CN115694992A - Security authentication method, system, storage medium and communication device for communication device - Google Patents

Security authentication method, system, storage medium and communication device for communication device Download PDF

Info

Publication number
CN115694992A
CN115694992A CN202211349757.2A CN202211349757A CN115694992A CN 115694992 A CN115694992 A CN 115694992A CN 202211349757 A CN202211349757 A CN 202211349757A CN 115694992 A CN115694992 A CN 115694992A
Authority
CN
China
Prior art keywords
board
authentication
target service
service board
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211349757.2A
Other languages
Chinese (zh)
Inventor
苏远柱
徐思
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Sundray Technologies Co ltd
Original Assignee
Shenzhen Sundray Technologies Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Sundray Technologies Co ltd filed Critical Shenzhen Sundray Technologies Co ltd
Priority to CN202211349757.2A priority Critical patent/CN115694992A/en
Publication of CN115694992A publication Critical patent/CN115694992A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The application provides a security authentication method of communication equipment, which comprises the following steps: after receiving the safety authentication instruction, the main management board executes first key authentication by using a first encryption device and a first controller contained in the main management board; if the first key authentication is passed and a second key authentication passing mark uploaded to the main management board by the target service board is received, the main management board and the target service board perform third key authentication; and if the third key passes the authentication, the main management board indicates the target service board to open a plurality of service authorities. The method and the system can improve the safety of the main management board and the service board in the communication equipment, strengthen the coupling authentication management between the main management board and the service board, reduce the risk of key leakage, improve the communication safety of the main management board and further improve the overall communication safety of the communication equipment. The application also provides a security authentication system of the communication equipment, a computer readable storage medium and the communication equipment, which have the beneficial effects.

Description

Security authentication method, system, storage medium and communication device for communication device
Technical Field
The present application relates to the field of communication security, and in particular, to a security authentication method and system for a communication device, a storage medium, and a communication device.
Background
At present, a communication device mostly includes a management board and a service board, where the management board may be a switching network board and includes functions such as a management engine, and the service board is used to implement a specific communication service. However, the management board and the service board are generally only provided with an identification register or a manufacturer ID, which is convenient for the management board and the service board to identify, but are easy to be maliciously cracked, and the security is poor, so that the device security of the communication device is difficult to ensure.
Therefore, how to improve the device security of the communication device is a technical problem that needs to be solved urgently by those skilled in the art.
Disclosure of Invention
The application aims to provide a security authentication method, a system, a storage medium and a communication device of the communication device, which can provide the device security of the communication device.
In order to solve the technical problem, the present application provides a security authentication method for a communication device, which includes the following specific technical solutions:
after receiving a security authentication command, the main management board executes first key authentication by using a first encryption device and a first controller contained in the main management board;
if the first key authentication is passed and a second key authentication passing mark uploaded to the main management board by a target service board is received, the main management board and the target service board perform third key authentication;
and if the third key passes the authentication, the main management board indicates the target service board to open a plurality of service authorities.
Optionally, performing, by the master management board and the target service board, third key authentication includes:
the main management board issues an authentication instruction to the target service board;
after receiving a plaintext corresponding to the authentication instruction sent by the target service board, executing first key algorithm encryption on the plaintext through the first encryption device to obtain a ciphertext;
and sending the ciphertext to the target service board, and if the ciphertext decrypted by the second controller on the target service board is consistent with the plaintext, the main management board confirms that the target service board passes the authentication.
Optionally, if a second key authentication passing flag uploaded to the master management board by the target service board is not received, the method further includes:
recording the number of times of decryption and authentication failure of the algorithm corresponding to the target service board;
and if the algorithm decryption authentication failure times meet a first failure time threshold, authenticating the target service board as an illegal service board, and executing power-off operation on the illegal service board.
Optionally, if the third key authentication fails, the method further includes:
recording the authentication failure times of the service board corresponding to the target service board;
and if the authentication failure times of the service board meet a second failure time threshold, authenticating the target service board as an illegal service board, and executing power-off operation on the illegal service board.
Optionally, before receiving the security authentication instruction, if the communication device has at least two management boards, the method further includes:
the management board of the highest slot position acquires the in-place information of other management boards;
if the other management boards are in place, the master management board is obtained by election in the in-place management boards by using a master-slave election algorithm;
and if the rest management boards are not in place, taking the management board with the highest slot position as the main management board.
Optionally, if the master management board is abnormal or the first key authentication fails, the method further includes:
and selecting by utilizing the master-slave election algorithm among the rest management boards to obtain a new master management board.
The application also provides a security authentication method of the communication device, which is applied to a target service board and comprises the following steps:
after the target service board executes second key authentication, sending a second key authentication passing mark to a main management board;
and after the master management board executes third key authentication passing based on the second key authentication passing mark, acquiring indication information issued by the master management board, and opening a plurality of service authorities according to the indication information.
Optionally, the process that the target service board executes the second key authentication includes:
after the target service board is on line, a second controller on the target service board issues a second plaintext to a second encryption device on the target service board;
after the second encryption device performs second key algorithm encryption on the second plaintext and generates a second ciphertext, receiving the second ciphertext returned by the second encryption device;
performing algorithm decryption authentication on the second ciphertext by using the second controller;
and if the algorithm is successfully decrypted and authenticated, confirming that the target service board executes second key authentication to pass.
The present application further provides a communication device, including:
at least one management board, each of said management boards comprising:
a first encryption device and a first controller for performing a first key authentication;
when the management board is a master management board, the first controller is used for executing first key authentication by using a first encryption device and a first controller contained in the first controller; if the first key passes the authentication and a second key passing mark uploaded to the main management board by a target service board is received, the main management board and the target service board perform third key authentication; if the third key passes the authentication, the main management board indicates the target service board to open a plurality of service authorities;
at least one service board, each of the service boards comprising:
and the second controller is used for uploading a second key authentication passing mark to the main management board after the service board performs second key authentication passing.
The present application further provides a security authentication system for a communication device, including:
the main management board authentication module is used for executing first key authentication by utilizing a first encryption device and a first controller contained in the main management board authentication module after receiving the security authentication instruction;
the service authentication module is used for performing third key authentication with the target service board if the first key authentication passes and a second key authentication passing mark uploaded to the main management board by the target service board is received;
and the permission configuration module is used for indicating the target service board to open a plurality of service permissions if the third secret key passes the authentication.
The present application also provides a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method as set forth above.
The application provides a security authentication method of communication equipment, which comprises the following steps: after receiving a security authentication instruction, the main management board executes first key authentication by using a first encryption device and a first controller contained in the main management board; if the first key passes the authentication and a second key passing mark uploaded to the main management board by a target service board is received, the main management board and the target service board perform third key authentication; and if the third key passes the authentication, the main management board indicates the target service board to open a plurality of service authorities.
According to the method and the device, after the security authentication command is received, first key authentication is performed on the device, after the first key authentication passes, if a second key authentication passing mark is received, security authentication between the main management board and the service board is executed, so that the security of the main management board and the service board in the communication equipment can be improved, coupling authentication management between the main management board and the service board is enhanced, the communication equipment is difficult to crack and copy, the main management board executes the first key authentication, the service board executes the second key authentication process, and the key leakage risk is reduced, the communication security of the main management board is improved, and the overall communication security of the communication equipment is further improved.
The application further provides a security authentication system of a communication device, a computer readable storage medium and a communication device, which have the above beneficial effects and are not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only the embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a security authentication method applied to a management board in a communication device according to an embodiment of the present application;
fig. 2 is a flowchart of a security authentication method applied to a service board in a communication device according to an embodiment of the present application;
fig. 3 is a flowchart of security authentication of a service board according to an embodiment of the present application;
fig. 4 is a security authentication flowchart of another security authentication method for a communication device according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a communication device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a security authentication system of a communication device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a flowchart of a security authentication method of a communication device according to an embodiment of the present application, where the security authentication method is applicable to any communication device including a management board and a service board, and the security authentication method includes:
s101: after receiving a security authentication command, the main management board executes first key authentication by using a first encryption device and a first controller contained in the main management board;
in the step, after the safety certification instruction is received, the main management board firstly carries out safety verification on the main management board. The specific instruction content and instruction form of the security authentication instruction are not limited herein, and are used to instruct the start of performing security authentication of the communication device, as long as the instruction that can be used to implement the function can be used as the security authentication instruction in this step.
It should also be noted that the present embodiment defaults to having confirmed the master management board among the management boards before performing the present step. When the step is executed, the safety certification of the main management board can be directly executed.
Specifically, the master management board performs first key verification by using a first encryption device and a first controller included in the master management board. The process is essentially mutual authentication between the first controller and the first encryption device, and malicious tampering of the first encryption device is avoided. In this and following embodiments, the master management board includes a first controller and a first encryption device, the service board includes a second controller and a second encryption device, the first controller and the second controller may both be processors or main control chips on the respective boards, and the first encryption device and the second encryption device may be encryption chips including an encryption algorithm.
One possible implementation may be as follows:
s1011: the main management board sends a first plaintext to the first encryption device by using a first controller contained in the main management board;
s1012: after the first encryption device performs first key algorithm encryption on the first plaintext and generates a first ciphertext, receiving the first ciphertext returned by the second encryption device;
s1013: the first controller carries out algorithm decryption authentication on the first ciphertext;
s1014: and if the algorithm decryption authentication is successful, opening the service board authentication authority of the main management board.
After the main management board is powered on, the first plaintext is issued to the first encryption device through the first controller, and in the process of sending the first plaintext, the first plaintext may be sent directly or through a communication middleware inside the main management board, for example, the first plaintext may be sent to the first encryption device through a multiplexer or a programmable device. To ensure authentication security, the first plaintext may be randomly generated by the first controller. And then the first encryption device encrypts the first plaintext by using a first key algorithm contained in the first encryption device to obtain a first ciphertext and returns the first ciphertext to the first controller. The first controller carries out algorithm decryption authentication on the first ciphertext, and once the authentication is successful, the service board authentication authority of the main management board can be opened. It can be seen that there are two roles in this process in the first controller, namely, generating the first plaintext, and performing algorithm decryption authentication on the first ciphertext returned by the first encryption device. It will be readily appreciated that the decryption algorithm used in the first controller to perform the algorithm decryption authentication process should correspond to the first key algorithm used by the first encryption device. If any one of the first controller and the first encryption device is attacked maliciously, the algorithm decryption authentication is directly failed.
If the algorithm decryption authentication is successful, the service board authentication authority of the main management board can be opened at the moment. The service board authentication authority means that the main management board passes the authentication and can perform the service board authentication, and for other management boards which do not open the service board authentication authority, the subsequent service board authentication process cannot be executed.
S102: if the first key authentication is passed and a second key authentication passing mark uploaded to the main management board by a target service board is received, the main management board and the target service board perform third key authentication;
after the first key authentication of the main management board is passed, if a second key authentication passing mark uploaded to the main management board by the target service board is received, third key authentication between the main management board and the target service board can be executed. Specifically, the master management board may switch to the link where the target service board is located, so as to execute the third key authentication with the target service board. This process can also be implemented by communication middleware, such as multiplexers or programmable devices, contained in the main management board. The target service board may be any service board that uploads the second key authentication pass flag.
In this step, the target service board is defaulted to execute the second key authentication. It should be noted that the master management board may receive the second key authentication passing flags uploaded by the multiple target service boards simultaneously or sequentially, and may optionally perform authentication with the multiple target service boards simultaneously or sequentially.
The main management board can send an authentication instruction to the target service board through the link, and starts to execute the safety authentication of the main management board to the target service board. Before that, the main management board may also perform in-situ detection on the target service board, and after confirming that the target service board is online, may perform the step of issuing the authentication instruction to the target service board.
One possible implementation of this step is as follows:
s1021: the main management board issues an authentication instruction to the target service board;
s1022: after receiving a plaintext corresponding to the authentication instruction sent by the target service board, executing first key algorithm encryption on the plaintext through the first encryption device to obtain a ciphertext;
s1023: and sending the ciphertext to the target service board, and if the ciphertext decrypted by the second controller on the target service board is consistent with the plaintext, the main management board confirms that the target service board passes the authentication.
The main management board firstly sends an authentication instruction to the target service board, and after receiving the authentication instruction, the target service board needs to return a plaintext corresponding to the authentication instruction to the main management board. The main management board utilizes a first encryption device of the main management board to encrypt a plaintext by a first key algorithm to obtain a ciphertext. And then, the main management board sends the ciphertext to the target service board, the target service board decrypts the ciphertext by using the second controller of the target service board to obtain a decrypted text, and the decrypted text is compared with the plaintext sent to the main management board by the target service board, and if the decrypted text is consistent with the plaintext, the target service board is judged to pass the authentication.
And after the target service board receives the authentication instruction, a plaintext corresponding to the authentication instruction needs to be generated. In the process, the authentication instruction can be analyzed for the target service board, so that a plaintext is directly obtained, or the plaintext is generated according to the characteristic information contained in the authentication instruction. The characteristic information can be identity information containing the main management board, instruction sending time and the like, so that the first encryption device on the main management board can accurately send the authentication instruction to the target service board through plain text confirmation. Of course, the generated plaintext may also be unrelated to the authentication instruction and only used for the secure authentication between the master management board and the target service board.
After receiving the plaintext, a first encryption device on the main management board encrypts the plaintext by using a first key algorithm contained in the first encryption device to obtain a first ciphertext. The first key algorithm is not limited herein, and may be any encryption algorithm set by a person skilled in the art, such as a symmetric encryption algorithm or an asymmetric encryption algorithm.
S103: if the third key passes the authentication, the main management board indicates the target service board to open a plurality of service authorities;
if the third key of the target service board is authenticated by the main management board, the main management board can indicate the target service board to open a plurality of service permissions. The service authority is used for receiving external communication task data so that the service board can execute communication data calculation. The specific content of the opened service right is not limited herein, and includes, but is not limited to, the communication data interaction right of the target service board and the outside world, and the like.
According to the embodiment of the application, after the security authentication instruction is received, first key authentication is carried out on the communication device, after the first key authentication is passed, if a second key authentication passing mark is received, security authentication between the main management board and the service board is executed, so that the security of the main management board and the service board in the communication device can be improved, coupling authentication management between the main management board and the service board is enhanced, the communication device is difficult to crack and copy, the main management board executes the first key authentication, the service board executes the second key authentication process, the key leakage risk is reduced, the communication security of the main management board is improved, and the overall communication security of the communication device is further improved.
On the basis of the previous embodiment, as a preferred embodiment, if the second key authentication passing flag uploaded to the master management board by the target service board is not received, it indicates that the target service board does not perform self authentication. At this time, the algorithm decryption authentication failure times corresponding to the target service board can be recorded, if the algorithm decryption authentication failure times meet the first failure time threshold, the target service board is authenticated as an illegal service board, and the power-off operation is executed on the illegal service board.
Similarly, on the basis of the previous embodiment, if the third key authentication of the master management board for the target service board fails, the authentication failure times of the service board corresponding to the target service board may be recorded, and if the authentication failure times of the service board satisfy the second failure time threshold, the target service board may also be authenticated as an illegal service board, and the power-down operation may be performed on the illegal service board as well.
The first failure time threshold and the second failure time threshold are not numerically limited and can be set by those skilled in the art.
Based on the above embodiments, as a preferred embodiment, how to determine the master management board is explained below:
there are often multiple management boards in a communication device to achieve redundancy of the management boards. When at least two management boards exist in the communication equipment, the management board in the highest slot position can obtain in-place information of other management boards, and if the other management boards are in place, a master management board is obtained by election from the in-place management boards by using a master-slave election algorithm. If the rest management boards are not in place, the management board in the highest slot position is used as the main management board. Firstly, one management is selected according to a certain slot position sequence to obtain the in-place information of the rest of the management, and if a plurality of management boards are on-line at the same time, a master management board is obtained by carrying out election by utilizing a master-slave election algorithm. The master-slave election algorithm is not limited to the one used here, and for example, a Bully algorithm or the like may be used.
In addition, when the main management board is abnormal or the first key authentication executed by the main management board is not passed, a new main management board can be obtained by using the master-slave election algorithm to elect among the rest management boards.
Referring to fig. 2, fig. 2 is a flowchart of a security authentication method applied to a service board in a communication device according to an embodiment of the present application, and the present application further provides a security verification method of a communication device, which is applied to a target service board, where the security authentication method includes:
s201: after the target service board executes second key authentication, sending a second key authentication passing mark to a main management board;
s202: and after the master management board executes third key authentication passing based on the second key authentication passing mark, acquiring indication information issued by the master management board, and opening a plurality of service authorities according to the indication information.
It should be noted that the target service board in the embodiment of the present application is used to indicate any service board that can perform security verification with the master management board, and is not specifically limited.
And for the target service board, after the target service board executes the second key authentication, the target service board can send a second key authentication passing mark to the main management board. The specific content and the mark format of the second key authentication passing mark are not limited, and any information that the master management board can know that the target management board completes the second key authentication can be used as the second key authentication passing mark.
Based on the above embodiment, as a preferred embodiment, how to perform the second key authentication on the target service board is not limited herein, referring to fig. 3, where fig. 3 is a security authentication flow chart of a service board provided in the embodiment of the present application, a possible implementation manner may be as follows:
s301: after the target service board is on line, a second controller on the target service board issues a second plaintext to a second encryption device on the target service board;
s302: after the second encryption device performs second key algorithm encryption on the second plaintext and generates a second ciphertext, receiving the second ciphertext returned by the second encryption device;
s303: the second controller carries out algorithm decryption authentication on the second ciphertext;
s304: and if the algorithm decryption authentication is successful, the second controller sends the second key authentication passing mark to the main management board.
Likewise, the second plaintext may also be a plaintext that is randomly generated by the second controller.
When the service board is normally powered on, the second controller of the service board communicates with the second encryption device of the board and issues a second plaintext, after receiving the second plaintext, the second encryption device executes a second key encryption algorithm to encrypt the second plaintext to generate a second ciphertext, and the second ciphertext is fed back to the second controller of the service board to be decrypted by the algorithm, and the obtained decrypted text is compared with the issued second plaintext to judge whether the verification is passed. If the service board authenticates that the second key passes, the second controller of the service board sends a second key authentication passing mark to the main management board, and then the service board enters a mode to be authenticated by the first key and can open part of debugging function permission. The partial debugging function authority refers to that the service board passes the security authentication at this time, but when the verification of the main management board itself is not executed or is not completed, only partial debugging of the service board can be realized through the main management board, for example, the configuration information, name, attribute and the like of the service board are checked, but the service board cannot be controlled by the main management board to execute any actual communication service.
If the service board fails to authenticate the second key, the second controller of the service board can repeatedly execute the authentication process until the algorithm decryption authentication fails and meets the failure frequency threshold, authenticate the target service board as an illegal service board, execute power-off operation on the illegal service board, and report log information to the main management board.
Referring to fig. 4, fig. 4 is a security authentication flowchart of another security authentication method for a communication device according to an embodiment of the present application, where the method specifically includes:
firstly, a main management board which passes the first key authentication acquires in-place information of a service board;
secondly, judging whether the service board is in place; if not, ending the flow; if yes, entering a third step;
thirdly, waiting for receiving a second key authentication completion mark of the service board;
step four, judging whether a second key authentication passing mark of the target service board is received or not; if yes, entering the fifth step, and if not, ending the process;
fifthly, switching to a link where the target service board is located by using the first controller;
sixthly, issuing an authentication instruction to the target service board;
seventhly, the target service board generates a plaintext corresponding to the authentication instruction and returns the plaintext to the main management board;
eighthly, the first encryption device executes the first key algorithm encryption on the plaintext to obtain a ciphertext, and the ciphertext is fed back to the service board;
ninthly, the second controller on the target service board decrypts the ciphertext to obtain a ciphertext;
tenth step, the service board judges whether the plaintext and the plaintext are consistent; if yes, entering the eleventh step; if not, entering the twelfth step;
step ten, the main management board confirms that the target service board passes the authentication, opens all service authorities of the target service board and ends the process;
step ten, judging whether the authentication failure of the service board meets a failure frequency threshold value or not; if yes, entering the thirteenth step; if not, returning to the seventh step;
step three, the target service board is authenticated as an illegal service board, and the illegal service board is powered off;
in the above process, when the second step and the fourth step are executed, if the service is not in place, or the second key authentication passing flag of the target service board is not received, the current state may also be maintained, without directly ending the process, that is, the waiting state is maintained until the service board is in place, or the second key authentication passing flag of the target service board is received, and then the subsequent steps are performed.
It can be seen from this embodiment that, after the service board completes the second key authentication in the board, the service board needs to complete the first key authentication with the master management board to complete the function establishment of the communication device system, and the authentication management with strong coupling is realized between the master management board and the service board, so that the whole communication device system is not easy to be cracked and copied. The first key belonging to the main management board and the second key belonging to the service board in the communication equipment can be managed separately and mutually balanced, so that the security of the keys and the security of the encryption chip are guaranteed, and the risk of key leakage is reduced.
Referring to fig. 5, fig. 5 is a schematic structural diagram of a communication device according to an embodiment of the present application, where the communication device includes:
at least one management board, each of said management boards comprising:
a first encryption device and a first controller for performing a first key authentication;
when the management board is a master management board, the first controller is used for executing first key authentication by utilizing a first encryption device and a first controller contained in the first controller; if the first key authentication is passed and a second key authentication passing mark uploaded to the main management board by a target service board is received, the main management board and the target service board perform third key authentication; if the third key passes the authentication, the main management board indicates the target service board to open a plurality of service authorities;
at least one service board, each of the service boards comprising:
and the second controller is used for uploading the second key authentication passing mark to the master management board after the service board passes the second key authentication.
In addition, the communication equipment can also comprise a communication back board which is respectively connected with the management board and the service board through communication buses.
The process of the service board executing the second key authentication may refer to the above, and is not described herein again.
Referring to fig. 6, fig. 6 is a schematic structural diagram of a security authentication system of a communication device provided in the present application, which may be cross-referenced and collated with the security authentication method of the communication device disclosed above, and specifically may include:
the main management board authentication module is used for executing first key authentication by utilizing a first encryption device and a first controller contained in the main management board authentication module after receiving the security authentication instruction;
the service authentication module is used for performing third key authentication with the target service board if the first key authentication passes and a second key authentication passing mark uploaded to the main management board by the target service board is received;
and the permission configuration module is used for indicating the target service board to open a plurality of service permissions if the third secret key passes the authentication.
Based on the above embodiment, as a preferred embodiment, the service authentication module includes:
the instruction issuing unit is used for issuing an authentication instruction to the target service board;
the encryption unit is used for executing first key algorithm encryption on the plaintext through the first encryption device after receiving the plaintext corresponding to the authentication instruction sent by the target service board to obtain a ciphertext;
and the third key authentication unit is used for sending the ciphertext to the target service board, and if a ciphertext decrypted by a second controller on the target service board is consistent with the plaintext, the main management board confirms that the target service board passes the authentication.
Based on the above embodiment, as a preferred embodiment, the security authentication system may further include:
the first power-down module is used for recording the times of algorithm decryption authentication failure corresponding to the target service board; and if the algorithm decryption authentication failure times meet a first failure time threshold, authenticating the target service board as an illegal service board, and executing power-off operation on the illegal service board.
Based on the above embodiment, as a preferred embodiment, the security authentication system may further include:
the second power-down module is used for recording the authentication failure times of the service board corresponding to the target service board; and if the authentication failure times of the service board meet a second failure time threshold, authenticating the target service board as an illegal service board, and executing power-off operation on the illegal service board.
Based on the foregoing embodiment, as a preferred embodiment, if the communication device has at least two management boards, the method further includes:
the main management board confirmation module is used for acquiring in-place information of other management boards by using the management board with the highest slot position; if the other management boards are in place, the master management board is obtained by election in the in-place management boards by using a master-slave election algorithm; and if the rest management boards are not in place, taking the management board in the highest slot position as the main management board.
Based on the above embodiment, as a preferred embodiment, the method further includes:
and the master management board updating module is used for electing to obtain a new master management board among the rest management boards by utilizing the master-slave election algorithm if the master management board is abnormal or the first secret key authentication fails.
The present application also provides a computer-readable storage medium having stored thereon a computer program which, when executed, may implement the steps of the method provided by the above-described embodiments. The storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system provided by the embodiment, the description is relatively simple because the system corresponds to the method provided by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.

Claims (11)

1. A safety authentication method of communication equipment is applied to a main management board and is characterized by comprising the following steps:
after receiving a security authentication instruction, the main management board executes first key authentication by using a first encryption device and a first controller contained in the main management board;
if the first key authentication is passed and a second key authentication passing mark uploaded to the main management board by a target service board is received, the main management board and the target service board perform third key authentication;
and if the third key passes the authentication, the main management board indicates the target service board to open a plurality of service authorities.
2. The security authentication method of claim 1, wherein the third key authentication between the master management board and the target service board comprises:
the main management board issues an authentication instruction to the target service board;
after receiving a plaintext corresponding to the authentication instruction sent by the target service board, executing first key algorithm encryption on the plaintext through the first encryption device to obtain a ciphertext;
and sending the ciphertext to the target service board, and if the ciphertext decrypted by the second controller on the target service board is consistent with the plaintext, the main management board confirms that the target service board passes the authentication.
3. The security authentication method of claim 1, wherein if a second key authentication passing flag uploaded to the master management board by the target service board is not received, the method further comprises:
recording the number of times of decryption and authentication failure of the algorithm corresponding to the target service board;
and if the algorithm decryption authentication failure times meet a first failure time threshold, authenticating the target service board as an illegal service board, and executing power-off operation on the illegal service board.
4. The secure authentication method of claim 1, wherein if the third key authentication fails, the method further comprises:
recording the authentication failure times of the service board corresponding to the target service board;
and if the authentication failure times of the service board meet a second failure time threshold, authenticating the target service board as an illegal service board, and executing power-off operation on the illegal service board.
5. The security authentication method according to any one of claims 1 to 4, wherein before receiving the security authentication command, if at least two management boards exist in the communication device, the method further comprises:
the management board of the highest slot position acquires the in-place information of other management boards;
if the other management boards are in place, the master management board is obtained by election from the in-place management boards by using a master-slave election algorithm;
and if the rest management boards are not in place, taking the management board in the highest slot position as the main management board.
6. The security authentication method of claim 5, wherein if the master management board is abnormal or the first key authentication fails, the method further comprises:
and selecting by utilizing the master-slave election algorithm among the rest management boards to obtain a new master management board.
7. A security authentication method of a communication device is applied to a target service board, and is characterized by comprising the following steps:
after the target service board executes second key authentication, sending a second key authentication passing mark to a main management board;
and after the master management board executes third key authentication passing based on the second key authentication passing mark, acquiring indication information issued by the master management board, and opening a plurality of service authorities according to the indication information.
8. The security authentication method of claim 7, wherein the process of performing the second key authentication by the target service board comprises:
after the target service board is on line, a second controller on the target service board issues a second plaintext to a second encryption device on the target service board;
after the second encryption device performs second key algorithm encryption on the second plaintext and generates a second ciphertext, receiving the second ciphertext returned by the second encryption device;
performing algorithm decryption authentication on the second ciphertext by using the second controller;
and if the algorithm decryption authentication is successful, confirming that the target service board executes the second key authentication to pass.
9. A communication device, comprising:
at least one management board, each of said management boards comprising:
a first encryption device and a first controller for performing a first key authentication;
when the management board is a master management board, the first controller is used for executing first key authentication by utilizing a first encryption device and a first controller contained in the first controller; if the first key authentication is passed and a second key authentication passing mark uploaded to the main management board by a target service board is received, the main management board and the target service board perform third key authentication; if the third key passes the authentication, the main management board indicates the target service board to open a plurality of service authorities;
at least one service board, each of the service boards comprising:
and the second controller is used for uploading a second key authentication passing mark to the main management board after the service board performs second key authentication passing.
10. A security authentication system for a communication device, comprising:
the main management board authentication module is used for executing first key authentication by utilizing a first encryption device and a first controller contained in the main management board authentication module after receiving the security authentication instruction;
the service authentication module is used for performing third key authentication with the target service board if the first key authentication passes and a second key authentication passing mark uploaded to the main management board by the target service board is received;
and the permission configuration module is used for indicating the target service board to open a plurality of service permissions if the third secret key passes the authentication.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method for secure authentication of a communication device according to any one of claims 1 to 6 or according to any one of claims 7 to 8.
CN202211349757.2A 2022-10-31 2022-10-31 Security authentication method, system, storage medium and communication device for communication device Pending CN115694992A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211349757.2A CN115694992A (en) 2022-10-31 2022-10-31 Security authentication method, system, storage medium and communication device for communication device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211349757.2A CN115694992A (en) 2022-10-31 2022-10-31 Security authentication method, system, storage medium and communication device for communication device

Publications (1)

Publication Number Publication Date
CN115694992A true CN115694992A (en) 2023-02-03

Family

ID=85046062

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211349757.2A Pending CN115694992A (en) 2022-10-31 2022-10-31 Security authentication method, system, storage medium and communication device for communication device

Country Status (1)

Country Link
CN (1) CN115694992A (en)

Similar Documents

Publication Publication Date Title
CN110111472B (en) Vehicle key control method and device
CN105681328B (en) The method, apparatus and electronic equipment of controlling electronic devices
JP3918827B2 (en) Secure remote access system
CN102508791B (en) Method and device for encrypting hard disk partition
JP7194847B2 (en) A method for authenticating the identity of digital keys, terminal devices, and media
CN104537293B (en) Authenticating device and system
CN110136306B (en) Vehicle key control method and system
CN108734018B (en) Authentication method, device, system and computer readable storage medium
EP2947611A1 (en) Apparatus, method for controlling apparatus, and program
CN111130602B (en) Near field communication card data writing system, method, device and medium
CN101140605A (en) Data safety reading method and safety storage apparatus thereof
CN109086578A (en) A kind of method that soft ware authorization uses, equipment and storage medium
CN103592927A (en) Method for binding product server and service function through license
KR102192330B1 (en) Management system and method for data security for storage device using security device
CN110633172A (en) USB flash disk and data synchronization method thereof
JP4993114B2 (en) Shared management method for portable storage device and portable storage device
CN104598838B (en) A kind of random verification and provide trusted operating environment file store and edit methods
CN115694992A (en) Security authentication method, system, storage medium and communication device for communication device
CN109359450A (en) Safety access method, device, equipment and the storage medium of linux system
CN110166240B (en) Network isolation password board card
CN100568366C (en) Content playback unit
CN112422281A (en) Method and system for changing secret key in security module
JP2006072833A (en) Authentication device and method
CN112560116A (en) Function control method, device and storage medium
CN113518951A (en) Control system, control method, and control device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination