includes: the hardware encryption module authorized legally is externally connected to the control equipment to authenticate the equipment; then, the control right validity of the control equipment is authenticated (namely, the terminal product sends original data to the control equipment, the control equipment encrypts the transmission protocol data through tool software running at the side and then returns the encrypted data to the terminal product, the terminal product decrypts the encrypted data and then compares the decrypted data with the original data), and after the authentication is passed, the terminal product side opens a normal control channel, so that the data communication control of the control equipment on the terminal product is completed, and the protection of the terminal product is achieved.
In this conventional scheme, as long as the hardware encryption module is connected to the device, the device is considered as a legal device, and the control terminal performs the encryption and decryption operations of the transmission protocol data by using the hardware encryption module of the local terminal, which has the following problems:
(1) in order to update the key data, the hardware encryption device needs to be recycled to the key application center to write a new key, so that the period is long, the hardware encryption device is easy to lose and can be used for illegal operation by lawless persons, and in addition, the hardware encryption device depends on hardware drive and can be intercepted by the lawless persons on a drive layer.
Therefore, if the hardware encryption module and the control device flow out of the market or the hardware encryption module is cracked, illegal control operations such as illegal software version upgrading, product serial number rewriting and the like can be easily performed on the terminal product, thereby causing damage to the whole terminal product market.
(2) The equipment encryption depends on a hardware encryption device, such as global use, is limited by regions, and the global delivery period of the hardware encryption device is long, so that the universality is poor.
Disclosure of Invention
The invention aims to provide an authentication method, an authentication device and a storage medium, which are used for overcoming the defects of poor safety controllability and poor universality of the conventional authentication method.
In order to achieve the purpose, the invention adopts the following technical scheme:
an authentication method, the authentication method comprising the step of authenticating the validity of a control right of a control device:
the encryption and decryption server generates a matched private key and a public key, stores the private key at the local end, and distributes the public key and a corresponding secret key ID to a terminal product;
the control equipment sends a key inquiry instruction and an authentication random number application to a terminal product;
the terminal product generates a random number, encrypts the random number by using a public key prestored at the local terminal to obtain first ciphertext data, and returns the first ciphertext data and the secret key ID to the control equipment;
the control equipment uploads the obtained first ciphertext data and the key ID to an encryption and decryption server;
the encryption and decryption server decrypts the first ciphertext data by adopting a private key corresponding to the secret key ID to obtain first plaintext data, encrypts the first plaintext data through the private key to form second ciphertext data, and sends the second ciphertext data to the control equipment;
the control equipment sends the second ciphertext data to the terminal product;
and the terminal product decrypts the second ciphertext data by using the public key prestored in the home terminal to obtain second plaintext data, compares the second plaintext data with the random number, and if the second plaintext data is equal to the random number, the authentication is determined to be successful, otherwise, the authentication is determined to be failed.
Optionally, before authenticating the control right validity of the control device, the method further includes the step of authenticating the device validity of the control device:
the control equipment collects self ID information, mixes the self ID information with pre-stored account information of an authentication server, forms a legal certificate application file through data encryption, and sends the legal certificate application file to the authentication server;
the authentication server checks the legal certificate application file, and issues the equipment legal certificate to the control equipment after the check is passed;
and controlling the equipment to install the equipment legal certificate to finish the authentication of the equipment legality.
Optionally, the ID information of the device itself includes a hardware ID, a network card address, and/or a bluetooth address; the equipment legal certificate comprises legal authentication duration, legal verification ciphertext information and legal identity ID information.
Optionally, after authenticating the device validity of the control device and before authenticating the control right validity of the control device, the authentication method further includes the step of the control device performing security authentication at an authentication server:
the control equipment logs in a Token server through an account and a password to perform equipment account authentication, and the Token server returns Token information to the control equipment, wherein the Token information comprises account expiration information and successful verification information;
and the authentication server completes further confirmation of the equipment validity of the control equipment according to the Token information and returns safety authentication result information to the control equipment.
A network device that functions as a control device, comprising: a processor, and a memory and transceiver connected to the processor;
the processor is used for reading a computer program stored in the memory in advance and executing:
sending a key inquiry command and an authentication random number application to a terminal product;
receiving first ciphertext data and a secret key ID returned by a terminal product, wherein the first ciphertext data is obtained by encrypting a generated random number by the terminal product by adopting a pre-stored public key;
uploading the obtained first ciphertext data and the key ID to an encryption and decryption server;
receiving second ciphertext data returned by the encryption and decryption server, wherein the second ciphertext data is formed by the encryption and decryption server firstly decrypting and then encrypting the first ciphertext data by adopting a private key corresponding to the secret key ID;
and sending the second ciphertext data to the terminal product, and finishing the authentication operation by the terminal product according to the second ciphertext data.
Optionally, the processor is further configured to:
collecting self ID information, mixing the self ID information with pre-stored account information of an authentication server, forming a legal certificate application file through data encryption, and sending the legal certificate application file to the authentication server;
receiving a device legal certificate issued by an authentication server;
and installing the equipment legal certificate.
Optionally, the processor is further configured to:
logging in a Token server to perform equipment account authentication, receiving Token information returned by the Token server and sending the Token information to an authentication server;
and receiving the safety authentication result information returned by the authentication server.
A network device as an end product, comprising: a processor, and a memory and transceiver connected to the processor;
the processor is used for reading a computer program stored in the memory in advance and executing:
applying for obtaining a public key and a corresponding secret key ID from an encryption and decryption server;
receiving a key inquiry command and an authentication random number application sent by control equipment;
generating a random number, encrypting the random number by using a public key prestored in the local terminal to obtain first ciphertext data, and returning the first ciphertext data and the secret key ID to the control equipment;
receiving second ciphertext data sent by the control equipment;
and decrypting the second ciphertext data by using the public key prestored in the local terminal to obtain second plaintext data, comparing the second plaintext data with the random number, and if the second plaintext data is equal to the random number, determining that the authentication is successful, and if not, determining that the authentication is failed.
A network device that functions as an encryption/decryption server, comprising: a processor, and a memory and transceiver connected to the processor;
the processor is used for reading a computer program stored in the memory in advance and executing:
generating a private key and a public key which are matched, storing the private key at a home terminal, and distributing the public key and a corresponding secret key ID to a terminal product;
receiving first ciphertext data and a secret key ID sent by control equipment; and decrypting the first ciphertext data by using a private key corresponding to the secret key ID to obtain first plaintext data, encrypting the first plaintext data by using the private key to form second ciphertext data, and sending the second ciphertext data to the control equipment.
A storage medium storing a plurality of instructions adapted to be loaded by a processor to perform the steps of any of the above authentication methods.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
the embodiment of the invention adopts the encryption and decryption server to replace the traditional hardware encryption device to finish the encryption and decryption of the authentication data of the equipment, and defines a brand new authentication method between the control equipment and the terminal product, so that the application is not limited by regions, and the network can work in places with networks as long as the network can be legally authorized; moreover, the data encryption and decryption are all at the server side, and the server generally has good protection measures at present, so that the security is higher, the terminal product can be safely protected, and the change of the secret key is more flexible and convenient.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is a flowchart of a method for authenticating device validity of a control device according to an embodiment of the present invention.
Fig. 2 is a flowchart of a method for performing security authentication on an authentication server by a control device according to an embodiment of the present invention.
Fig. 3 is a flowchart of a method for authenticating the control right validity of the control device according to the embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the embodiments of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by persons of ordinary skill in the art based on the embodiments of the present invention without any creative efforts shall fall within the protection scope of the embodiments of the present invention.
The terms "comprises" and "comprising," and any variations thereof, in the description and claims of embodiments of the present invention and the above-described drawings, are intended to cover non-exclusive inclusions, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In view of the above-described problems, an embodiment of the present invention provides an authentication method, which mainly includes: the method comprises the steps of authenticating the equipment validity of the control equipment, performing safety authentication on the control equipment at an authentication server, and authenticating the control right validity of the control equipment.
Referring to fig. 1, in the embodiment of the present invention, the step of authenticating the device validity of the control device includes:
step 101: the control equipment collects the ID information of the control equipment, mixes the ID information of the control equipment with the account information of a pre-stored authentication server and forms a legal certificate application file through data encryption.
The self ID information comprises information such as hardware ID, network card address and/or Bluetooth address, and has uniqueness. The pre-stored account information of the authentication server comprises information such as a server address, an account password and the like.
Step 102: and the control equipment uploads the legal certificate application file to the authentication server through an Http protocol according to an uploading communication interface defined by the authentication server.
Step 103: and the authentication server verifies the information of the applicant and the application equipment according to the legal certificate application file, and generates an equipment legal certificate after the verification is passed.
Illustratively, the device certificate includes: the legal authentication duration, the legal verification ciphertext information and the legal identity ID information.
Step 104: and after the control equipment receives the equipment legal certificate, installing the equipment legal certificate, and thus finishing the equipment legality authentication of the control equipment.
Different from the traditional mode of 'the equipment legality authentication is carried out by connecting the hardware encryption module with the control equipment through legal authorization from the outside', the embodiment of the invention adopts the authentication server to realize the equipment legality authentication, and because the safety of the authentication server is controllable, illegal equipment can be effectively prevented from passing the equipment legality authentication, and the safety of terminal products is improved.
Referring to fig. 2, in the embodiment of the present invention, the step of the control device performing the security authentication on the authentication server includes:
In this step, if the authentication is passed, authentication success information including an authentication success identifier and management and control information is returned to the control device.
Note that the Token server and the authentication server in the present flow may be the same server or different servers, and are not limited.
Referring to fig. 3, in the embodiment of the present invention, the step of authenticating the control right validity of the control device includes:
step 301: the control equipment sends a key inquiry instruction to the terminal product, and the terminal product returns the key ID stored at the terminal product side to the control equipment through protocol data agreed with the equipment.
Wherein, the key ID refers to: the terminal defines the key identification in the development process, and the identification is distributed to the terminal product by the encryption and decryption server in advance and is integrated by the terminal product.
Before the process starts, the encryption and decryption server generates a matched private key and a public key, stores the private key at the local terminal, and distributes the public key and a corresponding secret key ID to a terminal product.
Step 302: the control equipment sends an authentication random number application to the terminal product; the terminal product generates a random number, encrypts the random number through a public key stored in an internal system of the terminal to obtain first ciphertext data and returns the first ciphertext data to the control equipment.
The random number may be defined as 16 bits, including letters, numbers, underlining, etc.
Step 303: the control equipment uploads the first ciphertext data, the key ID and the encryption and decryption type to the encryption and decryption server, the encryption and decryption server decrypts the first ciphertext data by adopting a private key corresponding to the key ID to obtain first plaintext data, encrypts the first plaintext data through the private key to form second ciphertext data, and sends the second ciphertext data to the control equipment.
Step 304: the control equipment sends the second ciphertext data generated by the encryption and decryption server to the terminal product again; and the terminal product decrypts the second ciphertext data by using the public key prestored in the local terminal to obtain second plaintext data, compares the second plaintext data with the random number generated in the step 302, if the second plaintext data is equal to the random number, the authentication is determined to be successful, the terminal product opens the data control channel for the control equipment, and if the second plaintext data is not equal to the random number, the authentication is determined to be failed, and the terminal product does not open the data control channel.
Different from the traditional control equipment which encrypts and decrypts data through a tool running in the control equipment, the embodiment of the invention adopts the encryption and decryption server to manage the public key and realize the encryption and decryption processing of the authentication data, thereby effectively achieving the aim of safely controlling a terminal product by legal equipment and preventing the terminal product from being illegally damaged in the market.
Based on the same technical concept, the embodiment of the invention also provides network equipment, which is used for realizing the method flow of the control equipment in the method embodiment. The network device includes: a processor, and a memory and transceiver connected to the processor;
the processor is used for reading a computer program stored in the memory in advance and executing:
sending a key inquiry command and an authentication random number application to a terminal product;
receiving first ciphertext data and a secret key ID returned by a terminal product, wherein the first ciphertext data is obtained by encrypting a generated random number by the terminal product by adopting a pre-stored public key;
uploading the obtained first ciphertext data and the key ID to an encryption and decryption server;
receiving second ciphertext data returned by the encryption and decryption server, wherein the second ciphertext data is formed by the encryption and decryption server firstly decrypting and then encrypting the first ciphertext data by adopting a private key corresponding to the secret key ID;
and sending the second ciphertext data to the terminal product, and finishing the authentication operation by the terminal product according to the second ciphertext data.
In an alternative embodiment, the processor is further configured to: collecting self ID information, mixing the self ID information with pre-stored account information of an authentication server, forming a legal certificate application file through data encryption, and sending the legal certificate application file to the authentication server; receiving a device legal certificate issued by an authentication server; and installing the equipment legal certificate.
In yet another alternative embodiment, the processor is further configured to: logging in a Token server to perform equipment account authentication, receiving Token information returned by the Token server and sending the Token information to an authentication server; and receiving the safety authentication result information returned by the authentication server.
Based on the same technical concept, the embodiment of the invention also provides network equipment for realizing the method flow of the terminal product in the method embodiment. The network device includes: a processor, and a memory and transceiver connected to the processor;
the processor is used for reading a computer program stored in the memory in advance and executing:
applying for obtaining a public key and a corresponding secret key ID from an encryption and decryption server;
receiving a key inquiry command and an authentication random number application sent by control equipment;
generating a random number, encrypting the random number by using a public key prestored in the local terminal to obtain first ciphertext data, and returning the first ciphertext data and the secret key ID to the control equipment;
receiving second ciphertext data sent by the control equipment;
and decrypting the second ciphertext data by using a public key prestored in the home terminal to obtain second plaintext data, comparing the second plaintext data with the random number, and if the second plaintext data is equal to the random number, determining that the authentication is successful, and otherwise, determining that the authentication is failed.
Based on the same technical concept, the embodiment of the invention also provides network equipment for realizing the method flow of the encryption and decryption server in the method embodiment. The network device includes: a processor, and a memory and transceiver connected to the processor;
the processor is used for reading a computer program stored in the memory in advance and executing:
generating a matched private key and a public key, storing the private key at a local terminal, and distributing the public key and a corresponding key ID to a terminal product;
receiving first ciphertext data and a secret key ID sent by control equipment; and decrypting the first ciphertext data by using a private key corresponding to the secret key ID to obtain first plaintext data, encrypting the first plaintext data by using the private key to form second ciphertext data, and sending the second ciphertext data to the control equipment.
It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be performed by instructions or by associated hardware controlled by the instructions, which may be stored in a computer readable storage medium and loaded and executed by a processor.
To this end, the present invention provides a storage medium, in which a plurality of instructions are stored, and the instructions can be loaded by a processor to execute the steps in any one of the authentication methods provided by the embodiments of the present invention.
Wherein the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. An authentication method, characterized in that the authentication method comprises the steps of authenticating the validity of the control right of a control device:
the encryption and decryption server generates a matched private key and a public key, stores the private key at the local end, and distributes the public key and a corresponding secret key ID to a terminal product;
the control equipment sends a key inquiry instruction and an authentication random number application to a terminal product;
the terminal product generates a random number, encrypts the random number by using a public key prestored at the local terminal to obtain first ciphertext data, and returns the first ciphertext data and the secret key ID to the control equipment;
the control equipment uploads the obtained first ciphertext data and the key ID to an encryption and decryption server;
the encryption and decryption server decrypts the first ciphertext data by adopting a private key corresponding to the secret key ID to obtain first plaintext data, encrypts the first plaintext data by the private key to form second ciphertext data, and sends the second ciphertext data to the control equipment;
the control equipment sends the second ciphertext data to the terminal product;
and the terminal product decrypts the second ciphertext data by using the public key prestored in the home terminal to obtain second plaintext data, compares the second plaintext data with the random number, and if the second plaintext data is equal to the random number, the authentication is determined to be successful, otherwise, the authentication is determined to be failed.
2. The authentication method according to claim 1, further comprising, before authenticating the control right validity of the control device, the step of authenticating the device validity of the control device:
the control equipment collects self ID information, mixes the self ID information with pre-stored account information of an authentication server, forms a legal certificate application file through data encryption, and sends the legal certificate application file to the authentication server;
the authentication server checks the legal certificate application file, and issues the equipment legal certificate to the control equipment after the check is passed;
and controlling the equipment to install the equipment legal certificate to finish the authentication of the equipment legality.
3. The authentication method according to claim 2, wherein the self ID information includes a hardware ID, a network card address and/or a bluetooth address; the equipment legal certificate comprises legal authentication duration, legal verification ciphertext information and legal identity ID information.
4. The authentication method according to claim 2, wherein after authenticating the device legitimacy of the control device and before authenticating the control right legitimacy of the control device, the authentication method further comprises a step of the control device performing security authentication at an authentication server:
the control equipment logs in a Token server through an account and a password to perform equipment account authentication, and the Token server returns Token information to the control equipment, wherein the Token information comprises account expiration information and successful verification information;
and the authentication server completes further confirmation of the equipment validity of the control equipment according to the Token information and returns safety authentication result information to the control equipment.
5. A network device that functions as a control device, characterized by comprising: a processor, and a memory and transceiver connected to the processor;
the processor is used for reading a computer program stored in the memory in advance and executing:
sending a key inquiry command and an authentication random number application to a terminal product;
receiving first ciphertext data and a secret key ID returned by a terminal product, wherein the first ciphertext data is obtained by encrypting a generated random number by the terminal product by adopting a pre-stored public key;
uploading the obtained first ciphertext data and the key ID to an encryption and decryption server;
receiving second ciphertext data returned by the encryption and decryption server, wherein the second ciphertext data is formed by the encryption and decryption server firstly decrypting and then encrypting the first ciphertext data by adopting a private key corresponding to the secret key ID;
and sending the second ciphertext data to the terminal product, and finishing the authentication operation by the terminal product according to the second ciphertext data.
6. The network device of claim 5, wherein the processor is further configured to:
collecting self ID information, mixing the self ID information with pre-stored account information of an authentication server, forming a legal certificate application file through data encryption, and sending the legal certificate application file to the authentication server;
receiving a device legal certificate issued by an authentication server;
and installing the equipment legal certificate.
7. The network device of claim 5, wherein the processor is further configured to:
logging in a Token server to perform equipment account authentication, receiving Token information returned by the Token server and sending the Token information to an authentication server;
and receiving the safety authentication result information returned by the authentication server.
8. A network device as an end product, comprising: a processor, and a memory and transceiver connected to the processor;
the processor is used for reading a computer program stored in the memory in advance and executing:
applying for obtaining a public key and a corresponding secret key ID from an encryption and decryption server;
receiving a key inquiry command and an authentication random number application sent by control equipment;
generating a random number, encrypting the random number by using a public key prestored in the local terminal to obtain first ciphertext data, and returning the first ciphertext data and the secret key ID to the control equipment;
receiving second ciphertext data sent by the control equipment;
and decrypting the second ciphertext data by using the public key prestored in the local terminal to obtain second plaintext data, comparing the second plaintext data with the random number, and if the second plaintext data is equal to the random number, determining that the authentication is successful, and if not, determining that the authentication is failed.
9. A network device that functions as an encryption/decryption server, comprising: a processor, and a memory and transceiver connected to the processor;
the processor is used for reading a computer program stored in the memory in advance and executing:
generating a matched private key and a public key, storing the private key at a local terminal, and distributing the public key and a corresponding key ID to a terminal product;
receiving first ciphertext data and a secret key ID sent by control equipment; and decrypting the first ciphertext data by using a private key corresponding to the secret key ID to obtain first plaintext data, encrypting the first plaintext data by using the private key to form second ciphertext data, and sending the second ciphertext data to the control equipment.
10. A storage medium storing instructions adapted to be loaded by a processor to perform the steps of the authentication method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210762998.3A CN115051871B (en) | 2022-06-30 | 2022-06-30 | Authentication method and equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210762998.3A CN115051871B (en) | 2022-06-30 | 2022-06-30 | Authentication method and equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115051871A true CN115051871A (en) | 2022-09-13 |
| CN115051871B CN115051871B (en) | 2024-07-30 |
Family
ID=83164502
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210762998.3A Active CN115051871B (en) | 2022-06-30 | 2022-06-30 | Authentication method and equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115051871B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113138809A (en) * | 2021-04-30 | 2021-07-20 | 广东天波信息技术股份有限公司 | Method and system for safely switching working modes of terminal |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103220303A (en) * | 2013-05-06 | 2013-07-24 | 华为软件技术有限公司 | Server login method, server and authentication equipment |
| CN105959189A (en) * | 2016-06-08 | 2016-09-21 | 美的集团股份有限公司 | Home appliance equipment, communication system and method of cloud server and terminal, and terminal |
| CN108111497A (en) * | 2017-12-14 | 2018-06-01 | 深圳市共进电子股份有限公司 | Video camera and server inter-authentication method and device |
| CN109039628A (en) * | 2018-11-02 | 2018-12-18 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
| CN109088889A (en) * | 2018-10-16 | 2018-12-25 | 深信服科技股份有限公司 | A kind of SSL encipher-decipher method, system and computer readable storage medium |
| WO2020134635A1 (en) * | 2018-12-28 | 2020-07-02 | 百富计算机技术(深圳)有限公司 | Pos terminal certificate update method, server, and pos terminal |
| CN113489585A (en) * | 2021-07-02 | 2021-10-08 | 北京明朝万达科技股份有限公司 | Identity authentication method and system of terminal equipment, storage medium and electronic equipment |
| CN114048438A (en) * | 2021-11-10 | 2022-02-15 | 广州歌神信息科技有限公司 | Equipment authentication method and device, equipment, medium and product thereof |
-
2022
- 2022-06-30 CN CN202210762998.3A patent/CN115051871B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103220303A (en) * | 2013-05-06 | 2013-07-24 | 华为软件技术有限公司 | Server login method, server and authentication equipment |
| CN105959189A (en) * | 2016-06-08 | 2016-09-21 | 美的集团股份有限公司 | Home appliance equipment, communication system and method of cloud server and terminal, and terminal |
| CN108111497A (en) * | 2017-12-14 | 2018-06-01 | 深圳市共进电子股份有限公司 | Video camera and server inter-authentication method and device |
| CN109088889A (en) * | 2018-10-16 | 2018-12-25 | 深信服科技股份有限公司 | A kind of SSL encipher-decipher method, system and computer readable storage medium |
| CN109039628A (en) * | 2018-11-02 | 2018-12-18 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
| WO2020134635A1 (en) * | 2018-12-28 | 2020-07-02 | 百富计算机技术(深圳)有限公司 | Pos terminal certificate update method, server, and pos terminal |
| CN113489585A (en) * | 2021-07-02 | 2021-10-08 | 北京明朝万达科技股份有限公司 | Identity authentication method and system of terminal equipment, storage medium and electronic equipment |
| CN114048438A (en) * | 2021-11-10 | 2022-02-15 | 广州歌神信息科技有限公司 | Equipment authentication method and device, equipment, medium and product thereof |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113138809A (en) * | 2021-04-30 | 2021-07-20 | 广东天波信息技术股份有限公司 | Method and system for safely switching working modes of terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115051871B (en) | 2024-07-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102217277B (en) | Method and system for token-based authentication | |
| US7975312B2 (en) | Token passing technique for media playback devices | |
| US8683562B2 (en) | Secure authentication using one-time passwords | |
| EP1500226B1 (en) | System and method for storage and retrieval of a cryptographic secret from a plurality of network enabled clients | |
| US8306228B2 (en) | Universal secure messaging for cryptographic modules | |
| CN101872399B (en) | Dynamic digital copyright protection method based on dual identity authentication | |
| US7640430B2 (en) | System and method for achieving machine authentication without maintaining additional credentials | |
| CN106888084B (en) | Quantum fort machine system and authentication method thereof | |
| US8214884B2 (en) | Computer-based dynamic secure non-cached delivery of security credentials such as digitally signed certificates or keys | |
| JP5284989B2 (en) | Software license renewal | |
| JP4095051B2 (en) | Home network device capable of automatic ownership authentication, home network system and method thereof | |
| US20040088541A1 (en) | Digital-rights management system | |
| US20110314288A1 (en) | Circuit, system, device and method of authenticating a communication session and encrypting data thereof | |
| CN103067333A (en) | Method for verifying set top box access identity and authentication server | |
| CN105743638A (en) | System client authorization authentication method based on B/S framework | |
| US20090119505A1 (en) | Transaction method and verification method | |
| CN108768941B (en) | Method and device for remotely unlocking safety equipment | |
| JP4226582B2 (en) | Data update system | |
| CN115051871B (en) | Authentication method and equipment and storage medium | |
| KR101996317B1 (en) | Block chain based user authentication system using authentication variable and method thereof | |
| KR101771484B1 (en) | Creation Method of Signature Key to use Security Token efficiently | |
| TWI725623B (en) | Point-to-point authority management method based on manager's self-issued tickets | |
| CN114301634A (en) | Oauth protocol-based portal system user sharing method | |
| CN111246480A (en) | Application communication method, system, equipment and storage medium based on SIM card | |
| KR100930012B1 (en) | Method for Processing User's Certification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |