CN117220941A - Equipment authentication method and vehicle - Google Patents
Equipment authentication method and vehicle Download PDFInfo
- Publication number
- CN117220941A CN117220941A CN202311168830.0A CN202311168830A CN117220941A CN 117220941 A CN117220941 A CN 117220941A CN 202311168830 A CN202311168830 A CN 202311168830A CN 117220941 A CN117220941 A CN 117220941A
- Authority
- CN
- China
- Prior art keywords
- string
- random
- encrypted data
- character string
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 80
- 230000006854 communication Effects 0.000 claims abstract description 49
- 238000004891 communication Methods 0.000 claims abstract description 36
- 230000004044 response Effects 0.000 claims abstract description 6
- 230000015654 memory Effects 0.000 claims description 9
- 238000010586 diagram Methods 0.000 description 17
- 230000008569 process Effects 0.000 description 12
- 238000004590 computer program Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
Abstract
The embodiment of the application provides a device authentication method and a vehicle, wherein the method is executed on first device, and comprises the following steps: in response to an authentication request for the second device, encrypting the first spliced character string through a public key of the second device to obtain first encrypted data, and sending the first encrypted data to the second device, wherein the first spliced character string comprises a first random character string generated by the first device; receiving second encrypted data sent by second equipment, wherein the second encrypted data is obtained by encrypting a second spliced character string by the second equipment through a public key of first equipment, and the second spliced character string comprises a second random character string; decrypting the second encrypted data through the private key of the first device to obtain a second random string; if the second random string is identical to the first random string, authentication of the second device is passed. The technical scheme provided by the embodiment of the application can improve the safety of data communication between the devices.
Description
Technical Field
The application relates to the technical field of authentication, in particular to a device authentication method and a vehicle.
Background
It is known that if security authentication is not performed between two devices that need to perform data communication, private data of the devices is easily leaked, the devices are remotely controlled, and malware is infected, so that the secure operation of the devices is affected. In the prior art, for example, authentication between a vehicle and other devices is generally performed by adopting a user name and a password of the vehicle, and plaintext communication is directly performed after the authentication passes, but the authentication is easy to be hacked, so that the security of data communication between the devices is not high, and therefore, how to improve the security of data communication between the devices is a technical problem to be solved.
Disclosure of Invention
The embodiment of the application provides a device authentication method and a vehicle, and the safety of data communication between devices can be improved based on the technical scheme provided by the application.
Other features and advantages of the application will be apparent from the following detailed description, or may be learned by the practice of the application.
According to a first aspect of an embodiment of the present application, there is provided a device authentication method, the method being performed on a first device, the method including: in response to an authentication request for a second device, encrypting a first spliced character string through a public key of the second device to obtain first encrypted data, and sending the first encrypted data to the second device, wherein the first spliced character string comprises a first random character string generated by the first device; receiving second encrypted data sent by the second device, wherein the second encrypted data is obtained by encrypting a second spliced character string by the second device through a public key of the first device, and the second spliced character string comprises a second random character string; decrypting the second encrypted data through the private key of the first device to obtain the second random string; if the second random string is the same as the first random string, authentication of the second device is passed.
In some embodiments of the application, based on the foregoing, the method further comprises: and if the second random string is not identical to the first random string, refusing authentication of the second equipment.
In some embodiments of the present application, based on the foregoing solution, the decrypting the second encrypted data by the private key of the first device to obtain the second random string includes: decrypting the second encrypted data through the private key of the first device to obtain the second spliced character string; and acquiring the second random character string from the second spliced character string.
In some embodiments of the present application, based on the foregoing solution, the first concatenation string further includes a key generated by the first device, the second concatenation string further includes a third random string generated by the second device, and after passing the authentication of the second device, the method further includes: acquiring a third random string obtained by decrypting the second encrypted data; encrypting the third random string by the key to obtain third encrypted data; and transmitting the third encrypted data to the second device so that the second device authenticates the first device based on the third encrypted data.
In some embodiments of the application, based on the foregoing, the method further comprises: if the second device passes the authentication of the first device, data communication is carried out with the second device; and in the data communication process, encrypting the data to be sent to the second device by the key, or decrypting the received data sent by the second device by the key.
According to a second aspect of an embodiment of the present application, there is provided a device authentication method, the method being performed on a second device, the method including: receiving first encrypted data sent by first equipment, wherein the first encrypted data is obtained by encrypting a first spliced character string by the first equipment through a public key of second equipment, and the first spliced character string comprises a first random character string generated by the first equipment; decrypting the first encrypted data through the private key of the second device to obtain a second random string; generating a second spliced character string based on the second random character string, and encrypting the second spliced character string through the public key of the first device to obtain second encrypted data; and transmitting the second encrypted data to the first device so that the first device authenticates the second device based on the second encrypted data.
In some embodiments of the present application, based on the foregoing solution, the decrypting the first encrypted data by the private key of the second device to obtain a second random string includes: decrypting the first encrypted data through the private key of the second device to obtain the first spliced character string; and acquiring the second random character string from the first spliced character string.
In some embodiments of the present application, based on the foregoing solution, the first concatenation string further includes a key generated by the first device, the second concatenation string further includes a third random string generated by the second device, and after the first device successfully authenticates the second device, the method further includes: receiving third encrypted data sent by the first device, wherein the third encrypted data is obtained by encrypting the third random string by the first device based on the key; decrypting the third encrypted data through the key to obtain a fourth random string; if the third random string is the same as the fourth random string, passing authentication of the first device.
In some embodiments of the application, based on the foregoing, the method further comprises: and if the third random string is not identical to the fourth random string, refusing authentication of the first equipment.
According to a third aspect of an embodiment of the present application, there is provided a device authentication apparatus, the apparatus including: the first encryption unit is used for responding to an authentication request of the second equipment, encrypting a first spliced character string through a public key of the second equipment to obtain first encrypted data, and sending the first encrypted data to the second equipment, wherein the first spliced character string comprises a first random character string generated by the first equipment; the first receiving unit is used for receiving second encrypted data sent by the second equipment, the second encrypted data is obtained by encrypting a second spliced character string by the second equipment through a public key of the first equipment, and the second spliced character string comprises a second random character string; the first decryption unit is used for decrypting the second encrypted data through a private key of the first device to obtain the second random string; and the authentication unit is used for passing the authentication of the second equipment if the second random character string is identical with the first random character string.
According to a fourth aspect of an embodiment of the present application, there is provided a device authentication apparatus, the apparatus including: the second receiving unit is used for receiving first encrypted data sent by first equipment, the first encrypted data is obtained by encrypting a first spliced character string by the first equipment through a public key of second equipment, and the first spliced character string comprises a first random character string generated by the first equipment; the second decryption unit is used for decrypting the first encrypted data through the private key of the second device to obtain a second random string; the second encryption unit is used for generating a second spliced character string based on the second random character string, and encrypting the second spliced character string through the public key of the first device to obtain second encrypted data; and the sending unit is used for sending the second encrypted data to the first device so that the first device authenticates the second device based on the second encrypted data.
According to a fifth aspect of an embodiment of the present application, there is provided a computer readable storage medium, wherein at least one program code is stored in the computer readable storage medium, the at least one program code being loaded and executed by a processor to implement operations performed by a method as described in any one of the first aspects above.
According to a sixth aspect of embodiments of the present application, there is provided a computer readable storage medium having stored therein at least one program code loaded and executed by a processor to implement operations performed by a method as described in any of the second aspects above.
According to a seventh aspect of embodiments of the present application there is provided a vehicle comprising one or more processors and one or more memories having stored therein at least one piece of program code loaded and executed by the one or more processors to carry out the operations performed by the method as described in any of the first aspects above.
According to an eighth aspect of embodiments of the present application there is provided a vehicle comprising one or more processors and one or more memories having stored therein at least one piece of program code loaded and executed by the one or more processors to carry out the operations performed by the method according to any of the second aspects described above.
In the technical scheme of the application, in the process of authenticating a second device by a first device, firstly, a first spliced character string is encrypted through a public key of the second device to obtain first encrypted data, and the first encrypted data is sent to the second device, wherein the first spliced character string comprises a first random character string generated by the first device; secondly, receiving second encrypted data sent by the second equipment, wherein the second encrypted data is obtained by encrypting a second spliced character string by the second equipment through a public key of the first equipment, and the second spliced character string comprises a second random character string; thirdly, decrypting the second encrypted data through a private key of the first device to obtain the second random character string; finally, if the second random string is the same as the first random string, authentication of the second device is passed. Therefore, based on the technical scheme of the application, the first equipment authenticates the second equipment, and because the authentication credentials are encrypted based on the asymmetric encryption algorithm and the received data are decrypted based on the asymmetric encryption algorithm, and the user name of the first equipment is not transmitted to the second equipment to serve as the authentication credentials in the authentication process, the hacking attack can be avoided to a certain extent based on the authentication mode of the application, the authentication reliability is further improved, and the security of data communication between the equipment is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application. It is evident that the drawings in the following description are only some embodiments of the present application and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art. In the drawings:
FIG. 1 shows a flow diagram of a device authentication method according to one embodiment of the application;
FIG. 2 shows a flow diagram of a device authentication method according to one embodiment of the application;
FIG. 3 shows an overall flow diagram of a device authentication method according to one embodiment of the application;
FIG. 4 shows a block diagram of a device authentication apparatus according to one embodiment of the application;
FIG. 5 shows a block diagram of a device authentication apparatus according to one embodiment of the application;
fig. 6 shows a schematic structural diagram of a computer system of a vehicle suitable for implementing an embodiment of the application.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the application may be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the application.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and in the above-described figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the objects so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in other sequences than those illustrated or otherwise described.
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
It should be noted that the types of the first device and the second device in the present application may be the same or different, and specifically, the present application is not limited herein.
It should be further noted that the device in the present application may be a vehicle machine, a vehicle-mounted T-BOX in a vehicle, an execution controller in a vehicle, or other intelligent devices. Specifically, the present application is not limited herein.
It should be further noted that, the device authentication method of the present application is suitable for authentication between two devices that need to perform data communication, and in the process of executing the device authentication method, different execution subjects will be involved, and from the perspective of different execution subjects, details of the technical solution of the embodiment of the present application will be described in detail below.
From the perspective of the first device, the following is set forth:
the embodiment provides a device authentication method, wherein the method is executed on a first device.
Referring to fig. 1, a flow diagram of a device authentication method according to one embodiment of the application is shown. Specifically, steps S110 to S140 are included:
s110, in response to an authentication request of a second device, encrypting a first spliced character string through a public key of the second device to obtain first encrypted data, and sending the first encrypted data to the second device, wherein the first spliced character string comprises a first random character string generated by the first device.
It should be noted that, the first device may be a data demander or a data sharing party, and it may be understood that if the first device is a data demander, the corresponding second device is a data sharing party; if a first device is a data sharing party, then a corresponding second device is a data requesting party.
It should be further noted that, the authentication request may be initiated by the cloud end to the first device, or may be initiated by the second device to the first device, or may be initiated by the first device itself. For example, if the first device receives a data request sent by the second device, the first device generates the authentication request by itself, so that the first device actively authenticates the second device; or if the first device sends a data request to the second device, the second device sends the authentication request to the first device after receiving the data request, so that the first device starts to authenticate the second device.
In some implementations, two pairs of public and private keys of RSA2048 may be generated based on PKI, the public key of a pair of public and private keys stored on a first device and the private key stored on a second device; the public key of the other pair of public and private keys is stored in the second device and the private key is stored in the first device. The two pairs of public and private keys can be realized: in the process of authenticating the first device and the second device, the first device may encrypt data to be sent to the second device based on the RSA2048 algorithm and the public key of the second device, or decrypt received data sent by the second device based on the RSA2048 algorithm and the private key of the first device; similarly, the second device may encrypt data to be sent to the first device based on the RSA2048 algorithm and the public key of the first device, or decrypt received data sent by the first device based on the RSA2048 algorithm and its own private key.
In some implementations, the first device may generate the first random string based on a random number generator. The first random string may be a string of set bytes, for example, may be a string of 16 bytes.
In some embodiments, the first splice string further includes a key generated by the first device. The first device may generate a byte-setting key based on the encryptor, or may generate a byte-setting key based on related software, such as a 16-byte key.
In some embodiments, the first device concatenates the key generated by itself with the first random string to obtain the first concatenated string, and encrypts the first concatenated string with the public key of the second device to obtain the first encrypted data.
With continued reference to fig. 1, S120 receives second encrypted data sent by the second device, where the second encrypted data is obtained by encrypting, by the second device, a second concatenation string by using a public key of the first device, where the second concatenation string includes a second random string.
In some embodiments, the second device receives the first encrypted data sent by the first device, decrypts the first encrypted data through its own private key, thereby obtaining a first spliced character string, and then splits the first spliced character string, thereby obtaining a key generated by the first device and a second random character string corresponding to the first random character string.
In some embodiments, the second device may generate the symmetric encryption initialization vector as a third random string, then splice the third random string with a second random string obtained by decrypting the first spliced string to obtain a second spliced string, and encrypt the second spliced string with the public key of the first device to obtain second encrypted data.
In some embodiments, the byte length of the third random string is the same as the byte length of the first random string, such as 16 bytes.
In some embodiments, the third random string generated by the second device and the key generated by the first device may be implemented, where in the authentication process between the first device and the second device, the first device may encrypt data to be sent to the second device based on an AES128-CBC algorithm, the key and the third random string, or decrypt received data sent by the second device based on the AES128-CBC algorithm; similarly, the second device may encrypt data to be transmitted to the first device based on an AES128-CBC algorithm, the key and the third random string, or decrypt received data transmitted by the first device based on an AES128-CBC algorithm.
With continued reference to fig. 1, S130 decrypts the second encrypted data with the private key of the first device to obtain the second random string.
In some embodiments, the specific implementation of step S130 may be performed according to the following steps S131 to S132:
s131, decrypting the second encrypted data through the private key of the first device to obtain the second spliced character string.
S132, acquiring the second random character string from the second spliced character string.
It can be understood that the second spliced character string is obtained by splicing a second random character string obtained by decrypting the first encrypted data by the second device and the generated third random character string, so that if the first device splits the second spliced character string obtained by decrypting, the third random character string and the second random character string can be obtained.
With continued reference to fig. 1, S140, if the second random string is identical to the first random string, authentication of the second device is passed.
It can be understood that if the second random string obtained by decryption by the first device is identical to the first random string generated by the first device, the second device is a legal device, the second device does not tamper with the first encrypted data, the first spliced string obtained by decryption by the second device is identical to the first spliced string generated by the first device itself, the random string obtained by decryption by the second device on the first encrypted data (i.e., the second random string) is identical to the first random string generated by the first device, and the second random string in the second spliced string generated by the second device is identical to the first random string generated by the first device, so that if the second random string obtained by decryption by the first device is identical to the first random string generated by the first device, authentication of the second device is passed.
In some implementations, authentication to the second device is denied if the second random string is not the same as the first random string.
It can be understood that if the second random string is different from the first random string, the second device is an illegal device, and the second device may tamper with the decrypted first spliced string, so that the decrypted second random string is different from the first random string generated by the first device. Therefore, in this case, the first device refuses the authentication to the second device, and the data communication between the first device and the second device can be inhibited, thereby improving the operation security of the first device.
In some embodiments, after step 140, the following steps S150 to S170 may also be performed:
and S150, obtaining a third random character string obtained by decrypting the second encrypted data.
It can be understood that the second spliced character string is obtained by splicing the second random character string obtained by decryption and the generated third random character string by the second device, so that if the first device splits the second spliced character string obtained by decryption, the third random character string obtained by decryption can be obtained.
And S160, encrypting the third random character string through the secret key to obtain third encrypted data.
In some embodiments, the third random string may be encrypted directly by the key to obtain third encrypted data.
In some embodiments, the third random string may be used as a symmetric encryption initialization vector IV, and the third random string may be encrypted by the third random string and the symmetric encryption initialization vector to obtain third encrypted data.
And S170, transmitting the third encrypted data to the second device so that the second device authenticates the first device based on the third encrypted data.
In some embodiments, after step S170, if the second device passes the authentication of the device, then data communication may be performed between the first device and the second device, where the manner of performing data communication includes at least two embodiments as follows.
The first embodiment includes the following steps S180A to S190A:
and S180A, if the second device passes the authentication of the first device, carrying out data communication with the second device.
And S190A, encrypting the data to be sent to the second device by the key or decrypting the received data sent by the second device by the key in the data communication process.
It should be noted that, in step S190, at least two embodiments exist, the first is that, during the data communication process, data to be sent to the second device is directly encrypted by the key, or received data sent by the second device is directly decrypted by the key; and secondly, in the data communication process, encrypting the data to be sent to the second device through the key and the third random string, or decrypting the received data sent by the second device through the key and the third random string.
It can be understood that if the second device passes the authentication of the first device, it indicates that both the first device and the second device are legal devices, and the key generated by the first device and the third random string generated by the second device in the authentication process are both secure data, so that data communication can be performed between the first device and the second device, and the security of data communication between the first device and the second device can be improved by encrypting or decrypting the transmitted data based on the key and the third random string in the data communication process.
The second embodiment includes the following steps S180B to S190B:
and S180B, if the second device passes the authentication of the first device, carrying out data communication with the second device.
And S190B, encrypting the data to be sent to the second equipment through the public key of the second equipment or decrypting the received data sent by the second equipment through the private key of the second equipment in the data communication process.
It can be understood that if the second device passes the authentication of the first device, it indicates that both the first device and the second device are legal devices, and in the data communication process, the transmitted data is encrypted or decrypted by adopting an asymmetric encryption algorithm, so that the security of the transmitted data can be improved compared with the case that the transmitted data is directly transmitted by adopting plaintext.
In the two embodiments of data communication, the first type of symmetric encryption algorithm makes the data communication between the first device and the second device more efficient than the second type of symmetric encryption algorithm.
In step S170, a detailed description of the specific implementation of the second device to authenticate the first device based on the third encrypted data will be described in detail in the following embodiments, which are not described herein.
The device authentication method described above from the perspective of the first device can avoid the first device sending the user name of the first device to the second device, and the authentication credentials are encrypted based on the asymmetric encryption algorithm, and the splicing technology is adopted, so that the reliability of the first device for authenticating the second device can be greatly improved, and the operation safety of the first device is further improved.
From the perspective of the second device:
the embodiment provides a device authentication method, wherein the method is executed on a second device.
Referring to fig. 2, a flow chart of a device authentication method according to an embodiment of the present application is shown, specifically including steps S100 to S400:
s100, receiving first encrypted data sent by first equipment, wherein the first encrypted data is obtained by encrypting a first spliced character string by the first equipment through a public key of second equipment, and the first spliced character string comprises a first random character string generated by the first equipment.
In this embodiment, the first encrypted data received by the second device is obtained by the first device by executing the foregoing step S110.
And S200, decrypting the first encrypted data through the private key of the second device to obtain a second random string.
In some embodiments, the specific implementation of step S200 may be performed according to the following steps S201 to S202:
s201, decrypting the first encrypted data through the private key of the second device to obtain the first spliced character string.
S202, acquiring the second random character string from the first spliced character string.
In some embodiments, the first spliced string is obtained by splicing the first device with the first random string and the key generated by the first device, so that after the second device receives the first encrypted data, the second device decrypts the first encrypted data through the private key of the second device to obtain the first spliced string, and then splits the first spliced string to obtain the key and the second random string corresponding to the first random string.
With continued reference to fig. 2, S300 generates a second concatenation string based on the second random string, and encrypts the second concatenation string with the public key of the first device to obtain second encrypted data.
In some embodiments, the specific embodiment of generating the second concatenation string based on the second random string may be performed according to the following steps S301 to S302:
S301, generating a third random string;
and S302, splicing the third random string and the second random string obtained by decrypting the first encrypted data to obtain a second spliced string.
It should be noted that the third random string generated by the second device may be a symmetric encryption initialization vector IV.
With continued reference to fig. 2, S400 sends the second encrypted data to the first device to cause the first device to authenticate the second device based on the second encrypted data.
In some embodiments, the specific embodiment of authenticating the second device by the first device in step S400 based on the first encrypted data may refer to steps S120 to S140, and the disclosure is not repeated here.
In some embodiments, after the first device successfully authenticates the second device, the device authentication method of the present application further includes the following steps S500 to S700:
s500, receiving third encrypted data sent by the first device, wherein the third encrypted data is obtained by encrypting the third random string by the first device based on the secret key.
In some embodiments, the third encrypted data received by the second device is obtained by the first device performing the foregoing steps S150 to S170.
And S600, decrypting the third encrypted data through the key to obtain a fourth random string.
It should be noted that, the manner in which the second device decrypts the third encrypted data corresponds to the manner in which the first device encrypts the third random string. Similarly, in the present application, the manner in which the first device or the second device decrypts the received data corresponds to the manner in which the other device encrypts the transmitted data.
Illustratively, if the first device uses the third random string as a symmetric encryption initialization vector, encrypts the third random string based on the AES128-CBC algorithm by using a key generated by itself and the symmetric encryption initialization vector, and the second device decrypts the received third encrypted data based on the key and the third random string based on the AES128-CBC algorithm, thereby obtaining a fourth random string corresponding to the third random string.
S700, if the third random string is identical to the fourth random string, passing authentication of the first device.
It can be understood that if the fourth random string decrypted by the second device is the same as the third random string generated by the second device, it indicates that the first device does not have a tampering action on the third random string in the process of decrypting the second encrypted data and obtaining the third random string, so that the second device can consider the first device as a legal device and can perform data communication with the first device.
In some implementations, authentication to the first device is denied if the third random string is not the same as the fourth random string.
It can be understood that if the third random string is different from the fourth random string, it is indicated that the first device may tamper with the decrypted second spliced string, so that the third random string decrypted by the first device is different from the third random string generated by the second device. Therefore, in this case, the first device may be an illegal device, and the second device refuses to authenticate the first device, so that data communication between the first device and the second device can be inhibited, thereby improving operation security of the second device.
In some embodiments, after step S700, data communication may be performed between the first device and the second device, where the manner of performing data communication includes at least two embodiments as follows.
The first embodiment includes the following steps S800A to S900A:
S800A, data communication is performed with the first device.
And S900A, encrypting the data to be sent to the first equipment through the key or decrypting the received data sent by the first equipment through the key in the data communication process.
In step S900B, there are at least two embodiments, the first is that, during the data communication process, data to be sent to the first device is directly encrypted by the key, or received data sent by the first device is directly decrypted by the key; and secondly, in the data communication process, encrypting the data to be sent to the first device through the key and the third random string, or decrypting the received data sent by the first device through the key and the third random string.
It will be appreciated that the first embodiment corresponds to the first embodiment described above in which the first device performs during data communication.
A second embodiment includes the following steps S800B to S900B:
S800B, data communication with the first device.
And S900B, encrypting the data to be sent to the first equipment through the public key of the first equipment in the data communication process, or decrypting the received data sent by the first equipment based on the private key of the first equipment.
It will be appreciated that the second embodiment corresponds to the second embodiment described above for the first device to perform during data communication.
From an overall perspective, we describe:
the device authentication method according to some embodiments of the present application will be described in detail below with reference to fig. 3.
Referring to fig. 3, an overall flow diagram of a device authentication method according to one embodiment of the application is shown.
When there is an authentication request of the first device to the second device, the authentication of the first device and the second device is started as follows.
Step 1, a first device generates a key and a first random string.
And step 2, the first equipment splices the secret key and the first random character string to obtain a first spliced character string.
And 3, the first device encrypts the first spliced character string through the public key of the second device to obtain first encrypted data.
And step 4, the first device sends the first encrypted data to the second device.
And step 5, after the second device receives the first encrypted data, decrypting the first encryption through the private key of the second device to obtain a first spliced character string.
And 6, splitting the first spliced character string by the second equipment to obtain a secret key and a second random character string.
And 7, the second equipment splices the second random character string and the third random character string generated by the second equipment to obtain a second spliced character string.
And 8, encrypting the second spliced character string by the second device through the public key of the first device to obtain second encrypted data.
Step 9, the second device sends the second encrypted data to the first device.
And step 10, after the first device receives the second encrypted data, the first device decrypts the second encrypted data through the private key of the first device to obtain a second spliced character string.
And step 11, the first equipment splits the second spliced character string to obtain a third random character string and a second random character string.
Step 12, if the second random string is identical to the first random string, the first device passes authentication of the second device.
And step 13, the first device encrypts the third random string through the key to obtain third encrypted data.
The first device sends the third encrypted data to the second device, step 14.
And step 15, after the second device receives the third encrypted data, decrypting the third encrypted data through the key to obtain a fourth random string.
Step 16, if the third random string and the fourth random string are identical, the second device passes the authentication of the first device.
In step 17, the first device and the second device perform data communication based on the key in the process of performing data communication.
In the technical solutions provided in some embodiments of the present application, in a process that a first device authenticates a second device, first, in response to an authentication request for the second device, a first concatenation string is encrypted by a public key of the second device to obtain first encrypted data, and the first encrypted data is sent to the second device, where the first concatenation string includes a first random string generated by the first device; secondly, receiving second encrypted data sent by the second equipment, wherein the second encrypted data is obtained by encrypting a second spliced character string by the second equipment through a public key of the first equipment, and the second spliced character string comprises a second random character string; thirdly, decrypting the second encrypted data through a private key of the first device to obtain the second random character string; finally, if the second random string is the same as the first random string, authentication of the second device is passed. Therefore, based on the technical scheme of the application, the first equipment authenticates the second equipment, and because the authentication credentials are encrypted based on the asymmetric encryption algorithm and the received data are decrypted based on the asymmetric encryption algorithm, and the user name of the first equipment is not transmitted to the second equipment to serve as the authentication credentials in the authentication process, the hacking attack can be avoided to a certain extent based on the authentication mode of the application, the authentication reliability is further improved, and the security of data communication between the equipment is improved.
Based on the same inventive concept, an embodiment of the present application provides a device authentication apparatus, which may be used to perform the device authentication method in the above embodiment of the present application. For details not disclosed in the embodiments of the present application, please refer to the embodiment of the device authentication method described above.
Referring to fig. 4, a block diagram of a device authentication apparatus according to one embodiment of the present application is shown.
As shown in fig. 4, a device authentication apparatus 400 according to an embodiment of the present application includes: a first encryption unit 401, a first receiving unit 402, a first decryption unit 403, and an authentication unit 404.
The first encryption unit 401 is configured to encrypt, in response to an authentication request for a second device, a first concatenation string with a public key of the second device to obtain first encrypted data, and send the first encrypted data to the second device, where the first concatenation string includes a first random string generated by the first device; the first receiving unit 402 is configured to receive second encrypted data sent by the second device, where the second encrypted data is obtained by encrypting, by the second device, a second concatenation string through a public key of the first device, where the second concatenation string includes a second random string; the first decryption unit 403 is configured to decrypt the second encrypted data by using a private key of the first device, to obtain the second random string; the authentication unit 404 is configured to pass authentication of the second device if the second random string is identical to the first random string.
In some embodiments of the present application, based on the foregoing scheme, the authentication unit 404 is further configured to: and if the second random string is not identical to the first random string, refusing authentication of the second equipment.
In some embodiments of the present application, based on the foregoing scheme, the first decryption unit 403 is further configured to: decrypting the second encrypted data through the private key of the first device to obtain the second spliced character string; and acquiring the second random character string from the second spliced character string.
In some embodiments of the present application, based on the foregoing solution, the first concatenation string further includes a key generated by the first device, the second concatenation string further includes a third random string generated by the second device, and the authentication unit 404 is further configured to: after passing the authentication of the second device, obtaining a third random string obtained by decrypting the second encrypted data; encrypting the third random string by the key to obtain third encrypted data; and transmitting the third encrypted data to the second device so that the second device authenticates the first device based on the third encrypted data.
In some embodiments of the present application, based on the foregoing, the device authentication apparatus further includes a communication unit configured to perform data communication with the second device if the second device passes authentication of the first device; and in the data communication process, encrypting the data to be sent to the second device by the key, or decrypting the received data sent by the second device by the key.
Based on the same inventive concept, the embodiment of the present application also provides an apparatus authentication device, which may be used to execute the apparatus authentication method in the above embodiment of the present application. For details not disclosed in the embodiments of the present application, please refer to the embodiment of the device authentication method described above.
Referring to fig. 5, a block diagram of a device authentication apparatus according to one embodiment of the present application is shown.
As shown in fig. 5, a device authentication apparatus 500 according to an embodiment of the present application includes: a second receiving unit 501, a second decrypting unit 502, a second encrypting unit 503, and a transmitting unit 504.
The second receiving unit 501 is configured to receive first encrypted data sent by a first device, where the first encrypted data is obtained by encrypting, by the first device, a first concatenation string by using a public key of the second device, where the first concatenation string includes a first random string generated by the first device; the second decryption unit 502 is configured to decrypt the first encrypted data by using the private key of the second device, to obtain a second random string; the second encryption unit 503 is configured to generate a second concatenation string based on the second random string, and encrypt the second concatenation string with the public key of the first device to obtain second encrypted data; the sending unit 504 is configured to send the second encrypted data to the first device, so that the first device authenticates the second device based on the second encrypted data.
In some embodiments of the present application, based on the foregoing scheme, the second decryption unit 502 is further configured to: decrypting the first encrypted data through the private key of the second device to obtain the first spliced character string; and acquiring the second random character string from the first spliced character string.
In some embodiments of the present application, based on the foregoing solution, the first concatenation string further includes a key generated by the first device, the second concatenation string further includes a third random string generated by the second device, and the sending unit 504 is further configured to: after the first device successfully authenticates the second device, receiving third encrypted data sent by the first device, wherein the third encrypted data is obtained by encrypting the third random character string by the first device based on the secret key; decrypting the third encrypted data through the key to obtain a fourth random string; if the third random string is the same as the fourth random string, passing authentication of the first device.
In some embodiments of the present application, based on the foregoing scheme, the sending unit 504 is further configured to: and if the third random string is not identical to the fourth random string, refusing authentication of the first equipment.
Based on the same inventive concept, embodiments of the present application also provide a computer-readable storage medium having stored therein at least one computer program instruction that is loaded and executed by a processor to implement the operations performed by the method as described above.
Based on the same inventive concept, the embodiment of the application also provides a vehicle.
Fig. 6 shows a schematic structural diagram of a computer system of a vehicle suitable for implementing an embodiment of the application.
It should be noted that, the computer system 600 of the vehicle shown in fig. 6 is only an example, and should not impose any limitation on the functions and the application scope of the embodiments of the present application.
As shown in fig. 6, the computer system 600 includes a central processing unit (Central Processing Unit, CPU) 601, which can perform various appropriate actions and processes according to a program stored in a Read-Only Memory (ROM) 602 or a program loaded from a storage section 608 into a random access Memory (Random Access Memory, RAM) 603, for example, performing the method described in the above embodiment. In the RAM 603, various programs and data required for system operation are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other through a bus 604. An Input/Output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, mouse, etc.; an output portion 607 including a Cathode Ray Tube (CRT), a liquid crystal display (Liquid Crystal Display, LCD), and a speaker, etc.; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN (Local Area Network ) card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The drive 610 is also connected to the I/O interface 605 as needed. Removable media 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on drive 610 so that a computer program read therefrom is installed as needed into storage section 608.
In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 609, and/or installed from the removable medium 611. When executed by a Central Processing Unit (CPU) 601, performs the various functions defined in the system of the present application.
It should be noted that, the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-Only Memory (ROM), an erasable programmable read-Only Memory (Erasable Programmable Read Only Memory, EPROM), flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Where each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments of the present application may be implemented by software, or may be implemented by hardware, and the described units may also be provided in a processor. Wherein the names of the units do not constitute a limitation of the units themselves in some cases.
As another aspect, the present application also provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The computer instructions are read from a computer-readable storage medium by a processor of a computer device, the computer instructions being executed by the processor to cause the computer device to perform the method provided in the first aspect or various alternative implementations of the first aspect.
As another aspect, the present application also provides a computer-readable medium that may be contained in the vehicle described in the above embodiment; or may be present alone without being fitted into the vehicle. The computer readable medium carries one or more programs which, when executed by a vehicle, cause the vehicle to implement the method described in the above embodiments.
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functions of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the application. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a touch terminal, or a network device, etc.) to perform the method according to the embodiments of the present application.
Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the embodiments disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains.
It is to be understood that the application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Claims (10)
1. A method of device authentication, the method performed at a first device, the method comprising:
in response to an authentication request for a second device, encrypting a first spliced character string through a public key of the second device to obtain first encrypted data, and sending the first encrypted data to the second device, wherein the first spliced character string comprises a first random character string generated by the first device;
receiving second encrypted data sent by the second device, wherein the second encrypted data is obtained by encrypting a second spliced character string by the second device through a public key of the first device, and the second spliced character string comprises a second random character string;
decrypting the second encrypted data through the private key of the first device to obtain the second random string;
if the second random string is the same as the first random string, authentication of the second device is passed.
2. The method according to claim 1, wherein the method further comprises:
and if the second random string is not identical to the first random string, refusing authentication of the second equipment.
3. The method of claim 1, wherein decrypting the second encrypted data with the private key of the first device results in the second random string, comprising:
decrypting the second encrypted data through the private key of the first device to obtain the second spliced character string;
and acquiring the second random character string from the second spliced character string.
4. The method of claim 1, wherein the first splice string further comprises a key generated by the first device, the second splice string further comprises a third random string generated by the second device, and after passing the authentication of the second device, the method further comprises:
acquiring a third random string obtained by decrypting the second encrypted data;
encrypting the third random string by the key to obtain third encrypted data;
and transmitting the third encrypted data to the second device so that the second device authenticates the first device based on the third encrypted data.
5. The method according to claim 4, wherein the method further comprises:
If the second device passes the authentication of the first device, data communication is carried out with the second device;
and in the data communication process, encrypting the data to be sent to the second device by the key, or decrypting the received data sent by the second device by the key.
6. A method of device authentication, the method performed on a second device, the method comprising:
receiving first encrypted data sent by first equipment, wherein the first encrypted data is obtained by encrypting a first spliced character string by the first equipment through a public key of second equipment, and the first spliced character string comprises a first random character string generated by the first equipment;
decrypting the first encrypted data through the private key of the second device to obtain a second random string;
generating a second spliced character string based on the second random character string, and encrypting the second spliced character string through the public key of the first device to obtain second encrypted data;
and transmitting the second encrypted data to the first device so that the first device authenticates the second device based on the second encrypted data.
7. The method of claim 6, wherein decrypting the first encrypted data with the private key of the second device results in a second random string, comprising:
decrypting the first encrypted data through the private key of the second device to obtain the first spliced character string;
and acquiring the second random character string from the first spliced character string.
8. The method of claim 6, wherein the first concatenated string further comprises a key generated by the first device, the second concatenated string further comprises a third random string generated by the second device, and wherein after the first device successfully authenticates the second device, the method further comprises:
receiving third encrypted data sent by the first device, wherein the third encrypted data is obtained by encrypting the third random string by the first device based on the key;
decrypting the third encrypted data through the key to obtain a fourth random string;
if the third random string is the same as the fourth random string, passing authentication of the first device.
9. The method of claim 7, wherein the method further comprises:
and if the third random string is not identical to the fourth random string, refusing authentication of the first equipment.
10. A vehicle comprising one or more processors and one or more memories having stored therein at least one program code loaded and executed by the one or more processors to implement the method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311168830.0A CN117220941A (en) | 2023-09-08 | 2023-09-08 | Equipment authentication method and vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311168830.0A CN117220941A (en) | 2023-09-08 | 2023-09-08 | Equipment authentication method and vehicle |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117220941A true CN117220941A (en) | 2023-12-12 |
Family
ID=89034720
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311168830.0A Pending CN117220941A (en) | 2023-09-08 | 2023-09-08 | Equipment authentication method and vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117220941A (en) |
-
2023
- 2023-09-08 CN CN202311168830.0A patent/CN117220941A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108566381A (en) | A kind of security upgrading method, device, server, equipment and medium | |
| CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
| CN108718233B (en) | Encryption method, computer equipment and storage medium | |
| US11811939B2 (en) | Advanced crypto token authentication | |
| CN112055019B (en) | Method for establishing communication channel and user terminal | |
| WO2015158172A1 (en) | User identity identification card | |
| CN113674456B (en) | Unlocking method, unlocking device, electronic equipment and storage medium | |
| CN112003697B (en) | Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium | |
| CN110838919B (en) | Communication method, storage method, operation method and device | |
| CN111654503A (en) | Remote control method, device, equipment and storage medium | |
| CN114037447A (en) | Method and device for off-line transaction | |
| CN117061105A (en) | Data processing method and device, readable medium and electronic equipment | |
| CN116244750A (en) | Secret-related information maintenance method, device, equipment and storage medium | |
| US20240113898A1 (en) | Secure Module and Method for App-to-App Mutual Trust Through App-Based Identity | |
| CN109697603A (en) | Guard method, device, equipment and the medium of E-seal | |
| CN114584355A (en) | Security authentication method, device and system for digital currency transaction | |
| CN114282254A (en) | Encryption and decryption method and device, and electronic equipment | |
| CN117220941A (en) | Equipment authentication method and vehicle | |
| CN110619236A (en) | File authorization access method, device and system based on file credential information | |
| CN114915487B (en) | Terminal authentication method, system, device, equipment and storage medium | |
| CN103888259A (en) | User identity recognition card | |
| CN115361168B (en) | Data encryption method, device, equipment and medium | |
| CN112926076B (en) | Data processing method, device and system | |
| CN113194090B (en) | Authentication method, authentication device, terminal device and computer readable storage medium | |
| CN113364762B (en) | Login authentication method, system, equipment and storage medium based on hybrid encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |