CN117478343A - Authentication method and device, equipment and computer readable storage medium - Google Patents
Authentication method and device, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN117478343A CN117478343A CN202210860039.5A CN202210860039A CN117478343A CN 117478343 A CN117478343 A CN 117478343A CN 202210860039 A CN202210860039 A CN 202210860039A CN 117478343 A CN117478343 A CN 117478343A
- Authority
- CN
- China
- Prior art keywords
- party
- authentication
- identifier
- authentication request
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 78
- 238000001514 detection method Methods 0.000 claims abstract description 138
- 230000004044 response Effects 0.000 claims abstract description 60
- 238000013475 authorization Methods 0.000 claims description 76
- 239000000523 sample Substances 0.000 claims description 72
- 238000004364 calculation method Methods 0.000 claims description 13
- 230000015654 memory Effects 0.000 claims description 11
- 238000010586 diagram Methods 0.000 description 16
- 238000004590 computer program Methods 0.000 description 15
- 238000004891 communication Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 5
- 239000004973 liquid crystal related substance Substances 0.000 description 4
- 239000004065 semiconductor Substances 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- VEMKTZHHVJILDY-UHFFFAOYSA-N resmethrin Chemical compound CC1(C)C(C=C(C)C)C1C(=O)OCC1=COC(CC=2C=CC=CC=2)=C1 VEMKTZHHVJILDY-UHFFFAOYSA-N 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the application discloses an authentication method, an authentication device, authentication equipment and a computer readable storage medium. The authentication method detects whether the detection party receives the detection message sent by the detection party in response to the authentication request, and if the detection message is not received, the authentication request is not successfully sent to the detection party. When receiving the detection message, the detection party also needs to detect whether the first identifier obtained by calculating the detection party according to the local area network address and the designated key carried in the authentication request is matched with the second identifier obtained by calculating the authentication party according to the local area network address and the designated key, if the first identifier and the second identifier are matched, the authentication request is determined to be successfully sent to the detection party, and if the first identifier and the second identifier are not matched, the authentication request is determined to be failed to be sent to the detection party, so that whether the authentication request is successfully sent to the detection party is conveniently and accurately determined, and the authentication party passes the authentication.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to an authentication method, an authentication device, an authentication apparatus, and a computer readable storage medium.
Background
After the authentication party sends the authentication request, it cannot know whether the authentication request is sent successfully, and the prior art generally detects whether the probe party receives the authentication request, so as to determine whether the authentication party sends the authentication request successfully.
In addition, there are cases where the fake authentication request is sent to the probe by the fake authentication party, so that the fake authentication request received by the probe is mistakenly considered to be the authentication request sent by the authentication party, and thus false authentication occurs.
Disclosure of Invention
To solve the above technical problems, embodiments of the present application provide an authentication method, an apparatus, a device, and a computer-readable storage medium, respectively, to determine whether an authentication request is successfully sent to a probe, so that the authentication party passes authentication.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned in part by the practice of the application.
According to an aspect of the embodiments of the present application, there is provided an authentication method, applied to an authenticator, including: detecting whether a detection message sent by the detecting party for responding to the authentication request is received or not; the detection message is generated by the detection party according to a first identifier obtained by calculating the local area network address and the designated key; if the detection message is received, a first identifier is obtained from the detection message, a second identifier is matched with the first identifier, and if the second identifier is matched with the first identifier, an authentication request is determined to be successfully sent to the detection party; the second identifier is obtained by the authentication party through calculation according to the local area network address of the authentication party and the designated key; if the detection message is not received, determining that the authentication request fails to be sent to the detection party.
According to an aspect of the embodiments of the present application, there is provided another authentication method applied to a probe, including: receiving an authentication request sent by an authentication party; wherein, the authentication request carries a local area network address; calculating to obtain a first identifier according to the local area network address and the designated key, and generating a detection message according to the first identifier; the detection message is sent to the authentication party, so that the authentication party determines whether an authentication request is successfully sent to the detection party according to a first identifier and a second identifier in the detection message; the second identifier is obtained by the authentication party through calculation according to the local area network address of the authentication party and the designated key.
According to an aspect of the embodiments of the present application, there is provided another authentication method, including: if the authentication request is detected to be sent to the detecting party of the authentication direction, a second identifier obtained by the authentication party according to the designated secret key and the local area network address of the authentication party is obtained; if the detection party is detected to send a detection message, a first identifier obtained by calculating the detection party according to the designated key and the local area network address carried in the received authentication request is obtained from the detection message; detecting whether the first identifier is matched with the second identifier; and if the first identifier is matched with the second identifier, determining that the authentication request is successfully sent to the detecting party by the authentication party.
According to an aspect of an embodiment of the present application, there is provided an authentication apparatus applied to an authenticator, including: an authentication request transmitting module configured to transmit an authentication request to a probe; wherein, the authentication request carries a local area network address; the detection message detection module is configured to detect whether a detection message sent by the detection party in response to the authentication request is received or not; the detection message is generated by the detection party according to a first identifier obtained by calculating the local area network address and the designated key; the authentication request sending success module is configured to acquire a first identifier from the detection message if the detection message is received, match a second identifier with the first identifier, and determine that the authentication request is successfully sent to the detection party if the second identifier is matched with the first identifier; the second identifier is obtained by the authentication party through calculation according to the local area network address of the authentication party and the designated key; and the authentication request sending failure module is configured to determine that the authentication request is failed to be sent to the probe party if the probe message is not received.
In another exemplary embodiment, the authentication request transmission success module includes: the second identifier generating unit is configured to acquire the local area network address of the second identifier and the appointed key, and calculate the second identifier according to the local area network address of the second identifier and the appointed key; and the identification matching unit is configured to match the second identification with the first identification.
In another exemplary embodiment, the authentication apparatus further includes: the response message receiving module is configured to receive a response message sent by an encryption party, wherein the response message is a message which is generated by the encryption party according to the authentication request and carries an encryption key; the service authorization request encryption module is configured to generate a service authorization request based on the response message, encrypt the service authorization request according to the encryption key and obtain an encrypted service authorization request; and the service authorization request sending module is configured to send the encrypted service authorization request to an authorized party so that the authorized party obtains a decryption key from the encrypted party to decrypt the encrypted service authorization request, and the decryption key is matched with the encryption key.
According to an aspect of the embodiments of the present application, there is provided another authentication apparatus applied to a probe, including: an authentication request receiving module configured to receive an authentication request sent by an authenticator; wherein, the authentication request carries a local area network address; the detection message generation module is configured to calculate a first identifier according to the local area network address and the designated key, and generate a detection message according to the first identifier; the detection message sending module is configured to send the detection message to the authenticator so that the authenticator can determine whether an authentication request is successfully sent to the detector according to a first identifier and a second identifier in the detection message; the second identifier is obtained by the authentication party through calculation according to the local area network address of the authentication party and the designated key.
In another exemplary embodiment, the authentication apparatus further includes: and the authentication request forwarding module is configured to send the authentication request to an encrypting party, so that the encrypting party generates a response message carrying an encryption key according to the authentication request and sends the response message to the authenticating party.
According to an aspect of the embodiments of the present application, there is provided another authentication apparatus including: the second identifier generating module is configured to acquire a second identifier calculated by the authentication party according to the designated key and the local area network address of the authentication party if the authentication party is detected to send an authentication request to the detection party; the first identifier generating module is configured to acquire a first identifier calculated by the detecting party according to the designated key and a local area network address carried in the received authentication request from the detecting message if the detecting party sends the detecting message; an identity matching module configured to detect whether the first identity matches the second identity; and the determining module is configured to determine that the authentication party successfully sends the authentication request to the detecting party if the first identifier is matched with the second identifier.
In another exemplary embodiment, the authentication apparatus further includes: the detection module is configured to detect whether the detecting party sends the authentication request to the encrypting party or not and whether the authenticating party receives a response message which is sent by the encrypting party in response to the authentication request and carries an encryption key or not; and the control module is configured to control the authentication party to generate a service authorization request according to the response message and encrypt the service authorization request according to the encryption key if the detection party sends the authentication request to the encryption party and the authentication party receives the response message, obtain the encrypted service authorization request and send the encrypted service authorization request.
According to an aspect of an embodiment of the present application, there is provided an electronic device including: a controller; and a memory for storing one or more programs which, when executed by the controller, perform the authentication method described above.
According to an aspect of the embodiments of the present application, there is also provided a computer-readable storage medium having stored thereon computer-readable instructions, which when executed by a processor of a computer, cause the computer to perform the above-described authentication method.
According to an aspect of embodiments of the present application, there is also provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions so that the computer device performs the authentication method described above.
In the technical scheme provided by the embodiment of the application, whether the detection party receives the detection message sent by the detection party for responding to the authentication request is detected, and if the detection message is not received, the authentication request is not successfully sent to the detection party is indicated. Meanwhile, it is also necessary to detect whether the first identifier calculated by the detecting party according to the local area network address and the designated key carried in the authentication request is matched with the second identifier calculated by the authenticating party according to the local area network address and the designated key of the detecting party, because the local area network address of the pseudo-authenticating party is different from the local area network address of the authenticating party, the second identifier generated by the detecting party according to the local area network address and the designated key in the authentication request sent by the pseudo-authenticating party cannot be matched with the first identifier, that is, the detecting message is not a message generated by responding to the authentication request sent by the authenticating party, thereby determining that the authentication request is not successfully sent to the detecting party, avoiding the interference of the pseudo-authenticating party on the authentication result, and conveniently and accurately determining whether the authentication request is successfully sent to the detecting party, so that the authenticating party passes authentication.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application. It is apparent that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art. In the drawings:
FIG. 1 is a flow chart of an authentication method according to an exemplary embodiment of the present application;
FIG. 2 is a flow chart of another authentication method shown based on the embodiment shown in FIG. 1;
FIG. 3 is a flow chart of another authentication method proposed based on the embodiment shown in FIG. 1;
FIG. 4 is a schematic view of an environment in which the authentication method shown in the embodiment of FIGS. 1-3 is implemented;
FIG. 5 is a flow chart of an authentication method according to an exemplary embodiment of the present application;
FIG. 6 is a schematic diagram of an implementation environment of the authentication method shown in the embodiment of FIG. 5;
FIG. 7 is a flow chart of an authentication method according to an exemplary embodiment of the present application;
FIG. 8 is a flow chart of another authentication method proposed based on the embodiment shown in FIG. 7;
FIG. 9 is a schematic view of an implementation environment of the authentication method shown in the embodiment of FIGS. 7-8;
fig. 10 is an application scenario schematic diagram of an authentication method in the embodiment shown in the present application;
fig. 11 is a schematic structural view of an authentication apparatus according to an exemplary embodiment of the present application;
fig. 12 is a schematic structural view of another authentication apparatus shown in an exemplary embodiment of the present application;
fig. 13 is a schematic structural view of another authentication apparatus shown in an exemplary embodiment of the present application;
fig. 14 is a schematic structural diagram of a computer system of an electronic device according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
Reference to "a plurality" in this application means two or more than two. "and/or" describes an association relationship of an association object, meaning that there may be three relationships, e.g., a and/or B may represent: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
Referring first to fig. 1, fig. 1 is a flowchart illustrating an authentication method according to an exemplary embodiment of the present application. As shown in fig. 1, the method is applied to an authenticator, and at least includes S110 to S140, and is described in detail as follows:
S110: sending an authentication request to a detecting party; wherein, the authentication request carries the local area network address.
The authenticator sends an authentication request carrying the lan address to the probe, in the process, the authentication request may be intercepted by a fake authenticator, so that the authentication request is not sent successfully.
The fake certification party is a party disguised as a real certification party, a complete fake mobile internet is built through an open source mobile internet platform and a smart phone, and a fake mobile internet core network part is connected into the real mobile internet by using a hot spot opened by a user mobile phone, so that the fake certification party is disguised as the real certification party.
The lan address is a MAC address (Media Access Control Address, medium access control address) which is 48 bits (6 bytes) in length, typically expressed as 12 16 digits, such as: 00-16-EA-AE-3C-40 is a MAC address, wherein the first 3 bytes, 16-ary number 00-16-EA represents the number of the manufacturer of network hardware, which is allocated by IEEE (Institute of Electrical and Electronics Engineers ), and the last 3 bytes, 16-ary number AE-3C-40 represents the serial number of a certain network product (such as a network card) manufactured by the manufacturer. The MAC address is just like an identity card number on an identity card, and has uniqueness.
The authentication request further includes related information of the sender sending the authentication request and related requests, which are not limited to carrying only the local area network address, but also other related information.
S120: detecting whether a detection message sent by a detection party for responding to an authentication request is received or not; the detection message is generated by a detection party according to a first identifier obtained by calculating a local area network address and a designated key.
The detecting party extracts the encrypted word string of the MAC address in the authentication request, and generates a first identifier with a designated key shared by the authentication party and the detecting party, namely the detecting party calculates the first identifier according to the local area network address and the designated key, so that the detecting message carries the first identifier.
S130: if the detection message is received, a first identifier is obtained from the detection message, a second identifier is matched with the first identifier, and if the second identifier is matched with the first identifier, an authentication request is determined to be successfully sent to a detection party; the second identifier is obtained by the authentication party through calculation according to the local area network address and the designated key.
The second identifier is an identifier generated by the authenticator based on the encrypted string of the own MAC address and a designated key shared by the authenticator and the probe. If the first identifier and the second identifier are successfully matched, the detection message is a message generated by the detection party in response to receiving the authentication request sent by the authentication party, so that the authentication party is determined to successfully send the authentication request to the detection party.
S140: if the detection message is not received, determining that the authentication request is failed to be sent to the detection party.
And the detecting party receives the authentication request and generates a detection message for responding to the authentication request. If the authentication party does not receive the detection message sent by the detection party, the detection party is not receiving the authentication request, and the detection party cannot generate the detection message for responding to the authentication request, so that failure of sending the authentication request to the detection party is determined.
In this embodiment, whether the probe is received is detected as a probe message sent by responding to the authentication request, and if the probe message is not received, it is indicated that the authentication request is not successfully sent to the probe. Meanwhile, it is also necessary to detect whether the first identifier calculated by the detecting party according to the local area network address and the designated key carried in the authentication request is matched with the second identifier calculated by the authenticating party according to the local area network address and the designated key of the detecting party, because the local area network address of the pseudo-authenticating party is different from the local area network address of the authenticating party, the second identifier generated by the detecting party according to the local area network address and the designated key in the authentication request sent by the pseudo-authenticating party cannot be matched with the first identifier, that is, the detecting message is not a message generated by responding to the authentication request sent by the authenticating party, thereby determining that the authentication request is not successfully sent to the detecting party, avoiding the interference of the pseudo-authenticating party on the authentication result, and conveniently and accurately determining whether the authentication request is successfully sent to the detecting party, so that the authenticating party passes authentication.
Referring to fig. 2, fig. 2 is a flowchart of another authentication method based on the embodiment shown in fig. 1. Based on S130 shown in fig. 1, this step further includes at least S210 to S220, which are described in detail as follows:
s210: and acquiring the local area network address and the designated key of the user, and calculating to obtain the second identifier according to the local area network address and the designated key of the user.
The authenticator obtains the encrypted string of the MAC address of the authenticator and the identifier generated by the designated key shared by the authenticator and the probe, and generates a second identifier according to the encrypted string of the MAC address and the designated key.
S220: the second identifier is matched with the first identifier.
And matching the second identifier with the first identifier in the detection message, and judging whether the authentication request is successfully sent to the detection party according to a matching result.
The embodiment further illustrates how the second identifier is obtained, that is, the authentication party generates the second identifier according to the local area network address of the authentication party and the designated key shared by the authentication party and the detection party, and accurately determines whether the authentication request is successfully sent to the detection party according to the matching result of the first identifier and the second identifier.
Referring to fig. 3, fig. 3 is a flowchart of another authentication method according to the embodiment shown in fig. 1. The method further includes S310 to S330, described in detail below:
S310: and receiving a response message sent by the encryption party, wherein the response message is a message which is generated by the encryption party according to the authentication request and carries an encryption key.
After receiving the authentication request, the probe transmits the authentication request to the encryption party, so that the encryption party generates a message carrying an encryption key according to the authentication request, and transmits the response message carrying the encryption key to the authentication party.
S320: based on the response message, generating a service authorization request, and encrypting the service authorization request according to the encryption key to obtain the encrypted service authorization request.
After the authentication party successfully receives the response message, generating a service authorization request related to the response message, extracting a carried encryption key from the response message, and encrypting the generated service authorization request by utilizing the encryption key to obtain an encrypted service authorization request.
S330: and sending the encrypted service authorization request to an authorizing party so that the authorizing party obtains a decryption key from the encrypting party to decrypt the encrypted service authorization request, wherein the decryption key is matched with the encryption key.
After receiving the encrypted service authorization request sent by the authentication party, the authorization party identifies the encryption key of the encrypted service authorization request, then the authorization party obtains a decryption key matched with the encryption key from the encryption party, decrypts the encrypted service authorization request according to the decryption key, and accordingly authorizes the service requested in the decrypted service authorization request, and returns the authorization right to the authentication party to open related services.
The embodiment further illustrates how the authentication party applies for service authorization after determining that the authentication request is successfully sent to the probe party, and illustrates the relevance among the service authorization request, the authentication request and the response message, so as to accurately obtain the service authority granted by the authorization party.
Fig. 4 is a schematic view of an implementation environment of the authentication method shown in the embodiment of fig. 1 to 3. Wherein the authenticator 100, the probe 200, the encryptor 300 and the authorizer 400 are connected through a network, and the server 500 performs the authentication of the authenticator 100 as a method. In addition, the authentication method described above may be specifically performed by the server 500 in the implementation environment shown in fig. 4. Of course, the method may also be applied to other implementation environments and executed by a server device in other implementation environments, which is not limited by the present embodiment.
The server 500 detects whether a probe message sent by the probe 200 in response to the authentication request is received; wherein, the detection message is generated by the detection party 200 according to the local area network address and the first identifier obtained by the designated key calculation; if the authentication party 100 receives the detection message, a first identifier is obtained from the detection message, a second identifier is matched with the first identifier, and if the second identifier is matched with the first identifier, the authentication request is determined to be successfully sent to the detection party 200; wherein the second identifier is calculated by the authenticator 100 according to the local area network address and the designated key thereof; if the authenticator 100 does not receive the probe message, it is determined that the authentication request fails to be sent to the probe 200.
The authenticator 100 includes, but is not limited to, a mobile phone, a computer, an intelligent voice interaction device, an intelligent home appliance, a vehicle-mounted terminal, etc., and may be any electronic device capable of sending an authentication request, such as a smart phone, a tablet, a notebook, a computer, etc., which is not limited herein.
The server 500 may be an independent physical server, or may be a server cluster or a distributed system formed by a plurality of physical servers, where a plurality of servers may form a blockchain, and the servers are nodes on the blockchain, and the server 200 may also be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDN (Content Delivery Network ), and basic cloud computing services such as big data and artificial intelligence platforms, which are not limited in this respect.
Fig. 5 is a flow chart of an authentication method according to an exemplary embodiment of the present application. As shown in fig. 5, the method is applied to the detecting party, and at least includes S510 to S530, which are described in detail as follows:
s510: receiving an authentication request sent by an authentication party; wherein, the authentication request carries the local area network address.
The executing party of the embodiment is a detecting party, and the detecting party receives the authentication request carrying the local area network address of the authenticating party.
S520: and calculating to obtain a first identifier according to the local area network address and the designated key, and generating a detection message according to the first identifier.
The detecting party responds to the received authentication request, calculates to obtain a first identifier according to the local area network address carried in the authentication request and a designated key shared by the detecting party and the authentication party, and the generated detection message comprises the first identifier.
S530: transmitting the detection message to the authenticator so that the authenticator can determine whether the authentication request is successfully transmitted to the detector according to the first identifier and the second identifier in the detection message; the second identifier is obtained by the authentication party through calculation according to the local area network address and the designated key.
The detection party sends the detection message carrying the first identifier to the authentication party, so that the authentication party extracts the first identifier after receiving the detection message, and obtains a second identifier generated by the authentication party according to the local area network address and the designated key, so that the authentication party determines whether the authentication party successfully sends the authentication request to the detection party according to the first identifier and the second identifier.
In the embodiment, the probe is used as an executing party to perform an authentication process, the probe generates a probe message with a first identifier according to a local area network address and a designated key carried by a received authentication request, and sends the probe message to the authenticating party, so that the authenticating party can be matched according to the first identifier in the probe message and a second identifier calculated by the authenticating party, and because the local area network address of the pseudo-authenticating party is different from the local area network address of the authenticating party, the second identifier generated by the probe according to the local area network address and the designated key in the authentication request sent by the pseudo-authenticating party cannot be matched with the first identifier, namely, the probe message is not a message generated by responding to the authentication request sent by the authenticating party, thereby determining that the authentication request is not successfully sent to the probe party, avoiding the interference of the pseudo-authenticating party on the authentication result, and conveniently and accurately determining whether the authentication request is successfully sent to the probe party, so that the authenticating party passes authentication.
In another embodiment, based on the authentication method shown in fig. 5, the method further comprises: and sending the authentication request to the encryption party, so that the encryption party generates a response message carrying the encryption key according to the authentication request, and sending the response message to the authentication party.
The embodiment further illustrates that after receiving the authentication request, the probe transmits the authentication request to the encryptor, so that the encryptor generates a response message carrying an encryption key according to the authentication request, and transmits the response message to the authenticator, so that the authenticator encrypts a service authorization request associated with the authentication request by using the encryption key carried by the response message, thereby ensuring that the subsequent authenticator safely transmits the encrypted authorization request to the authorizer, avoiding interception of the service authorization request by other parties, and improving the security of the authorization process.
Fig. 6 is a schematic diagram of an implementation environment of the authentication method shown in the embodiment of fig. 5. Wherein the authenticator 100, the prober 200, the encryptor 300 and the authorizer 400 are connected through a network, and the server 500 performs the location of the prober 200 as a method. In addition, the authentication method in the embodiment shown in fig. 5 may be specifically performed by the server 500 in the implementation environment shown in fig. 6. Of course, the method may also be applied to other implementation environments and executed by a server device in other implementation environments, which is not limited by the present embodiment.
The server 500 receives an authentication request transmitted by the authenticator 100; wherein, the authentication request carries a local area network address; calculating to obtain a first identifier according to the local area network address and the designated key, and generating a detection message according to the first identifier; the detection message is sent to the authenticator 100, so that the authenticator 100 determines whether the authentication request is successfully sent to the probe 200 according to the first identifier and the second identifier in the detection message; wherein the second identifier is calculated by the authenticator 100 according to its local area network address and the specified key.
Fig. 7 is a flowchart illustrating an authentication method according to an exemplary embodiment of the present application. As shown in fig. 7, the method at least includes S710 to S740, which are described in detail as follows:
s710: if the authentication request is detected to be sent to the detecting party by the authentication direction, the second identifier obtained by the authentication party according to the designated key and the local area network address of the authentication party is obtained.
The enforcer detects that the authenticator has sent an authentication request to the probe, but does not send it on behalf of the authenticator at the time of the authentication request, and may not send it.
The second identifier is calculated by the authenticator according to the designated key and the local area network address of the authenticator, and the authenticator generates the second identifier according to the encrypted string of the MAC address of the authenticator and the designated key, wherein the designated key is a designated key shared by the authenticator and the probe.
S720: if the detection party sends the detection message, the first identifier obtained by the detection party according to the designated key and the local area network address carried in the received authentication request is obtained from the detection message.
In order to respond to the received authentication request, the probe party generates a probe message comprising a first identifier according to the local area network address and the designated key carried in the authentication request, and sends the message to a port of a specific authentication party. If the authentication request is not sent by the authenticator or the authenticator does not send the authentication request, the first identifier in the probe message generated by the probe cannot be matched with the second identifier generated by the authenticator according to the encryption string of the self MAC address and the designated key.
In this embodiment, the acquiring process of the first identifier and the second identifier does not have a fixed sequence, and the first identifier and the second identifier may be acquired sequentially or simultaneously, which is not limited in execution sequence. Similarly, the generation sequence of the first identifier and the second identifier is not limited in this application.
S730: it is detected whether the first identity matches the second identity.
And matching the first identifier with the second identifier to obtain a matching result.
S740: if the first identifier is matched with the second identifier, the authentication direction detecting party is determined to successfully send an authentication request.
The matching result comprises a successful matching result and a failed matching result, and if the result is the successful matching result, the authentication request is determined to be successfully sent by the authentication direction detector; if the result of the matching failure is the result, the authentication request sending failure to the detecting party is determined.
In the embodiment, the third party is taken as the executive party to acquire the first identifier and the second identifier, and whether the authentication request is successfully sent to the detecting party is judged according to the matching result of the first identifier and the second identifier. Because the local area network address of the pseudo-authentication party is different from the local area network address of the authentication party, the second identifier generated by the probe party according to the local area network address and the designated key in the authentication request sent by the pseudo-authentication party cannot be matched with the first identifier, namely, the probe message is not a message generated by responding to the authentication request sent by the authentication party, so that the fact that the authentication request is not successfully sent to the probe party is determined, the interference of the pseudo-authentication party on the authentication result is avoided, and whether the authentication request is successfully sent to the probe party can be conveniently and accurately determined, so that the authentication party passes the authentication.
Fig. 8 is a flow chart of another authentication method proposed based on the embodiment shown in fig. 7. The method further includes S810 to S820 after S740 shown in fig. 7, which are described in detail below:
s810: detecting whether the detecting party sends an authentication request to the encrypting party or not, and whether the authenticating party receives a response message which is sent by the encrypting party for responding to the authentication request and carries an encryption key or not.
Normally, after receiving the authentication request, the probe transmits the authentication request to the encryptor, so that the encryptor generates a response message carrying an encryption key for responding to the authentication request, and sends the response message to the authenticator.
S820: if the detecting party sends the authentication request to the encrypting party and the authenticating party receives the response message, the authenticating party is controlled to generate a service authorization request according to the response message, encrypt the service authorization request according to the encryption key, obtain the encrypted service authorization request and send the encrypted service authorization request.
The service authorization request is generated by the authentication party for responding to the response message, the authorization request is encrypted by using the encryption key in the response message, the encrypted service authorization request is sent to the authorization party, so that the authorization party obtains the decryption key matched with the encryption key from the encryption party, decrypts the encrypted service authorization request according to the decryption key, and accordingly authorizes the service requested in the decrypted service authorization request, and the authorization right is returned to the authentication party to open related services.
The embodiment illustrates how the authenticator controls the authenticator to apply for service authorization after determining that the authentication request is successfully sent to the probe, and illustrates the relevance among the service authorization request, the authentication request and the response message, thereby accurately obtaining the service authority granted by the authenticator.
Fig. 9 is a schematic view of an implementation environment of the authentication method shown in the embodiment of fig. 7 to 8. Among them, the authenticator 100, the probe 200, the encryptor 300 and the authorizer 400 are connected through a network, and the server 500 is independent from the above-mentioned four parties and connected through a network. In addition, the authentication method of any one of the embodiments shown in fig. 7 to 8 may be specifically performed by the server 500 in the implementation environment shown in fig. 9. Of course, the method may also be applied to other implementation environments and executed by a server device in other implementation environments, which is not limited by the present embodiment.
Illustratively, the authenticator 100 authenticates the APP for the terminal; the detecting party 200 is a detecting module in the gateway, and can judge whether the terminal is accessed through a wifi hotspot of the mobile phone; the encryptor 300 is an authentication platform processor; the authorizer 400 is an application service platform side processor. If the server 500 detects that the terminal authentication APP sends an authentication request to the probe module, the second identifier calculated by the terminal authentication APP according to the designated key and the local area network address of the terminal authentication APP is obtained.
If the server 500 detects that the detection module sends a detection message to a specific port of the terminal, the detection module obtains a first identifier obtained by calculation according to the designated key and the local area network address carried in the received authentication request from the detection message, for example, the designated key and an encryption character string of the MAC address in the authentication request generate the first identifier; detecting whether the first identifier is matched with the second identifier; if the first identifier is matched with the second identifier, the terminal authentication APP is determined to successfully send an authentication request to the detection module. If the terminal authentication APP does not receive the detection message or the received encrypted string is wrong, namely the first identification and the second identification cannot be successfully matched, the follow-up authentication flow is terminated.
Because the attack equipment (pseudo-authentication party) is converted by NAT (Network Address Translation, network address conversion), the authentication APP on the attacker equipment cannot receive the detection message, and the authentication method can effectively identify the scene that the attacker uses authentication by accessing the mobile hotspot of the mobile phone opened by the victim, specifically judge whether the terminal is subjected to NAT conversion of the mobile phone hotspot terminal by detecting whether the terminal authentication APP receives the detection message and whether the first identifier and the second identifier are successfully matched.
Further, the server 500 detects whether the detection module sends an authentication request to the authentication platform end processor, and whether the terminal authentication APP receives a response message carrying an encryption key sent by the authentication platform end processor for responding to the authentication request; if the detection module is detected to send the authentication request to the authentication platform end processor and the terminal authentication APP receives the response message, the control terminal authentication APP generates a service authorization request according to the response message, encrypts the service authorization request by using an encryption key to obtain an encrypted service authorization request, and sends the encrypted service authorization request.
The authentication method is specifically applied to a secret-free authentication scene, as shown in fig. 10, and fig. 10 is a schematic diagram of an application scene of the authentication method in the embodiment shown in the application. The pseudo core network established by the pseudo base station is used as an attacker pseudo network, and when a true terminal (an authenticator of the application) starts a wifi hotspot, the attacker terminal is used as a pseudo authenticator and is connected with the true terminal through the pseudo core network.
After receiving the authentication request, a detection module (a detection party in the application) in the operator core network sends a detection message to a specific port of the terminal in order to respond to the authentication request, and meanwhile, forwards the authentication request to a secret-free authentication platform (an encryption party in the application). The encryption-free authentication platform in fig. 10 may send a response message carrying an encryption key to the real terminal, so that the response message encrypts the generated service authorization request by using the encryption key and then sends the encrypted service authorization request to the internet application end (the authorizer in the application), and the internet application end receives the encrypted service authorization request, and then may obtain a decryption key matched with the encryption key from the encryption-free authentication platform, so as to decrypt the service authorization request and perform subsequent authorization operations.
Another aspect of the present application further provides an authentication apparatus, as shown in fig. 11, and fig. 11 is a schematic structural diagram of the authentication apparatus according to an exemplary embodiment of the present application. Wherein the authentication device is applied to the authenticator, and comprises:
an authentication request transmitting module 1110 configured to transmit an authentication request to a probe; wherein, the authentication request carries the local area network address.
A probe message detection module 1130 configured to detect whether a probe message sent by a probe in response to an authentication request is received; the detection message is generated by a detection party according to a first identifier obtained by calculating a local area network address and a designated key.
The authentication request sending success module 1150 is configured to obtain the first identifier from the probe message if the probe message is received, match the second identifier with the first identifier, and determine that the authentication request is successfully sent to the probe if the second identifier is matched with the first identifier; the second identifier is obtained by the authentication party through calculation according to the local area network address and the appointed key of the authentication party;
the authentication request sending failure module 1170 is configured to determine that the authentication request fails to be sent to the probe if the probe packet is not received.
In another exemplary embodiment, the authentication request transmission success module 1150 includes:
the second identifier generating unit is configured to acquire the local area network address and the designated key of the second identifier generating unit, and calculate the second identifier according to the local area network address and the designated key of the second identifier generating unit.
And an identification matching unit configured to match the second identification with the first identification.
In another exemplary embodiment, the authentication apparatus further includes:
and the response message receiving module is configured to receive a response message sent by the encryption party, wherein the response message is a message which is generated by the encryption party according to the authentication request and carries an encryption key.
The service authorization request encryption module is configured to generate a service authorization request based on the response message, encrypt the service authorization request according to the encryption key and obtain the encrypted service authorization request.
And the service authorization request sending module is configured to send the encrypted service authorization request to the authorized party so that the authorized party obtains a decryption key from the encrypted party to decrypt the encrypted service authorization request, and the decryption key is matched with the encryption key.
Another aspect of the present application also provides another authentication apparatus, as shown in fig. 12, and fig. 12 is a schematic structural diagram of another authentication apparatus according to an exemplary embodiment of the present application. Wherein the authentication device includes:
An authentication request receiving module 1210 configured to receive an authentication request transmitted by an authenticator; wherein, the authentication request carries the local area network address.
The detection message generating module 1230 is configured to calculate a first identifier according to the lan address and the designated key, and generate a detection message according to the first identifier.
A probe message transmitting module 1250 configured to transmit a probe message to the authenticator, so that the authenticator determines whether the authentication request is successfully transmitted to the probe according to the first identifier and the second identifier in the probe message; the second identifier is obtained by the authentication party through calculation according to the local area network address and the designated key.
In another exemplary embodiment, the authentication apparatus further includes:
and the authentication request forwarding module is configured to send the authentication request to the encryptor so that the encryptor generates a response message carrying the encryption key according to the authentication request and sends the response message to the authenticator.
Another aspect of the present application further provides another authentication apparatus, as shown in fig. 13, and fig. 13 is a schematic structural diagram of another authentication apparatus according to an exemplary embodiment of the present application. Wherein, authentication device is applied to the probe side, includes:
And the second identifier generating module 1310 is configured to obtain the second identifier calculated by the authentication party according to the designated key and the local area network address of the authentication party if the authentication party is detected to send the authentication request to the detection party.
The first identifier generating module 1330 is configured to, if it is detected that the probe sends the probe packet, obtain, from the probe packet, a first identifier calculated by the probe according to the specified key and the local area network address carried in the received authentication request.
The identity matching module 1350 is configured to detect whether the first identity matches the second identity.
A determining module 1370 configured to determine that the authentication request was successfully sent by the authentication party to the probe if the first identity matches the second identity.
In another exemplary embodiment, the authentication apparatus further includes:
the detection module is configured to detect whether the detecting party sends an authentication request to the encrypting party or not and whether the authenticating party receives a response message which is sent by the encrypting party for responding to the authentication request and carries an encryption key or not.
The control module is configured to control the authentication party to generate a service authorization request according to the response message if the detection party sends the authentication request to the encryption party and the authentication party receives the response message, encrypt the service authorization request according to the encryption key, obtain the encrypted service authorization request and send the encrypted service authorization request.
It should be noted that, the authentication device provided in the foregoing embodiment and the authentication method provided in the foregoing embodiment belong to the same concept, and a specific manner in which each module and unit perform an operation has been described in detail in the method embodiment, which is not described herein again.
Another aspect of the present application also provides an electronic device, including: a controller; and a memory for storing one or more programs that when executed by the controller perform the method described above.
Referring to fig. 14, fig. 14 is a schematic structural diagram of a computer system of an electronic device according to an exemplary embodiment of the present application, which illustrates a schematic structural diagram of a computer system suitable for implementing the electronic device according to the embodiments of the present application.
It should be noted that, the computer system 1400 of the electronic device shown in fig. 14 is only an example, and should not impose any limitation on the functions and the application scope of the embodiments of the present application.
As shown in fig. 14, the computer system 1400 includes a central processing unit (Central Processing Unit, CPU) 1401, which can perform various appropriate actions and processes, such as performing the methods in the above-described embodiments, according to a program stored in a Read-Only Memory (ROM) 1402 or a program loaded from a storage section 1408 into a random access Memory (Random Access Memory, RAM) 1403. In the RAM 1403, various programs and data required for system operation are also stored. The CPU 1401, ROM 1402, and RAM 1403 are connected to each other through a bus 1404. An Input/Output (I/O) interface 1405 is also connected to bus 1404.
The following components are connected to the I/O interface 1405: an input section 1406 including a keyboard, a mouse, and the like; an output portion 1407 including a Cathode Ray Tube (CRT), a liquid crystal display (Liquid Crystal Display, LCD), and a speaker; a storage section 1408 including a hard disk or the like; and a communication section 1409 including a network interface card such as a LAN (Local Area Network ) card, a modem, or the like. The communication section 1409 performs communication processing via a network such as the internet. The drive 1410 is also connected to the I/O interface 1405 as needed. Removable media 1411, such as magnetic disks, optical disks, magneto-optical disks, semiconductor memory, and the like, is installed as needed on drive 1410 so that a computer program read therefrom is installed as needed into storage portion 1408.
In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising a computer program for performing the method shown in the flowchart. In such an embodiment, the computer program can be downloaded and installed from a network via the communication portion 1409 and/or installed from the removable medium 1411. When executed by a Central Processing Unit (CPU) 1401, performs the various functions defined in the system of the present application.
It should be noted that, the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-Only Memory (ROM), an erasable programmable read-Only Memory (Erasable Programmable Read Only Memory, EPROM), flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with a computer-readable computer program embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. A computer program embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Where each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments of the present application may be implemented by means of software, or may be implemented by means of hardware, and the described units may also be provided in a processor. Wherein the names of the units do not constitute a limitation of the units themselves in some cases.
Another aspect of the present application also provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method of authentication as before. The computer-readable storage medium may be included in the electronic device described in the above embodiment or may exist alone without being incorporated in the electronic device.
Another aspect of the present application also provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions so that the computer device performs the authentication method provided in the above-described respective embodiments.
According to an aspect of the embodiments of the present application, there is also provided a computer system including a central processing unit (Central Processing Unit, CPU) which can perform various appropriate actions and processes, such as performing the method in the above embodiments, according to a program stored in a Read-Only Memory (ROM) or a program loaded from a storage section into a random access Memory (Random Access Memory, RAM). In the RAM, various programs and data required for the system operation are also stored. The CPU, ROM and RAM are connected to each other by a bus. An Input/Output (I/O) interface is also connected to the bus.
The following components are connected to the I/O interface: an input section including a keyboard, a mouse, etc.; an output section including a Cathode Ray Tube (CRT), a liquid crystal display (Liquid Crystal Display, LCD), and the like, and a speaker, and the like; a storage section including a hard disk or the like; and a communication section including a network interface card such as a LAN (Local Area Network ) card, a modem, or the like. The communication section performs communication processing via a network such as the internet. The drives are also connected to the I/O interfaces as needed. Removable media such as magnetic disks, optical disks, magneto-optical disks, semiconductor memories, and the like are mounted on the drive as needed so that a computer program read therefrom is mounted into the storage section as needed.
The foregoing is merely a preferred exemplary embodiment of the present application and is not intended to limit the embodiments of the present application, and those skilled in the art may make various changes and modifications according to the main concept and spirit of the present application, so that the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. An authentication method, applied to an authenticator, comprising:
Sending an authentication request to a detecting party; wherein, the authentication request carries a local area network address;
detecting whether a detection message sent by the detecting party for responding to the authentication request is received or not; the detection message is generated by the detection party according to a first identifier obtained by calculating the local area network address and the designated key;
if the detection message is received, a first identifier is obtained from the detection message, a second identifier is matched with the first identifier, and if the second identifier is matched with the first identifier, an authentication request is determined to be successfully sent to the detection party; the second identifier is obtained by the authentication party through calculation according to the local area network address of the authentication party and the designated key;
if the detection message is not received, determining that the authentication request fails to be sent to the detection party.
2. The method of claim 1, wherein said matching the second identifier with the first identifier comprises:
acquiring the local area network address of the user and the designated key, and calculating the second identifier according to the local area network address of the user and the designated key;
And matching the second identifier with the first identifier.
3. The method according to claim 1, wherein the method further comprises:
receiving a response message sent by an encryption party, wherein the response message is a message which is generated by the encryption party according to the authentication request and carries an encryption key;
generating a service authorization request based on the response message;
encrypting the service authorization request according to the encryption key to obtain an encrypted service authorization request;
and sending the encrypted service authorization request to an authorizing party so that the authorizing party obtains a decryption key from the encrypting party to decrypt the encrypted service authorization request, wherein the decryption key is matched with the encryption key.
4. An authentication method, applied to a probe, comprising:
receiving an authentication request sent by an authentication party; wherein, the authentication request carries a local area network address;
calculating to obtain a first identifier according to the local area network address and the designated key, and generating a detection message according to the first identifier;
the detection message is sent to the authentication party, so that the authentication party determines whether an authentication request is successfully sent to the detection party according to a first identifier and a second identifier in the detection message; the second identifier is obtained by the authentication party through calculation according to the local area network address of the authentication party and the designated key.
5. The method according to claim 4, wherein the method further comprises:
and sending the authentication request to an encrypting party, so that the encrypting party generates a response message carrying an encryption key according to the authentication request, and sending the response message to the authenticating party.
6. An authentication method, comprising:
if the authentication request is detected to be sent to the detecting party of the authentication direction, a second identifier obtained by the authentication party according to the designated secret key and the local area network address of the authentication party is obtained;
if the detection party is detected to send a detection message, a first identifier obtained by calculating the detection party according to the designated key and the local area network address carried in the received authentication request is obtained from the detection message;
detecting whether the first identifier is matched with the second identifier;
and if the first identifier is matched with the second identifier, determining that the authentication request is successfully sent to the detecting party by the authentication party.
7. The method of claim 6, wherein after said determining that said authentication direction successfully sent said authentication request to said probe, said method further comprises:
Detecting whether the detecting party sends the authentication request to an encrypting party or not, and whether the authenticating party receives a response message which is sent by the encrypting party in response to the authentication request and carries an encryption key or not;
if the detecting party is detected to send the authentication request to the encrypting party and the authenticating party receives the response message, the authenticating party is controlled to generate a service authorization request according to the response message, encrypt the service authorization request according to the encryption key to obtain an encrypted service authorization request, and send the encrypted service authorization request.
8. An authentication apparatus, comprising:
an authentication request transmitting module configured to transmit an authentication request to a probe; wherein, the authentication request carries a local area network address;
the detection message detection module is configured to detect whether a detection message sent by the detection party in response to the authentication request is received or not; the detection message is generated by the detection party according to a first identifier obtained by calculating the local area network address and the designated key;
the authentication request sending success module is configured to acquire a first identifier from the detection message if the detection message is received, match a second identifier with the first identifier, and determine that the authentication request is successfully sent to the detection party if the second identifier is matched with the first identifier; the second identifier is obtained by the authentication party through calculation according to the local area network address and the designated key;
And the authentication request sending failure module is configured to determine that the authentication request is failed to be sent to the probe party if the probe message is not received.
9. An electronic device, comprising:
a controller;
a memory for storing one or more programs that, when executed by the controller, cause the controller to implement the authentication method of any of claims 1-7.
10. A computer readable storage medium having stored thereon computer readable instructions which, when executed by a processor of a computer, cause the computer to perform the authentication method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210860039.5A CN117478343A (en) | 2022-07-20 | 2022-07-20 | Authentication method and device, equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210860039.5A CN117478343A (en) | 2022-07-20 | 2022-07-20 | Authentication method and device, equipment and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117478343A true CN117478343A (en) | 2024-01-30 |
Family
ID=89635258
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210860039.5A Pending CN117478343A (en) | 2022-07-20 | 2022-07-20 | Authentication method and device, equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117478343A (en) |
-
2022
- 2022-07-20 CN CN202210860039.5A patent/CN117478343A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108512846B (en) | Bidirectional authentication method and device between terminal and server | |
| US10826704B2 (en) | Blockchain key storage on SIM devices | |
| US8527762B2 (en) | Method for realizing an authentication center and an authentication system thereof | |
| US9374360B2 (en) | System and method for single-sign-on in virtual desktop infrastructure environment | |
| CN108322416B (en) | Security authentication implementation method, device and system | |
| JP2005102163A (en) | Equipment authentication system, server, method and program, terminal and storage medium | |
| CN110690956B (en) | Bidirectional authentication method and system, server and terminal | |
| EP4231680A1 (en) | Identity authentication system, method and apparatus, device, and computer readable storage medium | |
| KR20180101870A (en) | Method and system for data sharing using attribute-based encryption in cloud computing | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| US11652640B2 (en) | Systems and methods for out-of-band authenticity verification of mobile applications | |
| CN104243452B (en) | A kind of cloud computing access control method and system | |
| US20240137221A1 (en) | Implementation of one-touch login service | |
| CN111654481B (en) | Identity authentication method, identity authentication device and storage medium | |
| CN114125027A (en) | Communication establishing method and device, electronic equipment and storage medium | |
| CN116709325B (en) | Mobile equipment security authentication method based on high-speed encryption algorithm | |
| CN113965425B (en) | Access method, device and equipment of Internet of things equipment and computer readable storage medium | |
| CN114158046B (en) | Method and device for realizing one-key login service | |
| CN114422216B (en) | Internet of things equipment binding method, device and storage medium | |
| CN116032556A (en) | Key negotiation method and device for applet application | |
| KR20190115489A (en) | IOT equipment certification system utilizing security technology | |
| WO2022094936A1 (en) | Access method, device, and cloud platform device | |
| CN117478343A (en) | Authentication method and device, equipment and computer readable storage medium | |
| CN112565156B (en) | Information registration method, device and system | |
| CN116033415A (en) | Reference station data transmission method and device, reference station, server and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |