CN115277025B - Device authentication method for security chip, security chip apparatus, device, and medium - Google Patents

Device authentication method for security chip, security chip apparatus, device, and medium Download PDF

Info

Publication number
CN115277025B
CN115277025B CN202211030281.6A CN202211030281A CN115277025B CN 115277025 B CN115277025 B CN 115277025B CN 202211030281 A CN202211030281 A CN 202211030281A CN 115277025 B CN115277025 B CN 115277025B
Authority
CN
China
Prior art keywords
data acquisition
data
encryption algorithm
acquisition end
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211030281.6A
Other languages
Chinese (zh)
Other versions
CN115277025A (en
Inventor
刘曼
张奇惠
王立峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Wise Security Technology Co Ltd
Original Assignee
Guangzhou Wise Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Wise Security Technology Co Ltd filed Critical Guangzhou Wise Security Technology Co Ltd
Priority to CN202211030281.6A priority Critical patent/CN115277025B/en
Publication of CN115277025A publication Critical patent/CN115277025A/en
Application granted granted Critical
Publication of CN115277025B publication Critical patent/CN115277025B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a device authentication method of a security chip, a security chip device, a device and a medium, and belongs to the technical field of internet. The method comprises the following steps: the identity registration unit is used for carrying out registration verification on the data acquisition end, if the operation response of the data acquisition end is obtained within a preset time period, the successful registration is determined, and the identity information of the data acquisition end is received and stored; responding to a network connection event, sending authentication information to the data acquisition end through the identity authentication unit, and acquiring identity information of the data acquisition end; generating an encryption algorithm through an encryption algorithm transmission unit, and sending the encryption algorithm to a data acquisition end; receiving the encrypted data content of the data acquisition end, and decrypting the encrypted data content based on an encryption algorithm through a data verification unit; data content is received and stored. The scheme is favorable for improving the safety of the identity authentication process of the front-end equipment and ensuring the safety of the acquired data.

Description

Device authentication method for security chip, security chip device, and medium
Technical Field
The application belongs to the technical field of vehicle networking, and particularly relates to a device authentication method of a security chip, a security chip device, a device and a medium.
Background
With the development of technology and the change of life style of people, the authentication of devices based on security chips has become a key issue that needs attention.
In the existing scheme, after network connection, the identity of the front-end equipment is determined through manual identification of an equipment ID number, and connection and use are performed. However, once the video data collected by the front-end device is intercepted or the identity of the front-end device is forged, the problem of potential safety hazard of monitoring the video is easily existed. Therefore, it is an urgent problem in the art to provide a device authentication method for a security chip.
Disclosure of Invention
The embodiment of the application aims to provide an equipment authentication method of a security chip, a security chip device, equipment and a medium, which can solve the problem that in the prior art, video data acquired by front-end equipment is intercepted or the front-end identity is forged, so that potential safety hazards exist in the video data acquired by the front-end equipment easily.
In a first aspect, the method is performed by a data store; the data storage end is in wireless connection with the data acquisition end; the data storage end is configured with a security chip; the security chip comprises an identity registration unit, an identity authentication unit, an encryption algorithm transmission unit and a data verification unit; the method comprises the following steps:
responding to a registration request sent by a data acquisition end through an identity registration unit, performing registration verification on the data acquisition end, if an operation response of the data acquisition end is obtained within a preset time period, determining that the registration is successful, and receiving and storing identity information of the data acquisition end; wherein the identity information comprises: identity and/or network identification;
responding to a network connection event, and sending authentication information to the data acquisition end through the identity authentication unit to acquire identity information of the data acquisition end; if the identity information is consistent with the identity information registered in advance, determining that the identity authentication is successful; generating an encryption algorithm based on the identity information, the authentication time and the registration time sent by the data acquisition end through the encryption algorithm transmission unit, and sending the encryption algorithm to the data acquisition end; the encryption algorithm comprises a segmentation rule for transmitting data contents;
receiving the encrypted data content of the data acquisition end, and decrypting the encrypted data content based on the encryption algorithm through the data verification unit; and if the decryption is successful and the obtained data content segmentation mode is consistent with the segmentation rule configured in the encryption algorithm, determining that the data content verification is successful, and receiving and storing the data content.
Further, the data acquisition end is used for acquiring video data;
correspondingly, the determining process of the segmentation rule comprises the following steps:
reading frame rate information of the data acquisition end;
and determining the change range and the change rule of the number of the video frames included in each data content according to the frame rate information, and taking the change range and the change rule as the segmentation rule of the video data.
Further, generating an encryption algorithm by the encryption algorithm transmission unit based on the identity information, the authentication time and the registration time sent by the data acquisition end, includes:
acquiring identity information sent by the data acquisition terminal through the encryption algorithm transmission unit; acquiring an authentication information sending time stamp included in the authentication information, and acquiring a registration request sending time stamp included in the registration request;
and generating the identity information, the authentication information sending time stamp and the registration request sending time stamp as variable information of an encryption algorithm to generate the encryption algorithm.
Further, after generating the identity information, the authentication information transmission time stamp, and the registration request transmission time stamp as variable information of an encryption algorithm to generate an encryption algorithm, the method further includes:
receiving an authentication information sending timestamp and a registration request sending timestamp reported by the data acquisition terminal;
and if the reported authentication information sending time stamp and the registration request sending time stamp are consistent with the locally acquired authentication information sending time stamp and the locally acquired registration request sending time stamp, determining that the data acquisition terminal has the encryption algorithm receiving authority.
In a second aspect, the apparatus is implemented by a data storage; the data storage end is wirelessly connected with the data acquisition end; wherein, the data storage end is configured with a security chip device; the security chip device comprises an identity registration unit, an identity authentication unit, an encryption algorithm transmission unit and a data verification unit; the device comprises:
an identity registration unit: the system comprises a data acquisition end, a data storage end and a data processing end, wherein the data acquisition end is used for responding to a registration request sent by the data acquisition end, performing registration verification on the data acquisition end, determining that the registration is successful if an operation response of the data acquisition end is obtained within a preset time period, and receiving and storing identity information of the data acquisition end; wherein the identity information comprises: identity and/or network identification;
an identity authentication unit: the system is used for responding to a network connection event and sending authentication information to the data acquisition end to acquire identity information of the data acquisition end; if the identity information is consistent with the identity information registered in advance, determining that the identity authentication is successful;
an encryption algorithm transmission unit: the system comprises a data acquisition end, a data storage end and a data processing end, wherein the data acquisition end is used for acquiring identity information, authentication time and registration time of a user; the encryption algorithm comprises a segmentation rule for transmitting data contents;
a data verification unit: the data acquisition terminal is used for receiving the encrypted data content of the data acquisition terminal and decrypting the encrypted data content based on the encryption algorithm; and if the decryption is successful and the obtained data content segmentation mode is consistent with the segmentation rule configured in the encryption algorithm, determining that the data content verification is successful, and receiving and storing the data content.
Further, the encryption algorithm transmission unit is specifically configured to:
reading frame rate information of the data acquisition end;
and determining the change range and the change rule of the number of the video frames included in each data content according to the frame rate information, and taking the change range and the change rule as the segmentation rule of the video data.
Further, the encryption algorithm transmission unit is specifically configured to:
acquiring identity information sent by the data acquisition terminal through the encryption algorithm transmission unit; acquiring an authentication information sending time stamp included in the authentication information, and acquiring a registration request sending time stamp included in the registration request;
and generating the identity information, the authentication information sending time stamp and the registration request sending time stamp as variable information of an encryption algorithm to generate the encryption algorithm.
Further, the encryption algorithm transmission unit is specifically configured to:
acquiring identity information sent by the data acquisition terminal through the encryption algorithm transmission unit; acquiring an authentication information sending time stamp included in the authentication information, and acquiring a registration request sending time stamp included in the registration request;
and generating the identity information, the authentication information sending time stamp and the registration request sending time stamp as variable information of an encryption algorithm to generate the encryption algorithm.
In a third aspect, an embodiment of the present application provides an electronic device, which includes a processor, a memory, and a program or instructions stored on the memory and executable on the processor, where the program or instructions, when executed by the processor, implement the steps of the method according to the first aspect or the second aspect.
In a fourth aspect, the present application provides a readable storage medium, on which a program or instructions are stored, and when executed by a processor, the program or instructions implement the steps of the device authentication method of the secure chip according to the first aspect.
In the embodiment of the application, the identity registration unit is used for carrying out registration verification on the data acquisition end, if the operation response of the data acquisition end is obtained within a preset time period, the successful registration is determined, and the identity information of the data acquisition end is received and stored; responding to a network connection event, sending authentication information to the data acquisition end through the identity authentication unit, and acquiring identity information of the data acquisition end; generating an encryption algorithm through an encryption algorithm transmission unit, and sending the encryption algorithm to a data acquisition end; receiving the encrypted data content of the data acquisition end, and decrypting the encrypted data content based on an encryption algorithm through a data verification unit; data content is received and stored. The scheme is favorable for improving the safety of the identity authentication process of the front-end equipment and ensuring the safety of the acquired data.
Drawings
Fig. 1 is a schematic flowchart of a device authentication method for a security chip according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a method for determining a segmentation rule according to a second embodiment of the present application;
fig. 3 is a schematic flowchart of a device authentication method of a security chip according to a second embodiment of the present application;
fig. 4 is a schematic structural diagram of a security chip device according to a third embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, specific embodiments of the present application will be described in detail with reference to the accompanying drawings. It is to be understood that the specific embodiments described herein are merely illustrative of and not restrictive on the broad application. It should be further noted that, for the convenience of description, only some but not all of the relevant portions of the present application are shown in the drawings. Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
The technical solutions in the embodiments of the present application will be described clearly below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present disclosure.
The terms first, second and the like in the description and in the claims of the present application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that embodiments of the application are capable of operation in sequences other than those illustrated or described herein, and that the terms "first," "second," etc. are generally used in a generic sense and do not limit the number of terms, e.g., a first term can be one or more than one. In addition, "and/or" in the specification and claims means at least one of connected objects, a character "/" generally means that a preceding and succeeding related objects are in an "or" relationship.
The method for authenticating a device of a secure chip, the secure chip apparatus, the device and the medium provided in the embodiments of the present application are described in detail below with reference to the accompanying drawings through specific embodiments and application scenarios thereof.
Example one
Fig. 1 is a schematic flowchart of a device authentication method of a security chip according to an embodiment of the present application. The method is executed by a data storage terminal; the data storage end is in wireless connection with the data acquisition end; the data storage end is configured with a security chip; the security chip comprises an identity registration unit, an identity authentication unit, an encryption algorithm transmission unit and a data verification unit. As shown in fig. 1, the method specifically comprises the following steps:
s101, responding to a registration request sent by a data acquisition end through an identity registration unit, performing registration verification on the data acquisition end, if an operation response of the data acquisition end is obtained within a preset time period, determining that the registration is successful, and receiving and storing identity information of the data acquisition end; wherein the identity information comprises: an identity and/or a network identity.
The application scenario of the scheme is that data encryption transmission is achieved between the data storage end and the data acquisition end through a device authentication method of a security chip, and the security of data transmission is guaranteed. In this process, the detailed description of the identity registration unit, the identity authentication unit, the encryption algorithm transmission unit, the data verification unit, and the like will be referred to. Specifically, the background terminal device may be used as a data storage terminal, and the front-end device may be used as a data acquisition terminal. The background terminal device and the front-end device can be a smart phone, a tablet computer or a notebook computer.
The following description will be given taking the data storage side as an execution subject.
The identity registration unit can be used for registering the data acquisition terminal. The data acquisition end can be used for acquiring image data, video data and the like, and can comprise a smart phone, a tablet personal computer, a vehicle-mounted terminal and the like. The registration request may be a data request sent to the identity registration unit, requesting identity registration, and may include sending the registration request to the identity registration unit in a manner of clicking a registration option on the data acquisition terminal device.
The registration verification of the data acquisition end can be performed according to the data type and the data size acquired by the data acquisition end, and the registration data is verified. The preset period may be a period for limiting a registration operation response. And enabling the registration operation to respond within a specified time period, and if the preset time period is exceeded, re-registration is required. The operation response of the data acquisition end can be in a mode of inputting corresponding registration information on a screen of the front-end equipment, and the input registration information can comprise the type of the acquired data, the number of the acquisition end and the like. The identity information of the data acquisition end can be information for distinguishing the data acquired by the data acquisition end, and can comprise the type of the acquired data. In this embodiment, optionally, the identity information includes: an identity and/or a network identity. The identity may be a number of the acquisition-side device. The network identification may be an IP address, MAC address, etc. of the network. The data storage end can receive the identity information registered from the data acquisition end through the wireless network.
In this embodiment, the data storage terminal is connected to the data acquisition terminal through a wireless network, the data acquisition terminal sends a registration request to the data storage terminal by clicking a registration option on a screen of the terminal device, and the data storage terminal sends required registration information to the data acquisition terminal after responding to the registration request. And displaying a registration page on the data acquisition terminal equipment, if the data acquisition terminal inputs the identity information in a preset time period and clicks the registration option again, considering that the identity information of the acquisition terminal is successfully registered, and storing the identity information in the data storage terminal. And if the data acquisition end does not input the identity information within the preset time period and does not click the registration option, the identity information registration of the acquisition end is considered to be failed. The method can avoid potential safety hazards caused by counterfeiting of the front-end identity, and ensure the safety of the registration information of the acquisition end.
S102, responding to a network connection event, and sending authentication information to the data acquisition terminal through the identity authentication unit to acquire identity information of the data acquisition terminal; and if the identity information is consistent with the pre-registered identity information, determining that the identity authentication is successful.
The network connection event may include a network connection request or a network connection instruction, etc. The scheme is characterized in that the data acquisition terminal equipment is connected through a wireless network after the network connection request is responded. The identity authentication unit may be configured to verify whether the received identity information satisfies a verification condition. The authentication information is suitable for judging the identity of the acquisition end, and can comprise the number, the IP address, the password, the verification code and the like of the acquisition end equipment. The pre-registered identity information is the identity information stored in the data storage terminal after the successful registration. In this embodiment, the data storage end responds to the connection request of the data acquisition end and then wirelessly connects with the data acquisition end, and sends authentication information to the data acquisition unit, the data acquisition end inputs corresponding content through the terminal device according to the authentication information and then clicks a login option, that is, the authentication information is sent to the data storage end, and the data storage end verifies the acquired authentication information. Specifically, the acquired authentication information is compared with the stored pre-registered identity information, and if the comparison result is consistent, the identity authentication is determined to be successful. And if the comparison result is inconsistent, determining that the identity authentication fails. The method avoids the counterfeiting of the identity information logged in by the front end, and further ensures the security of data transmission.
S103, generating an encryption algorithm based on the identity information, the authentication time and the registration time sent by the data acquisition end through the encryption algorithm transmission unit, and sending the encryption algorithm to the data acquisition end; the encryption algorithm comprises a segmentation rule for transmitting data contents.
The encryption algorithm transmission unit may encrypt all data in the data transmission process. The authentication time sent by the data acquisition end can be the completion time of inputting the authentication information, namely the login time. The registration time may be the time when the registration option is clicked after the registration information is entered. The encryption algorithm may be a method for processing the information collected by the data collection end into a segment of code through a certain algorithm, and may include DES, 3SES, RC2, RC4, IDEA, MD5 algorithms, and the like. In this embodiment, optionally, the encryption algorithm includes a slicing rule for transmitting the data content. The segmentation rule may be a basis for segmenting the video acquired by the data acquisition end, for example, the total frame number of the video is segmented into each data packet containing 30 frames of video, or the total duration of the video is segmented into each data packet containing 2 seconds of video.
In the embodiment of the application, the encryption algorithm transmission unit generates an encryption algorithm through the identity information, the authentication time and the registration time which are sent by the data acquisition end and sends the encryption algorithm to the data acquisition end, and the data acquisition end encrypts the acquired video content according to the encryption algorithm, generates the encrypted data content and sends the encrypted data content to the data storage end. The data content is data collected by the data collection end, such as the duration of a video, the content of the video and the like. The data acquired by the data acquisition end is prevented from being intercepted, and the data transmission safety is improved.
S104, receiving the encrypted data content of the data acquisition end, and decrypting the encrypted data content based on the encryption algorithm through the data verification unit; and if the decryption is successful and the obtained data content segmentation mode is consistent with the segmentation rule configured in the encryption algorithm, determining that the data content is successfully verified, and receiving and storing the data content.
The data checking unit can be used for verifying the segmentation mode of the data content. In this embodiment, the encrypted data content may be decrypted by the key. The data content segmentation mode is divided into different segmentation modes according to different encryption algorithms. The segmentation rules configured in the encryption algorithm are configured in advance according to different encryption algorithms. In the embodiment of the application, the data verification unit decrypts the encrypted data content based on the encryption algorithm, acquires the segmentation mode of the data content after decryption is successful, compares the acquired encryption algorithm with the segmentation rule configured in the encryption algorithm, and determines that the data content is verified successfully if the acquired segmentation mode of the data content is consistent with the segmentation rule configured in the encryption algorithm, and the data storage end receives and stores the data content. If the data content is inconsistent with the data content, the data storage terminal can determine that the data verification fails and refuse to receive the data content. For example, if the slicing rule configured in the encryption algorithm is that a transmission data packet contains three frames of images. And the decrypted data content is segmented in a way that one transmission data contains four frames of images. And if the splitting mode of the data content obtained after decryption is inconsistent with the splitting rule configured in the decryption algorithm, determining that the data content verification fails. By further verifying the decrypted data content, the safety of the data content in the transmission process is further ensured.
In the embodiment, the data acquisition end is registered and checked through the identity registration unit, if the operation response of the data acquisition end is obtained within a preset time period, the successful registration is determined, the identity information of the data acquisition end is received and stored, the potential safety hazard caused by counterfeiting of the front end identity can be avoided, and the safety of the registration information of the acquisition end is ensured; responding to a network connection event, sending authentication information to the data acquisition end through the identity authentication unit, and acquiring identity information of the data acquisition end; the encryption algorithm is generated by the encryption algorithm transmission unit and is sent to the data acquisition end, so that the data acquired by the data acquisition end is prevented from being intercepted, and the security of data transmission is improved. And receiving the encrypted data content of the data acquisition end, decrypting the encrypted data content based on an encryption algorithm through the data verification unit, receiving and storing the data content, and being beneficial to further ensuring the security of the acquired data.
Example two
Fig. 2 is a schematic flowchart of a method for determining a segmentation rule according to a second embodiment of the present application; as shown in fig. 2, the data acquisition end is used for acquiring video data; correspondingly, the determining process of the segmentation rule comprises the following steps:
s201, reading frame rate information of the data acquisition end.
S202, determining the change range and the change rule of the number of the video frames included in each data content according to the frame rate information, and taking the change range and the change rule as the segmentation rule of the video data.
Optionally, in this scheme, the data acquisition end is configured to acquire video data. The data acquisition end can acquire the video in a mode that the camera shoots the video, or acquire video data through the Internet.
The frame rate information may be information indicating a number of frames per second, and may include an average frame rate. In this embodiment, the frame rate information of the acquired video may be read by looking up the detailed information of the video data acquired by the acquisition end. The detailed information includes a frame rate, a resolution, an encoding format, and the like of the video. The number of video frames may be the total number of frames the video is parsed into a single image, such as 60 frames. The variation range of the number of video frames is determined according to the information of the frame rate, and can be represented by increasing or decreasing a certain number of frames in each data packet. The change rule of the number of video frames in each data content is also determined according to the frame rate information, and can be expressed as how many frames of video are increased/decreased correspondingly for each increase/decrease of 1 second of video. For example, if the frame rate information of the video is 15 frames per second and each data packet may contain 2 seconds of video, the number of video frames in each data packet may be determined to be 30. The amount of video frame data in each data content ranges from 15 frames of video plus or minus. The variation rule for the amount of video frame data in each data content is that every 1 second video is added with a corresponding 15 frames of video. The slicing rule may be determined to include 2 seconds of video in each packet or 30 frames of video in each packet. In this embodiment, the frame rate information of the data acquisition end is obtained, and the segmentation rule is determined according to the frame rate information. The method is beneficial to obtaining various segmentation rules, and further ensures the complexity of the encryption algorithm.
Fig. 3 is a schematic flowchart of a device authentication method of a security chip according to a second embodiment of the present application; as shown in fig. 3, generating an encryption algorithm by the encryption algorithm transmission unit based on the identity information, the authentication time, and the registration time sent by the data acquisition end includes:
s301, acquiring identity information sent by the data acquisition terminal through the encryption algorithm transmission unit; and acquiring an authentication information sending time stamp included in the authentication information, and acquiring a registration request sending time stamp included in the registration request.
The time stamp is used to indicate the generation time of one item of data. The authentication information transmission time stamp may be used to indicate the time of transmission of the authentication information. The registration request transmission time stamp may be a time for indicating the transmission of the registration request. In this embodiment, the encryption algorithm transmission unit obtains, through the wireless network, the identity information, the authentication information sending timestamp, and the registration request sending timestamp sent by the data acquisition end. The method and the device are favorable for further verifying the access identity of the front-end user through the sending time of the authentication information and the sending time of the registration request, and ensure that the video data is not intercepted in the transmission process.
S302, generating the identity information, the authentication information transmission time stamp, and the registration request transmission time stamp as variable information of an encryption algorithm to generate an encryption algorithm.
The variable information of the encryption algorithm may be expressed as conditions constituting the encryption algorithm. In this embodiment, the identity information, the authentication information transmission time stamp, and the registration request transmission time stamp are used as conditions for generating the encryption algorithm. By increasing the conditions for generating the encryption algorithm, the difficulty of intercepting or cracking the video data is increased, and the safety of the video data is ensured.
And S303, receiving the authentication information sending time stamp and the registration request sending time stamp reported by the data acquisition terminal.
The authentication information sending timestamp reported by the data acquisition end can be the time generated when the data acquisition end clicks the login option after inputting the authentication information and the time generated when the data acquisition end clicks the registration option. And the encryption algorithm transmission unit receives the authentication information sending time stamp reported by the data acquisition terminal and the registration request sending time stamp through a wireless network.
S304, if the reported authentication information sending time stamp and the registration request sending time stamp are consistent with the locally acquired authentication information sending time stamp and the locally acquired registration request sending time stamp, determining that the data acquisition end has the encryption algorithm receiving authority.
The locally acquired authentication information sending time stamp can be the time automatically generated by the system when the data storage unit receives the authentication information sent by the data acquisition terminal. The locally obtained registration request transmission timestamp may be a time that the data storage unit automatically generates by the system when receiving a registration request for data collection. The encryption algorithm receiving authority can be used for limiting the encryption algorithm to be received, if the encryption algorithm receiving authority exists, the encryption algorithm can be received, and if the encryption algorithm receiving authority does not exist, the encryption algorithm cannot be received.
In this embodiment, whether the authentication information sending timestamp and the registration request sending timestamp reported by the acquisition end are consistent with the locally acquired authentication information sending timestamp and the locally acquired registration request sending timestamp is compared. And if the data acquisition end is consistent with the encryption algorithm transmission unit, determining that the data acquisition end has the encryption algorithm receiving authority and can receive the encryption algorithm transmitted by the encryption algorithm transmission unit. If the data acquisition end is inconsistent with the encryption algorithm transmission unit, the data acquisition end is determined to have no encryption algorithm receiving authority and cannot receive the encryption algorithm transmitted by the encryption algorithm transmission unit. The method is beneficial to ensuring the timeliness of data transmission, avoiding the video data from being intercepted or tampered in the transmission process and ensuring the safety of the video data.
In the embodiment, the authentication information sending timestamp and the registration request sending timestamp sent by the data acquisition end are obtained, the encryption algorithm is generated, the conditions for generating the encryption algorithm are increased, the difficulty of intercepting or cracking the video data is increased, and the safety of the video data is ensured. The reported authentication information sending time stamp is compared with the locally acquired authentication information sending time stamp, and the reported registration request sending time stamp is compared with the locally acquired registration request sending time stamp, so that the timeliness of data transmission is favorably ensured, the video data is prevented from being intercepted or distorted in the transmission process, and the safety of the video data is ensured.
EXAMPLE III
Fig. 4 is a schematic structural diagram of an apparatus authentication security chip device of a security chip according to a third embodiment of the present application. The device is executed by a data storage terminal; the data storage end is in wireless connection with the data acquisition end; wherein, the data storage end is configured with a security chip device; the security chip device comprises an identity registration unit, an identity authentication unit, an encryption algorithm transmission unit and a data verification unit; as shown in fig. 4, the secure chip apparatus includes:
the identity registration unit 41: the system comprises a data acquisition end, a data storage end and a data processing end, wherein the data acquisition end is used for responding to a registration request sent by the data acquisition end, performing registration verification on the data acquisition end, determining that the registration is successful if an operation response of the data acquisition end is obtained within a preset time period, and receiving and storing identity information of the data acquisition end; wherein the identity information comprises: identity and/or network identification;
the identity authentication unit 42: the system comprises a data acquisition terminal, a network connection event and a server, wherein the data acquisition terminal is used for acquiring identity information of the data acquisition terminal; if the identity information is consistent with the identity information registered in advance, determining that the identity authentication is successful; encryption algorithm transmission unit 43: the system is used for generating an encryption algorithm based on the identity information, the authentication time and the registration time sent by the data acquisition end and sending the encryption algorithm to the data acquisition end; the encryption algorithm comprises a segmentation rule for transmitting data contents;
data verification unit 44: the data acquisition terminal is used for receiving the encrypted data content of the data acquisition terminal and decrypting the encrypted data content based on the encryption algorithm; and if the decryption is successful and the obtained data content segmentation mode is consistent with the segmentation rule configured in the encryption algorithm, determining that the data content verification is successful, and receiving and storing the data content.
Optionally, the encryption algorithm transmission unit 43 is specifically configured to:
reading frame rate information of the data acquisition end;
and determining the change range and the change rule of the number of the video frames included in each data content according to the frame rate information, and taking the change range and the change rule as the segmentation rule of the video data.
Optionally, the encryption algorithm transmission unit 43 is specifically configured to:
acquiring identity information sent by the data acquisition end through the encryption algorithm transmission unit; acquiring an authentication information sending time stamp included in the authentication information, and acquiring a registration request sending time stamp included in the registration request;
and generating the identity information, the authentication information sending time stamp and the registration request sending time stamp as variable information of an encryption algorithm to generate the encryption algorithm.
Optionally, the encryption algorithm transmission unit 43 is further configured to:
receiving an authentication information sending timestamp and a registration request sending timestamp reported by the data acquisition terminal;
and if the reported authentication information sending time stamp and the registration request sending time stamp are consistent with the locally acquired authentication information sending time stamp and the locally acquired registration request sending time stamp, determining that the data acquisition terminal has the encryption algorithm receiving authority.
In the embodiment, the data acquisition end is registered and checked through the identity registration unit, if the operation response of the data acquisition end is obtained within a preset time period, the successful registration is determined, the identity information of the data acquisition end is received and stored, the potential safety hazard caused by counterfeiting of the front end identity can be avoided, and the safety of the registration information of the acquisition end is ensured; responding to a network connection event, sending authentication information to the data acquisition end through the identity authentication unit, and acquiring identity information of the data acquisition end; the encryption algorithm is generated by the encryption algorithm transmission unit and is sent to the data acquisition end, so that the data acquired by the data acquisition end is prevented from being intercepted, and the security of data transmission is improved. And receiving the encrypted data content of the data acquisition end, decrypting the encrypted data content based on an encryption algorithm through the data verification unit, receiving and storing the data content, and further ensuring the security of the acquired data.
Example four
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 5, the electronic device includes a processor 51, a memory 52, an input device 53, and an output device 54; the number of the processors 51 in the device may be one or more, and one processor 51 is taken as an example in fig. 5; the processor 51, the memory 52, the input device 53 and the output device 54 in the apparatus may be connected by a bus or other means, which is exemplified in fig. 5. The memory 52 is a computer-readable storage medium, and can be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the device authentication method of the security chip in the embodiment of the present invention. The processor 51 executes various functional applications and data processing of the device by running software programs, instructions and modules stored in the memory 52, that is, implements the above-described device authentication method of the security chip. The input device 53 may be used to receive input numeric or character information and generate key signal inputs relating to user settings and function control of the apparatus. The output device 54 may include a display device such as a display screen.
EXAMPLE five
The embodiment of the present application further provides a readable storage medium, where a program or an instruction is stored on the readable storage medium, and when the program or the instruction is executed by a processor, the program or the instruction implements each process of the above-mentioned device authentication method for a security chip, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
The processor is the processor in the electronic device described in the above embodiment. The readable storage medium includes a computer readable storage medium, such as a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and so on.
The foregoing is considered as illustrative of the preferred embodiments of the invention and the technical principles employed. The present application is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present application has been described in more detail with reference to the above embodiments, the present application is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present application, and the scope of the present application is determined by the scope of the claims.

Claims (8)

1. The equipment authentication method of the security chip is characterized in that the method is executed by a data storage end; the data storage end is wirelessly connected with the data acquisition end; wherein, the data storage end is configured with a security chip; the security chip comprises an identity registration unit, an identity authentication unit, an encryption algorithm transmission unit and a data verification unit; the method comprises the following steps:
responding to a registration request sent by a data acquisition end through an identity registration unit, performing registration verification on the data acquisition end, if an operation response of the data acquisition end is obtained within a preset time period, determining that the registration is successful, and receiving and storing identity information of the data acquisition end; wherein the identity information comprises: the data acquisition end is used for acquiring video data;
responding to a network connection event, and sending authentication information to the data acquisition terminal through the identity authentication unit to acquire identity information of the data acquisition terminal; if the identity information is consistent with the identity information registered in advance, determining that the identity authentication is successful; generating an encryption algorithm based on the identity information, the authentication time and the registration time sent by the data acquisition end through the encryption algorithm transmission unit, and sending the encryption algorithm to the data acquisition end; the encryption algorithm comprises a segmentation rule for transmitting data contents, wherein the determination process of the segmentation rule comprises the steps of reading frame rate information of the data acquisition end; determining the change range and the change rule of the number of the video frames included in each data content according to the frame rate information, and taking the change range and the change rule as the segmentation rule of the video data;
receiving the encrypted data content of the data acquisition end, and decrypting the encrypted data content based on the encryption algorithm through the data verification unit; and if the decryption is successful and the obtained data content segmentation mode is consistent with the segmentation rule configured in the encryption algorithm, determining that the data content verification is successful, and receiving and storing the data content.
2. The method of claim 1, wherein generating an encryption algorithm by the encryption algorithm transmission unit based on the identity information, the authentication time, and the registration time sent by the data acquisition end comprises:
acquiring identity information sent by the data acquisition end through the encryption algorithm transmission unit; acquiring an authentication information sending time stamp included in the authentication information, and acquiring a registration request sending time stamp included in the registration request;
and generating the identity information, the authentication information sending time stamp and the registration request sending time stamp as variable information of an encryption algorithm to generate the encryption algorithm.
3. The method according to claim 2, wherein after generating the identity information, the authentication information transmission time stamp, and the registration request transmission time stamp as variable information of an encryption algorithm to generate an encryption algorithm, the method further comprises:
receiving an authentication information sending timestamp and a registration request sending timestamp reported by the data acquisition terminal;
and if the reported authentication information sending time stamp and the registration request sending time stamp are consistent with the locally acquired authentication information sending time stamp and the locally acquired registration request sending time stamp, determining that the data acquisition terminal has the encryption algorithm receiving authority.
4. A secure chip apparatus, wherein the apparatus is executed by a data storage; the data storage end is in wireless connection with the data acquisition end; wherein, the data storage end is configured with a security chip device; the security chip device comprises an identity registration unit, an identity authentication unit, an encryption algorithm transmission unit and a data verification unit; the device comprises:
an identity registration unit: the system comprises a data acquisition end, a data storage end and a data processing end, wherein the data acquisition end is used for responding to a registration request sent by the data acquisition end, performing registration verification on the data acquisition end, determining that the registration is successful if an operation response of the data acquisition end is obtained within a preset time period, and receiving and storing identity information of the data acquisition end; wherein the identity information comprises: the data acquisition end is used for acquiring video data;
an identity authentication unit: the system comprises a data acquisition terminal, a network connection event and a server, wherein the data acquisition terminal is used for acquiring identity information of the data acquisition terminal; if the identity information is consistent with the identity information registered in advance, determining that the identity authentication is successful;
an encryption algorithm transmission unit: the system comprises a data acquisition end, a data storage end and a data processing end, wherein the data acquisition end is used for acquiring identity information, authentication time and registration time of a user; the encryption algorithm comprises a segmentation rule for transmitting data contents, and is specifically used for reading frame rate information of the data acquisition end; determining the change range and the change rule of the number of the video frames included in each data content according to the frame rate information, and taking the change range and the change rule as the segmentation rule of the video data;
a data verification unit: the data acquisition terminal is used for receiving the encrypted data content of the data acquisition terminal and decrypting the encrypted data content based on the encryption algorithm; and if the decryption is successful and the obtained data content segmentation mode is consistent with the segmentation rule configured in the encryption algorithm, determining that the data content verification is successful, and receiving and storing the data content.
5. The apparatus according to claim 4, wherein the encryption algorithm transmission unit is specifically configured to:
acquiring identity information sent by the data acquisition end through the encryption algorithm transmission unit; acquiring an authentication information sending time stamp included in the authentication information, and acquiring a registration request sending time stamp included in the registration request;
and generating the identity information, the authentication information sending time stamp and the registration request sending time stamp as variable information of an encryption algorithm to generate the encryption algorithm.
6. The apparatus of claim 5, wherein the encryption algorithm transmission unit is further configured to:
receiving an authentication information sending timestamp and a registration request sending timestamp reported by the data acquisition terminal;
and if the reported authentication information sending time stamp and the registration request sending time stamp are consistent with the locally acquired authentication information sending time stamp and the locally acquired registration request sending time stamp, determining that the data acquisition terminal has the encryption algorithm receiving authority.
7. An electronic device comprising a processor, a memory and a program or instructions stored on the memory and executable on the processor, the program or instructions, when executed by the processor, implementing the steps of the device authentication method of the security chip according to any one of claims 1 to 3.
8. A readable storage medium, characterized in that it stores thereon a program or instructions which, when executed by a processor, implement the steps of the device authentication method of a security chip according to any one of claims 1 to 3.
CN202211030281.6A 2022-08-26 2022-08-26 Device authentication method for security chip, security chip apparatus, device, and medium Active CN115277025B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211030281.6A CN115277025B (en) 2022-08-26 2022-08-26 Device authentication method for security chip, security chip apparatus, device, and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211030281.6A CN115277025B (en) 2022-08-26 2022-08-26 Device authentication method for security chip, security chip apparatus, device, and medium

Publications (2)

Publication Number Publication Date
CN115277025A CN115277025A (en) 2022-11-01
CN115277025B true CN115277025B (en) 2023-01-06

Family

ID=83754509

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211030281.6A Active CN115277025B (en) 2022-08-26 2022-08-26 Device authentication method for security chip, security chip apparatus, device, and medium

Country Status (1)

Country Link
CN (1) CN115277025B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102780558A (en) * 2012-04-28 2012-11-14 华为终端有限公司 Data encryption and transmission method, algorithm distribution method, equipment and system
CN105790951A (en) * 2016-02-26 2016-07-20 浙江维尔科技股份有限公司 Identity authentication device and intelligent terminal
CN106161028A (en) * 2015-04-17 2016-11-23 国民技术股份有限公司 Safety chip, communication terminal and the method improving communication security
CN109088870A (en) * 2018-08-14 2018-12-25 国网甘肃省电力公司电力科学研究院 A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform
CN109101803A (en) * 2018-07-25 2018-12-28 腾讯科技(深圳)有限公司 Biometric apparatus and method
CN114520976A (en) * 2022-04-20 2022-05-20 北京时代亿信科技股份有限公司 Authentication method and device for user identity identification card and nonvolatile storage medium
CN114640867A (en) * 2022-05-20 2022-06-17 广州万协通信息技术有限公司 Video data processing method and device based on video stream authentication
CN114938503A (en) * 2022-07-25 2022-08-23 广州万协通信息技术有限公司 Remote alarm method of security chip and security chip device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114710693A (en) * 2022-05-25 2022-07-05 广州万协通信息技术有限公司 Video stream distributed transmission method and device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102780558A (en) * 2012-04-28 2012-11-14 华为终端有限公司 Data encryption and transmission method, algorithm distribution method, equipment and system
CN106161028A (en) * 2015-04-17 2016-11-23 国民技术股份有限公司 Safety chip, communication terminal and the method improving communication security
CN105790951A (en) * 2016-02-26 2016-07-20 浙江维尔科技股份有限公司 Identity authentication device and intelligent terminal
CN109101803A (en) * 2018-07-25 2018-12-28 腾讯科技(深圳)有限公司 Biometric apparatus and method
CN109088870A (en) * 2018-08-14 2018-12-25 国网甘肃省电力公司电力科学研究院 A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform
CN114520976A (en) * 2022-04-20 2022-05-20 北京时代亿信科技股份有限公司 Authentication method and device for user identity identification card and nonvolatile storage medium
CN114640867A (en) * 2022-05-20 2022-06-17 广州万协通信息技术有限公司 Video data processing method and device based on video stream authentication
CN114938503A (en) * 2022-07-25 2022-08-23 广州万协通信息技术有限公司 Remote alarm method of security chip and security chip device

Also Published As

Publication number Publication date
CN115277025A (en) 2022-11-01

Similar Documents

Publication Publication Date Title
CN112218294B (en) 5G-based access method and system for Internet of things equipment and storage medium
US10021113B2 (en) System and method for an integrity focused authentication service
CN103685311B (en) A kind of login validation method and equipment
CN111741268B (en) Video transmission method, device, server, equipment and medium
CN110175448B (en) Trusted device login authentication method and application system with authentication function
CN112738117A (en) Data transmission method, device and system, storage medium and electronic device
CN108959990B (en) Two-dimensional code verification method and device
CN113225351B (en) Request processing method and device, storage medium and electronic equipment
CN104283686A (en) Digital right management method and system
CN112380501B (en) Equipment operation method, device, equipment and storage medium
CN112823503A (en) Data access method, data access device and mobile terminal
CN112367164A (en) Service request processing method and device, computer equipment and storage medium
CN109451504B (en) Internet of things module authentication method and system
CN113726743B (en) Method, device, equipment and medium for detecting network replay attack
CN108900595B (en) Method, device and equipment for accessing data of cloud storage server and computing medium
CN116366289B (en) Safety supervision method and device for remote sensing data of unmanned aerial vehicle
CN115277025B (en) Device authentication method for security chip, security chip apparatus, device, and medium
CN114124572B (en) Data transmission method, device, equipment and medium based on unidirectional network
CN114726606B (en) User authentication method, client, gateway and authentication server
CN115761954A (en) Bluetooth key connection method and device for vehicle
CN210745178U (en) Identity authentication system
CN107086918A (en) A kind of client validation method and server
CN110070448B (en) Electronic policy processing method and server
CN114595465A (en) Data encryption processing method and device and electronic equipment
CN118200058B (en) Multi-factor authentication method and system based on physical isolation channel

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant