CN115348076B - Equipment security authentication method and system based on attribute encryption and related devices thereof - Google Patents

Equipment security authentication method and system based on attribute encryption and related devices thereof Download PDF

Info

Publication number
CN115348076B
CN115348076B CN202210968066.4A CN202210968066A CN115348076B CN 115348076 B CN115348076 B CN 115348076B CN 202210968066 A CN202210968066 A CN 202210968066A CN 115348076 B CN115348076 B CN 115348076B
Authority
CN
China
Prior art keywords
attribute
encryption
information
authentication server
terminal equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210968066.4A
Other languages
Chinese (zh)
Other versions
CN115348076A (en
Inventor
赵奕捷
成国强
杨立扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianyi Digital Life Technology Co Ltd
Original Assignee
Tianyi Digital Life Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianyi Digital Life Technology Co Ltd filed Critical Tianyi Digital Life Technology Co Ltd
Priority to CN202210968066.4A priority Critical patent/CN115348076B/en
Publication of CN115348076A publication Critical patent/CN115348076A/en
Priority to PCT/CN2022/133389 priority patent/WO2024031868A1/en
Application granted granted Critical
Publication of CN115348076B publication Critical patent/CN115348076B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a device security authentication method based on attribute encryption and a related device thereof, wherein a terminal device obtains first encryption information through a symmetric key and a random number generated by encrypting an attribute identification public key of an authentication server, and then sends a registration authentication request to the authentication server for authentication; decrypting the second encryption information returned by the authentication server through the symmetric key to obtain an attribute encryption identification private key and a random number; the attribute encryption identification private key is generated by an authentication server according to the attribute information of the terminal equipment, wherein the attribute information comprises position information, user information of a user bound by the terminal equipment and equipment delivery identification; after the legitimacy of the authentication server is verified by the random number, the attribute encryption identification private key is stored, so that the technical problem that the equipment safety is affected due to the fact that batch equipment keys are easily leaked because manufacturer information is easily leaked in the prior art that equipment factory IDs are used as equipment keys for information encryption transmission is solved.

Description

Equipment security authentication method and system based on attribute encryption and related devices thereof
Technical Field
The application relates to the technical field of network security, in particular to a device security authentication method based on attribute encryption and a related device thereof.
Background
In order to improve the security of information transmission, public and private key pairs are generally set for information encryption transmission. In the prior art, equipment factory ID is mostly adopted as an equipment key for information encryption transmission, and batch equipment keys are easy to leak due to information leakage of manufacturers and the like, so that equipment safety is caused.
Disclosure of Invention
The application provides an equipment security authentication method based on attribute encryption and a related device thereof, which are used for improving the technical problems that the prior art adopts equipment factory ID as an equipment key to carry out information encryption transmission, and batch equipment keys are easy to leak because of manufacturer information leakage, so that the equipment security is affected.
In view of this, a first aspect of the present application provides an apparatus security authentication method based on attribute encryption, applied to a terminal apparatus, the method including:
when an authentication server in an access block chain registers, initializing to generate a symmetric key and a random number, and encrypting the symmetric key and the random number through an attribute identification public key of the authentication server to obtain first encryption information;
Sending a registration authentication request carrying the first encryption information and the equipment factory identifier to the authentication server, and authenticating the terminal equipment by the authentication server according to the equipment factory identifier;
receiving second encryption information returned by the authentication server after successful authentication, and decrypting the second encryption information through the symmetric key to obtain an attribute encryption identification private key and a random number; the attribute encryption identification private key is generated by the authentication server according to the attribute information of the terminal equipment, wherein the attribute information comprises position information, user information of a user bound by the terminal equipment and a factory identification of the equipment; the second encryption information is obtained by encrypting the attribute encryption identification private key and the decrypted random number by a symmetric key obtained by decrypting the first encryption information by the authentication server through the attribute identification private key;
verifying the legitimacy of the authentication server through the random number generated by the self and the decrypted random number, and storing the attribute encryption identification private key after verifying the legitimacy of the authentication server.
Optionally, the address of the authentication server is preset when the terminal device leaves the factory, and the method further includes:
And after the terminal equipment binds the user, the terminal equipment sends attribute information to the authentication server according to the address of the authentication server.
Optionally, the acquiring process of the location information of the terminal device is:
when the terminal equipment is accessed to the blockchain, the position coordinates of the terminal equipment are calculated according to the relative positions of the terminal equipment and a target node in the blockchain and the position coordinates of the target node, so that the position information of the terminal equipment is obtained.
Optionally, the verifying the validity of the authentication server by the random number generated by itself and the decrypted random number includes:
comparing whether the random numbers generated by the random numbers and the decrypted random numbers are the same or not;
if the authentication server and the authentication server are the same, verifying that the authentication server is legal;
if not, verifying that the authentication server is illegal.
The second aspect of the present application provides a device security authentication method based on attribute encryption, applied to an authentication server, the method comprising:
receiving a registration authentication request sent by a terminal device, authenticating the terminal device according to a device factory identifier carried by the registration authentication request, and decrypting first encryption information carried by the registration authentication request through a self attribute identifier private key to obtain a symmetric key and a random number; the first encryption information is generated by encrypting a symmetric key and a random number generated by initializing through an attribute identification public key of the authentication server by the terminal equipment;
After successful authentication, generating an attribute encryption identification private key of the terminal equipment according to the attribute information of the terminal equipment, and encrypting the attribute encryption identification private key and the decrypted random number through the decrypted symmetric key to obtain second encryption information, wherein the attribute information comprises position information, user information of a user bound by the terminal equipment and a factory identifier of the equipment;
and sending the second encryption information to the terminal equipment, so that the terminal equipment decrypts the second encryption information through the symmetric key generated by the terminal equipment to obtain an attribute encryption identification private key and a random number, compares the random number generated by the terminal equipment with the decrypted random number to verify the validity of the authentication server, and stores the attribute encryption identification private key after verifying that the authentication server is legal.
Optionally, the generating the attribute encryption identification private key of the terminal device according to the attribute information of the terminal device includes:
distributing equipment identifiers to the terminal equipment according to the attribute information of the terminal equipment;
and generating an attribute encryption identification private key of the terminal equipment according to the equipment identification of the terminal equipment.
A third aspect of the present application provides a terminal device, including:
the initialization unit is used for initializing and generating a symmetric key and a random number when an authentication server in the access block chain registers, and encrypting the symmetric key and the random number through an attribute identification public key of the authentication server to obtain first encryption information;
the sending unit is used for sending a registration authentication request carrying the first encryption information and the equipment factory identifier to the authentication server, and the authentication server authenticates the terminal equipment according to the equipment factory identifier;
the receiving unit is used for receiving second encryption information returned by the authentication server after successful authentication, and decrypting the second encryption information through the symmetric key to obtain an attribute encryption identification private key and a random number; the attribute encryption identification private key is generated by the authentication server according to the attribute information of the terminal equipment, wherein the attribute information comprises position information, user information of a user bound by the terminal equipment and a factory identification of the equipment; the second encryption information is obtained by encrypting the attribute encryption identification private key and the decrypted random number by a symmetric key obtained by decrypting the first encryption information by the authentication server through the attribute identification private key;
And the verification unit is used for verifying the validity of the authentication server by comparing the random number generated by the verification unit with the decrypted random number, and storing the attribute encryption identification private key after verifying the validity of the authentication server.
A fourth aspect of the present application provides an authentication server, including:
the receiving unit is used for receiving a registration authentication request sent by the terminal equipment, authenticating the terminal equipment according to the equipment delivery identifier carried by the registration authentication request, and decrypting the first encryption information carried by the registration authentication request through the attribute identifier private key of the receiving unit to obtain a symmetric key and a random number; the first encryption information is generated by encrypting a symmetric key and a random number generated by initializing through an attribute identification public key of the authentication server by the terminal equipment;
the encryption unit is used for generating an attribute encryption identification private key of the terminal equipment according to the attribute information of the terminal equipment after authentication is successful, encrypting the attribute encryption identification private key and the decrypted random number through the decrypted symmetric key to obtain second encryption information, wherein the attribute information comprises position information, user information of a user bound by the terminal equipment and a factory identification of the equipment;
And the sending unit is used for sending the second encryption information to the terminal equipment, so that the terminal equipment decrypts the second encryption information through the symmetric key generated by the terminal equipment to obtain an attribute encryption identification private key and a random number, verifies the validity of the authentication server through the random number generated by the terminal equipment and the decrypted random number, and stores the attribute encryption identification private key after verifying that the authentication server is legal.
A fifth aspect of the present application provides a device security authentication system based on attribute encryption, including: the terminal device according to the third aspect and the authentication server according to the fourth aspect.
A sixth aspect of the present application provides a device security authentication device based on attribute encryption, the device comprising a processor and a memory;
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the device security authentication method based on attribute encryption according to any one of the first aspect or execute the device security authentication method based on attribute encryption according to any one of the second aspect according to an instruction in the program code.
From the above technical scheme, the application has the following advantages:
the application provides a device security authentication method based on attribute encryption, which is applied to terminal devices and comprises the following steps: when an authentication server in an access block chain registers, initializing to generate a symmetric key and a random number, and encrypting the symmetric key and the random number through an attribute identification public key of the authentication server to obtain first encryption information; sending a registration authentication request carrying first encryption information and a device factory identifier to an authentication server, and authenticating the terminal device by the authentication server according to the device factory identifier; receiving second encryption information returned by the authentication server after successful authentication, and decrypting the second encryption information through the symmetric key to obtain an attribute encryption identification private key and a random number; the attribute encryption identification private key is generated by the authentication server according to the attribute information of the terminal equipment, wherein the attribute information comprises position information, user information of a user bound by the terminal equipment and equipment delivery identification; the second encryption information is obtained by encrypting the attribute encryption identification private key and the decrypted random number by a symmetric key obtained by decrypting the first encryption information by the authentication server through the attribute identification private key; and verifying the legitimacy of the authentication server through the random number generated by the self and the decrypted random number, and storing the attribute encryption identification private key after verifying the legitimacy of the authentication server.
In the method, the private key of the terminal equipment is generated by using the position information of the terminal equipment, the user information of the user bound by the terminal equipment and the equipment attribute information such as the equipment factory identifier, so that the problem of equipment encryption information leakage caused by equipment burning of the same ID equipment or production list information leakage of manufacturers can be avoided, and the equipment safety is improved; the terminal equipment uses the attribute identification public key encryption information of the authentication server to obtain first encryption information, and only a legal server (having the attribute identification private key of the authentication server) can decrypt the first encryption information to obtain a symmetric key and a random number, so that when the authentication server uses the symmetric key to encrypt the random number and sends the random number to the terminal equipment, the terminal equipment can verify the authenticity of the authentication server by decrypting the random number; meanwhile, the symmetric key can be decrypted only by a legal authentication server, and the symmetric key is used for encrypting and distributing the attribute encryption identification private key, so that the technical problem that the equipment safety is influenced because the equipment factory ID is used as the equipment key for information encryption transmission in the prior art and batch equipment keys are easily leaked due to information leakage of manufacturers is solved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive faculty for a person skilled in the art.
Fig. 1 is a schematic flow chart of an apparatus security authentication method based on attribute encryption, which is applied to a terminal apparatus according to an embodiment of the present application;
fig. 2 is a schematic diagram of a positional relationship of a terminal device according to an embodiment of the present application;
fig. 3 is another flow chart of a device security authentication method based on attribute encryption, which is applied to an authentication server according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a terminal device according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an authentication server according to an embodiment of the present application.
Detailed Description
In order to make the present application solution better understood by those skilled in the art, the following description will clearly and completely describe the technical solution in the embodiments of the present application with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
For easy understanding, referring to fig. 1, an embodiment of the present application provides a device security authentication method based on attribute encryption, applied to a terminal device, where the method includes:
and step 101, initializing to generate a symmetric key and a random number when an authentication server in the access block chain registers, and encrypting the symmetric key and the random number to obtain first encryption information.
When the terminal equipment (such as a camera) registers in an authentication server in an access block chain, the terminal equipment initializes, randomly generates a symmetric key and a random number, and can encrypt the symmetric key and the random number by using an attribute identification public key of the authentication server to obtain first encryption information.
The address of the authentication server can be preset when the terminal equipment leaves the factory so as to be directly registered in the internet, and the method is suitable for networking of large-scale release internet of things equipment. When the terminal equipment is registered in the network, after the user is bound in the network, the terminal equipment can send attribute information of the terminal equipment to the authentication server according to the address of the authentication server, wherein the attribute information can comprise position information, user information (such as a user mobile phone number, an identity card number, a registered account number and the like) of the user bound by the terminal equipment and equipment delivery identification (such as equipment delivery ID).
When the terminal equipment is accessed to the blockchain, the position coordinates of the terminal equipment can be calculated through the relative positions of the fixed nodes in the blockchain and the position coordinates of the fixed nodes, so that the position information (X, Y, Z) of the terminal equipment can be obtained. Referring to fig. 2, the terminal device is a newly accessed blockchain device node, and according to the relative position L1 of the newly accessed blockchain device node and the blockchain fixed node server 1, the relative position L2 of the blockchain fixed node server 2, the relative position L3 of the blockchain fixed node server 3, and the position coordinates (X1, Y1, Z1) of the blockchain fixed node server 1, the position coordinates (X2, Y2, Z2) of the blockchain fixed node server 2, and the position coordinates (X3, Y3, Z3) of the blockchain fixed node server 3, the following relation can be established:
L1 2 =(X1-X) 2 +(Y1-Y) 2 +(Z1-Z) 2
L2 2 =(X2-X) 2 +(Y2-Y) 2 +(Z2-Z) 2
L3 2 =(X3-X) 2 +(Y3-Y) 2 +(Z3-Z) 2
and the position coordinates (X, Y, Z) of the newly accessed blockchain equipment node can be calculated by solving the relational expression, so that the position information of the terminal equipment is obtained.
Step 102, a registration authentication request carrying first encryption information and a device factory identifier is sent to an authentication server, and the authentication server authenticates the terminal device according to the device factory identifier.
After the terminal equipment is connected with the authentication server, a registration authentication request carrying first encryption information and equipment delivery identification is sent to the authentication server, the authentication server authenticates the terminal equipment through the equipment delivery identification, the validity of the equipment is verified, and the first encryption information is decrypted through an attribute identification private key of the authentication server to obtain a symmetric key and a random number; after the authentication server verifies that the equipment is legal, namely after the authentication is successful, the authentication server generates an attribute encryption identification private key of the terminal equipment according to the attribute information of the terminal equipment, then encrypts the attribute encryption identification private key of the terminal equipment and a random number obtained by decryption through a symmetric key obtained by decryption to obtain second encryption information, and then returns the second encryption information to the terminal equipment.
The process of generating the attribute encryption identification private key of the terminal equipment according to the attribute information of the terminal equipment can be as follows:
distributing equipment identification to the terminal equipment according to the attribute information of the terminal equipment; and generating an attribute encryption identification private key of the terminal equipment according to the equipment identification of the terminal equipment.
The authentication server may combine the location information, the user information and the device factory identifier to generate the device identifier of the terminal device, for example, directly concatenate the location information, the user information and the device factory identifier as the device identifier of the terminal device, and the authentication server may generate an attribute encryption identifier private key of the terminal device according to the device identifier of the terminal device by adopting an SM9 algorithm, and may also generate an attribute encryption identifier public key of the terminal device, where the attribute encryption identifier public key is stored in the authentication server, and the attribute encryption private key needs to be stored in the terminal device, and perform information encryption transmission through the attribute encryption identifier public key and the attribute encryption identifier private key after authentication. It will be appreciated that the attribute identification private key and the attribute identification public key of the authentication server may also be generated by the SM9 algorithm from attribute information (location information, authentication server identification, etc.) of the authentication server.
According to the embodiment of the application, the safety authentication of the equipment in the blockchain is carried out by combining the position information of the terminal equipment, the user information of the binding user and the equipment factory identifier in the blockchain as the attribute encryption identifier public key of the terminal equipment, and the unique identification is carried out on the terminal equipment by taking the position information of the terminal equipment, the user information and the equipment factory identifier as the equipment public private key, so that the problem of equipment encryption information leakage caused by equipment burning the same ID equipment or production list information leakage of manufacturers is avoided; and when the binding user is replaced by the terminal equipment or the equipment position is transferred, the attribute information of the terminal equipment is updated, and the public and private keys of the corresponding terminal equipment are also changed, so that information leakage and confusion can be avoided, and after the binding user is replaced by the same terminal equipment, the public and private keys corresponding to the terminal equipment are also changed due to the fact that the user information is changed, the later binding user of the same terminal equipment cannot know the public and private key information corresponding to the former binding user, and the safety of the terminal equipment is improved.
And step 103, receiving second encryption information returned by the authentication server after the authentication is successful, and decrypting the second encryption information through the symmetric key to obtain the attribute encryption identification private key and the random number.
After receiving the second encryption information returned by the authentication server, the terminal equipment decrypts the second encryption information through the symmetric key generated by the terminal equipment to obtain the attribute encryption identification private key and the random number.
And 104, verifying the legitimacy of the authentication server by comparing the random number generated by the authentication server with the decrypted random number, and storing the attribute encryption identification private key after verifying the legitimacy of the authentication server.
The terminal equipment compares whether the random number generated by the terminal equipment is identical with the random number obtained by decryption in the step to verify the legitimacy of the authentication server, if the terminal equipment compares the random number generated by the terminal equipment with the random number obtained by decryption in the step, the authentication server is verified to be legal, and if the terminal equipment compares the random number generated by the terminal equipment with the random number obtained by decryption in the step, and if the terminal equipment compares the random number obtained by decryption in the step with the random number obtained by decryption in the step, the terminal equipment verifies that the authentication server is illegal. After verifying that the authentication server is legal, the terminal device stores the attribute encryption identification private key in a local hardware storage chip.
In the embodiment of the application, the private key of the terminal equipment is generated by using the position information of the terminal equipment, the user information of the user bound by the terminal equipment and the equipment attribute information such as the equipment factory identifier, so that the problem of equipment encryption information leakage caused by equipment burning of the same ID equipment or production list information leakage of manufacturers can be avoided, and the equipment safety is improved; the terminal equipment uses the attribute identification public key encryption information of the authentication server to obtain first encryption information, and only a legal server (having the attribute identification private key of the authentication server) can decrypt the first encryption information to obtain a symmetric key and a random number, so that when the authentication server uses the symmetric key to encrypt the random number and sends the random number to the terminal equipment, the terminal equipment can verify the authenticity of the authentication server by decrypting the random number; meanwhile, the symmetric key can be decrypted only by a legal authentication server, and the symmetric key is used for encrypting and distributing the attribute encryption identification private key, so that the technical problem that the equipment safety is influenced because the equipment factory ID is used as the equipment key for information encryption transmission in the prior art and batch equipment keys are easily leaked due to information leakage of manufacturers is solved.
The above is an embodiment of an attribute encryption-based device security authentication method applied to a terminal device, and the following is an attribute encryption-based device security authentication method applied to an authentication server.
Referring to fig. 3, an apparatus security authentication method based on attribute encryption provided in an embodiment of the present application is applied to an authentication server, and the method includes:
step 301, receiving a registration authentication request sent by a terminal device, authenticating the terminal device according to a device factory identifier carried by the registration authentication request, and decrypting first encryption information carried by the registration authentication request through an attribute identifier private key of the terminal device to obtain a symmetric key and a random number.
After receiving a registration authentication request sent by a terminal device, an authentication server authenticates the terminal device according to a device factory identifier carried by the registration authentication request, verifies the legitimacy of the terminal device through the device factory identifier, and decrypts first encryption information carried by the registration authentication request through an attribute identifier private key of the authentication server to obtain a symmetric key and a random number. The first encryption information is generated by encrypting the symmetric key and the random number generated by the initialization through the attribute identification public key of the authentication server by the terminal equipment.
Step 302, after authentication is successful, an attribute encryption identification private key of the terminal equipment is generated according to the attribute information of the terminal equipment, the attribute encryption identification private key and the decrypted random number are encrypted through the decrypted symmetric key to obtain second encryption information, and the attribute information comprises position information, user information of a user bound by the terminal equipment and equipment factory identification.
And after the authentication server authenticates the terminal equipment to be legal, generating an attribute encryption identification private key of the terminal equipment according to the attribute information of the terminal equipment. Specifically, the authentication server distributes equipment identifiers to the terminal equipment according to the attribute information of the terminal equipment; and generating an attribute encryption identification private key of the terminal equipment according to the equipment identification of the terminal equipment.
The authentication server may combine the location information, the user information and the device factory identifier to generate the device identifier of the terminal device, for example, directly concatenate the location information, the user information and the device factory identifier as the device identifier of the terminal device, and the authentication server may generate an attribute encryption identifier private key of the terminal device according to the device identifier of the terminal device by adopting an SM9 algorithm, and may also generate an attribute encryption identifier public key of the terminal device, where the attribute encryption identifier public key is stored in the authentication server, and the attribute encryption private key needs to be stored in the terminal device, and then perform information encryption transmission through the attribute encryption identifier public key and the attribute encryption identifier private key. It will be appreciated that the attribute identification private key and the attribute identification public key of the authentication server may also be generated by the SM9 algorithm from the attribute information of the authentication server.
When the terminal device is registered in the network, after the user is bound in the network, the terminal device can send attribute information of the terminal device to the authentication server according to the address of the authentication server, wherein the attribute information can comprise position information, user information (such as a user mobile phone number, an identity card number, a registered account number and the like) of the user bound by the terminal device and a device factory identifier (such as a device factory ID).
When the terminal equipment is accessed to the blockchain, the position coordinates of the terminal equipment can be calculated through the relative positions of the fixed nodes in the blockchain and the position coordinates of the fixed nodes, so that the position information (X, Y, Z) of the terminal equipment can be obtained. Referring to fig. 2, the terminal device is a newly accessed blockchain device node, and according to the relative position L1 of the newly accessed blockchain device node and the blockchain fixed node server 1, the relative position L2 of the blockchain fixed node server 2, the relative position L3 of the blockchain fixed node server 3, and the position coordinates (X1, Y1, Z1) of the blockchain fixed node server 1, the position coordinates (X2, Y2, Z2) of the blockchain fixed node server 2, and the position coordinates (X3, Y3, Z3) of the blockchain fixed node server 3, the following relation can be established:
L1 2 =(X1-X) 2 +(Y1-Y) 2 +(Z1-Z) 2
L2 2 =(X2-X) 2 +(Y2-Y) 2 +(Z2-Z) 2
L3 2 =(X3-X) 2 +(Y3-Y) 2 +(Z3-Z) 2
and the position coordinates (X, Y, Z) of the newly accessed blockchain equipment node can be calculated by solving the relational expression, so that the position information of the terminal equipment is obtained.
According to the embodiment of the application, the terminal equipment is uniquely identified by using the equipment attribute information such as the position information of the terminal equipment, the user information of the binding user and the equipment factory identification as the equipment public and private key, so that the problem of equipment encryption information leakage caused by equipment information leakage of the same ID equipment or production list burned by manufacturers is avoided; and when the binding user is replaced by the terminal equipment or the equipment position is transferred, the attribute information of the terminal equipment is updated, and the public and private keys of the corresponding terminal equipment are also changed, so that information leakage and confusion can be avoided, and after the binding user is replaced by the same terminal equipment, the public and private keys corresponding to the terminal equipment are also changed due to the fact that the user information is changed, the later binding user of the same terminal equipment cannot know the public and private key information corresponding to the former binding user, and the safety of the terminal equipment is improved.
And 303, transmitting the second encryption information to the terminal equipment, so that the terminal equipment decrypts the second encryption information through the symmetric key generated by the terminal equipment to obtain the attribute encryption identification private key and the random number, compares the random number generated by the terminal equipment with the decrypted random number to verify the legitimacy of the authentication server, and stores the attribute encryption identification private key after verifying that the authentication server is legal.
The authentication server sends the second encryption information to the terminal equipment, so that the terminal equipment decrypts the second encryption information through a symmetric key generated by the terminal equipment to obtain an attribute encryption identification private key and a random number, the terminal equipment compares whether the random number generated by the terminal equipment and the random number obtained by decryption are identical or not to verify the validity of the authentication server, if the random number generated by the terminal equipment and the random number obtained by decryption are identical, the authentication server is verified to be legal, and if the random number generated by the terminal equipment and the random number obtained by decryption are not identical, the authentication server is verified to be illegal; after verifying that the authentication server is legal, the terminal device stores the attribute encryption identification private key in a local hardware storage chip.
In the embodiment of the application, the private key of the terminal equipment is generated by using the position information of the terminal equipment, the user information of the user bound by the terminal equipment and the equipment attribute information such as the equipment factory identifier, so that the problem of equipment encryption information leakage caused by equipment burning of the same ID equipment or production list information leakage of manufacturers can be avoided, and the equipment safety is improved; the terminal equipment uses the attribute identification public key encryption information of the authentication server to obtain first encryption information, and only a legal server (having the attribute identification private key of the authentication server) can decrypt the first encryption information to obtain a symmetric key and a random number, so that when the authentication server uses the symmetric key to encrypt the random number and sends the random number to the terminal equipment, the terminal equipment can verify the authenticity of the authentication server by decrypting the random number; meanwhile, the symmetric key can be decrypted only by a legal authentication server, and the symmetric key is used for encrypting and distributing the attribute encryption identification private key, so that the technical problem that the equipment safety is influenced because the equipment factory ID is used as the equipment key for information encryption transmission in the prior art and batch equipment keys are easily leaked due to information leakage of manufacturers is solved.
The above is an embodiment of a device security authentication method based on attribute encryption, which is applied to an authentication server and provided in the present application, and the following is an embodiment of a terminal device provided in the present application.
Referring to fig. 4, a terminal device provided in an embodiment of the present application includes:
an initializing unit 401, configured to generate a symmetric key and a random number in an initializing manner when an authentication server in an access blockchain registers, and encrypt the symmetric key and the random number by using an attribute identifier public key of the authentication server to obtain first encrypted information;
a sending unit 402, configured to send a registration authentication request carrying first encryption information and a device factory identifier to an authentication server, where the authentication server authenticates the terminal device according to the device factory identifier;
a receiving unit 403, configured to receive second encryption information returned by the authentication server after authentication is successful, and decrypt the second encryption information through the symmetric key to obtain an attribute encryption identifier private key and a random number; the attribute encryption identification private key is generated by the authentication server according to the attribute information of the terminal equipment, wherein the attribute information comprises position information, user information of a user bound by the terminal equipment and equipment delivery identification; the second encryption information is obtained by encrypting the attribute encryption identification private key and the decrypted random number by a symmetric key obtained by decrypting the first encryption information by the authentication server through the attribute identification private key;
And the verification unit 404 is configured to verify the validity of the authentication server by using the random number generated by the authentication unit and the decrypted random number, and store the attribute encryption identification private key after verifying that the authentication server is legal.
In the embodiment of the application, the private key of the terminal equipment is generated by using the position information of the terminal equipment, the user information of the user bound by the terminal equipment and the equipment attribute information such as the equipment factory identifier, so that the problem of equipment encryption information leakage caused by equipment burning of the same ID equipment or production list information leakage of manufacturers can be avoided, and the equipment safety is improved; the terminal equipment uses the attribute identification public key encryption information of the authentication server to obtain first encryption information, and only a legal server (having the attribute identification private key of the authentication server) can decrypt the first encryption information to obtain a symmetric key and a random number, so that when the authentication server uses the symmetric key to encrypt the random number and sends the random number to the terminal equipment, the terminal equipment can verify the authenticity of the authentication server by decrypting the random number; meanwhile, the symmetric key can be decrypted only by a legal authentication server, and the symmetric key is used for encrypting and distributing the attribute encryption identification private key, so that the technical problem that the equipment safety is influenced because the equipment factory ID is used as the equipment key for information encryption transmission in the prior art and batch equipment keys are easily leaked due to information leakage of manufacturers is solved.
The foregoing is one embodiment of a terminal device provided in the present application, and the following is one embodiment of an authentication server provided in the present application.
Referring to fig. 5, an authentication server provided in an embodiment of the present application includes:
a receiving unit 501, configured to receive a registration authentication request sent by a terminal device, authenticate the terminal device according to a device factory identifier carried by the registration authentication request, and decrypt first encryption information carried by the registration authentication request by using a private key of an attribute identifier of the receiving unit to obtain a symmetric key and a random number; the first encryption information is generated by encrypting the symmetric key and the random number generated by the initialization through the attribute identification public key of the authentication server by the terminal equipment;
an encryption unit 502, configured to generate an attribute encryption identifier private key of the terminal device according to attribute information of the terminal device after authentication is successful, and encrypt the attribute encryption identifier private key and the decrypted random number by using the decrypted symmetric key to obtain second encrypted information, where the attribute information includes location information, user information of a user bound by the terminal device, and a device factory identifier;
and the sending unit 503 is configured to send the second encryption information to the terminal device, so that the terminal device decrypts the second encryption information through the symmetric key generated by the terminal device to obtain the attribute encrypted identifier private key and the random number, verifies the validity of the authentication server through the random number generated by the terminal device and the decrypted random number, and stores the attribute encrypted identifier private key after verifying that the authentication server is legal.
In the embodiment of the application, the private key of the terminal equipment is generated by using the position information of the terminal equipment, the user information of the user bound by the terminal equipment and the equipment attribute information such as the equipment factory identifier, so that the problem of equipment encryption information leakage caused by equipment burning of the same ID equipment or production list information leakage of manufacturers can be avoided, and the equipment safety is improved; the terminal equipment uses the attribute identification public key encryption information of the authentication server to obtain first encryption information, and only a legal server (having the attribute identification private key of the authentication server) can decrypt the first encryption information to obtain a symmetric key and a random number, so that when the authentication server uses the symmetric key to encrypt the random number and sends the random number to the terminal equipment, the terminal equipment can verify the authenticity of the authentication server by decrypting the random number; meanwhile, the symmetric key can be decrypted only by a legal authentication server, and the symmetric key is used for encrypting and distributing the attribute encryption identification private key, so that the technical problem that the equipment safety is influenced because the equipment factory ID is used as the equipment key for information encryption transmission in the prior art and batch equipment keys are easily leaked due to information leakage of manufacturers is solved.
The embodiment of the application also provides a device security authentication system based on attribute encryption, which comprises: the terminal device and the authentication server in the foregoing embodiments;
the terminal equipment is used for initializing and generating a symmetric key and a random number when an authentication server in the access block chain registers, and encrypting the symmetric key and the random number through an attribute identification public key of the authentication server to obtain first encryption information; sending a registration authentication request carrying first encryption information and a device factory identifier to an authentication server;
the authentication server is used for authenticating the terminal equipment according to the equipment factory identifier, and decrypting the first encryption information through the attribute identifier private key of the authentication server to obtain a symmetric key and a random number; after verification is successful, generating an attribute encryption identification private key of the terminal equipment according to the attribute information of the terminal equipment, encrypting the attribute encryption identification private key and the decrypted random number through the decrypted symmetric key to obtain second encryption information, and transmitting the second encryption information to the terminal equipment; the attribute information comprises position information, user information of a user bound by the terminal equipment and equipment delivery identification;
The terminal equipment is also used for decrypting the second encryption information through the self-generated symmetric key to obtain an attribute encryption identification private key and a random number; and verifying the legitimacy of the authentication server through the random number generated by the self and the decrypted random number, and storing the attribute encryption identification private key after verifying the legitimacy of the authentication server.
In the embodiment of the application, the private key of the terminal equipment is generated by using the position information of the terminal equipment, the user information of the user bound by the terminal equipment and the equipment attribute information such as the equipment factory identifier, so that the problem of equipment encryption information leakage caused by equipment burning of the same ID equipment or production list information leakage of manufacturers can be avoided, and the equipment safety is improved; the terminal equipment uses the attribute identification public key encryption information of the authentication server to obtain first encryption information, and only a legal server (having the attribute identification private key of the authentication server) can decrypt the first encryption information to obtain a symmetric key and a random number, so that when the authentication server uses the symmetric key to encrypt the random number and sends the random number to the terminal equipment, the terminal equipment can verify the authenticity of the authentication server by decrypting the random number; meanwhile, the symmetric key can be decrypted only by a legal authentication server, and the symmetric key is used for encrypting and distributing the attribute encryption identification private key, so that the technical problem that the equipment safety is influenced because the equipment factory ID is used as the equipment key for information encryption transmission in the prior art and batch equipment keys are easily leaked due to information leakage of manufacturers is solved.
The embodiment of the application also provides equipment security authentication equipment based on attribute encryption, which comprises a processor and a memory;
the memory is used for storing the program codes and transmitting the program codes to the processor;
the processor is configured to execute the aforementioned device security authentication method based on attribute encryption applied to the terminal device or execute the device security authentication method based on attribute encryption applied to the authentication server according to instructions in the program code.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
The terms "first," "second," "third," "fourth," and the like in the description of the present application and in the above-described figures, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be capable of operation in sequences other than those illustrated or described herein, for example. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that in this application, "at least one" means one or more, and "a plurality" means two or more. "and/or" for describing the association relationship of the association object, the representation may have three relationships, for example, "a and/or B" may represent: only a, only B and both a and B are present, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b or c may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including several instructions to execute all or part of the steps of the methods described in the embodiments of the present application by a computer device (which may be a personal computer, a server, or a network device, etc.). And the aforementioned storage medium includes: u disk, mobile hard disk, read-Only Memory (ROM), random access Memory (RandomAccess Memory, RAM), magnetic disk or optical disk, etc.
The above embodiments are merely for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.

Claims (10)

1. The equipment security authentication method based on attribute encryption is characterized by being applied to terminal equipment, and comprises the following steps:
when an authentication server in an access block chain registers, initializing to generate a symmetric key and a random number, and encrypting the symmetric key and the random number through an attribute identification public key of the authentication server to obtain first encryption information;
sending a registration authentication request carrying the first encryption information and the equipment factory identifier to the authentication server, and authenticating the terminal equipment by the authentication server according to the equipment factory identifier;
receiving second encryption information returned by the authentication server after successful authentication, and decrypting the second encryption information through the symmetric key to obtain an attribute encryption identification private key and a random number; the attribute encryption identification private key is generated by the authentication server according to the attribute information of the terminal equipment, wherein the attribute information comprises position information, user information of a user bound by the terminal equipment and a factory identification of the equipment; the second encryption information is obtained by decrypting the first encryption information by the authentication server through an attribute identification private key of the authentication server to obtain a symmetric key and a random number, and encrypting the attribute encryption identification private key and the decrypted random number through the decrypted symmetric key;
Verifying the legitimacy of the authentication server through the random number generated by the self and the decrypted random number, and storing the attribute encryption identification private key after verifying the legitimacy of the authentication server.
2. The device security authentication method based on attribute encryption according to claim 1, wherein the address of the authentication server is preset at the time of shipment of the terminal device, the method further comprising:
and after the terminal equipment binds the user, the terminal equipment sends attribute information to the authentication server according to the address of the authentication server.
3. The device security authentication method based on attribute encryption according to claim 1, wherein the obtaining process of the location information of the terminal device is:
when the terminal equipment is accessed to the blockchain, the position coordinates of the terminal equipment are calculated according to the relative positions of the terminal equipment and a target node in the blockchain and the position coordinates of the target node, so that the position information of the terminal equipment is obtained.
4. The device security authentication method based on attribute encryption according to claim 1, wherein the verifying the validity of the authentication server by the random number generated by itself and the decrypted random number comprises:
Comparing whether the random numbers generated by the random numbers and the decrypted random numbers are the same or not;
if the authentication server and the authentication server are the same, verifying that the authentication server is legal;
if not, verifying that the authentication server is illegal.
5. The equipment security authentication method based on attribute encryption is characterized by being applied to an authentication server, and comprises the following steps:
receiving a registration authentication request sent by a terminal device, authenticating the terminal device according to a device factory identifier carried by the registration authentication request, and decrypting first encryption information carried by the registration authentication request through a self attribute identifier private key to obtain a symmetric key and a random number; the first encryption information is generated by encrypting a symmetric key and a random number generated by initializing through an attribute identification public key of the authentication server by the terminal equipment;
after successful authentication, generating an attribute encryption identification private key of the terminal equipment according to the attribute information of the terminal equipment, and encrypting the attribute encryption identification private key and the decrypted random number through the decrypted symmetric key to obtain second encryption information, wherein the attribute information comprises position information, user information of a user bound by the terminal equipment and a factory identifier of the equipment;
And sending the second encryption information to the terminal equipment, so that the terminal equipment decrypts the second encryption information through the symmetric key generated by the terminal equipment to obtain an attribute encryption identification private key and a random number, compares the random number generated by the terminal equipment with the decrypted random number to verify the validity of the authentication server, and stores the attribute encryption identification private key after verifying that the authentication server is legal.
6. The device security authentication method based on attribute encryption according to claim 5, wherein the generating the attribute encryption identification private key of the terminal device according to the attribute information of the terminal device includes:
distributing equipment identifiers to the terminal equipment according to the attribute information of the terminal equipment;
and generating an attribute encryption identification private key of the terminal equipment according to the equipment identification of the terminal equipment.
7. A terminal device, comprising:
the initialization unit is used for initializing and generating a symmetric key and a random number when an authentication server in the access block chain registers, and encrypting the symmetric key and the random number through an attribute identification public key of the authentication server to obtain first encryption information;
The sending unit is used for sending a registration authentication request carrying the first encryption information and the equipment factory identifier to the authentication server, and the authentication server authenticates the terminal equipment according to the equipment factory identifier;
the receiving unit is used for receiving second encryption information returned by the authentication server after successful authentication, and decrypting the second encryption information through the symmetric key to obtain an attribute encryption identification private key and a random number; the attribute encryption identification private key is generated by the authentication server according to the attribute information of the terminal equipment, wherein the attribute information comprises position information, user information of a user bound by the terminal equipment and a factory identification of the equipment; the second encryption information is obtained by decrypting the first encryption information by the authentication server through an attribute identification private key of the authentication server to obtain a symmetric key and a random number, and encrypting the attribute encryption identification private key and the decrypted random number through the decrypted symmetric key;
and the verification unit is used for verifying the validity of the authentication server by comparing the random number generated by the verification unit with the decrypted random number, and storing the attribute encryption identification private key after verifying the validity of the authentication server.
8. An authentication server, comprising:
the receiving unit is used for receiving a registration authentication request sent by the terminal equipment, authenticating the terminal equipment according to the equipment delivery identifier carried by the registration authentication request, and decrypting the first encryption information carried by the registration authentication request through the attribute identifier private key of the receiving unit to obtain a symmetric key and a random number; the first encryption information is generated by encrypting a symmetric key and a random number generated by initializing through an attribute identification public key of the authentication server by the terminal equipment;
the encryption unit is used for generating an attribute encryption identification private key of the terminal equipment according to the attribute information of the terminal equipment after authentication is successful, encrypting the attribute encryption identification private key and the decrypted random number through the decrypted symmetric key to obtain second encryption information, wherein the attribute information comprises position information, user information of a user bound by the terminal equipment and a factory identification of the equipment;
and the sending unit is used for sending the second encryption information to the terminal equipment, so that the terminal equipment decrypts the second encryption information through the symmetric key generated by the terminal equipment to obtain an attribute encryption identification private key and a random number, verifies the validity of the authentication server through the random number generated by the terminal equipment and the decrypted random number, and stores the attribute encryption identification private key after verifying that the authentication server is legal.
9. A device security authentication system based on attribute encryption, comprising: the terminal device of claim 7 and the authentication server of claim 8.
10. A device security authentication device based on attribute encryption, the device comprising a processor and a memory;
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to perform the device security authentication method based on attribute encryption of any one of claims 1 to 4 or the device security authentication method based on attribute encryption of any one of claims 5 to 6 according to instructions in the program code.
CN202210968066.4A 2022-08-12 2022-08-12 Equipment security authentication method and system based on attribute encryption and related devices thereof Active CN115348076B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202210968066.4A CN115348076B (en) 2022-08-12 2022-08-12 Equipment security authentication method and system based on attribute encryption and related devices thereof
PCT/CN2022/133389 WO2024031868A1 (en) 2022-08-12 2022-11-22 Attribute encryption-based device security authentication method and related apparatus thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210968066.4A CN115348076B (en) 2022-08-12 2022-08-12 Equipment security authentication method and system based on attribute encryption and related devices thereof

Publications (2)

Publication Number Publication Date
CN115348076A CN115348076A (en) 2022-11-15
CN115348076B true CN115348076B (en) 2024-02-06

Family

ID=83951676

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210968066.4A Active CN115348076B (en) 2022-08-12 2022-08-12 Equipment security authentication method and system based on attribute encryption and related devices thereof

Country Status (2)

Country Link
CN (1) CN115348076B (en)
WO (1) WO2024031868A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115348076B (en) * 2022-08-12 2024-02-06 天翼数字生活科技有限公司 Equipment security authentication method and system based on attribute encryption and related devices thereof
CN116248280B (en) * 2023-05-09 2023-07-28 北京智芯微电子科技有限公司 Anti-theft method for security module without key issue, security module and device
CN117093969B (en) * 2023-08-22 2024-06-04 上海合芯数字科技有限公司 Debugging authorization method and system
CN117896183A (en) * 2024-03-14 2024-04-16 杭州海康威视数字技术股份有限公司 Aggregation batch authentication method and system for large-scale Internet of things equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN112351000A (en) * 2020-10-16 2021-02-09 深圳Tcl新技术有限公司 Bidirectional identity authentication method, system, device and storage medium
CN113890724A (en) * 2021-08-17 2022-01-04 中国南方电网有限责任公司 Access authentication method and system for power Internet of things communication equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113037484B (en) * 2021-05-19 2021-08-24 银联商务股份有限公司 Data transmission method, device, terminal, server and storage medium
CN115348076B (en) * 2022-08-12 2024-02-06 天翼数字生活科技有限公司 Equipment security authentication method and system based on attribute encryption and related devices thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN112351000A (en) * 2020-10-16 2021-02-09 深圳Tcl新技术有限公司 Bidirectional identity authentication method, system, device and storage medium
CN113890724A (en) * 2021-08-17 2022-01-04 中国南方电网有限责任公司 Access authentication method and system for power Internet of things communication equipment

Also Published As

Publication number Publication date
WO2024031868A1 (en) 2024-02-15
CN115348076A (en) 2022-11-15

Similar Documents

Publication Publication Date Title
CN115348076B (en) Equipment security authentication method and system based on attribute encryption and related devices thereof
JP4712871B2 (en) Method for comprehensive authentication and management of service provider, terminal and user identification module, and system and terminal apparatus using the method
US8396218B2 (en) Cryptographic module distribution system, apparatus, and program
KR101985179B1 (en) Blockchain based id as a service
US20060195402A1 (en) Secure data transmission using undiscoverable or black data
CN111625829A (en) Application activation method and device based on trusted execution environment
CN112351037B (en) Information processing method and device for secure communication
JP6548172B2 (en) Terminal authentication system, server device, and terminal authentication method
CA2518032A1 (en) Methods and software program product for mutual authentication in a communications network
CN111971929B (en) Secure distributed key management system
KR20070057871A (en) Method of authentication based on polynomials
CN103888938A (en) PKI private key protection method of dynamically generated key based on parameters
CN111740995B (en) Authorization authentication method and related device
CN110635901A (en) Local Bluetooth dynamic authentication method and system for Internet of things equipment
CN115237943B (en) Data retrieval method and device based on encrypted data and storage medium
JP2008090424A (en) Management system, management method, electronic appliance and program
JP2001358706A (en) Copyright protection system, enciphering device, decoding device and recording medium
CN110086627B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and time stamp
EP3185504A1 (en) Security management system for securing a communication between a remote server and an electronic device
CN109936522B (en) Equipment authentication method and equipment authentication system
EP3035589A1 (en) Security management system for authenticating a token by a service provider server
WO2021019782A1 (en) Owner identity confirmation system and owner identity confirmation method
CN114143777B (en) Certificate key downloading method and system of internet of things terminal based on SIM card
CN107977696A (en) A kind of label ownership transfer method
CN110225011B (en) Authentication method and device for user node and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant