CN117641352A - Secure access method and device, cloud terminal device and storage medium - Google Patents

Secure access method and device, cloud terminal device and storage medium Download PDF

Info

Publication number
CN117641352A
CN117641352A CN202410094549.5A CN202410094549A CN117641352A CN 117641352 A CN117641352 A CN 117641352A CN 202410094549 A CN202410094549 A CN 202410094549A CN 117641352 A CN117641352 A CN 117641352A
Authority
CN
China
Prior art keywords
access
cloud
verification
digital key
authorization request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202410094549.5A
Other languages
Chinese (zh)
Other versions
CN117641352B (en
Inventor
周游
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ingeek Information Security Consulting Associates Co ltd
Original Assignee
Ingeek Information Security Consulting Associates Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ingeek Information Security Consulting Associates Co ltd filed Critical Ingeek Information Security Consulting Associates Co ltd
Priority to CN202410094549.5A priority Critical patent/CN117641352B/en
Publication of CN117641352A publication Critical patent/CN117641352A/en
Application granted granted Critical
Publication of CN117641352B publication Critical patent/CN117641352B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the invention relates to the technical field of security, and discloses a security access method and device, a cloud end, terminal equipment and a storage medium. The method comprises the steps of respectively issuing verification trust roots for verifying cloud identities to at least one first device and at least one second device which are trusted; receiving an access authorization request sent by first equipment; the access authorization request includes: a digital key generated by a first device for accessing a second device; generating an access proof for authorizing a first device to access a second device according to the access authorization request; the access proof includes: a digital key; and sending the access certificate to a second device for the second device to verify the access certificate based on a verification trust root, and verifying the first device according to the digital key in the access certificate after the verification is passed.

Description

Secure access method and device, cloud terminal device and storage medium
Technical Field
The embodiment of the invention relates to the technical field of security, in particular to a security access method and device, a cloud end, terminal equipment and a storage medium.
Background
The rapid development and popularization of digital car keys bring great convenience to the life of people. Security is a key fundamental issue for digital keys. The technical scheme of the existing digital car key is mainly divided into two types: the scheme one is that a cloud end is centralized, a key is generated by the cloud end, and the cloud end directly issues the key to the access equipment; and secondly, the equipment end generates a key, the equipment and the vehicle belong to the same trust chain, when the vehicle receives the key of the equipment end, the key issued by the same trust chain is verified to be the validity of the approved equipment, and the cloud end does not participate in the validity verification process of the key. In the first scheme, once the cloud side is at risk, the safety of the digital car key can be seriously affected. In the scheme II, the cloud end does not participate in the legal authentication of the key, and is not beneficial to the management of the service.
Disclosure of Invention
The embodiment of the invention provides a secure access method and device, a cloud end, terminal equipment and a storage medium, wherein a digital key is generated by an access equipment end and is used as a legal key of an accessed equipment after being authorized by the cloud end, so that the security is improved, and the service management is facilitated.
In a first aspect, an embodiment of the present invention provides a secure access method, applied to a cloud, where the method includes:
respectively issuing verification trust roots for verifying the identity of the cloud to at least one first device and at least one second device which are trusted;
receiving an access authorization request sent by the first equipment; the access authorization request includes: a digital key generated by the first device for accessing a second device;
generating an access proof authorizing the first device to access the second device according to the access authorization request; the access attestation includes: the digital key;
and sending the access certificate to the second equipment for the second equipment to verify the access certificate based on the verification trust root, and verifying the first equipment according to the digital key in the access certificate after the verification is passed.
In a second aspect, an embodiment of the present invention further provides a secure access method, applied to a first device, where the method includes:
storing a verification trust root issued by a cloud for verifying the cloud;
sending an access authorization request to the cloud end, and generating an access proof for authorizing the first device to access the second device according to the access authorization request by the cloud end; the access authorization request includes: a digital key generated by the first device for accessing the second device, the access credential comprising: the digital key;
accessing the second device according to the digital key; the second device stores a verification trust root for verifying the cloud; and the second equipment acquires the access certificate, verifies the access certificate based on the verification trust root, and verifies the first equipment according to the digital key in the access certificate after the verification is passed.
In a third aspect, an embodiment of the present invention further provides a secure access method, applied to a second device, where the method includes:
storing a verification trust root sent by a cloud end for verifying the cloud end;
acquiring access evidence, verifying the access evidence based on the verification trust root, and verifying the first equipment according to the digital key in the access evidence after the verification is passed; the first device sends an access authorization request to the cloud; the access authorization request includes: the digital key which is generated by the first equipment and used for accessing the second equipment is used for the cloud end to generate an access certificate which authorizes the first equipment to access the second equipment according to the access authorization request; the access attestation includes: the digital key.
In a fourth aspect, an embodiment of the present invention further provides a secure access method, which is applied to a secure access system, where the secure access system includes: the cloud end, at least one first device and at least one second device, the method comprising:
the at least one first device and the at least one second device receive and store verification trust roots for verifying the cloud;
a first device sends an access authorization request to the cloud; the access authorization request includes: a digital key generated by the first device for accessing a second device;
the cloud end generates an access proof for authorizing the first device to access the second device according to the access authorization request; the access attestation includes: the digital key;
and the second equipment acquires the access certificate, verifies the access certificate based on the verification trust root, and verifies the first equipment according to the digital key in the access certificate after the verification is passed.
In a fifth aspect, an embodiment of the present invention further provides a security access device configured at a cloud, where the device includes:
the trust root issuing module is used for respectively issuing verification trust roots for verifying the cloud identity to at least one first device and at least one second device which are trusted;
the receiving module is used for receiving an access authorization request sent by the first equipment; the access authorization request includes: a digital key generated by the first device for accessing a second device;
an authorization module for generating an access proof authorizing the first device to access the second device according to the access authorization request; the access attestation includes: the digital key;
and the access certificate issuing module is used for sending the access certificate to the second equipment, so that the second equipment can verify the access certificate based on the verification trust root, and the first equipment can be verified according to the digital key in the access certificate after the verification is passed.
In a sixth aspect, an embodiment of the present invention provides a secure access apparatus configured in a first device, where the apparatus includes:
the storage module is used for storing a verification trust root issued by the cloud for verifying the cloud;
the authorization request module is used for sending an access authorization request to the cloud end, and the cloud end generates an access proof for authorizing the first equipment to access the second equipment according to the access authorization request; the access authorization request includes: a digital key generated by the first device for accessing the second device; the access attestation includes: the digital key;
an access module for accessing the second device according to the digital key; the second device stores a verification trust root for verifying the cloud; and the second equipment acquires the access certificate, verifies the access certificate based on the verification trust root, and verifies the first equipment according to the digital key in the access certificate after the verification is passed.
In a seventh aspect, an embodiment of the present invention provides a secure access apparatus configured in a second device, where the apparatus includes:
the storage module is used for storing a verification trust root which is sent by the cloud and used for verifying the cloud;
the access proof verification module is used for acquiring access proof and verifying the access proof based on the verification trust root; and
the access authentication module is used for verifying the first equipment according to the digital key in the access certificate after the access certificate passes the verification; the first device sends an access authorization request to the cloud end, and the cloud end generates an access proof for authorizing the first device to access the second device according to the access authorization request; the access authorization request includes: a digital key generated by the first device for accessing the second device, the access attestation comprising: the digital key.
In an eighth aspect, an embodiment of the present invention provides a cloud end, including a memory, a processor, and a computer program stored on the memory and capable of running on the processor, where the processor implements the secure access method according to the first aspect when executing the program.
In a ninth aspect, an embodiment of the present invention provides a terminal device, including a memory, a processor, and a computer program stored on the memory and capable of running on the processor, where the processor implements the secure access method according to the second or third aspect when executing the program.
In a tenth aspect, an embodiment of the present invention provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the secure access method according to the first aspect.
Compared with the prior art, the technical scheme provided by the embodiment of the invention has at least the following positive effects:
in the embodiment of the invention, the first device and the second device store the verification trust root of the cloud, the first device sends an access authorization request to the cloud, the access authorization request comprises a digital key which is generated by the first device and used for accessing the second device, the cloud generates an access proof for authorizing the first device to access the second device according to the access authorization request, and issues the access proof to the second device, the second device verifies the access proof according to the stored verification trust root, and verifies the access request of the first device according to the digital key in the access proof after the verification passes, therefore, the second device (the visited device) verifies the validity of the digital key by adopting the dual authentication of the cloud authorization verification and the key matching verification, meanwhile, the first device adopts the locally generated digital key when accessing the second device as the access device, the cloud discards the mode of uniformly issuing the digital key in a dependent mode, improves the access security, and is responsible for the access authorization management and facilitates the coordination management of the service.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a secure access method according to a first embodiment of the present invention;
fig. 2 is a flow chart of a secure access method according to a second embodiment of the present invention;
fig. 3 is a flow chart of a secure access method according to a third embodiment of the present invention;
fig. 4 is a flow chart of a secure access method according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of a security access device according to a fifth embodiment of the present invention;
fig. 6 is a schematic structural diagram of a security access device according to a sixth embodiment of the present invention;
fig. 7 is a schematic structural diagram of a security access device according to a seventh embodiment of the present invention;
fig. 8 is a schematic structural diagram of a cloud terminal according to an eighth embodiment of the present invention;
fig. 9 is a schematic structural diagram of a terminal device according to a ninth embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
Fig. 1 is a flow chart of a secure access method provided in an embodiment of the present invention, which is applicable to secure access to devices with user asset attributes, such as vehicles and charging piles. The method can be executed by a secure access device provided by the embodiment of the invention, and the device can be implemented in a software mode and is configured in a cloud (also called a trust center) application. The embodiment of the invention specifically comprises the following steps:
step 101: and respectively issuing a verification trust root for verifying the cloud identity to the trusted at least one first device and the trusted at least one second device.
The first device may be a mobile terminal for accessing the second device, and the first device may be, for example, a smart phone, a smart watch, a card, an electronic key, and the like. The second device may be various accessed devices having user asset attributes, such as a vehicle, a charging post, a smart door lock, etc.
After the first device and the second device are successfully registered in the cloud, the cloud approves the legitimacy of the first device and the second device, the first device and the second device become trusted devices of the cloud, the cloud issues verification trust roots for verifying the cloud to the trusted first device and the trusted second device, and the verification trust roots can be root certificates of the cloud, namely public keys in asymmetric keys, and are used for verifying the identity of the cloud. The first device and the second device can actively initiate a registration and recording request to the cloud, and provide real registration information for the cloud to confirm the validity of the device and record, which is not described in detail.
Step 102: an access authorization request sent by a first device is received. The access authorization request includes: a first device generates a digital key for accessing a second device.
The cloud end trusted first device can be multiple, when any trusted first device needs to access a trusted second device, a digital key for accessing the second device is generated, an access authorization request is generated, the access authorization request comprises the digital key, and then the access authorization request is sent to the cloud end to obtain authorization. The first device encrypts the content of the access authorization request by using a stored verification trust root to generate the access authorization request, where the requested content includes, for example, a digital key generated this time and other access information, and the other access information includes, for example, information of the second device to be accessed, a validity period of the digital key, and the like.
Step 103: an access credential is generated that authorizes a first device to access a second device based on the access authorization request.
After receiving the access authorization request, the cloud end decrypts the access authorization request by adopting a private key to obtain requested content, then authenticates the access right of the first equipment to the second equipment according to the requested content and service logic, and authorizes the first equipment to access the access right of the second equipment after the authentication is passed, and generates a corresponding access certificate. The access authorization request is, for example, a first device (a vehicle owner mobile phone) requests to access a second device (a vehicle owner vehicle or a charging pile), and the cloud terminal generates an access proof after the access authorization request is authenticated according to service logic. The access proof contains the digital key. The cloud terminal signs the authorized access certificate containing the digital key by adopting a private key to generate an access certificate.
Step 104: and sending the access certificate to a second device for the second device to verify the access certificate based on the verification trust root, and verifying the first device according to the digital key in the access certificate after the verification is passed.
The method for obtaining the access certificate by the second device includes, for example, directly receiving the access certificate issued by the cloud end, or receiving the access certificate sent by the first device, where the cloud end sends the access certificate to the first device, and when the first device accesses the second device for the first time, the first device sends the access certificate to the second device. It will be appreciated that the cloud may also send the access ticket to both a first device and a second device.
After receiving the access certification, a second device performs signature verification on the access certification based on a stored verification trust root, after the signature verification passes, a digital key in the access certification is obtained, the digital key is an identifier of the first device for accessing the second device within a certain time, the second device can add the digital key in the access certification to a legal key list, the digital key is activated after the digital key is added to the legal key list, and then the first device can access the second device. It can be understood that the cloud can perform hash processing on the digital key, then sign the digital key by adopting the private key, and obtain the digital key after the hash processing after the signature verification is successful.
When a first device accesses a second device, the second device matches the digital key in the legal digital key list after receiving the digital key sent by the first device, and after matching is successful, the first device can be considered to have legal access rights, and corresponding service can be executed. It can be appreciated that during the validity period of the digital key, a first device can access a second device by using the digital key continuously, and the cloud consumption can be reduced without repeatedly applying for access evidence to the cloud.
Compared with the prior art, the embodiment of the invention has the advantages that the first equipment (the access equipment) locally generates the digital key, the centralized cloud scheme is abandoned, and the second equipment (the accessed equipment) adopts the dual verification of the cloud authorization verification and the key matching verification for the validity verification of the digital key, thereby being beneficial to improving the access safety, and meanwhile, the cloud is responsible for the authorization management of the access and is convenient for the coordination management of the service.
Fig. 2 is a flow chart of a secure access method provided in a second embodiment of the present invention, which is applicable to secure access to devices having user asset attributes, such as vehicles and charging piles. The method can be performed by a secure access device provided by the embodiment of the present invention, and the device can be implemented in a software manner and configured to be applied to a first device (i.e., an access device). The embodiment of the invention specifically comprises the following steps:
step 201: and storing a verification trust root issued by the cloud end and used for verifying the cloud end.
And the first equipment can obtain the verification trust root issued by the cloud after being trusted by the cloud.
Step 202: and sending an access authorization request to the cloud. The access authorization request includes: and the digital key which is generated by the first equipment and used for accessing the second equipment is used for the cloud end to generate an access certificate which authorizes the first equipment to access the second equipment according to the access authorization request. The access proof includes: a digital key.
Step 203: the second device is accessed according to the digital key. The second device stores a verification trust root for verifying the cloud. And the second equipment acquires the access certificate, verifies the access certificate based on the verification trust root, and verifies the first equipment according to the digital key in the access certificate after the verification is passed.
In the first embodiment and the third embodiment, the steps and functions executed by the cloud end, the first device, and the second device are the same, and are not described herein.
Compared with the prior art, the embodiment of the invention has the advantages that the first equipment (the access equipment) locally generates the digital key, the centralized cloud scheme is abandoned, and the second equipment (the accessed equipment) adopts the dual verification of the cloud authorization verification and the key matching verification for the validity verification of the digital key, thereby being beneficial to improving the access safety, and meanwhile, the cloud is responsible for the authorization management of the access and is convenient for the coordination management of the service.
Fig. 3 is a flow chart of a secure access method provided in a third embodiment of the present invention, which is applicable to secure access to devices having user asset attributes, such as vehicles and charging piles. The method may be performed by a secure access device provided by an embodiment of the present invention, where the device may be implemented in software and configured for application to a second device (i.e., a visited device). The embodiment of the invention specifically comprises the following steps:
step 301: and storing the verification trust root which is sent by the cloud and used for verifying the cloud.
Step 302: access credentials are obtained and verified based on a verification trust root.
Step 303: and after the verification is passed, verifying the first device according to the digital key in the access certificate. The method comprises the steps that a first device sends an access authorization request to a cloud; the access authorization request includes: and the digital key which is generated by the first equipment and used for accessing the second equipment is used for the cloud end to generate an access certificate which authorizes the first equipment to access the second equipment according to the access authorization request. The access proof includes: a digital key.
In the first embodiment and the third embodiment, the steps and functions executed by the cloud end, the first device, and the second device are the same, and are not described herein.
Compared with the prior art, the embodiment of the invention has the advantages that the first equipment (the access equipment) locally generates the digital key, the centralized cloud scheme is abandoned, and the second equipment (the accessed equipment) adopts the dual verification of the cloud authorization verification and the key matching verification for the validity verification of the digital key, thereby being beneficial to improving the access safety, and meanwhile, the cloud is responsible for the authorization management of the access and is convenient for the coordination management of the service.
Fig. 4 is a flow chart of a security access method provided in a fourth embodiment of the present invention, which is applicable to security access to devices with user asset attributes, such as vehicles and charging piles. The method can be performed by a secure access system provided by an embodiment of the present invention, the system comprising: the cloud terminal comprises a cloud terminal, at least one first device and at least one second device. The embodiment of the invention specifically comprises the following steps:
step 401: the at least one first device and the at least one second device receive and store a verification trust root for verifying the cloud.
Step 402: a first device sends an access authorization request to a cloud. The access authorization request includes: a first device generates a digital key for accessing a second device.
Step 403: the cloud end generates an access proof for authorizing a first device to access a second device according to the access authorization request. The access proof includes: a digital key.
Step 404: and the second equipment acquires the access certificate, verifies the access certificate based on the verification trust root, and verifies the first equipment according to the digital key in the access certificate after the verification is passed.
In the first embodiment and the third embodiment, the steps and functions executed by the cloud end, the first device, and the second device are the same, and are not described herein.
Compared with the prior art, the embodiment of the invention has the advantages that the first equipment (the access equipment) locally generates the digital key, the centralized cloud scheme is abandoned, and the second equipment (the accessed equipment) adopts the dual verification of the cloud authorization verification and the key matching verification for the validity verification of the digital key, thereby being beneficial to improving the access safety, and meanwhile, the cloud is responsible for the authorization management of the access and is convenient for the coordination management of the service.
The fifth embodiment of the invention provides a security access device configured on a cloud. As shown in fig. 5, the apparatus 500 includes: a root of trust issuing module 502, a receiving module 504, an authorizing module 506, and an access proof issuing module 508.
The trust root issuing module 502 is configured to issue, to at least one first device and at least one second device that are trusted, a verification trust root for verifying the cloud identity, respectively.
The receiving module 504 is configured to receive an access authorization request sent by a first device. The access authorization request includes: a first device generates a digital key for accessing a second device.
The authorization module 506 is configured to generate an access credential that authorizes a first device to access a second device based on the access authorization request. The access proof includes: a digital key.
The access proof issuing module 508 is configured to send the access proof to a second device, so that the second device verifies the access proof based on the verification trust root, and verifies the first device according to the digital key in the access proof after the verification is passed.
Compared with the prior art, the embodiment of the invention has the advantages that the first equipment (the access equipment) locally generates the digital key, the centralized cloud scheme is abandoned, and the second equipment (the accessed equipment) adopts the dual verification of the cloud authorization verification and the key matching verification for the validity verification of the digital key, thereby being beneficial to improving the access safety, and meanwhile, the cloud is responsible for the authorization management of the access and is convenient for the coordination management of the service.
The sixth embodiment of the invention provides a secure access device configured in an access device, i.e. a first device hereinafter. As shown in fig. 6, the apparatus 600 includes: a storage module 602, an authorization request module 604, and an access module 606.
The storage module 602 is configured to store a verification trust root issued by the cloud for verifying the cloud.
The authorization request module 604 is configured to send an access authorization request to the cloud end, where the cloud end generates an access proof for authorizing the first device to access the second device according to the access authorization request. The access authorization request includes: a digital key generated by a first device for accessing a second device. The access proof includes: a digital key.
The access module 606 is used to access the second device according to the digital key. The second device is stored with a verification trust root used for verifying the cloud, acquires the access certification, verifies the access certification based on the verification trust root, and verifies the first device according to the digital key in the access certification after the verification is passed.
Compared with the prior art, the embodiment of the invention has the advantages that the first equipment locally generates the digital key, a centralized cloud scheme is abandoned, and the second equipment adopts dual verification of cloud authorization verification and key matching verification for verifying the legitimacy of the digital key, thereby being beneficial to improving the access security, and meanwhile, the cloud is responsible for the authorization management of the access and is convenient for the coordination management of the service.
The seventh embodiment of the present invention provides a secure access apparatus configured for a visited device (i.e., a second device hereinafter). As shown in fig. 7, the apparatus 700 includes: a storage module 702, an access proof verification module 704, and an access authentication module 706.
The storage module 702 is configured to store a verification trust root sent by the cloud end and used for verifying the cloud end.
The access proof verification module 704 is configured to obtain an access proof, and verify the access proof based on a verification trust root.
The access authentication module 706 is configured to verify the first device according to the digital key in the access certificate after the access certificate passes verification. The first device sends an access authorization request to the cloud end, and the cloud end generates an access proof for authorizing the first device to access the second device according to the access authorization request. The access authorization request includes: a digital key generated by a first device for accessing a second device, the access attestation comprising: a digital key.
Compared with the prior art, the embodiment of the invention has the advantages that the first equipment locally generates the digital key, a centralized cloud scheme is abandoned, and the second equipment adopts dual verification of cloud authorization verification and key matching verification for verifying the legitimacy of the digital key, thereby being beneficial to improving the access security, and meanwhile, the cloud is responsible for the authorization management of the access and is convenient for the coordination management of the service.
Fig. 8 is a schematic structural diagram of a cloud terminal according to an eighth embodiment of the present invention. The cloud 80 includes a memory 81, a processor 82 and a computer program stored in the memory 81 and capable of running on the processor 82, wherein the processor 82 implements the technical scheme according to the first embodiment when executing the program.
Fig. 9 is a schematic structural diagram of a terminal device according to a ninth embodiment of the present invention. The terminal device 90 comprises a memory 91, a processor 92 and a computer program stored in the memory 91 and executable on the processor 92, wherein the processor 82 implements the technical solution according to the second or third embodiment when executing the program.
The tenth embodiment of the invention provides a secure access system, which comprises a cloud end, at least one first device and at least one second device which are in communication connection. The cloud, the first device, and the second device are respectively configured to execute the secure access methods described in the first, second, and third embodiments.
An eleventh embodiment of the present invention provides a computer-readable storage medium having stored thereon a computer program for performing the technical solutions of any of the method embodiments when executed by a computer processor.
From the above description of embodiments, it will be clear to a person skilled in the art that the present invention may be implemented by means of software and necessary general purpose hardware, but of course also by means of hardware, although in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, etc., including several instructions for causing a computer device (which may be a personal computer, a server, a grid device, etc.) to execute the method according to the embodiments of the present invention.
It should be noted that, in the embodiment of the apparatus, each unit and module included are only divided according to the functional logic, but not limited to the above-mentioned division, so long as the corresponding function can be implemented; in addition, the specific names of the functional units are also only for distinguishing from each other, and are not used to limit the protection scope of the present invention.
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.

Claims (10)

1. A secure access method, applied to a cloud, the method comprising:
respectively issuing verification trust roots for verifying the identity of the cloud to at least one first device and at least one second device which are trusted;
receiving an access authorization request sent by the first equipment; the access authorization request includes: a digital key generated by the first device for accessing a second device;
generating an access proof authorizing the first device to access the second device according to the access authorization request; the access attestation includes: the digital key;
and sending the access certificate to the second equipment for the second equipment to verify the access certificate based on the verification trust root, and verifying the first equipment according to the digital key in the access certificate after the verification is passed.
2. A secure access method for a first device, the method comprising:
storing a verification trust root issued by a cloud for verifying the cloud;
sending an access authorization request to the cloud end, and generating an access proof for authorizing the first device to access the second device according to the access authorization request by the cloud end; the access authorization request includes: a digital key generated by the first device for accessing the second device, the access credential comprising: the digital key;
accessing the second device according to the digital key; the second device stores a verification trust root for verifying the cloud; and the second equipment acquires the access certificate, verifies the access certificate based on the verification trust root, and verifies the first equipment according to the digital key in the access certificate after the verification is passed.
3. A secure access method for a second device, the method comprising:
storing a verification trust root sent by a cloud end for verifying the cloud end;
acquiring access evidence, verifying the access evidence based on the verification trust root, and verifying the first equipment according to the digital key in the access evidence after the verification is passed; the first device sends an access authorization request to the cloud; the access authorization request includes: the digital key which is generated by the first equipment and used for accessing the second equipment is used for the cloud end to generate an access certificate which authorizes the first equipment to access the second equipment according to the access authorization request; the access attestation includes: the digital key.
4. A secure access method, applied to a secure access system, the secure access system comprising: the cloud end, at least one first device and at least one second device, the method comprising:
the at least one first device and the at least one second device receive and store verification trust roots for verifying the cloud;
a first device sends an access authorization request to the cloud; the access authorization request includes: a digital key generated by the first device for accessing a second device;
the cloud end generates an access proof for authorizing the first device to access the second device according to the access authorization request; the access attestation includes: the digital key;
and the second equipment acquires the access certificate, verifies the access certificate based on the verification trust root, and verifies the first equipment according to the digital key in the access certificate after the verification is passed.
5. A secure access device configured at a cloud, the device comprising:
the trust root issuing module is used for respectively issuing verification trust roots for verifying the cloud identity to at least one first device and at least one second device which are trusted;
the receiving module is used for receiving an access authorization request sent by the first equipment; the access authorization request includes: a digital key generated by the first device for accessing a second device;
an authorization module for generating an access proof authorizing the first device to access the second device according to the access authorization request; the access attestation includes: the digital key;
and the access certificate issuing module is used for sending the access certificate to the second equipment, so that the second equipment can verify the access certificate based on the verification trust root, and the first equipment can be verified according to the digital key in the access certificate after the verification is passed.
6. A secure access device, configured in a first apparatus, the device comprising:
the storage module is used for storing a verification trust root issued by the cloud for verifying the cloud;
the authorization request module is used for sending an access authorization request to the cloud end, and the cloud end generates an access proof for authorizing the first equipment to access the second equipment according to the access authorization request; the access authorization request includes: a digital key generated by the first device for accessing the second device; the access attestation includes: the digital key;
an access module for accessing the second device according to the digital key; the second device stores a verification trust root for verifying the cloud; and the second equipment acquires the access certificate, verifies the access certificate based on the verification trust root, and verifies the first equipment according to the digital key in the access certificate after the verification is passed.
7. A secure access device, disposed on a second apparatus, the device comprising:
the storage module is used for storing a verification trust root which is sent by the cloud and used for verifying the cloud;
the access proof verification module is used for acquiring access proof and verifying the access proof based on the verification trust root; and
the access authentication module is used for verifying the first equipment according to the digital key in the access certificate after the access certificate passes the verification; the first device sends an access authorization request to the cloud end, and the cloud end generates an access proof for authorizing the first device to access the second device according to the access authorization request; the access authorization request includes: a digital key generated by the first device for accessing the second device, the access attestation comprising: the digital key.
8. A cloud comprising a memory, a processor, and a computer program stored on the memory and capable of running on the processor, the processor implementing the secure access method of claim 1 when executing the program.
9. A terminal device comprising a memory, a processor and a computer program stored on the memory and capable of running on the processor, the processor implementing the secure access method of claim 2 or 3 when executing the program.
10. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the secure access method according to any of claims 1-4.
CN202410094549.5A 2024-01-24 2024-01-24 Secure access method and device, cloud terminal device and storage medium Active CN117641352B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410094549.5A CN117641352B (en) 2024-01-24 2024-01-24 Secure access method and device, cloud terminal device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410094549.5A CN117641352B (en) 2024-01-24 2024-01-24 Secure access method and device, cloud terminal device and storage medium

Publications (2)

Publication Number Publication Date
CN117641352A true CN117641352A (en) 2024-03-01
CN117641352B CN117641352B (en) 2024-03-29

Family

ID=90034187

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410094549.5A Active CN117641352B (en) 2024-01-24 2024-01-24 Secure access method and device, cloud terminal device and storage medium

Country Status (1)

Country Link
CN (1) CN117641352B (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105844749A (en) * 2016-03-31 2016-08-10 浙江合众新能源汽车有限公司 Mobile phone unlocking system and unlocking method for automobile
CN109472906A (en) * 2018-12-26 2019-03-15 上海银基信息安全技术股份有限公司 Digital key generation method, application method, device, system, terminal and medium
CN109495274A (en) * 2018-12-25 2019-03-19 成都三零瑞通移动通信有限公司 A kind of decentralization smart lock electron key distribution method and system
DE102019004726A1 (en) * 2018-07-06 2020-01-09 Giesecke+Devrient Mobile Security Gmbh Process, device, system, electronic lock, digital key and storage medium for authorization
CN111868726A (en) * 2018-03-05 2020-10-30 三星电子株式会社 Electronic device and digital key supply method for electronic device
US20200351657A1 (en) * 2019-05-02 2020-11-05 Ares Technologies, Inc. Systems and methods for cryptographic authorization of wireless communications
CN112819997A (en) * 2019-10-30 2021-05-18 上海博泰悦臻电子设备制造有限公司 Method, apparatus and computer-readable storage medium for creating vehicle key
US20220085996A1 (en) * 2020-09-15 2022-03-17 BLE Locking OÜ Digital key generation for electric and electronic locks
WO2022208520A1 (en) * 2021-03-30 2022-10-06 Tvs Motor Company Limited Keyless authorization system
US20220417228A1 (en) * 2021-06-24 2022-12-29 Evq Technologies Private Limited Cloud-based sharing of digital keys
CN116723508A (en) * 2023-08-04 2023-09-08 小米汽车科技有限公司 Vehicle key creation method, device, storage medium and system
CN116939564A (en) * 2023-07-20 2023-10-24 苏州沉旭知科技有限公司 Internet of vehicles digital key generation method based on virtual equipment

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105844749A (en) * 2016-03-31 2016-08-10 浙江合众新能源汽车有限公司 Mobile phone unlocking system and unlocking method for automobile
CN111868726A (en) * 2018-03-05 2020-10-30 三星电子株式会社 Electronic device and digital key supply method for electronic device
DE102019004726A1 (en) * 2018-07-06 2020-01-09 Giesecke+Devrient Mobile Security Gmbh Process, device, system, electronic lock, digital key and storage medium for authorization
CN109495274A (en) * 2018-12-25 2019-03-19 成都三零瑞通移动通信有限公司 A kind of decentralization smart lock electron key distribution method and system
CN109472906A (en) * 2018-12-26 2019-03-15 上海银基信息安全技术股份有限公司 Digital key generation method, application method, device, system, terminal and medium
US20200351657A1 (en) * 2019-05-02 2020-11-05 Ares Technologies, Inc. Systems and methods for cryptographic authorization of wireless communications
CN112819997A (en) * 2019-10-30 2021-05-18 上海博泰悦臻电子设备制造有限公司 Method, apparatus and computer-readable storage medium for creating vehicle key
US20220085996A1 (en) * 2020-09-15 2022-03-17 BLE Locking OÜ Digital key generation for electric and electronic locks
WO2022208520A1 (en) * 2021-03-30 2022-10-06 Tvs Motor Company Limited Keyless authorization system
US20220417228A1 (en) * 2021-06-24 2022-12-29 Evq Technologies Private Limited Cloud-based sharing of digital keys
CN116939564A (en) * 2023-07-20 2023-10-24 苏州沉旭知科技有限公司 Internet of vehicles digital key generation method based on virtual equipment
CN116723508A (en) * 2023-08-04 2023-09-08 小米汽车科技有限公司 Vehicle key creation method, device, storage medium and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
YANGXU SONG; ET AL.: "Yangxu Song;", 《YANGXU SONG;》, 6 May 2022 (2022-05-06), pages 630 - 636 *
信瑛南;刘静;李琦;张瀛;董嵩松;丁靖;: "手机数字钥匙远程控制车辆系统的设计", 汽车工程师, no. 10, 25 October 2018 (2018-10-25), pages 24 *

Also Published As

Publication number Publication date
CN117641352B (en) 2024-03-29

Similar Documents

Publication Publication Date Title
CN108777684B (en) Identity authentication method, system and computer readable storage medium
US11223614B2 (en) Single sign on with multiple authentication factors
US8683196B2 (en) Token renewal
KR101298562B1 (en) System and method for implementing digital signature using one time private keys
US8438385B2 (en) Method and apparatus for identity verification
US8407464B2 (en) Techniques for using AAA services for certificate validation and authorization
CN104753881B (en) A kind of WebService safety certification access control method based on software digital certificate and timestamp
CN111970299A (en) Block chain-based distributed Internet of things equipment identity authentication device and method
EP2262165B1 (en) User generated content registering method, apparatus and system
CN111641615A (en) Distributed identity authentication method and system based on certificate
CN115333840B (en) Resource access method, system, equipment and storage medium
US20040083359A1 (en) Delegation by electronic certificate
CN112073967B (en) Method and device for downloading identity certificate of mobile phone shield equipment and electronic equipment
CN112953728A (en) Quantum attack resistant alliance block chain digital signature encryption method
US20090327704A1 (en) Strong authentication to a network
CN116707983A (en) Authorization authentication method and device, access authentication method and device, equipment and medium
CN117641352B (en) Secure access method and device, cloud terminal device and storage medium
CN111200807B (en) Bluetooth-based information interaction method and device
CN115426197B (en) Digital key sharing method, device, equipment and medium based on trusteeship
CN113761596B (en) Electronic signature method based on block chain and CA certificate dual authentication
CN116055038B (en) Device authorization method, system and storage medium
KR102484533B1 (en) Method for Issuing Verifiable Credential Including Digital Certificate and Authenticating Method Using the Same
TWI694346B (en) System and method for multiple identity authentication credentials
Gadacz Evaluation of electric mobility authentication approaches
CN116680675A (en) Credential generation and verification methods, apparatus, systems, and computer readable storage media

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant