CN115348037A - Identity authentication method, device and equipment of terminal equipment - Google Patents

Identity authentication method, device and equipment of terminal equipment Download PDF

Info

Publication number
CN115348037A
CN115348037A CN202211031532.2A CN202211031532A CN115348037A CN 115348037 A CN115348037 A CN 115348037A CN 202211031532 A CN202211031532 A CN 202211031532A CN 115348037 A CN115348037 A CN 115348037A
Authority
CN
China
Prior art keywords
authenticated
fingerprint
equipment
identity authentication
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211031532.2A
Other languages
Chinese (zh)
Inventor
张宇南
蒋屹新
许爱东
匡晓云
洪超
高松川
袁小凯
蒙家晓
黄开天
杨祎巍
刘增才
杜金燃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CSG Electric Power Research Institute
China Southern Power Grid Co Ltd
Original Assignee
CSG Electric Power Research Institute
China Southern Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CSG Electric Power Research Institute, China Southern Power Grid Co Ltd filed Critical CSG Electric Power Research Institute
Priority to CN202211031532.2A priority Critical patent/CN115348037A/en
Publication of CN115348037A publication Critical patent/CN115348037A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The application discloses an identity authentication method, device and equipment of terminal equipment, wherein the method comprises the following steps: determining equipment parameters and a plurality of network parameters of the terminal equipment to be authenticated; constructing a fingerprint of the equipment to be authenticated of the terminal equipment based on the equipment parameters and the plurality of network parameters; matching the device fingerprint to be authenticated with a preset device fingerprint in a device fingerprint library to obtain a matching result; verifying a signature private key of the terminal equipment by using a preset public key to obtain whether the terminal equipment is successfully verified; and integrating the verification result and the matching result to obtain an identity authentication result of whether the terminal equipment is safe or not. The technical problem that the identity authentication method for the terminal equipment in the existing power system cloud edge fusion framework is poor in safety is solved.

Description

Identity authentication method, device and equipment of terminal equipment
Technical Field
The present application relates to the field of information security technologies, and in particular, to an identity authentication method, apparatus, and device for a terminal device.
Background
With the continuous expansion of the scale of the power system, the power data is exponentially increased, and it is very important to perform safety protection on the power system in order to ensure the safety of the power system and the power data.
As shown in fig. 1, most of the existing power systems are based on a cloud-edge fusion architecture, where "cloud" is a cloud platform and has functions of device management, intelligent decision-making, and the like; the edge is an edge cloud which provides intelligent decision and service nearby; the terminal is terminal equipment, including intelligent terminal, intelligent sensor and intelligent equipment. As shown in fig. 1, the terminal device is located at the bottom layer of the cloud-edge fusion architecture of the power system, and is a key node for converting physical information into digital information. However, the terminal devices are widely distributed, the communication modes are various, and the security risk of the system is increased to a great extent.
In the existing cloud-edge fusion architecture of the power system, although the identity authentication method for the terminal equipment can perform safety protection, the safety is weak.
Disclosure of Invention
In view of this, the present application provides an identity authentication method, an identity authentication device, and an identity authentication device for a terminal device, which can perform accurate and secure identity authentication on the terminal device in a cloud-side converged framework of an electric power system, and solve the technical problem that the security of the identity authentication method for the terminal device in the existing cloud-side converged framework of the electric power system is weak.
A first aspect of the present application provides an identity authentication method for a terminal device, including:
determining equipment parameters and a plurality of network parameters of the terminal equipment to be authenticated;
constructing a device fingerprint to be authenticated of the terminal device based on the device parameters and the plurality of network parameters;
matching the device fingerprint to be authenticated with a preset device fingerprint in a device fingerprint library to obtain a matching result;
verifying the signature private key of the terminal equipment by using a preset public key to obtain whether the terminal equipment is successfully verified;
and synthesizing the verification result and the matching result to obtain an identity authentication result of whether the terminal equipment is safe or not.
Optionally, the configuring process of the network parameter includes:
acquiring a flow data packet of the terminal equipment;
and extracting the characteristics of the flow data packet to obtain the network parameters of the terminal equipment.
Optionally, the network parameters include: communication protocol, port number, lifetime of traffic packets, connection rate, amount of transmission bytes, and capture time of traffic packets.
Optionally, the constructing a to-be-authenticated device fingerprint of the terminal device based on the device parameter and the plurality of network parameters specifically includes:
combining the equipment parameters and each network parameter to obtain a plurality of combined parameters;
and forming a matrix by using the plurality of combination parameters, and taking the matrix as the fingerprint of the equipment to be authenticated of the terminal equipment.
Optionally, the matching the device fingerprint to be authenticated with a preset device fingerprint in a device fingerprint library to obtain a matching result, specifically including:
matching the device fingerprint to be authenticated with each preset device fingerprint in a device fingerprint library;
calculating the similarity between the fingerprint of the equipment to be authenticated and the fingerprint of each preset equipment;
and obtaining a matching result of the fingerprint of the equipment to be authenticated based on the similarity.
Optionally, the verifying the signature private key of the terminal device by using the preset public key to obtain a verification result of whether the terminal device is successfully verified, specifically including:
acquiring a preset public key corresponding to the terminal equipment;
and verifying the signature private key of the terminal equipment by using the preset public key to obtain a verification result of whether the terminal equipment is successfully verified.
Optionally, the obtaining, by integrating the verification result and the matching result, an identity authentication result indicating whether the terminal device is secure includes:
and when the verification result is successful and the matching result is that only one preset device fingerprint is matched with the device fingerprint to be authenticated, judging that the identity authentication result of the terminal device is safe, otherwise, judging that the identity authentication result of the terminal device is unsafe.
Optionally, the method further comprises:
acquiring historical behavior data and current behavior data of the terminal equipment to be authenticated;
calculating the current behavior credibility of the terminal equipment to be authenticated based on the historical behavior data and the current behavior data;
and comparing the current behavior reliability with a preset authority threshold value to adjust the access authority of the terminal equipment to be authenticated.
A second aspect of the present application provides an identity authentication apparatus for a terminal device, including:
the device comprises a determining unit, a judging unit and a judging unit, wherein the determining unit is used for determining the device parameters and a plurality of network parameters of the terminal device to be authenticated;
the construction unit is used for constructing the fingerprint of the equipment to be authenticated of the terminal equipment based on the equipment parameters and the network parameters;
the matching unit is used for matching the device fingerprint to be authenticated with a preset device fingerprint in a device fingerprint library to obtain a matching result;
the verification unit is used for verifying the signature private key of the terminal equipment by using a preset public key to obtain whether the terminal equipment is successfully verified;
and the authentication unit is used for integrating the verification result and the matching result to obtain an identity authentication result of whether the terminal equipment is safe or not.
A third aspect of the present application provides an identity authentication device of a terminal device, including a processor and a memory;
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute any one of the methods for authenticating an identity of a terminal device according to the first aspect according to instructions in the program code.
According to the technical scheme, the method has the following advantages:
the application provides an identity authentication method of terminal equipment, which comprises the following steps: determining equipment parameters and a plurality of network parameters of the terminal equipment to be authenticated; constructing a fingerprint of the equipment to be authenticated of the terminal equipment based on the equipment parameters and the plurality of network parameters; matching the device fingerprint to be authenticated with a preset device fingerprint in a device fingerprint library to obtain a matching result; verifying a signature private key of the terminal equipment by using a preset public key to obtain whether the terminal equipment is successfully verified; and integrating the verification result and the matching result to obtain an identity authentication result of whether the terminal equipment is safe or not.
According to the method and the device, the fingerprint of the device to be authenticated is established based on the device parameters and the network parameters of the terminal device, and security authentication is further performed based on the public and private keys on the basis of fingerprint authentication, so that the security authentication of the terminal device is reliable and accurate, and the technical problem that the identity authentication method for the terminal device in the existing power system cloud-side fusion framework is poor in security is solved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic structural diagram of a cloud-edge fusion architecture of an electric power system;
fig. 2 is a schematic flowchart of a first embodiment of an identity authentication method of a terminal device in an embodiment of the present application;
fig. 3 is a schematic flowchart of a second embodiment of an identity authentication method for a terminal device in the embodiment of the present application;
fig. 4 is a schematic structural diagram of an identity authentication apparatus of a terminal device in an embodiment of the present application.
Detailed Description
The embodiment of the application provides an identity authentication method, an identity authentication device and identity authentication equipment of terminal equipment, and solves the technical problem that the identity authentication method for the terminal equipment in the existing power system cloud edge fusion architecture is poor in safety.
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
A first aspect of an embodiment of the present application provides an embodiment of an identity authentication method for a terminal device.
Referring to fig. 2, a schematic flowchart of a first embodiment of a method for authenticating an identity of a terminal device in an embodiment of the present application is shown.
The identity authentication method of the terminal equipment in the embodiment comprises the following steps:
step 201, determining the device parameters and a plurality of network parameters of the terminal device to be authenticated.
In this embodiment, when the terminal device is authenticated, the used data is the fingerprint of the device to be authenticated of the terminal device, and the fingerprint of the device to be authenticated in this embodiment is constructed based on the plurality of network parameters and the device parameters of the terminal device, so the device parameters and the plurality of network parameters of the terminal device are determined first in this embodiment.
It is understood that device parameters include, but are not limited to: device serial number, device type, hardware parameters of the device, device manufacturer, and device MAC. Specifically, the obtaining of the device parameter may be by means of data embedding, which is not particularly limited in this embodiment.
Step 202, establishing a fingerprint of the equipment to be authenticated of the terminal equipment based on the equipment parameters and the plurality of network parameters.
After a plurality of network parameters and device parameters corresponding to the terminal device are obtained, the fingerprint of the device to be authenticated of the terminal device can be constructed.
And 203, matching the device fingerprint to be authenticated with a preset device fingerprint in the device fingerprint database to obtain a matching result.
After the fingerprint of the device to be authenticated corresponding to the terminal device is determined, the fingerprint of the device to be authenticated and the preset device fingerprint in the device fingerprint library can be matched to obtain a matching result.
And 204, verifying the signature private key of the terminal equipment by using a preset public key to obtain whether the terminal equipment is successfully verified.
When the terminal equipment is authenticated by the fingerprint of the equipment to be authenticated, signature verification is carried out on the terminal equipment based on the public and private keys, namely the signature private key of the terminal equipment is verified by the preset public key, and whether the verification result of the terminal equipment is successful or not is obtained.
And step 205, integrating the verification result and the matching result to obtain an identity authentication result of whether the terminal equipment is safe.
After the verification result and the matching result are obtained, the verification result and the matching result can be synthesized, and the identity authentication result of whether the terminal equipment is safe or not can be obtained.
It can be understood that, the identity authentication method in this embodiment is to perform identity authentication on the terminal device in the cloud-edge fusion architecture of the power system, so the identity authentication method in this embodiment may be performed by an edge cloud connected to the terminal device.
In the embodiment, the device parameter and the network parameters of the terminal device to be authenticated are determined, the device fingerprint of the terminal device to be authenticated is constructed based on the device parameter and the network parameters, the device fingerprint to be authenticated is matched with the preset device fingerprint in the device fingerprint library to obtain a matching result, the signature private key of the terminal device is verified by using the preset public key to obtain a verification result of whether the terminal device is successfully verified, and finally the verification result and the matching result are synthesized to obtain an identity authentication result of whether the terminal device is safe. In the embodiment, the fingerprint of the equipment to be authenticated is constructed based on the equipment parameters and the network parameters of the terminal equipment, and the security authentication is further performed based on the public and private keys on the basis of utilizing the fingerprint verification, so that the security authentication of the terminal equipment is more reliable and accurate, and the technical problem that the security of the identity authentication method for the terminal equipment in the existing power system cloud-side fusion architecture is weaker is solved.
The above is a first embodiment of the identity authentication method for the terminal device provided in the embodiment of the present application, and the following is a second embodiment of the identity authentication method for the terminal device provided in the embodiment of the present application.
Referring to fig. 3, a flowchart of a second embodiment of an identity authentication method for a terminal device in an embodiment of the present application is shown.
The identity authentication method of the terminal equipment in the embodiment comprises the following steps:
step 301, determining the device parameters and several network parameters of the terminal device to be authenticated.
It is understood that the configuration process of the network parameters includes:
acquiring a flow data packet of the terminal equipment;
and extracting the characteristics of the flow data packet to obtain the network parameters of the terminal equipment.
Specifically, the network parameters include: communication protocol, port number, lifetime of traffic packets, connection rate, amount of transmission bytes, and capture time of traffic packets.
The detailed information and the encoding method of the communication protocol are shown in table 1, the detailed information and the encoding method of the port number are shown in table 2, and the detailed information and the encoding method of the lifetime of the packet are shown in table 3:
TABLE 1
Figure BDA0003817614920000061
Figure BDA0003817614920000071
TABLE 2
Port number Numbering
[0,1023] 0
[1024,49151] 1
[49152,65535] 2
Others 3
TABLE 3
Time Number of
>64 0
<64 1
=64 2
Step 302, combining the device parameters and each network parameter to obtain a plurality of combined parameters.
And 303, forming a matrix by using the plurality of combination parameters, and taking the matrix as the fingerprint of the equipment to be authenticated of the terminal equipment.
In this embodiment, m traffic packets R = { R ] of the terminal device are obtained 1 ,r 2 ,r 3 ,...r m }. Extracting 26 data bits in each traffic packetSign { p 1 ,p 2 ,p 3 ,...p 26 Obtaining data characteristics p by data embedding point, namely network parameters 27 ,p 28 ,p 29 ,p 30 ,p 31 R, i.e. the device parameter, the combined parameter obtained by combining each network parameter and the device parameter is r i ={p i,1 ,p i,2 ,p i,3 ,...p i,26 ,p 27 ,...,p 31 }. The fingerprint of the terminal equipment to be authenticated is formed by a matrix P of m 31:
Figure BDA0003817614920000072
and step 304, matching the device fingerprint to be authenticated with each preset device fingerprint in the device fingerprint library.
And 305, calculating the similarity between the fingerprint of the device to be authenticated and the fingerprint of each preset device.
It can be understood that the calculation manner of the similarity is not specifically described in this embodiment, and it can be understood that the higher the similarity is, the more similar the preset device fingerprint and the to-be-authenticated device fingerprint corresponding to the similarity are, and conversely, the lower the similarity is, the more dissimilar the preset device fingerprint and the to-be-authenticated device fingerprint corresponding to the similarity are. When the similarity is greater than the preset threshold, the preset device fingerprint corresponding to the similarity is considered to be matched with the device fingerprint to be authenticated, and when the similarity is less than the preset threshold, the preset device fingerprint corresponding to the similarity is considered to be not matched with the device fingerprint to be authenticated.
And step 306, obtaining a matching result of the fingerprint of the device to be authenticated based on the similarity.
After the similarity is obtained, judging that a plurality of preset device fingerprints with the similarity larger than a preset threshold value exist, if the number of the preset device fingerprints is one, the terminal device is possibly a safe terminal device, and if the number of the preset device fingerprints is none or multiple, the terminal device is not a safe terminal device.
In an optional implementation manner, the fingerprint of the device to be authenticated may be compared based on a decision function, and the specific implementation steps include:
calculating the fingerprint of the equipment to be authenticated and the fingerprint decision value of each preset equipment in the equipment fingerprint database through a decision function, wherein the decision function is as follows:
Figure BDA0003817614920000081
in the formula (I), the compound is shown in the specification,
Figure BDA0003817614920000082
Figure BDA0003817614920000083
wherein, f (p) new ) For the decision function, argmax is f (p) new ) When maximum value p is obtained new Set of numbers, p, of corresponding devices in the fingerprint repository i 、p j Are all preset device fingerprints, p new Fingerprint of the device to be authenticated, b coefficient of hyperplane chosen by SVM, K (p) j ,p new )、K(p i ,p new ) Is a Gaussian kernel function, h is the number of terminal equipment types, sigma is the action range of the Gaussian kernel function, N is the number of fingerprints of preset equipment fingerprints in an equipment fingerprint library, a i 、a j For lagrange multiplier, type new To indicate the type of terminal device to be authenticated, type i 、type j For the type of device in the device fingerprint library, a = { a = { A } 1 ,…,a n The obtained α coefficients are set.
Selecting a j > 0, calculate
Figure BDA0003817614920000091
Substituting the fingerprint matrix P of the device to be authenticated into a decision function f (P) new )。
And obtaining a matching result of the fingerprint of the equipment to be authenticated based on all the decision values.
And 307, acquiring a preset public key corresponding to the terminal device.
It is understood that the preset public key corresponding to the terminal device may be generated based on the network parameters and the device parameters corresponding to the terminal device.
And 308, verifying the signature private key of the terminal equipment by using a preset public key to obtain a verification result of whether the terminal equipment is successfully verified.
It is understood that the private key in this embodiment may be generated according to the master key, the network parameters and the device parameters.
And 309, judging that the identity authentication result of the terminal equipment is safe when the verification result is successful and the matching result is yes and only one preset equipment fingerprint is matched with the equipment fingerprint to be authenticated, and otherwise, judging that the identity authentication result of the terminal equipment is unsafe.
If f (p) new ) If the fingerprint to be authenticated of the terminal equipment is wrong, the equipment is unsafe; if f (p) new ) If the verification result only contains one value and the preset public key is successfully verified, the terminal device is considered to be safe, and the next operation can be carried out.
And 310, acquiring historical behavior data and current behavior data of the terminal equipment to be authenticated.
And 311, calculating the current behavior reliability of the terminal equipment to be authenticated based on the historical behavior data and the current behavior data.
And step 312, comparing the current behavior reliability with a preset authority threshold value to adjust the access authority of the terminal device to be authenticated.
Behavior credibility:
Figure BDA0003817614920000092
wherein BT is i Being the current level of trust of the terminal device, BT i-1 Is the historical confidence level, r, of the terminal device 1 、r 2 Is a constant greater than 0 and less than 1, beta 1 、β 2 、β 3 Is a constant greater than 0 and less than 1, and beta 123 =1,Z t Number of correctly identified samples for device i, Z f Number of samples identified as device i for other devices, E t Number of samples identified as non-device i for non-device i, E f Number of samples identified as device i for non-device i, C t Number of legal authorizations for device i, C f The number of times authorization is denied for device i.
When the reliability of the current behavior is less than or equal to a preset authority threshold value of a certain authority, refusing authorization to the terminal equipment;
and when the reliability of the current behavior is greater than a preset authority threshold value of a certain authority, authorizing the terminal equipment.
In the embodiment, the device parameter and the network parameters of the terminal device to be authenticated are determined, the fingerprint of the terminal device to be authenticated is constructed based on the device parameter and the network parameters, the fingerprint of the terminal device to be authenticated is matched with the preset device fingerprint in the device fingerprint library to obtain a matching result, the signature private key of the terminal device is verified by using the preset public key to obtain a verification result of whether the terminal device is successfully verified, and finally the verification result and the matching result are synthesized to obtain an identity authentication result of whether the terminal device is safe. In the embodiment, the fingerprint of the device to be authenticated is constructed based on the device parameters and the network parameters of the terminal device, and security authentication is further performed based on the public and private keys on the basis of fingerprint authentication, so that the security authentication of the terminal device is more reliable and accurate, and the technical problem that the identity authentication method for the terminal device in the existing power system cloud-side fusion framework is weaker in security is solved.
A second aspect of the embodiments of the present application provides an embodiment of an identity authentication apparatus for a terminal device.
Referring to fig. 4, a schematic structural diagram of an identity authentication apparatus of a terminal device in an embodiment of the present application is shown.
An identity authentication apparatus of a terminal device in this embodiment includes:
the device comprises a determining unit, a judging unit and a judging unit, wherein the determining unit is used for determining the device parameters and a plurality of network parameters of the terminal device to be authenticated;
the device comprises a construction unit and a verification unit, wherein the construction unit is used for constructing the fingerprint of the device to be authenticated of the terminal device based on the device parameters and a plurality of network parameters;
the matching unit is used for matching the device fingerprint to be authenticated with the preset device fingerprint in the device fingerprint library to obtain a matching result;
the verification unit is used for verifying the signature private key of the terminal equipment by using a preset public key to obtain whether the terminal equipment is successfully verified;
and the authentication unit is used for integrating the verification result and the matching result to obtain the identity authentication result of whether the terminal equipment is safe or not.
In this embodiment, first, an apparatus parameter and a plurality of network parameters of a terminal apparatus to be authenticated are determined, then, an apparatus fingerprint of the terminal apparatus to be authenticated is constructed based on the apparatus parameter and the plurality of network parameters, then, the apparatus fingerprint to be authenticated is matched with a preset apparatus fingerprint in an apparatus fingerprint library to obtain a matching result, then, a signature private key of the terminal apparatus is verified by using a preset public key to obtain a verification result of whether the terminal apparatus is successfully verified, and finally, the verification result and the matching result are synthesized to obtain an identity authentication result of whether the terminal apparatus is safe. In the embodiment, the fingerprint of the device to be authenticated is constructed based on the device parameters and the network parameters of the terminal device, and security authentication is further performed based on the public and private keys on the basis of fingerprint authentication, so that the security authentication of the terminal device is more reliable and accurate, and the technical problem that the identity authentication method for the terminal device in the existing power system cloud-side fusion framework is weaker in security is solved.
A third aspect of the embodiments of the present application provides an embodiment of an identity authentication device of a terminal device.
An identity authentication device of a terminal device comprises a processor and a memory; the memory is used for storing the program codes and transmitting the program codes to the processor; the processor is configured to perform the method of identity authentication of a terminal device of the first aspect according to instructions in the program code.
It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the above-described apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of a unit is only one logical functional division, and other division manners may be available in actual implementation, for example, multiple units or components may be combined or integrated into another grid network to be installed, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (10)

1. An identity authentication method of a terminal device, comprising:
determining equipment parameters and a plurality of network parameters of the terminal equipment to be authenticated;
constructing a device fingerprint to be authenticated of the terminal device based on the device parameters and the plurality of network parameters;
matching the device fingerprint to be authenticated with a preset device fingerprint in a device fingerprint library to obtain a matching result;
verifying the signature private key of the terminal equipment by using a preset public key to obtain whether the terminal equipment is successfully verified;
and synthesizing the verification result and the matching result to obtain an identity authentication result of whether the terminal equipment is safe or not.
2. The identity authentication method of the terminal device according to claim 1, wherein the configuration process of the network parameters comprises:
acquiring a flow data packet of the terminal equipment;
and extracting the characteristics of the flow data packet to obtain the network parameters of the terminal equipment.
3. The identity authentication method of the terminal device according to claim 2, wherein the network parameters include: communication protocol, port number, lifetime of traffic packets, connection rate, amount of transmission bytes, and capture time of traffic packets.
4. The identity authentication method of a terminal device according to claim 1, wherein the constructing a fingerprint of a device to be authenticated of the terminal device based on the device parameter and the plurality of network parameters specifically comprises:
combining the equipment parameters and each network parameter to obtain a plurality of combined parameters;
and forming a matrix by using the plurality of combination parameters, and taking the matrix as the fingerprint of the equipment to be authenticated of the terminal equipment.
5. The identity authentication method of a terminal device according to claim 1, wherein the matching the device fingerprint to be authenticated with a preset device fingerprint in a device fingerprint library to obtain a matching result specifically comprises:
matching the device fingerprint to be authenticated with each preset device fingerprint in a device fingerprint library;
calculating the similarity between the fingerprint of the equipment to be authenticated and the fingerprints of the preset equipment;
and obtaining a matching result of the fingerprint of the equipment to be authenticated based on the similarity.
6. The identity authentication method of a terminal device according to claim 1, wherein the verifying the signature private key of the terminal device by using a preset public key to obtain a verification result of whether the terminal device is successfully verified specifically comprises:
acquiring a preset public key corresponding to the terminal equipment;
and verifying the signature private key of the terminal equipment by using the preset public key to obtain a verification result of whether the terminal equipment is successfully verified.
7. The identity authentication method of a terminal device according to claim 1, wherein the obtaining of the identity authentication result of whether the terminal device is secure by integrating the verification result and the matching result specifically comprises:
and when the verification result is successful and the matching result is that only one preset device fingerprint is matched with the device fingerprint to be authenticated, judging that the identity authentication result of the terminal device is safe, otherwise, judging that the identity authentication result of the terminal device is unsafe.
8. The method for authenticating the identity of the terminal device according to claim 1, wherein the method further comprises:
acquiring historical behavior data and current behavior data of the terminal equipment to be authenticated;
calculating the current behavior credibility of the terminal equipment to be authenticated based on the historical behavior data and the current behavior data;
and comparing the current behavior reliability with a preset authority threshold value to adjust the access authority of the terminal equipment to be authenticated.
9. An identity authentication apparatus of a terminal device, comprising:
the device comprises a determining unit, a judging unit and a judging unit, wherein the determining unit is used for determining the device parameters and a plurality of network parameters of the terminal device to be authenticated;
the construction unit is used for constructing the fingerprint of the equipment to be authenticated of the terminal equipment based on the equipment parameters and the network parameters;
the matching unit is used for matching the device fingerprint to be authenticated with a preset device fingerprint in a device fingerprint library to obtain a matching result;
the verification unit is used for verifying the signature private key of the terminal equipment by using a preset public key to obtain whether the terminal equipment is successfully verified;
and the authentication unit is used for integrating the verification result and the matching result to obtain an identity authentication result of whether the terminal equipment is safe or not.
10. The identity authentication equipment of the terminal equipment is characterized by comprising a processor and a memory;
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the identity authentication method of the terminal device according to any one of claims 1 to 8 according to instructions in the program code.
CN202211031532.2A 2022-08-26 2022-08-26 Identity authentication method, device and equipment of terminal equipment Pending CN115348037A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211031532.2A CN115348037A (en) 2022-08-26 2022-08-26 Identity authentication method, device and equipment of terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211031532.2A CN115348037A (en) 2022-08-26 2022-08-26 Identity authentication method, device and equipment of terminal equipment

Publications (1)

Publication Number Publication Date
CN115348037A true CN115348037A (en) 2022-11-15

Family

ID=83954786

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211031532.2A Pending CN115348037A (en) 2022-08-26 2022-08-26 Identity authentication method, device and equipment of terminal equipment

Country Status (1)

Country Link
CN (1) CN115348037A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115514499A (en) * 2022-11-18 2022-12-23 广州优刻谷科技有限公司 Safety communication method, device and storage medium based on mathematical statistics
CN117238070A (en) * 2023-09-21 2023-12-15 湖北梦特科技有限公司 Household safety control method and system based on intelligent community

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115514499A (en) * 2022-11-18 2022-12-23 广州优刻谷科技有限公司 Safety communication method, device and storage medium based on mathematical statistics
CN117238070A (en) * 2023-09-21 2023-12-15 湖北梦特科技有限公司 Household safety control method and system based on intelligent community

Similar Documents

Publication Publication Date Title
US12010513B2 (en) Method for automatic possession-factor authentication
CN112182519B (en) Computer storage system security access method and access system
CN115348037A (en) Identity authentication method, device and equipment of terminal equipment
US7178025B2 (en) Access system utilizing multiple factor identification and authentication
US9037858B1 (en) Distributed cryptography using distinct value sets each comprising at least one obscured secret value
CN105827573B (en) System, method and the relevant apparatus of internet of things equipment strong authentication
CN106034123B (en) Authentication method, application system server and client
US20180041505A1 (en) Method for generating a key and access control method
US20200074070A1 (en) Risk based time-based one-time password (totp) authenticator
JP2008502071A (en) Biometric template protection and characterization
CN105164689A (en) User authentication
WO2018119623A1 (en) Method of unlocking electronic lock device, and client and electronic lock device thereof
CN113395166B (en) Edge computing-based power terminal cloud edge terminal collaborative security access authentication method
CN115842680B (en) Network identity authentication management method and system
CN113672890A (en) Identity authentication method and device, electronic equipment and computer storage medium
WO2016048129A2 (en) A system and method for authenticating a user based on user behaviour and environmental factors
US20230246820A1 (en) Dynamic privacy-preserving application authentication
CN112383401B (en) User name generation method and system for providing identity authentication service
Seo et al. Construction of a New Biometric‐Based Key Derivation Function and Its Application
CN117499050B (en) Cloud signature method and system based on encryption technology
CN112040481A (en) Secondary authentication method based on 5G communication gateway
Pappu et al. Ai-assisted risk based two factor authentication method (AIA-RB-2FA)
CN117499050A (en) Cloud signature method and system based on encryption technology
CN117371048B (en) Remote access data processing method, device, equipment and storage medium
CN111431854B (en) Wi-Fi received signal strength-based double-factor authentication method and electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination