CN115549961A - Terminal authentication method and device, electronic equipment and storage medium - Google Patents
Terminal authentication method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115549961A CN115549961A CN202211000038.XA CN202211000038A CN115549961A CN 115549961 A CN115549961 A CN 115549961A CN 202211000038 A CN202211000038 A CN 202211000038A CN 115549961 A CN115549961 A CN 115549961A
- Authority
- CN
- China
- Prior art keywords
- terminal
- information
- verification
- public key
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 72
- 238000003860 storage Methods 0.000 title claims abstract description 14
- 238000012795 verification Methods 0.000 claims abstract description 329
- 239000011159 matrix material Substances 0.000 claims description 67
- 238000004590 computer program Methods 0.000 claims description 16
- 238000005516 engineering process Methods 0.000 claims description 14
- 230000008569 process Effects 0.000 abstract description 21
- 230000005540 biological transmission Effects 0.000 abstract description 15
- 238000010276 construction Methods 0.000 abstract description 6
- 238000013507 mapping Methods 0.000 description 16
- 238000004891 communication Methods 0.000 description 15
- 235000000421 Lepidium meyenii Nutrition 0.000 description 14
- 235000012902 lepidium meyenii Nutrition 0.000 description 14
- 238000010586 diagram Methods 0.000 description 13
- 230000007246 mechanism Effects 0.000 description 8
- 230000006870 function Effects 0.000 description 5
- 230000006855 networking Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The embodiment of the invention provides a terminal authentication method, a terminal authentication device, electronic equipment and a storage medium, wherein the method comprises the following steps: receiving first verification information and first signature information sent by a first terminal; the first signature information is generated by the first terminal by signing the first verification information based on first private key information of the first terminal; determining first identification information for the first terminal from the first authentication information; determining first public key information of the first terminal according to the first identification information; verifying the first signature information based on the first public key information. By the embodiment of the invention, the authentication between the terminals is realized without interacting certificates, the data transmission amount in the entity authentication process is reduced, the authentication efficiency is improved, the CA system is not required to participate, and the construction cost of the whole authentication system can be reduced.
Description
Technical Field
The present invention relates to the field of terminal authentication technologies, and in particular, to a terminal authentication method and apparatus, an electronic device, and a storage medium.
Background
In the field of communications, entity authentication is required for both communicating entities to ensure the security of the communication before the entities communicate.
Currently, commonly used entity authentication mechanisms include password authentication mechanisms and third party certificate authentication mechanisms. The password authentication mechanism has the problems that the password is difficult to randomly generate, the password length is limited, and the repeated password is easy to occur, so that the password authentication mechanism is not suitable for being used in a large-scale information network; the third-party Certificate authentication mechanism needs to issue a Certificate through a CA (Certificate Authority) system before an entity performs authentication, and generally needs to exchange the Certificate and verify the authenticity, validity, and the like of the Certificate in the entity authentication process.
Disclosure of Invention
In view of the above problems, it is proposed to provide a terminal authentication method, device, electronic device and storage medium that overcome or at least partially solve the above problems, comprising:
a terminal authentication method is applied to a second terminal, and comprises the following steps:
receiving first verification information and first signature information sent by a first terminal; the first signature information is generated by the first terminal by signing the first verification information based on first private key information of the first terminal;
determining first identification information for the first terminal from the first authentication information;
determining first public key information of the first terminal according to the first identification information;
and verifying the first signature information based on the first public key information.
Optionally, after the second terminal verifies the first signature information based on the first public key information, the method further includes:
generating a first verification result of the first terminal;
generating second verification information and second signature information according to the first verification result; the second verification information comprises a second terminal identifier and a first verification result, and the second signature information is generated by the second terminal through signing the second verification information based on second private key information of the second terminal;
and sending the second verification information and the second signature information to the first terminal so that the first terminal authenticates the second terminal.
Optionally, the determining first public key information of the first terminal according to the first identification information includes:
acquiring a first public key matrix generated by encrypting the first identification information by using a CPK (Combined public Key) technology;
and determining first public key information of the first terminal corresponding to the first identification information from the first public key matrix.
A terminal authentication method is applied to a first terminal, and comprises the following steps:
sending the first verification information and the first signature information to a second terminal; the first signature information is generated by the first terminal by signing the first verification information based on first private key information of the first terminal, so that the second terminal authenticates the first terminal according to the first verification information and the first signature information;
receiving second verification information and second signature information sent by a second terminal; the second signature information is generated by the second terminal by signing the second verification information based on second private key information of the second terminal;
determining second identification information for the second terminal from the second authentication information;
determining second public key information of the second terminal according to the second identification information;
verifying the second signature information based on the second public key information.
Optionally, the second verification information further includes a first verification result obtained after the second terminal performs entity authentication on the first terminal, and after the first terminal verifies the second signature information based on the second public key information, the method further includes:
generating a second verification result of the second terminal;
when the second verification result is successful, acquiring a first verification result from the second verification information;
and when the first verification result is successful verification, confirming that the entity verification of the first terminal and the second terminal is successful.
Optionally, the determining, according to the second identification information, second public key information of the second terminal includes:
acquiring a second public key matrix generated by encrypting the second identification information by using a CPK (Combined public Key) technology;
and determining second public key information of the second terminal corresponding to the second identification information from the second public key matrix.
A terminal authentication apparatus applied to a second terminal, the apparatus comprising:
the first information receiving module is used for receiving first verification information and first signature information sent by a first terminal; the first signature information is generated by the first terminal by signing the first verification information based on first private key information of the first terminal;
a first identification determination module, configured to determine first identification information for the first terminal from the first authentication information;
a first public key determining module, configured to determine first public key information of the first terminal from a first public key matrix corresponding to the first identification information;
and the first signature verification module is used for verifying the first signature information based on the first public key information.
A terminal authentication device applied to a first terminal comprises:
the first information sending module is used for sending the first verification information and the first signature information to the second terminal; the first signature information is generated by the first terminal by signing the first verification information based on first private key information of the first terminal, so that the second terminal authenticates the first terminal according to the first verification information and the first signature information;
the second information receiving module is used for receiving second verification information and second signature information sent by a second terminal; the second signature information is generated by the second terminal by signing the second verification information based on second private key information of the second terminal;
a second identification determination module configured to determine second identification information for the second terminal from the second authentication information;
a second public key determining module, configured to determine second public key information of the second terminal from a second public key matrix corresponding to the second identification information;
and the second signature verification module is used for verifying the second signature information based on the second public key information.
An electronic device comprising a processor, a memory and a computer program stored on the memory and capable of running on the processor, the computer program, when executed by the processor, implementing a terminal authentication method as described above.
A computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements a terminal authentication method as described above.
The embodiment of the invention has the following advantages:
in the embodiment of the invention, a second terminal receives first verification information and first signature information sent by a first terminal; the first signature information is generated by the first terminal through signing the first verification information based on first private key information of the first terminal; determining first identification information for the first terminal from the first authentication information; determining first public key information of the first terminal according to the first identification information; the first signature information is verified based on the first public key information, so that authentication between terminals is realized without mutual certificates, the data transmission amount in the entity authentication process is reduced, the authentication efficiency is improved, the CA system is not required to participate, and the construction cost of the whole authentication system can be reduced.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed to be used in the description of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a flowchart illustrating steps of a terminal authentication method according to an embodiment of the present invention;
fig. 2a is a flowchart illustrating steps of another terminal authentication method according to an embodiment of the present invention;
fig. 2b is a simplified diagram of a terminal authentication process according to an embodiment of the present invention;
fig. 2c is a flowchart of another terminal authentication method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a terminal authentication apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of another terminal authentication device according to an embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below. It is to be understood that the embodiments described are only a few embodiments of the present invention, and not all embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
Referring to fig. 1, a flowchart illustrating steps of a terminal authentication method according to an embodiment of the present invention is shown, and applied to a second terminal, the method specifically includes the following steps:
the first terminal is an entity terminal, and specifically can be a video network terminal; the second terminal is an entity terminal, and specifically may be a video networking entity terminal.
The first terminal and the second terminal may be two terminals to be communicated, and in order to ensure the communication security of the first terminal and the second terminal, entity authentication between the first terminal and the second terminal needs to be completed before the first terminal and the second terminal communicate, that is, the first terminal needs to confirm whether the second terminal is a communication terminal designated by the first terminal; the second terminal needs to determine whether the first terminal is a communication terminal designated by the second terminal, wherein different designated terminals can be set in the first terminal and the second terminal according to different data to be communicated.
Authentication is a security mechanism for confirming the identity of an entity by exchanging information, and aims to prevent other entities from occupying and independently operating the identity of the entity, i.e. to prevent counterfeiting, which means that one entity pretends to be another entity, and counterfeiting is usually used together with other attack methods (such as modification). Authentication mechanisms can be used to combat counterfeiting.
The authentication can be divided into message authentication and entity authentication; wherein, the message identification: identifying that the received message is really sent by the sender of the message, but not forged or tampered by others, so that the message identification can comprise endpoint identification and message integrity identification, wherein the message identification is to identify the sender of the message for each received message; entity authentication (i.e., entity authentication): only the entity sending the message is authenticated, the entity can be a person or a device or a process, the entity authentication only needs to be verified once for the opposite entity communicating with the entity within the whole duration of system access, and the entity authentication is performed before the entity communicates so as to ensure the communication safety.
The first verification information may be generated by the first terminal and sent to the second terminal by the first terminal, so that the second terminal performs verification information for authenticating the first terminal, the first verification information may be generated by assembling first identification information of the first terminal and second identification information of the second terminal according to a preset verification information format by the first terminal, the first identification information may be an MAC number of the first terminal, the second identification information may be an MAC number of the second terminal, and the MAC number is a unique identifier of the terminal.
The terminal can pre-establish the mapping relation between the identification information and the public key information of the terminal to be communicated of the terminal, so that the public key information of the terminal to be communicated can be determined through the identification information, the public key can be quickly positioned by using the unique identification of the terminal for searching the public key, and the data volume transmitted in the authentication process is greatly reduced.
For example, the first identification information may be used to generate a first public key matrix, the second identification information may be used to generate a second public key matrix, a mapping relationship between the first identification information of the first terminal and the first public key information is pre-stored in the first public key matrix, and a mapping relationship between the second identification information of the second terminal and the second public key information is pre-stored in the second public key matrix, so that the public key of the terminal may be determined through the identification information, so as to implement authentication of the terminal.
The first signature information may be generated by the first terminal performing cryptographic operation on the first private key information and the first verification information of the first terminal according to a preset signature algorithm and outputting a result according to a preset signature information format.
In the process of entity authentication of the first terminal by the second terminal, first verification information can be generated in the first terminal based on first identification information of the first terminal and second identification information of the second terminal to be communicated with the first terminal, which is stored in advance, and first private key information of the first terminal can be obtained, so that the first verification information can be signed according to the first private key information, and first signature information can be obtained.
After the first terminal generates the first verification information and the first signature information, the first terminal may send the first verification information and the first signature information to the second terminal, so that the second terminal receives the first verification information and the first signature information, verifies the first terminal according to the first verification information and the first signature information, and confirms whether the first terminal sending the first verification information and the first signature information is a terminal for which the second terminal is ready to communicate.
In an embodiment of the present invention, before step 101, the method may further include:
after receiving an entity verification request sent by a first terminal, a second terminal generates a first random number; and sending the first random number to the first terminal so that the first terminal generates first verification information based on the first random number.
In practical application, in the process of performing entity authentication between the first terminal and the second terminal, the first terminal may send an entity authentication request to the second terminal, the second terminal may generate a first random number and store the first random number when receiving the entity authentication request, the second terminal may also send the first random number to the first terminal, and the first terminal may generate the first verification information based on the received first random number.
The first random number may be used to prevent replay attack, and when the second terminal receives the first verification information, the second terminal may also verify whether the first random number information is tampered by verifying the first random number information obtained from the first verification information, thereby confirming whether the received first verification information is tampered in the transmission process, and thus confirming the security of the data transmission process.
In an example, the first terminal is configured to generate a second random number after receiving the first random number, obtain first identification information of the first terminal and second identification information of the second terminal that is stored in advance, assemble the first random number, the second random number, the first identification information, and the second identification information according to a preset format to obtain first verification information, obtain first private key information of the first terminal, sign the first verification information according to the first private key information, and generate first signature information.
In practical application, the first terminal may generate a second random number and store the second random number when receiving the first random number sent by the second terminal, and then, the first terminal may determine first identification information of the first terminal and second identification information of the second terminal that may be in communication with the first terminal, and further, the first terminal may assemble the first random number, the second random number, the first identification information, and the second identification information according to a preset verification information format to generate the first verification information.
The first terminal may further store first private key information of the first terminal, so that the first terminal may sign the first verification information according to the first private key information, that is, after performing cryptographic operation on the first private key information and the first verification information according to a preset signature algorithm, output a result according to a preset signature format, and obtain the first signature information.
The second random number can be used for preventing replay attack, and when the first terminal receives the information which is sent by the second terminal and contains the second random number, the first terminal can confirm whether the second random number information is tampered or not by verifying the second random number information, so that the safety of the data transmission process is confirmed.
It should be noted that, the verification information format, the preset signature algorithm, and the signature information format may be set according to the data transmission requirement of the terminal, and the verification information format, the preset signature algorithm, and the signature information format are not limited in the embodiment of the present invention.
In another embodiment of the present invention, the method further comprises:
after first verification information sent by a first terminal is received, first random number information in the first verification information is determined, and the first random number information is verified.
In practical application, after the second terminal receives the first verification information sent by the first terminal, the first random number stored by the second terminal can be obtained, the first random number information is extracted from the first verification information, the first random number information and the first random number information are matched to verify the first random number, and when the first random number information and the first random number information are matched, the verification result of the first random number information can be confirmed to be successful in verification; and when the first random number information and the second random number information are not matched, the verification result of the first random number information is verification failure.
after the second terminal receives the first verification information, the first verification information may include the first identification information of the first terminal, so that the second terminal may obtain the first identification information of the first terminal by parsing the first verification information to determine the public key information of the first terminal, thereby facilitating signature verification. The first identification information may be an MAC number of the first terminal, and the MAC number is a unique identifier of the terminal, so that entity authentication before communication between two entities can be implemented, and security of data transmission is ensured.
after the first identification information is determined, the mapping relationship between the identification information of the terminal communicated with the second terminal and the public key information is prestored in the second terminal, so that the first public key information of the first terminal corresponding to the first identification information can be searched based on the mapping relationship according to the first identification information.
In an embodiment of the present invention, the step 103 may include:
acquiring a first public key matrix generated by encrypting the first identification information by using a CPK (Combined public Key) technology; and determining first public key information of the first terminal corresponding to the first identification information from the first public key matrix.
In practical application, a first public key matrix for a terminal to be communicated may be prestored in the second terminal, a mapping relationship between the first identification information of the first terminal and the first public key information is prestored in the first public key matrix, and after the second terminal analyzes the first tag information, the second terminal may search and match the first public key matrix according to the first tag information to determine the first public key information corresponding to the first tag information, so as to further implement verification of the first terminal through the first public key information.
The first public key matrix is generated by encrypting the first identification information by using a CPK (Combined public Key) technology.
First identification information based on the first terminal may be stored in the second terminal in advance, and then encrypted by using a CPK (Combined Public Key Cryptosystem) technique to generate a first Public Key matrix corresponding to the first tag information, where a mapping relationship between the first identification information and the first Public Key information of the first terminal may be stored in the first Public Key matrix.
The CPK is a cryptosystem formed by a combination matrix and a split key sequence on the basis of elliptic curve cryptography. The CPK key management system is a discrete logarithm problem type identification (identity) -based key generation and management system. The method constructs a public key and private key matrix according to the mathematical principle of the discrete logarithm problem, maps the identification of an entity into a row coordinate and column coordinate sequence of the matrix by adopting a hash function and a cipher transformation, and is used for selecting and combining matrix elements to generate a large number of public key and private key pairs consisting of the public key and the private key, thereby realizing the ultra-large scale key production and distribution based on the identification.
The public key matrix is generated by the CPK technology, so that a large-scale secret key can be generated by using very small resources, the storage space is saved, and the authentication efficiency is improved.
And 104, verifying the first signature information based on the first public key information.
After the second terminal obtains the first public key information, the second terminal may verify the first signature information based on the first public key information.
Specifically, the first signature information is generated by signing the first verification information based on the first private key information of the first terminal, and the first public key information is obtained at the second terminal. The second terminal can confirm the identity of the first terminal by verifying the first signature information, if the first signature information is successfully verified, the second terminal confirms that the first terminal is an entity which can be communicated with the second terminal, and if the first signature information is unsuccessfully verified, the second terminal confirms that the first terminal is not the entity which can be communicated with the second terminal.
The entity terminal verification is carried out through the public key matrix established by the terminal identification, the verification between entities can be quickly realized with a very small amount of data transmission under the condition of not using a third party verification system, and the safety of entity communication is ensured.
In an embodiment of the present invention, after step 104, the method may further include:
step 105, generating a first verification result of the first terminal;
in practical applications, after the second terminal performs the verification of the first signature information, the second terminal may generate a first verification result of the first terminal, where the first verification result may include a verification result of the first random number information and/or a verification result of the first signature information.
For example, when the second terminal verifies the first terminal according to the first verification information and the first signature information, the verification process may include verification of the first signature information, and the first verification result is a verification result of the first signature information, that is, the verification of the first signature information is successful or the verification of the first signature information is failed.
When the verification process includes the first random number information verification and the first signature information verification, the first verification result is the first random number information verification result and the verification result of the first signature information, that is, the first random number information verification is successful or the first random number information verification is failed, the first signature information verification is successful or the first signature information verification is failed.
Step 106, generating second verification information and second signature information according to the first verification result; the second verification information comprises a second terminal identifier and a first verification result, and the second signature information is generated by the second terminal through signing the second verification information based on second private key information of the second terminal;
the second verification information may be generated by the second terminal and sent to the first terminal by the second terminal, so that the first terminal performs verification information for authenticating the second terminal, the second verification information may be generated by assembling, by the second terminal, first identification information of the first terminal, second identification information of the second terminal, and a first verification result according to a preset verification information format, the first identification information may be an MAC number of the first terminal, the second identification information may be an MAC number of the second terminal, and the MAC number is a unique identifier of the terminal.
The first identification information may be used to generate a first public key matrix, the second identification information may be used to generate a second public key matrix, a mapping relationship between the first identification information of the first terminal and the first public key information is pre-stored in the first public key matrix, and a mapping relationship between the second identification information of the second terminal and the second public key information is pre-stored in the second public key matrix, so that the public key of the terminal may be determined through the identification information, thereby implementing authentication of the terminal.
The second signature information may be generated by the second terminal according to a preset signature information format after cryptographic operation is performed on second private key information and second verification information of the second terminal according to a preset signature algorithm.
After the second terminal obtains the first verification result of the first terminal, the second verification information may be assembled by using the first verification result as a return value, and the second signature information may be generated based on the second private key information of the second terminal and the second verification information.
It should be noted that, the verification information format, the preset signature algorithm, and the signature information format may be set according to the data transmission requirement of the terminal, and the verification information format, the preset signature algorithm, and the signature information format are not limited in the embodiment of the present invention.
In an example, when random number authentication is added between the first terminal and the second terminal, and the second terminal generates the second authentication information in an assembly manner, the first identification information of the first terminal, the second identification information of the second terminal, the first random number, the second random number, and the first authentication result may be generated in an assembly manner according to a preset authentication information format.
Step 107, sending the second verification information and the second signature information to the first terminal, so that the first terminal authenticates the second terminal.
After the second verification information and the second signature information are generated by the second terminal in an assembling mode, the second verification information and the second signature information are sent to the first terminal, and after the first terminal receives the second verification information and the second signature information, the identity of the second terminal can be verified according to the second verification information and the second signature information.
In another embodiment of the present invention, the method further comprises: and after receiving second verification information sent by the second terminal, determining second random number information in the second verification information, and verifying the second random number information.
In practical application, after the first terminal receives the second verification information sent by the second terminal, the second random number stored in the first terminal can be obtained, the second random number information is extracted from the second verification information, the second random number information and the second random number information are matched to verify the second random number, and when the second random number information and the second random number information are matched, the verification result of the second random number information can be confirmed to be successful in verification; and when the two are not matched, the verification result of the second random number information is verification failure.
In the embodiment of the invention, a second terminal receives first verification information and first signature information sent by a first terminal; the first signature information is generated by the first terminal by signing the first verification information based on first private key information of the first terminal; determining first identification information for the first terminal from the first authentication information; determining first public key information of the first terminal according to the first identification information; the first signature information is verified based on the first public key information, so that authentication between terminals is realized without mutual certificates, the data transmission amount in the entity authentication process is reduced, the authentication efficiency is improved, the CA system is not required to participate, and the construction cost of the whole authentication system can be reduced.
Referring to fig. 2a, a flowchart illustrating steps of another terminal authentication method according to an embodiment of the present invention is shown, and applied to a first terminal, the method may specifically include the following steps:
the first terminal is an entity terminal, and specifically can be a video networking terminal; the second terminal is an entity terminal, and specifically may be a video networking entity terminal.
The first terminal and the second terminal may be two terminals to be communicated, and in order to ensure the communication security of the first terminal and the second terminal, entity authentication between the first terminal and the second terminal needs to be completed before the first terminal and the second terminal communicate, that is, the first terminal needs to confirm whether the second terminal is a communication terminal designated by the first terminal; the second terminal needs to determine whether the first terminal is a communication terminal designated by the second terminal, wherein different designated terminals can be set in the first terminal and the second terminal according to different data to be communicated.
The first verification information may be generated by the first terminal and sent to the second terminal by the first terminal, so that the second terminal performs verification information for authenticating the first terminal, the first verification information may be generated by assembling first identification information of the first terminal and second identification information of the second terminal by the first terminal according to a preset verification information format, the first identification information may be an MAC number of the first terminal, the second identification information may be an MAC number of the second terminal, and the MAC number is a unique identifier of the terminal.
The terminal can pre-establish the mapping relation between the identification information and the public key information of the terminal to be communicated of the terminal, so that the public key information of the terminal to be communicated can be determined through the identification information, the public key can be quickly positioned by using the unique identification of the terminal for searching the public key, and the data volume transmitted in the authentication process is greatly reduced.
The first signature information may be generated by the first terminal performing cryptographic operation on the first private key information and the first verification information of the first terminal according to a preset signature algorithm and outputting a result according to a preset signature information format.
In the process of entity authentication of the first terminal by the second terminal, first verification information can be generated in the first terminal based on first identification information of the first terminal and second identification information of the second terminal to be communicated with the first terminal, which is stored in advance, and first private key information of the first terminal can be obtained, so that the first verification information can be signed according to the first private key information, and first signature information can be obtained.
After the first terminal generates the first verification information and the first signature information, the first terminal may send the first verification information and the first signature information to the second terminal, so that the second terminal receives the first verification information and the first signature information, verifies the first terminal according to the first verification information and the first signature information, and confirms whether the first terminal sending the first verification information and the first signature information is a terminal for which the second terminal is ready to communicate.
In one example, the step of the second terminal authenticating the first terminal is as follows:
step S11, receiving first verification information and first signature information sent by a first terminal; the first signature information is generated by the first terminal by signing the first verification information based on first private key information of the first terminal;
step S12, determining first identification information aiming at the first terminal from the first verification information;
step S13, determining first public key information of the first terminal according to the first identification information;
step S14, verifying the first signature information based on the first public key information.
It should be noted that steps S11 to S14, in which the second terminal performs terminal authentication on the first terminal, are synchronized with steps 101 to 104.
the second verification information may be generated by the second terminal and sent to the first terminal by the second terminal, so that the first terminal performs verification information for authenticating the second terminal, the second verification information may be generated by assembling first identification information of the first terminal and second identification information of the second terminal according to a preset verification information format by the second terminal, the first identification information may be an MAC number of the first terminal, the second identification information may be an MAC number of the second terminal, and the MAC number is a unique identifier of the terminal.
The first identification information may be used to generate a first public key matrix, the second identification information may be used to generate a second public key matrix, a mapping relationship between the first identification information of the first terminal and the first public key information is pre-stored in the first public key matrix, and a mapping relationship between the second identification information of the second terminal and the second public key information is pre-stored in the second public key matrix, so that the public key of the terminal may be determined through the identification information, thereby implementing authentication of the terminal.
The second signature information may be generated by the second terminal according to a preset signature information format after cryptographic operation is performed on second private key information and second verification information of the second terminal according to a preset signature algorithm.
It should be noted that the verification information format, the preset signature algorithm, and the signature information format may be set according to the data transmission requirement of the terminal, and in the embodiment of the present invention, the verification information format, the preset signature algorithm, and the signature information format are not limited.
After receiving the second verification information and the second signature information, the first terminal may verify the identity of the second terminal according to the second verification information and the second signature information to confirm whether the second terminal that sent the second verification information and the second signature information is a terminal that the first terminal is ready to communicate with.
after the first terminal receives the second verification information, the second verification information may include second identification information of the second terminal, so that the first terminal may obtain the second identification information of the second terminal by parsing the second verification information to determine public key information of the second terminal, thereby facilitating signature verification.
after the second identification information is determined, since the mapping relationship between the identification information of the terminal communicating with the first terminal and the public key information is pre-stored in the first terminal, the second public key information of the second terminal corresponding to the second identification information can be searched based on the mapping relationship according to the second identification information.
In an embodiment of the present invention, the step 204 may include:
acquiring a second public key matrix generated by encrypting the second identification information by using a CPK (compact peripheral component Key) technology; and determining second public key information of the second terminal corresponding to the second identification information from the second public key matrix.
In practical application, a second public key matrix for a terminal to be communicated may be prestored in the first terminal, a mapping relationship between second identification information of the second terminal and the second public key information is prestored in the first public key matrix, after the first terminal obtains the second tag information by parsing, the second tag information may be searched and matched in the second public key matrix according to the second tag information, and the second public key information corresponding to the second tag information is determined, so as to further implement verification of the first terminal through the second public key information.
And the second public key matrix is generated by encrypting the second identification information by adopting a CPK (Combined public Key) technology.
Second identification information based on the second terminal may be stored in the first terminal in advance, a second Public Key matrix corresponding to the second tag information may be generated by using a CPK (Combined Public Key cryptography) technology, and a mapping relationship between the second identification information and the second Public Key information of the second terminal may be stored in the second Public Key matrix.
The first public key matrix and the second public key matrix may be the same matrix, that is, a public key matrix (a first public key matrix or a second public key matrix) is generated according to first identification information of the first terminal and second identification information of the second terminal, the first public key matrix is stored in the second terminal, the public key of the first terminal is determined by the second terminal according to the identification information of the first terminal, so that the received first signature information is verified through the public key, and similarly, the second public key matrix is stored in the first terminal, the public key of the second terminal is determined by the first terminal according to the identification information of the second terminal, so that the received second signature information is verified through the public key.
In addition, the first public key matrix and the second public key matrix may also be different matrices, where the first public key matrix may be generated according to first identification information of a first terminal that communicates with a second terminal; the second public key matrix may be generated in accordance with second identification information of a second terminal in communication with the first terminal.
The public key matrix is generated by the CPK technology, so that a large-scale secret key can be generated by using very small resources, the storage space is saved, and the authentication efficiency is improved.
The second public key information is obtained at the first terminal, and the first terminal can verify the second signature information based on the second public key information.
Specifically, the second signature information is generated by signing the second verification information based on the second private key information of the second terminal, and when the first terminal obtains the second public key information, the second signature information may be verified based on the second public key information and the second verification information. And verifying through the second signature information, the first terminal can confirm the identity of the second terminal, if the second signature information is verified successfully, the first terminal confirms that the second terminal is an entity which can be communicated by the first terminal, and if the second signature information is verified unsuccessfully, the first terminal confirms that the second terminal is not the entity which can be communicated by the first terminal.
The entity terminal verification is carried out through the public key matrix established by the terminal identification, the verification between entities can be rapidly realized with a very small amount of data transmission under the condition of not using a third party verification system, and the safety of entity communication is ensured.
In an embodiment of the present invention, in the process of entity authentication between the first terminal and the second terminal, when a random number verification is added between the first terminal and the second terminal, the first terminal may send an entity authentication request to the second terminal, the second terminal may generate the first random number when receiving the entity authentication request, and the first terminal may generate the second random number and store the second random number when receiving the first random number sent by the second terminal.
When the second terminal generates the second verification information, the first identification information of the first terminal, the second identification information of the second terminal, the first random number, and the second random number may be assembled and generated according to a preset verification information format.
Therefore, after the first terminal receives the second verification information sent by the second terminal, the second random number stored by the first terminal before can be obtained, the second random number information is extracted from the second verification information and is matched with the first random number information to verify the second random number, and when the second random number information is matched with the second random number information, the verification result of the second random number information can be confirmed to be successful in verification; and when the two are not matched, the verification result of the second random number information is verification failure.
In an embodiment of the present invention, the second verification information further includes a first verification result obtained after the second terminal performs entity authentication on the first terminal,
wherein the first verification result may include a verification result of the first random number information and/or a verification result of the first signature information.
After step 205, further comprising:
step 206, generating a second verification result of the second terminal;
in practical application, the first verification information and the first signature information may be used by the second terminal to verify the first terminal to obtain a first verification result of the first terminal, and the second verification information and the second signature information may be used by the first terminal to verify the second terminal to obtain a second verification result of the second terminal.
Wherein the second verification result may include a verification result of the second random number information and/or a verification result of the second signature information.
Step 207, when the second verification result is successful, obtaining a first verification result from the second verification information;
when each item in the second verification result is verified successfully, the first terminal can also analyze the second verification information to obtain a first verification result.
Wherein the first verification result may include a verification result of the first random number information and/or a verification result of the first signature information.
In an example, when one of the second verification results has a verification failure, the entity between the first terminal and the second terminal fails to verify.
And 208, when the first verification result is successful verification, confirming that the entity verification of the first terminal and the second terminal is successful.
After the first verification result is obtained, the first terminal confirms whether each item in the first verification result is verified successfully or not, and when each item in the first verification result is verified successfully, the first terminal and the second terminal are confirmed to be authenticated successfully, and the first terminal and the second terminal can perform subsequent communication.
And when one verification result in the first verification result is verification failure, the entity verification between the first terminal and the second terminal is failure.
For example, if the verification of the second terminal on the first terminal includes the verification of the first random number information and the verification of the first signature information, and the verification of the second terminal on the first terminal includes the verification of the second random number and the verification of the second signature information, when both the verification result of the second random number information and the verification result of the second signature information are successful, the first terminal may parse the second verification information to obtain the first verification result, and may confirm that the authentication of the first terminal and the second terminal is successful when both the verification result of the first verification result is the verification result of the first random number information and the verification result of the first signature information are successful.
In the embodiment of the invention, first verification information and first signature information are sent to a second terminal at a first terminal; the first signature information is generated by the first terminal signing the first verification information based on first private key information of the first terminal, so that the second terminal authenticates the first terminal according to the first verification information and the first signature information and can receive second verification information and second signature information sent by the second terminal; the second signature information is generated by the second terminal by signing the second verification information based on second private key information of the second terminal; determining second identification information for the second terminal from the second authentication information; determining second public key information of the second terminal according to the second identification information; the second signature information is verified based on the second public key information, so that authentication between terminals is realized without mutual certificates, the data transmission amount in the entity authentication process is reduced, the authentication efficiency is improved, the CA system is not required to participate, and the construction cost of the whole authentication system can be reduced.
The above-described embodiments of the present invention are exemplified below in connection with the authentication procedure between the terminal a of the video network (i.e., the first terminal) and the terminal B of the video network (i.e., the second terminal) shown in fig. 2B-2 c:
(1) And the video network terminal A sends a verification request to the video network terminal B.
(2) After receiving the authentication request, the terminal B of the video network generates and stores a random number RB (i.e., a first random number).
(3) And the video network terminal B sends the random number RB to the video network terminal A.
(4) After receiving the random number RB, the video network terminal a generates and stores a random number RA (i.e., a second random number), and then assembles first verification information RA | | | RB | | MacA | | MacB, where MacA is first identification information of the video network terminal a, and MacB is second identification information of the video network terminal B prestored in the video network terminal a, and after the first verification information is assembled, the first verification information may be signed with a first private key PriKeyA of its own (i.e., first signature information) to sign a (PriKeyA, RA | | RB | | MacA | | | MacB).
(5) The terminal a of the video network sends the first verification information and the first signature information tokenb = RA | | RB | | MacA | | MacB | | SignA (PriKeyA, RA | | RB | | | MacA | | MacB) to the terminal B of the video network.
(6) After receiving the TokenAB, the video network terminal B executes the following steps:
I. random number RB verification: and verifying whether the random number RB is a random number which is sent to the video network terminal A in the prior art, if not, the random number RB verification fails, setting a return value Rv = an error code, if so, the random number RB verification succeeds, and executing the next step.
First signature information verification: and analyzing the unique identifier MacA of the networking terminal A, and acquiring first public key information PubKeyA from the first public key matrix according to the MacA.
And verifying the signature Verify of the terminal A of the video network by using the first public key information PubKeyA (PubKeyA, RA RB | | MacA | | MacB, signA).
Specifically, the video network terminal B obtains PubKeyA, RA, and MacA, and the video network terminal B stores RB and MacB in advance, and verifies the first signature information through the information.
When the signature passes the verification, executing the next step; when the signature verification fails, the return value RV = error code is set.
And III, setting a return value Rv (namely a first verification result) according to the results of the steps I and II.
Assembling confirmation information RB | | RA | | MacB | | MacA | | Rv (namely second verification information), and signing the second verification information by using second private key information of the video network terminal B (PriKeyB, RB | | RA | MacB | | MacA | Rv) (namely second signature information);
(7) The terminal B of the video network sends the second verification information and the second signature information TokenBA = RB | | RA | MacB | | MacA | | Rv | | SignB (PriKeyB, RB | | RA | | MacB | | MacA | | Rv).
(8) After receiving the token BA, the video network terminal A executes the following steps:
I. random number RA verification: it is verified whether the random number RA is the random number previously sent to the terminal B of the video network.
If not, the verification fails (i.e. the entity authentication fails), if so, the random number RA is successfully verified, and the next step is executed.
Second signature information verification: analyzing the unique identifier MacB of the networking terminal B, and acquiring second public key information PubKeyB from a second public key matrix according to the MacB;
and verifying the signature Verify of the terminal B of the video network by using the second public key information PubKeyB (PubKeyB, RB | | | RA | | | MacB | | | MacA | | Rv, signB).
When the signature passes the verification, executing the next step; when the signature verification fails, the verification fails (i.e., the entity authentication fails).
And III, analyzing and checking the value of the return value Rv and checking the Rv to determine whether the verification is successful.
Judging whether the Rv is a correct code, and confirming that the verification is successful when the Rv is the correct code; when Rv is an error code, verification fails.
It should be noted that for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently depending on the embodiment of the invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 3, a schematic structural diagram of a terminal authentication apparatus according to an embodiment of the present invention is shown, and is applied to a second terminal, and specifically includes the following modules:
a first information receiving module 301, configured to receive first verification information and first signature information sent by a first terminal; the first signature information is generated by the first terminal by signing the first verification information based on first private key information of the first terminal;
a first identification determination module 302, configured to determine first identification information for the first terminal from the first authentication information;
a first public key determining module 303, configured to determine first public key information of the first terminal according to the first identification information;
a first signature verification module 304, configured to verify the first signature information based on the first public key information.
In an embodiment of the present invention, the apparatus further includes:
the first verification result module is used for generating a first verification result of the first terminal;
the second verification information and second signature information module is used for generating second verification information and second signature information according to the first verification result; the second verification information comprises a second terminal identifier and a first verification result, and the second signature information is generated by the second terminal through signing the second verification information based on second private key information of the second terminal;
and the second sending module is used for sending the second verification information and the second signature information to the first terminal so that the first terminal authenticates the second terminal.
In an embodiment of the present invention, the first public key determining module 303 may include:
a first public key matrix obtaining sub-module, configured to obtain a first public key matrix generated by encrypting the first identification information by using a CPK technology;
and the first public key information determining submodule is used for determining the first public key information of the first terminal corresponding to the first identification information from the first public key matrix.
In the embodiment of the invention, a second terminal receives first verification information and first signature information sent by a first terminal; the first signature information is generated by the first terminal by signing the first verification information based on first private key information of the first terminal; determining first identification information for the first terminal from the first authentication information; determining first public key information of the first terminal according to the first identification information; the first signature information is verified based on the first public key information, so that authentication between terminals is realized without mutual certificates, the data transmission amount in the entity authentication process is reduced, the authentication efficiency is improved, the CA system is not required to participate, and the construction cost of the whole authentication system can be reduced.
Referring to fig. 4, a schematic structural diagram of another terminal authentication apparatus according to an embodiment of the present invention is shown, and is applied to a first terminal, and specifically includes the following modules:
a first information sending module 401, configured to send first verification information and first signature information to a second terminal; the first signature information is generated by the first terminal by signing the first verification information based on first private key information of the first terminal, so that the second terminal authenticates the first terminal according to the first verification information and the first signature information;
a second information receiving module 402, configured to receive second verification information and second signature information sent by a second terminal; the second signature information is generated by the second terminal by signing the second verification information based on second private key information of the second terminal;
a second identification determination module 403, configured to determine second identification information for the second terminal from the second authentication information;
a second public key determining module 404, configured to determine second public key information of the second terminal according to the second identification information;
a second signature verification module 405, configured to verify the second signature information based on the second public key information.
In an embodiment of the present invention, the second verification information further includes a first verification result obtained after the second terminal performs entity authentication on the first terminal, and the apparatus further includes:
a second verification result generation module, configured to generate a second verification result of the second terminal;
a first verification result obtaining module, configured to obtain a first verification result from the second verification information when the second verification result is successful;
and the entity authentication success module is used for confirming that the entity authentication of the first terminal and the second terminal is successful when the first authentication result is successful.
In an embodiment of the present invention, the second public key determining module 404 may include:
a second public key matrix obtaining sub-module, configured to obtain a second public key matrix generated by encrypting the second identification information by using a CPK technology;
and the second public key information determining submodule is used for determining second public key information of the second terminal corresponding to the second identification information from the second public key matrix.
In the embodiment of the invention, a first terminal sends first verification information and first signature information to a second terminal; the first signature information is generated by the first terminal signing the first verification information based on first private key information of the first terminal, so that the second terminal authenticates the first terminal according to the first verification information and the first signature information and can receive second verification information and second signature information sent by the second terminal; the second signature information is generated by the second terminal by signing the second verification information based on second private key information of the second terminal; determining second identification information for the second terminal from the second authentication information; determining second public key information of the second terminal from a second public key matrix corresponding to the second identification information; the second signature information is verified based on the second public key information, so that authentication between terminals is realized without mutual certificates, the data transmission amount in the entity authentication process is reduced, the authentication efficiency is improved, the CA system is not required to participate, and the construction cost of the whole authentication system can be reduced.
An embodiment of the present invention further provides an electronic device, which may include a processor, a memory, and a computer program stored in the memory and capable of running on the processor, and when being executed by the processor, the electronic device implements the steps of the terminal authentication method as described above.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the above terminal authentication method.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "include", "including" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, article, or terminal device including a series of elements includes not only those elements but also other elements not explicitly listed or inherent to such process, method, article, or terminal device. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or terminal apparatus that comprises the element.
The terminal authentication method, apparatus, electronic device and storage medium provided above are introduced in detail, and specific examples are applied herein to explain the principles and embodiments of the present invention, and the descriptions of the above embodiments are only used to help understanding the method and its core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A terminal authentication method applied to a second terminal, the method comprising:
receiving first verification information and first signature information sent by a first terminal; the first signature information is generated by the first terminal by signing the first verification information based on first private key information of the first terminal;
determining first identification information for the first terminal from the first authentication information;
determining first public key information of the first terminal according to the first identification information;
verifying the first signature information based on the first public key information.
2. The method according to claim 1, wherein after the second terminal verifies the first signature information based on the first public key information, the method further comprises:
generating a first verification result of the first terminal;
generating second verification information and second signature information according to the first verification result; the second verification information comprises a second terminal identifier and a first verification result, and the second signature information is generated by the second terminal through signing the second verification information based on second private key information of the second terminal;
and sending the second verification information and the second signature information to the first terminal so that the first terminal authenticates the second terminal.
3. The method according to claim 1 or 2, wherein the determining the first public key information of the first terminal according to the first identification information comprises:
acquiring a first public key matrix generated by encrypting the first identification information by using a CPK (Combined public Key) technology;
and determining first public key information of the first terminal corresponding to the first identification information from the first public key matrix.
4. A terminal authentication method applied to a first terminal, the method comprising:
sending the first verification information and the first signature information to a second terminal; the first signature information is generated by the first terminal by signing the first verification information based on first private key information of the first terminal, so that the second terminal authenticates the first terminal according to the first verification information and the first signature information;
receiving second verification information and second signature information sent by a second terminal; the second signature information is generated by the second terminal by signing the second verification information based on second private key information of the second terminal;
determining second identification information for the second terminal from the second authentication information;
determining second public key information of the second terminal according to the second identification information;
verifying the second signature information based on the second public key information.
5. The method according to claim 4, wherein the second verification information further includes a first verification result obtained after the second terminal performs entity authentication on the first terminal, and after the first terminal verifies the second signature information based on the second public key information, the method further includes:
generating a second verification result of the second terminal;
when the second verification result is successful, acquiring a first verification result from the second verification information;
and when the first verification result is verification success, confirming that entity verification of the first terminal and the second terminal is successful.
6. The method according to claim 4 or 5, wherein the determining the second public key information of the second terminal according to the second identification information comprises:
acquiring a second public key matrix generated by encrypting the second identification information by using a CPK (Combined public Key) technology;
and determining second public key information of the second terminal corresponding to the second identification information from the second public key matrix.
7. A terminal authentication apparatus applied to a second terminal, the apparatus comprising:
the first information receiving module is used for receiving first verification information and first signature information sent by a first terminal; the first signature information is generated by the first terminal by signing the first verification information based on first private key information of the first terminal;
a first identification determination module, configured to determine first identification information for the first terminal from the first authentication information;
a first public key determining module, configured to determine first public key information of the first terminal according to the first identification information;
and the first signature verification module is used for verifying the first signature information based on the first public key information.
8. A terminal authentication apparatus applied to a first terminal, the apparatus comprising:
the first information sending module is used for sending the first verification information and the first signature information to the second terminal; the first signature information is generated by the first terminal by signing the first verification information based on first private key information of the first terminal, so that the second terminal authenticates the first terminal according to the first verification information and the first signature information;
the second information receiving module is used for receiving second verification information and second signature information sent by a second terminal; the second signature information is generated by the second terminal through signing the second verification information based on second private key information of the second terminal;
a second identification determination module configured to determine second identification information for the second terminal from the second authentication information;
the second public key determining module is used for determining second public key information of the second terminal according to the second identification information;
and the second signature verification module is used for verifying the second signature information based on the second public key information.
9. An electronic device comprising a processor, a memory, and a computer program stored on the memory and capable of running on the processor, the computer program, when executed by the processor, implementing a terminal authentication method according to any one of claims 1 to 6.
10. A computer-readable storage medium, characterized in that a computer program is stored thereon, which, when being executed by a processor, implements the terminal authentication method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211000038.XA CN115549961A (en) | 2022-08-19 | 2022-08-19 | Terminal authentication method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211000038.XA CN115549961A (en) | 2022-08-19 | 2022-08-19 | Terminal authentication method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115549961A true CN115549961A (en) | 2022-12-30 |
Family
ID=84724929
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211000038.XA Pending CN115549961A (en) | 2022-08-19 | 2022-08-19 | Terminal authentication method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115549961A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859091A (en) * | 2006-06-06 | 2006-11-08 | 南相浩 | Credible link safety verifying system and method based on CPK |
| CN104899480A (en) * | 2015-05-05 | 2015-09-09 | 易兴旺 | Software copyright protection and management method based on combined public key identity authentication technology |
| CN107769926A (en) * | 2017-10-10 | 2018-03-06 | 北京虎符信息技术有限公司 | A kind of method of controlling security and system based on CPK Intellectualized Switchgears |
| CN109067550A (en) * | 2018-09-25 | 2018-12-21 | 北京仁信证科技有限公司 | Two-way authentication system and mutual authentication method based on CPK tagged keys |
| CN109302412A (en) * | 2018-11-06 | 2019-02-01 | 晋商博创(北京)科技有限公司 | VoIP communication processing method, terminal, server and storage medium based on CPK |
| CN113591103A (en) * | 2021-06-29 | 2021-11-02 | 中国电力科学研究院有限公司 | Identity authentication method and system between intelligent terminals of power internet of things |
-
2022
- 2022-08-19 CN CN202211000038.XA patent/CN115549961A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859091A (en) * | 2006-06-06 | 2006-11-08 | 南相浩 | Credible link safety verifying system and method based on CPK |
| CN104899480A (en) * | 2015-05-05 | 2015-09-09 | 易兴旺 | Software copyright protection and management method based on combined public key identity authentication technology |
| CN107769926A (en) * | 2017-10-10 | 2018-03-06 | 北京虎符信息技术有限公司 | A kind of method of controlling security and system based on CPK Intellectualized Switchgears |
| CN109067550A (en) * | 2018-09-25 | 2018-12-21 | 北京仁信证科技有限公司 | Two-way authentication system and mutual authentication method based on CPK tagged keys |
| CN109302412A (en) * | 2018-11-06 | 2019-02-01 | 晋商博创(北京)科技有限公司 | VoIP communication processing method, terminal, server and storage medium based on CPK |
| CN113591103A (en) * | 2021-06-29 | 2021-11-02 | 中国电力科学研究院有限公司 | Identity authentication method and system between intelligent terminals of power internet of things |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9621545B2 (en) | System and method for connecting client devices to a network | |
| CN110535628B (en) | Method and device for performing multi-party security calculation through certificate signing and issuing | |
| CN108876374B (en) | Block chain network identity document authentication method and system | |
| US20210367753A1 (en) | Trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption | |
| CN106330838B (en) | A kind of dynamic signature method and the client and server using this method | |
| CN111030814A (en) | Key negotiation method and device | |
| CN111800378B (en) | Login authentication method, device, system and storage medium | |
| CN102201915A (en) | Terminal authentication method and device based on single sign-on | |
| CN109831311B (en) | Server verification method, system, user terminal and readable storage medium | |
| US9398024B2 (en) | System and method for reliably authenticating an appliance | |
| CN112351037B (en) | Information processing method and device for secure communication | |
| CN111181723B (en) | Method and device for offline security authentication between Internet of things devices | |
| CN112383395B (en) | Key negotiation method and device | |
| WO2014069985A1 (en) | System and method for identity-based entity authentication for client-server communications | |
| CN113609213B (en) | Method, system, device and storage medium for synchronizing device keys | |
| CN115378604A (en) | Identity authentication method of edge computing terminal equipment based on credit value mechanism | |
| KR20080104594A (en) | Online certificate verification apparatus and method for offline device | |
| CN116112187B (en) | Remote proving method, device, equipment and readable storage medium | |
| CN114125773A (en) | Vehicle networking identity management system and management method based on block chain and identification password | |
| CN108496194A (en) | A kind of method, server-side and the system of verification terminal legality | |
| CN112437068B (en) | Authentication and key agreement method, device and system | |
| CN111225001B (en) | Block chain decentralized communication method, electronic equipment and system | |
| CN112954039A (en) | Block chain evidence storage method | |
| CN111062029A (en) | Multi-factor authentication protocol based on identification password | |
| CN115549961A (en) | Terminal authentication method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |