WO2013167070A2 - Method for authentication of terminal cooperation and equipment middleware thereof - Google Patents

Method for authentication of terminal cooperation and equipment middleware thereof Download PDF

Info

Publication number
WO2013167070A2
WO2013167070A2 PCT/CN2013/079834 CN2013079834W WO2013167070A2 WO 2013167070 A2 WO2013167070 A2 WO 2013167070A2 CN 2013079834 W CN2013079834 W CN 2013079834W WO 2013167070 A2 WO2013167070 A2 WO 2013167070A2
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
information
authentication
central node
collaboration
Prior art date
Application number
PCT/CN2013/079834
Other languages
French (fr)
Chinese (zh)
Other versions
WO2013167070A3 (en
Inventor
孙爱芳
何经纬
张志飞
凌志浩
高冲
祁学文
曹建福
袁宜峰
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013167070A2 publication Critical patent/WO2013167070A2/en
Publication of WO2013167070A3 publication Critical patent/WO2013167070A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Definitions

  • the present invention relates to a terminal identity authentication technology in the field of wireless communication technologies, and in particular, to a terminal collaborative authentication method and device middleware. Background technique
  • each ubiquitous terminal in the ubiquitous network constitutes a heterogeneous terminal group, and the cooperative interworking and authentication of the heterogeneous terminal group in the heterogeneous network is a problem that must be solved because, In practical applications, only the terminal collaboration between heterogeneous terminal groups can fully invoke the resources between the heterogeneous networks, so that the terminals can work together to achieve the purpose of improving user convenience.
  • the ubiquitous terminal is replaced by a terminal.
  • the main purpose of the embodiments of the present invention is to provide a terminal cooperative authentication method and device middleware, so as to avoid misjudgment of the terminal for forging identity and join the collaborative network, thereby affecting the security of coordinated transmission.
  • a method for authenticating a terminal comprising:
  • the central node searches for the collapsible terminal information table according to the terminal information of the terminal itself that is applied to join the collaborative network;
  • the terminal information is included in the splicable terminal information table, performing authentication according to the collaboration required information corresponding to the terminal information in the configurable terminal information table; otherwise, requesting the terminal to provide collaboration Information is certified.
  • the performing the verification specifically includes:
  • the central node After the terminal determines that the terminal has the right to join the collaborative network, the central node sends an authentication certificate to the terminal, and the terminal sends the authentication certificate and the terminal information of the terminal to the terminal. After the operation of the information required for the cooperation, the operation result is returned to the central node?
  • the central node compares the returned operation result with the operation result obtained by the local operation using the authentication certificate. If they are consistent, the authentication passes, allowing the terminal to join the collaborative network; otherwise, the terminal is denied to join the collaborative network.
  • the operation of the local use authentication certificate is specifically:
  • the local operation result is obtained by performing operation on the terminal information and the coordination required information stored in the collusable terminal information table stored by the central node by using the authentication certificate.
  • the method further includes:
  • the central node updates the locally stored location according to the received information required for collaboration from the terminal.
  • the cooperative terminal information table is broadcasted in the collaborative network and sent to all terminals in the collaborative network.
  • the cooperative terminal information table includes at least: the terminal information and the corresponding required information;
  • the terminal information specifically includes: a MAC address of the terminal;
  • the information required for the collaboration specifically includes: service information and terminal capability information of the terminal itself.
  • the method further includes: after the central node is switched, the central node after the handover re-organizes the authentication according to the updated collision terminal information table.
  • a device middleware can be run in each terminal in the collaborative network; the device middleware runs in a scenario of applying for joining the collaborative network terminal, and includes: a communication driving module, an information storage module, and a certification Module; among them,
  • the communication driving module is configured to send, by the terminal, a request for joining the collaborative network to the central node, and the request for joining the collaborative network carries the terminal information of the terminal itself; the terminal receives the cooperation required for providing the collaboration from the central node. After the request of the information, the information required for the collaboration is sent; the information storage module is configured to store the collapsible terminal information table, where the collaborative terminal information table includes at least: the terminal information and corresponding coordination required information;
  • the authentication module is configured to directly perform authentication according to the collaboration required information corresponding to the terminal information in the cooperateable terminal information table when the terminal information exists in the cooperateable terminal information table; otherwise, the call is performed.
  • the communication driver module requests the terminal to provide information required for collaboration for authentication.
  • the authentication module is further configured to: after determining, according to the information required by the collaboration, that the terminal has the right to join the collaborative network, invoke the communication driving module to receive an authentication certificate from the central node; After the authentication certificate is operated with the terminal information and the cooperation required information, the communication driver module is called to return the operation result to the central node- The communication driver module is further configured to receive an authentication certificate and return the operation result to the central node.
  • the terminal information specifically includes: a MAC address of the terminal;
  • the information required for the collaboration specifically includes: service information and terminal capability information of the terminal itself.
  • a device middleware the device middleware can be run in each terminal in the collaborative network; the device middleware is operated in a scenario of the central node, and includes: a communication driving module, an information storage module, and an authentication module;
  • the communication driver module is configured to obtain, by the central node, terminal information from the terminal, and send a request for providing the required information to the terminal;
  • the information storage module is configured to store a collapsible terminal information table, where the collision terminal information table includes at least: the terminal information and corresponding collaboration required information;
  • the authentication module is configured to directly perform authentication according to the collaboration required information corresponding to the terminal information in the cooperateable terminal information table when the terminal information exists in the cooperateable terminal information table; otherwise, the call is performed.
  • the communication driver module requests the terminal to provide information required for collaboration for authentication.
  • the authentication module is further configured to: after determining, according to the information required by the collaboration, that the terminal has the right to join the collaborative network, invoke the communication driver module to send an authentication certificate to the terminal; The local operation result obtained by the certificate operation is compared with the operation result returned by the terminal. When they are consistent, the authentication is passed, and the terminal is allowed to join the collaborative network; otherwise, the terminal is denied to join the collaborative network;
  • the communication driver module is further configured to issue an authentication certificate and receive an operation result returned by the terminal.
  • the terminal information specifically includes: a MAC address of the terminal;
  • the information required for the collaboration specifically includes: service information and terminal capability information of the terminal itself.
  • the method of the embodiment of the present invention is that the central node joins the terminal of the collaborative network according to the application.
  • the terminal information is used to search for a collapsible terminal information table; if the terminal information is included in the configurable terminal information table, the authentication is directly performed according to the collaboration required information corresponding to the terminal information in the configurable terminal information table; Otherwise, the terminal is requested to provide the information required for coordination for authentication.
  • FIG. 2 is a schematic structural diagram of a device middleware according to an embodiment of a system of the present invention
  • the central node searches for the collapsible terminal information table according to the terminal information of the terminal itself that is applied to join the collaborative network; and if the terminal information is included in the collisable terminal information table, according to the cooperative terminal
  • the information required for collaboration corresponding to the terminal information in the information table is directly authenticated; otherwise, the terminal is requested to provide information required for collaboration for authentication.
  • the terminal cooperative authentication method of the embodiment of the present invention includes: the terminal requests to join the collaborative network; the central node searches for the cooperateable terminal information table after obtaining the terminal information, such as the MAC address of the terminal, if the collaborative terminal information table does not have a corresponding MAC address, Then, the terminal is requested to provide the information required for the collaboration; the terminal sends the information required for the collaboration according to the request; the central node updates the collapsible terminal information table after receiving the cooperation required information provided by the terminal; the central node sends the authentication certificate; the terminal according to the authentication certificate and Synchronize the required information to calculate the operation result, and send the operation result to the central node; The central node compares the obtained terminal operation result with the local operation result to authenticate the terminal; the authenticated terminal joins the collaborative network.
  • the central node broadcasts the latest collapsible terminal information table; when the collaborative network needs to perform the central node migration, all the terminals are detached from the original central node, and apply to join the new collaborative network, and the new central node pairs all The terminal organizes new certifications.
  • the method mainly includes the following contents:
  • the terminal applies to join the collaborative network
  • the central node After obtaining the terminal information, such as the MAC address of the terminal, the central node searches the collapsible terminal information table to confirm whether the terminal information, such as the MAC address of the terminal, already exists in the cooperable terminal information table;
  • the terminal sends the required information for collaboration
  • the central node issues an authentication certificate
  • the terminal operates according to the authentication certificate and sends the operation result to the central node;
  • the central node compares the received terminal operation result with the local operation result
  • the terminal is allowed to join the collaborative network
  • the device middleware of the embodiment of the present invention should be configured to authenticate the terminal in a ubiquitous network, and run on each terminal of the ubiquitous network (including the central node in the heterogeneous terminal group) to implement the authentication interaction function operation of the collaborative process.
  • the authentication device middleware is located between the application service and the hardware device.
  • the device middleware of the embodiment of the present invention includes at least an authentication module, an information storage module, and a communication driver module. Further, an information collecting module may be further included. among them:
  • the authentication module is configured to authorize the terminal's authorization and identity authentication.
  • the so-called authority identification means whether the terminal has the right to join the collaborative network, including whether the terminal's own service information and terminal capability information meet the coordination requirement; the so-called identity authentication refers to: issuing the certificate, receiving the terminal operation result and the local operation result The comparison, etc., to confirm that the identity of the terminal is consistent with the information of the locally stored collapsible terminal.
  • the information storage module is configured to store the service information and terminal capability information of the terminal itself, the collaborative terminal information collected by the mutual discovery process, and the latest collaborative terminal information table broadcasted by the central node.
  • the communication driver module configured as an interaction interface module, is configured to exchange information during the authentication process, and the terminal side is configured to send a request to join the collaborative network, send the required information for the collaboration, receive the authentication certificate, and send the operation result.
  • the terminal information such as the MAC address of the terminal, is sent to send a request for providing the required information, the authentication certificate is issued, the operation result is received, and the latest collaborative terminal information table is broadcasted.
  • the device middleware further includes an information collecting module configured to collect the service information and the terminal capability information of the terminal itself, and the service information and the terminal capability of the terminal itself may be provided when the collaborative network central node needs the information provided by the terminal itself for collaboration. Information is provided to the central node in a timely manner.
  • the information required for the cooperation includes at least terminal information, service information of the terminal itself, and terminal capability information.
  • the terminal information includes terminal hardware information such as a MAC.
  • the terminal's own service information and terminal capability information belong to the terminal software information.
  • the authentication method and the device middleware configured in the embodiment of the present invention are configured to be authenticated by the terminal collaborative process and the central node switching process, thereby ensuring the security of the collaborative process, and introducing the cooperative terminal information.
  • the table avoids repeated terminal information acquisition and improves the efficiency of the authentication process.
  • the embodiment of the present invention fully utilizes the existing information to perform the authority identification, authenticates the terminal to join the collaborative network, realizes the sharing of the cooperative terminal information table, and provides the authentication mechanism of the central node switching, which effectively overcomes
  • the incompatibility factors such as the identity forgery of the terminal in the collaborative network and the central node switching process are introduced, and the collaborative terminal information table is introduced, because it can be shared, thereby avoiding repeated terminal information acquisition, and the use of the cooperative terminal information table improves the authority.
  • the efficiency of the identification which in turn increases the efficiency of the entire certification process.
  • the authentication in the existing terminal cooperation is generally based on a network form such as P2P, and does not consider the network formation process.
  • the establishment of all information is actually a very complicated process, and only considers end-to-end, multiple terminals.
  • the terminal information obtained in the process of mutual discovery is used to confirm whether the right to join the collaborative network is used to implement the collaborative authority authentication, and the terminal is authenticated to implement identity authentication, thereby preventing the terminal from being engaged in the process of joining the collaborative network.
  • Identity forgery is used to confirm whether the right to join the collaborative network.
  • the new central node can quickly identify whether the terminal to be joined has the collaborative authority, and organizes the re-authentication to prevent the network switching process. Unsafe factors such as identity forgery.
  • the embodiment of the present invention adopts a terminal collaborative authentication mechanism based on a cooperative terminal information table and identity authentication (including collaborative authority authentication, identity authentication, etc.) to implement authentication and authentication in the terminal cooperation process.
  • a cooperative terminal information table and identity authentication including collaborative authority authentication, identity authentication, etc.
  • identity authentication including collaborative authority authentication, identity authentication, etc.
  • Step 101 The terminal applies to join the collaborative network.
  • the cooperative terminal may apply to join the collaborative network when it needs to cooperate with the nodes in the collaborative network, and provide its own terminal information, such as the MAC address of the terminal, when applying.
  • Step 102 The central node obtains the MAC address of the terminal.
  • the central node responds to the request of the terminal and acquires the MAC address of the terminal.
  • the central node is: The terminal that plays the role of the master in the coordinated terminal group composed of each terminal in the collaborative network.
  • Step 103 Search for a collapsible terminal information table.
  • the locally stored collapsible terminal information table is searched for the purpose of confirming whether there is a MAC address of the terminal to which the application is applied, to confirm whether the central node interacts with it and saves the information required for the terminal to cooperate.
  • Step 104 If there is corresponding MAC information, go to step 108 directly, otherwise go to step 105.
  • this step it is determined whether the terminal information already exists in the coordinable terminal information table of the central node. If yes, the authentication is not required to be acquired again; if not, the acquisition is required to confirm whether the terminal has the coordinated authority.
  • Step 105 The central node requests the terminal to provide information required for collaboration.
  • the terminal since the terminal is newly added to the terminal, the terminal needs to obtain the service information and terminal capability information of the terminal itself.
  • Step 106 The terminal sends the required information for collaboration.
  • Step 107 After receiving the request of the central node, the terminal sends the information required for the collaboration.
  • Step 108 issuing an authentication certificate.
  • the central node sends the certificate required for authentication to the terminal.
  • Step 109 The terminal calculates according to the authentication certificate and sends the operation result to the central node.
  • the terminal performs calculation according to the authentication certificate and its own MAC address, the terminal's own service information and terminal capability information, and sends the operation result to the central node.
  • Step 110 The central node compares the received operation result with the local operation result.
  • the information stored in the collisable terminal information table is also locally calculated, and the received terminal operation result is compared with the local operation result.
  • Step 111 Determine whether the results are consistent. If they are inconsistent, go to step 112. If they are consistent, go to step 113.
  • this step it is determined whether the terminal information is consistent with the locally stored information, so as to decide whether to allow the terminal information to join the collaborative network.
  • Step 112 refusing to join the collaborative network.
  • the terminal that refuses to be inconsistent with the local information is added to the collaborative network, and the terminal and the forged information are mainly prevented.
  • Step 113 The terminal joins the collaborative network.
  • the terminal that has obtained the authentication is added to the collaborative network.
  • Step 114 Is there a new terminal to join?
  • step 115 it is determined whether a new terminal joins the collaborative network, that is, whether there is new collapsible terminal information. If yes, step 115 is performed; otherwise, step 116 is performed.
  • Step 115 Broadcast the latest collaborative terminal information table.
  • the latest cooperable terminal information table of the central node is broadcasted to the terminals in the cooperative network to ensure the consistency of all the terminals to the latest cooperable terminal information table, and avoid the cooperable terminal information after the central node is switched. Re-acquisition.
  • Step 116 Whether the central node switches. In this step, it is determined whether the central node in the collaborative network is switched. If the handover is performed, step 117 is performed, otherwise step 118 is performed.
  • Step 117 The new central node reorganizes the authentication for the existing cooperating terminal.
  • the new central node (which may also be referred to as the switched target central node) needs to re-authenticate the existing collaborative terminal.
  • the authentication process is as shown in steps 101-115. Since the new central node has the latest collapsible terminal information table, the re-authentication process does not need to reacquire the terminal information, but only needs to identify whether there is identity forgery during the handover process.
  • Step 118 waiting for the new terminal to join.
  • the terminal can join the collaborative network and the network center node switching process for efficient authentication, and the terminal service information and capability information are authenticated, and the identity of the terminal is verified by the authentication certificate.
  • This embodiment is a complete embodiment of the device middleware of the present invention, including an optional information collecting module in the device middleware.
  • the device middleware of the embodiment is built between the application service and the hardware device, and provides a solution for the terminal to authenticate in the collaborative process.
  • the authentication device middleware 10 includes: an authentication module 11, an information storage module 12, an information collection module 13, and a communication driver module 14.
  • Authentication module 11 configured to provide terminal information, such as authentication of the MAC address of the terminal, identity authentication, and the like. After receiving the request to join the collaborative network from the communication driver module 14, obtain the MAC address of the terminal, and retrieve the collapsible terminal information table from the information storage module 12 for comparison to see if it is a cooperable terminal; The communication driver module 14 delivers the authentication certificate, and obtains the result of the operation of the terminal using the certificate through the communication driver module 14, and compares with the operation result of the terminal to determine whether the terminal is authentic and can join the collaborative network.
  • the information storage module 12 is configured to store the service information and terminal capability information of the terminal itself. At the same time, the information of the cooperating terminal is stored.
  • the module may obtain its own service information from the information collecting module 13 and send it to the central node through the communication driving module 14, and also need to receive the latest collaborative terminal information broadcasted by the central node, and provide Called to the authentication module 11 .
  • the central node is used as the central node, the service information and terminal capability information of the terminal itself to be joined are obtained by the communication driver module 14.
  • the collaborative terminal information table is updated and broadcasted to the collaboration through the communication driver module 14. All terminals within the network.
  • the information collection module 13 is configured to collect service and hardware capability information of the application service layer of the terminal, and is added to the module 12 for use in collaborative process authentication, so that the central node can confirm whether it has the right and capability to join the collaborative network. It should be noted here that the information collection module 13 should be mainly configured as an internal call of the local terminal, and the information storage module 12 should be mainly configured as an interactive call between the terminals.
  • Communication Driver Module 14 Configured as a communication bearer for the collaborative authentication process between terminals. It is mainly responsible for the sending and receiving work, including receiving the request of the terminal to join the collaborative network, and providing the MAC address to the authentication module 11; sending the authentication module 11 to obtain the request for the cooperation of the terminal; receiving the information required for the collaboration from the terminal; The electronic authentication certificate of the authentication module 11; the certificate operation result received from the terminal; and the latest collaborative terminal information table in the broadcast information storage module 12.
  • the implementation process of the real example of the embodiment of the present invention is shown in FIG. 3, and the device middleware only includes the required components (authentication module, information storage module, and communication driver).
  • the module does not include an optional information collection module.
  • the implementation process mainly includes the following steps:
  • Step 301 The terminal requests to join the collaborative network to the central node by using the communication driver module.
  • Step 302 The central node searches for a cooperable terminal information table in the information storage module after acquiring terminal information, such as a MAC address of the terminal.
  • Step 303 If it is a newly added terminal, the authentication module requests the terminal to provide the terminal with the required information.
  • Step 304 The central node updates the collisable terminal information table in the information storage module according to the collaboration required information sent by the terminal.
  • Step 305 The central node sends an authentication certificate to the terminal through the authentication module.
  • Step 306 The terminal sends the operation result, and the central node compares the result with the local operation result to confirm whether the identity is true.
  • Step 307 The terminal joins the collaborative network after passing the authorization and identity confirmation.
  • Step 308 In the process of adding a new terminal node, since the stored collapsible terminal information table has been updated, in order to facilitate all terminals to know the latest collisionable terminal information in time, the latest collaborative terminal information table is broadcasted.
  • Step 309 When the central node switches, the new central point re-organizes all the terminals that apply to join the collaborative network. Since the basic information already exists, it is not necessary to repeatedly obtain the service and capability information, and only needs to verify whether the identity is true, and improve the authentication efficiency. .
  • the heterogeneous terminal group applying the above authentication method is as shown in FIG. 4, and includes: a computer, a mobile phone, a pad, a camera, etc., and terminal cooperation is required to complete data sharing and link aggregation.
  • the central node has other information tables that can cooperate with the terminal, so that rapid authorization identification can be performed, and then the identity authentication can be performed.
  • the central node When a new mobile terminal is added, it is necessary to identify the collaborative rights, including the information required for the collaboration, such as the service type and hardware device capabilities, and then authenticate the identity.
  • the new central node After the central node is transferred to the pad, the new central node performs fast authentication on the cooperating terminal and re-authenticates the identity to form a new collaborative network.
  • the central node searches for the collapsible terminal information table according to the terminal information of the terminal itself that is added to the collaborative network; and if the terminal information is included in the collisionable terminal information table, according to the collisable terminal information table
  • the information required for collaboration corresponding to the terminal information is directly authenticated; otherwise, the terminal is requested to provide information required for collaboration for authentication.
  • the embodiment of the present invention can perform authentication according to the information required for the collaboration corresponding to the terminal information. Therefore, the embodiment of the present invention can avoid the misjudgment of the terminal for falsifying the identity and join the collaborative network, thereby affecting the security of the coordinated transmission.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)

Abstract

Disclosed is a method for authentication of terminal cooperation and an equipment middleware thereof. Wherein, the method includes: according to the terminal information of the terminal itself which applies to join a cooperative network, a central node searches a cooperative operable terminal information table. If the cooperative operable terminal information table contains the terminal information, authentication is performed directly based on the cooperative needed information in the cooperative operable terminal information table which corresponds to the terminal information , otherwise authentication is performed through requesting the terminal to provide the cooperative needed information. The equipment middleware includes communication drive module, information storage module and authentication module. Adopting the invention, the judgment mistake of imitative identification terminal which will lead to joining in the cooperative network and affecting the safety of cooperative transmission is avoided.

Description

一种终端协同的认证方法及设备中间件 技术领域  Terminal cooperative authentication method and device middleware
本发明涉及无线通信技术领域中的终端身份认证技术, 尤其涉及一种 终端协同的认证方法及设备中间件。 背景技术  The present invention relates to a terminal identity authentication technology in the field of wireless communication technologies, and in particular, to a terminal collaborative authentication method and device middleware. Background technique
随着通信技术的不断发展及人们生活水平的不断提高, 终端包括的范 围也越来越广泛, 同时, 单个终端又由于功能、 特性等方面具有一定的局 限性, 这在一定程度上限制了用户操作的便捷性, 而泛在网络和泛在终端 技术能解决这个问题。  With the continuous development of communication technology and the continuous improvement of people's living standards, the scope of terminals has become more and more extensive. At the same time, a single terminal has certain limitations due to its functions and features, which limits users to a certain extent. Convenience of operation, and ubiquitous network and ubiquitous terminal technology can solve this problem.
无线通信技术的飞速发展, 造就了如今日益丰富的网络种类, 形成了 泛在网络的大环境。 与此同时, 移动业务制造商借助网络性能的不断完善 为用户提供了各种各样的业务应用, 提高了用户借助功能强大的各个泛在 终端设备使用业务的便捷性。 在同一用户拥有多个终端及多个携带终端存 在的场景, 即多个泛在终端存在于泛在网络的场景下, 都可通过终端协同 工作以达到提高用户操作便捷性的目的。  The rapid development of wireless communication technology has created an increasingly rich network type and formed a ubiquitous network environment. At the same time, mobile service manufacturers have provided users with a variety of business applications through the continuous improvement of network performance, which has improved the convenience of users to use the powerful ubiquitous terminal devices. In the scenario where the same user has multiple terminals and multiple carrying terminals, that is, multiple ubiquitous terminals exist in the ubiquitous network, the terminals can work together to improve the user's operation convenience.
然而, 由于泛在网络属于异构网络, 泛在网络中的各个泛在终端构成 异构终端组, 针对该异构网络中异构终端组的协同互通及认证是必须要解 决的问题, 因为, 在实际应用中, 只有实现异构终端组间的终端协同才能 充分调用异构网络间的资源, 从而可通过终端协同工作以达到提高用户操 作便捷性的目的。 以下为了简化描述, 将泛在终端都用终端来代替。  However, since the ubiquitous network belongs to a heterogeneous network, each ubiquitous terminal in the ubiquitous network constitutes a heterogeneous terminal group, and the cooperative interworking and authentication of the heterogeneous terminal group in the heterogeneous network is a problem that must be solved because, In practical applications, only the terminal collaboration between heterogeneous terminal groups can fully invoke the resources between the heterogeneous networks, so that the terminals can work together to achieve the purpose of improving user convenience. In order to simplify the description below, the ubiquitous terminal is replaced by a terminal.
在终端协同过程中, 安全性非常重要。 由于终端协同是一个全新网络 交互过程, 安全性的设计也有别于现有的安全架构, 因此, 为避免对伪造 身份的终端误判从而加入协同网络, 在终端协同工作时对终端进行认证就 显得尤为重要, 但是目前并未存在有效的解决方案。 发明内容 Security is very important in the terminal collaboration process. Since terminal collaboration is a new network interaction process, the security design is different from the existing security architecture. Therefore, in order to avoid misjudgment of the terminal for falsifying identity and join the collaborative network, the terminal is authenticated when the terminal works together. This is especially important, but there is currently no effective solution. Summary of the invention
有鉴于此, 本发明实施例的主要目的在于提供一种终端协同的认证方 法及设备中间件, 以避免对伪造身份的终端误判从而加入协同网络, 影响 到协同传输的安全性。  In view of this, the main purpose of the embodiments of the present invention is to provide a terminal cooperative authentication method and device middleware, so as to avoid misjudgment of the terminal for forging identity and join the collaborative network, thereby affecting the security of coordinated transmission.
为达到上述目的, 本发明实施例的技术方案是这样实现的:  To achieve the above objective, the technical solution of the embodiment of the present invention is implemented as follows:
一种终端协同的认证方法, 所述方法包括:  A method for authenticating a terminal, the method comprising:
中心节点根据申请加入协同网络的终端自身的终端信息, 查找可协同 终端信息表;  The central node searches for the collapsible terminal information table according to the terminal information of the terminal itself that is applied to join the collaborative network;
若所述可协同终端信息表中有所述终端信息, 则根据所述可协同终端 信息表中与所述终端信息对应的协同所需信息直接进行认证; 否则, 请求 所述终端提供协同所需信息进行认证。  If the terminal information is included in the splicable terminal information table, performing authentication according to the collaboration required information corresponding to the terminal information in the configurable terminal information table; otherwise, requesting the terminal to provide collaboration Information is certified.
其中, 所述进行认证具体包括:  The performing the verification specifically includes:
根据所述协同所需信息判断出所述终端具有加入所述协同网络的权限 后, 中心节点下发认证证书给所述终端, 所述终端将所述认证证书与自身 的所述终端信息和所述协同所需信息进行运算后返回运算结果给所述中心 节点?  After the terminal determines that the terminal has the right to join the collaborative network, the central node sends an authentication certificate to the terminal, and the terminal sends the authentication certificate and the terminal information of the terminal to the terminal. After the operation of the information required for the cooperation, the operation result is returned to the central node?
中心节点将返回的运算结果与本地利用认证证书运算获得的运算结果 进行比较, 若一致, 则认证通过, 允许所述终端加入协同网络; 否则, 拒 绝所述终端加入协同网络。  The central node compares the returned operation result with the operation result obtained by the local operation using the authentication certificate. If they are consistent, the authentication passes, allowing the terminal to join the collaborative network; otherwise, the terminal is denied to join the collaborative network.
其中, 所述本地利用认证证书运算具体为:  The operation of the local use authentication certificate is specifically:
利用认证证书对中心节点存储的所述可协同终端信息表中的终端信息 和协同所需信息进行运算后获得本地运算结果。  The local operation result is obtained by performing operation on the terminal information and the coordination required information stored in the collusable terminal information table stored by the central node by using the authentication certificate.
其中, 请求所述终端提供协同所需信息后, 该方法还包括:  After the requesting the terminal to provide the required information for collaboration, the method further includes:
中心节点根据收到的来自于终端的协同所需信息, 更新本地存储的所 述可协同终端信息表, 将更新后的所述可协同终端信息表在协同网络中广 播, 并发送给协同网络中的所有终端。 The central node updates the locally stored location according to the received information required for collaboration from the terminal. The cooperative terminal information table is broadcasted in the collaborative network and sent to all terminals in the collaborative network.
其中, 所述可协同终端信息表中至少包括: 所述终端信息及对应的协 同所需信息; 其中,  The cooperative terminal information table includes at least: the terminal information and the corresponding required information; wherein
所述终端信息具体包括: 终端的 MAC地址;  The terminal information specifically includes: a MAC address of the terminal;
所述协同所需信息具体包括: 终端自身的服务信息和终端能力信息。 其中, 所述方法还包括: 中心节点切换后, 由切换后的中心节点根据 更新后的所述可协同终端信息表对终端重新组织认证。  The information required for the collaboration specifically includes: service information and terminal capability information of the terminal itself. The method further includes: after the central node is switched, the central node after the handover re-organizes the authentication according to the updated collision terminal information table.
一种设备中间件, 所述设备中间件能运行在协同网络中的各个终端内; 所述设备中间件运行在申请加入协同网络的终端的场景下, 包括: 通 信驱动模块、 信息存储模块、 认证模块; 其中,  A device middleware, the device middleware can be run in each terminal in the collaborative network; the device middleware runs in a scenario of applying for joining the collaborative network terminal, and includes: a communication driving module, an information storage module, and a certification Module; among them,
所述通信驱动模块, 配置为所述终端发送申请加入协同网络的请求给 中心节点, 申请加入协同网络的请求中携带终端自身的终端信息; 所述终 端收到来自于中心节点的提供协同所需信息的请求后, 发送协同所需信息; 所述信息存储模块, 配置为存储可协同终端信息表, 所述可协同终端 信息表中至少包括: 所述终端信息及对应的协同所需信息;  The communication driving module is configured to send, by the terminal, a request for joining the collaborative network to the central node, and the request for joining the collaborative network carries the terminal information of the terminal itself; the terminal receives the cooperation required for providing the collaboration from the central node. After the request of the information, the information required for the collaboration is sent; the information storage module is configured to store the collapsible terminal information table, where the collaborative terminal information table includes at least: the terminal information and corresponding coordination required information;
所述认证模块, 配置为在所述可协同终端信息表中存在所述终端信息 时, 根据所述可协同终端信息表中与所述终端信息对应的协同所需信息直 接进行认证; 否则, 调用所述通信驱动模块请求所述终端提供协同所需信 息进行认证。  The authentication module is configured to directly perform authentication according to the collaboration required information corresponding to the terminal information in the cooperateable terminal information table when the terminal information exists in the cooperateable terminal information table; otherwise, the call is performed. The communication driver module requests the terminal to provide information required for collaboration for authentication.
其中, 所述认证模块, 进一步配置为根据所述协同所需信息判断出所 述终端具有加入所述协同网络的权限后, 调用所述通信驱动模块接收来自 于中心节点的认证证书; 将所述认证证书与自身的所述终端信息和所述协 同所需信息进行运算后, 再调用所述通信驱动模块返回运算结果给中心节 占 - 所述通信驱动模块, 进一步配置为接收认证证书, 返回运算结果给中 心节点。 The authentication module is further configured to: after determining, according to the information required by the collaboration, that the terminal has the right to join the collaborative network, invoke the communication driving module to receive an authentication certificate from the central node; After the authentication certificate is operated with the terminal information and the cooperation required information, the communication driver module is called to return the operation result to the central node- The communication driver module is further configured to receive an authentication certificate and return the operation result to the central node.
其中, 所述终端信息具体包括: 终端的 MAC地址;  The terminal information specifically includes: a MAC address of the terminal;
所述协同所需信息具体包括: 终端自身的服务信息和终端能力信息。 一种设备中间件, 所述设备中间件能运行在协同网络中的各个终端内; 所述设备中间件运行在中心节点的场景下, 包括: 通信驱动模块、 信 息存储模块、 认证模块; 其中,  The information required for the collaboration specifically includes: service information and terminal capability information of the terminal itself. A device middleware, the device middleware can be run in each terminal in the collaborative network; the device middleware is operated in a scenario of the central node, and includes: a communication driving module, an information storage module, and an authentication module;
所述通信驱动模块, 配置为中心节点获得来自于终端的终端信息, 发 送提供协同所需信息的请求给终端;  The communication driver module is configured to obtain, by the central node, terminal information from the terminal, and send a request for providing the required information to the terminal;
所述信息存储模块, 配置为存储可协同终端信息表, 所述可协同终端 信息表中至少包括: 所述终端信息及对应的协同所需信息;  The information storage module is configured to store a collapsible terminal information table, where the collision terminal information table includes at least: the terminal information and corresponding collaboration required information;
所述认证模块, 配置为在所述可协同终端信息表中存在所述终端信息 时, 根据所述可协同终端信息表中与所述终端信息对应的协同所需信息直 接进行认证; 否则, 调用所述通信驱动模块请求所述终端提供协同所需信 息进行认证。  The authentication module is configured to directly perform authentication according to the collaboration required information corresponding to the terminal information in the cooperateable terminal information table when the terminal information exists in the cooperateable terminal information table; otherwise, the call is performed. The communication driver module requests the terminal to provide information required for collaboration for authentication.
其中, 所述认证模块, 进一步配置为根据所述协同所需信息判断出所 述终端具有加入所述协同网络的权限后, 调用所述通信驱动模块下发认证 证书给终端; 中心节点本地利用认证证书运算获得的本地运算结果, 与终 端返回的运算结果进行比较, 一致时, 认证通过, 允许所述终端加入协同 网络; 否则, 拒绝所述终端加入协同网络;  The authentication module is further configured to: after determining, according to the information required by the collaboration, that the terminal has the right to join the collaborative network, invoke the communication driver module to send an authentication certificate to the terminal; The local operation result obtained by the certificate operation is compared with the operation result returned by the terminal. When they are consistent, the authentication is passed, and the terminal is allowed to join the collaborative network; otherwise, the terminal is denied to join the collaborative network;
所述通信驱动模块, 进一步配置为下发认证证书, 接收终端返回的运 算结果。  The communication driver module is further configured to issue an authentication certificate and receive an operation result returned by the terminal.
其中, 所述终端信息具体包括: 终端的 MAC地址;  The terminal information specifically includes: a MAC address of the terminal;
所述协同所需信息具体包括: 终端自身的服务信息和终端能力信息。 本发明实施例的方法是中心节点根据申请加入协同网络的终端自身的 终端信息, 查找可协同终端信息表; 若所述可协同终端信息表中有所述终 端信息, 则根据所述可协同终端信息表中与所述终端信息对应的协同所需 信息直接进行认证; 否则, 请求所述终端提供协同所需信息进行认证。 The information required for the collaboration specifically includes: service information and terminal capability information of the terminal itself. The method of the embodiment of the present invention is that the central node joins the terminal of the collaborative network according to the application. The terminal information is used to search for a collapsible terminal information table; if the terminal information is included in the configurable terminal information table, the authentication is directly performed according to the collaboration required information corresponding to the terminal information in the configurable terminal information table; Otherwise, the terminal is requested to provide the information required for coordination for authentication.
由于本发明实施例能根据与终端信息对应的协同所需信息进行认证, 因此, 能避免对伪造身份的终端误判从而加入协同网络, 影响到协同传输 的安全性。 附图说明 图 2为本发明系统实施例的设备中间件的结构示意图; 的实现流程图;  The embodiment of the present invention can perform authentication according to the information required for collaboration corresponding to the terminal information. Therefore, the terminal for falsifying the identity can be prevented from being misjudged and added to the collaborative network, thereby affecting the security of the coordinated transmission. BRIEF DESCRIPTION OF DRAWINGS FIG. 2 is a schematic structural diagram of a device middleware according to an embodiment of a system of the present invention;
具体实施方式 detailed description
在本发明实施例中: 中心节点根据申请加入协同网络的终端自身的终 端信息, 查找可协同终端信息表; 若所述可协同终端信息表中有所述终端 信息, 则根据所述可协同终端信息表中与所述终端信息对应的协同所需信 息直接进行认证; 否则, 请求所述终端提供协同所需信息进行认证。  In the embodiment of the present invention, the central node searches for the collapsible terminal information table according to the terminal information of the terminal itself that is applied to join the collaborative network; and if the terminal information is included in the collisable terminal information table, according to the cooperative terminal The information required for collaboration corresponding to the terminal information in the information table is directly authenticated; otherwise, the terminal is requested to provide information required for collaboration for authentication.
下面结合附图对技术方案的实施作进一步的详细描述。  The implementation of the technical solution will be further described in detail below with reference to the accompanying drawings.
本发明实施例的终端协同的认证方法包括: 终端请求加入协同网络; 中心节点在获得终端信息, 如终端的 MAC地址后查找可协同终端信息表, 如果可协同终端信息表没有对应的 MAC地址,则请求终端提供协同所需信 息; 终端根据请求发送协同所需信息; 中心节点在收到终端提供的协同所 需信息后更新可协同终端信息表; 中心节点下发认证证书; 终端根据认证 证书与协同所需信息进行运算得到运算结果, 并将运算结果发给中心节点; 中心节点将得到的终端运算结果与本地运算结果比较, 对终端进行认证; 通过认证的终端加入协同网络。 The terminal cooperative authentication method of the embodiment of the present invention includes: the terminal requests to join the collaborative network; the central node searches for the cooperateable terminal information table after obtaining the terminal information, such as the MAC address of the terminal, if the collaborative terminal information table does not have a corresponding MAC address, Then, the terminal is requested to provide the information required for the collaboration; the terminal sends the information required for the collaboration according to the request; the central node updates the collapsible terminal information table after receiving the cooperation required information provided by the terminal; the central node sends the authentication certificate; the terminal according to the authentication certificate and Synchronize the required information to calculate the operation result, and send the operation result to the central node; The central node compares the obtained terminal operation result with the local operation result to authenticate the terminal; the authenticated terminal joins the collaborative network.
进一步的, 中心节点广播最新的可协同终端信息表; 协同网络在需要 进行中心节点迁移时, 所有终端从原有中心节点中脱离, 并申请加入到新 的协同网络, 由新的中心节点对所有终端组织新的认证。  Further, the central node broadcasts the latest collapsible terminal information table; when the collaborative network needs to perform the central node migration, all the terminals are detached from the original central node, and apply to join the new collaborative network, and the new central node pairs all The terminal organizes new certifications.
具体的, 该方法主要包括以下内容:  Specifically, the method mainly includes the following contents:
1、 终端申请加入协同网络;  1. The terminal applies to join the collaborative network;
2、 中心节点在获得终端信息, 如终端的 MAC地址后, 搜索可协同终 端信息表, 确认是否该终端信息, 如终端的 MAC地址已存在于可协同终端 信息表内;  2. After obtaining the terminal information, such as the MAC address of the terminal, the central node searches the collapsible terminal information table to confirm whether the terminal information, such as the MAC address of the terminal, already exists in the cooperable terminal information table;
3、 对不在可协同终端信息表中的终端, 请求终端提供协同所需信息; 3. requesting the terminal to provide the required information for the terminal that is not in the collaborative terminal information table;
4、 终端发送协同所需信息; 4. The terminal sends the required information for collaboration;
5、 在获得终端协同所需信息后, 更新可协同终端信息表;  5. After obtaining the information required by the terminal to cooperate, updating the collapsible terminal information table;
6、 中心节点下发认证证书;  6. The central node issues an authentication certificate;
7、 终端根据认证证书运算并将运算结果发送给中心节点;  7. The terminal operates according to the authentication certificate and sends the operation result to the central node;
8、 中心节点将收到的终端运算结果与本地运算结果进行比对;  8. The central node compares the received terminal operation result with the local operation result;
9、 如果结果一致, 则允许终端加入协同网络;  9. If the results are consistent, the terminal is allowed to join the collaborative network;
10、 如果有新的终端加入, 则广播最新的可协同终端信息表;  10. If a new terminal joins, broadcast the latest collapsible terminal information table;
11、 如果中心节点发生切换, 由新的中心节点对当前可协同终端进行 重新认证。  11. If the central node switches, the new central node re-authenticates the currently cooperating terminal.
本发明实施例的设备中间件, 应配置为泛在网络中终端协同的认证, 运行在泛在网络的各个终端(包括异构终端组中的中心节点), 以实现协同 过程的认证交互功能操作。 认证设备中间件位于应用服务与硬件设备之间。 本发明实施例的设备中间件至少包括认证模块、 信息存储模块、 通信驱动 模块。 进一步还可以包括信息收集模块。 其中: 认证模块, 配置为组织终端的权限鉴定和身份认证。 所谓权限鉴定指: 鉴别终端是否具有加入该协同网络的权限, 包括终端自身的服务信息和终 端能力信息是否符合协同要求; 所谓身份认证指: 通过下发证书、 接收终 端运算结果及与本地运算结果的比对等, 以确认终端的身份与本地存储的 可协同终端的信息一致。 The device middleware of the embodiment of the present invention should be configured to authenticate the terminal in a ubiquitous network, and run on each terminal of the ubiquitous network (including the central node in the heterogeneous terminal group) to implement the authentication interaction function operation of the collaborative process. . The authentication device middleware is located between the application service and the hardware device. The device middleware of the embodiment of the present invention includes at least an authentication module, an information storage module, and a communication driver module. Further, an information collecting module may be further included. among them: The authentication module is configured to authorize the terminal's authorization and identity authentication. The so-called authority identification means: whether the terminal has the right to join the collaborative network, including whether the terminal's own service information and terminal capability information meet the coordination requirement; the so-called identity authentication refers to: issuing the certificate, receiving the terminal operation result and the local operation result The comparison, etc., to confirm that the identity of the terminal is consistent with the information of the locally stored collapsible terminal.
信息存储模块, 配置为存储终端自身的服务信息和终端能力信息, 互 发现过程收集的可协同终端信息及中心节点广播的最新的可协同终端信息 表。  The information storage module is configured to store the service information and terminal capability information of the terminal itself, the collaborative terminal information collected by the mutual discovery process, and the latest collaborative terminal information table broadcasted by the central node.
通信驱动模块, 作为交互接口模块, 配置为认证过程中的信息交互, 在终端侧表现为发送加入协同网络请求, 发送协同所需信息, 接收认证证 书, 发送运算结果等。 在中心节点侧表现为获得终端信息, 如终端的 MAC 地址, 发送提供协同所需信息的请求, 下发认证证书, 接收运算结果, 广 播最新的可协同终端信息表。  The communication driver module, configured as an interaction interface module, is configured to exchange information during the authentication process, and the terminal side is configured to send a request to join the collaborative network, send the required information for the collaboration, receive the authentication certificate, and send the operation result. On the central node side, the terminal information, such as the MAC address of the terminal, is sent to send a request for providing the required information, the authentication certificate is issued, the operation result is received, and the latest collaborative terminal information table is broadcasted.
进一步的, 设备中间件还包括信息收集模块, 配置为收集终端自身的 服务信息和终端能力信息, 在协同网络中心节点需要终端自身提供协同所 需信息时, 可以将终端自身的服务信息和终端能力信息及时提供给中心节 点。 这里, 所述协同所需信息至少包括终端信息、 终端自身的服务信息和 终端能力信息。 其中, 终端信息包括 MAC等终端硬件信息。 终端自身的服 务信息和终端能力信息属于终端软件信息。  Further, the device middleware further includes an information collecting module configured to collect the service information and the terminal capability information of the terminal itself, and the service information and the terminal capability of the terminal itself may be provided when the collaborative network central node needs the information provided by the terminal itself for collaboration. Information is provided to the central node in a timely manner. Here, the information required for the cooperation includes at least terminal information, service information of the terminal itself, and terminal capability information. The terminal information includes terminal hardware information such as a MAC. The terminal's own service information and terminal capability information belong to the terminal software information.
综上所述, 本发明实施例的认证方法和配置为认证的设备中间件, 适 配置为终端协同过程及中心节点切换过程的认证, 保证了协同过程的安全 性, 同时引入了可协同终端信息表, 避免了重复的终端信息获取, 提高了 认证过程的效率。  In summary, the authentication method and the device middleware configured in the embodiment of the present invention are configured to be authenticated by the terminal collaborative process and the central node switching process, thereby ensuring the security of the collaborative process, and introducing the cooperative terminal information. The table avoids repeated terminal information acquisition and improves the efficiency of the authentication process.
在终端协同过程中, 安全性非常重要。 由于终端协同是一个全新网络 交互过程, 安全性的设计也有别于现有的安全架构, 在终端协同之前需要 进行互发现过程, 互发现过程又可以提供部分信息供认证使用。 所以, 本 发明实施例充分利用了现有信息来进行权限鉴定, 并对要加入协同网络的 终端进行认证, 实现了可协同终端信息表的共享, 还提供了中心节点切换 的认证机制, 有效克服了加入协同网络及中心节点切换过程中终端的身份 伪造等不安全因素, 引入的可协同终端信息表, 因为可以共享, 从而也避 免了重复的终端信息获取, 利用可协同终端信息表提高了权限鉴定的效率, 进而提高了整个认证过程的效率。 Security is very important in the terminal collaboration process. Since terminal collaboration is a new network interaction process, the security design is different from the existing security architecture. The mutual discovery process allows the mutual discovery process to provide some information for authentication. Therefore, the embodiment of the present invention fully utilizes the existing information to perform the authority identification, authenticates the terminal to join the collaborative network, realizes the sharing of the cooperative terminal information table, and provides the authentication mechanism of the central node switching, which effectively overcomes The incompatibility factors such as the identity forgery of the terminal in the collaborative network and the central node switching process are introduced, and the collaborative terminal information table is introduced, because it can be shared, thereby avoiding repeated terminal information acquisition, and the use of the cooperative terminal information table improves the authority. The efficiency of the identification, which in turn increases the efficiency of the entire certification process.
对比现有技术而言,现有终端协同中的认证普遍基于 P2P等网络形式, 而且并不考虑网络形成过程, 所有信息的建立其实是非常复杂的过程, 并 且只考虑端到端, 多个终端进行协同时, 相互之间的统一认证依然缺乏。 而本发明实施例利用互发现过程中获得的终端信息, 确认是否具有加入协 同网络的权限以实现协同权限鉴定, 并对终端进行身份认证以实现身份认 证, 防止在加入协同网络的过程中进行终端的身份伪造。 在协同网络中心 节点切换时, 由于采用了可协同终端信息表的共享机制, 新的中心节点就 可以快速鉴定需要加入的终端是否具有协同权限, 并组织对其进行重新的 认证, 防止网络切换过程中的身份伪造等不安全因素。  Compared with the prior art, the authentication in the existing terminal cooperation is generally based on a network form such as P2P, and does not consider the network formation process. The establishment of all information is actually a very complicated process, and only considers end-to-end, multiple terminals. When collaborating, unified certification between each other is still lacking. In the embodiment of the present invention, the terminal information obtained in the process of mutual discovery is used to confirm whether the right to join the collaborative network is used to implement the collaborative authority authentication, and the terminal is authenticated to implement identity authentication, thereby preventing the terminal from being engaged in the process of joining the collaborative network. Identity forgery. When the cooperative network center node switches, because the sharing mechanism of the cooperative terminal information table is adopted, the new central node can quickly identify whether the terminal to be joined has the collaborative authority, and organizes the re-authentication to prevent the network switching process. Unsafe factors such as identity forgery.
总之, 对比现有技术而言, 本发明实施例采用基于可协同终端信息表、 及身份认证的终端协同认证机制 (包括协同权限鉴定, 身份认证等), 实现 终端协同过程中的鉴别与认证, 提高协同交互的安全性和可靠性, 并利用 可协同终端信息表提高了权限鉴定的效率, 进而提高了整个认证过程的效 率。  In summary, compared with the prior art, the embodiment of the present invention adopts a terminal collaborative authentication mechanism based on a cooperative terminal information table and identity authentication (including collaborative authority authentication, identity authentication, etc.) to implement authentication and authentication in the terminal cooperation process. Improve the security and reliability of collaborative interactions, and use the collaborative terminal information table to improve the efficiency of authority authentication, thereby improving the efficiency of the entire authentication process.
方法实施例: 本实施例为本发明终端协同的认证方法的一个完整实施 例, 这里终端信息具体为终端的 MAC地址, 但是终端信息不限于终端的 MAC地址, 也可以是其他终端硬件信息, 如图 la、 图 lb所示, 包括以下 步驟: 步驟 101 , 终端申请加入协同网络。 Method Embodiment: This embodiment is a complete embodiment of the terminal collaborative authentication method of the present invention. The terminal information is specifically the MAC address of the terminal, but the terminal information is not limited to the MAC address of the terminal, and may also be other terminal hardware information, such as Figure la and Figure lb show the following steps: Step 101: The terminal applies to join the collaborative network.
该步驟中, 可协同终端在需要与协同网络中节点进行协同时, 可申请 加入该协同网络, 在申请时提供自身的终端信息, 如终端的 MAC地址。  In this step, the cooperative terminal may apply to join the collaborative network when it needs to cooperate with the nodes in the collaborative network, and provide its own terminal information, such as the MAC address of the terminal, when applying.
步驟 102 , 中心节点获得终端的 MAC地址。  Step 102: The central node obtains the MAC address of the terminal.
该步驟中, 中心节点响应终端的请求, 并获取终端的 MAC地址。 这里需要指出的是: 中心节点为: 协同网络中由各个终端构成的协同 终端组中起主控作用的终端。  In this step, the central node responds to the request of the terminal and acquires the MAC address of the terminal. It should be pointed out here that the central node is: The terminal that plays the role of the master in the coordinated terminal group composed of each terminal in the collaborative network.
步驟 103 , 搜索可协同终端信息表。  Step 103: Search for a collapsible terminal information table.
该步驟中, 对本地存储的可协同终端信息表进行搜索, 目的是确认是 否存在申请加入的终端的 MAC地址,以确认中心节点是否与其交互过并保 存有该终端协同所需信息。  In this step, the locally stored collapsible terminal information table is searched for the purpose of confirming whether there is a MAC address of the terminal to which the application is applied, to confirm whether the central node interacts with it and saves the information required for the terminal to cooperate.
步驟 104, 如果存在对应的 MAC信息, 则直接执行步驟 108, 否则转 步驟 105。  Step 104: If there is corresponding MAC information, go to step 108 directly, otherwise go to step 105.
该步驟中, 判断该终端信息是否已经存在于中心节点的可协同终端信 息表, 如果存在, 则无需再度获取, 直接进行认证; 如果没有, 则需要通 过获取以确认该终端是否具有协同的权限。  In this step, it is determined whether the terminal information already exists in the coordinable terminal information table of the central node. If yes, the authentication is not required to be acquired again; if not, the acquisition is required to confirm whether the terminal has the coordinated authority.
步驟 105, 中心节点请求终端提供协同所需信息。  Step 105: The central node requests the terminal to provide information required for collaboration.
该步驟中, 由于终端为新加入终端, 所以需要通过交互获取终端自身 的服务信息和终端能力信息。  In this step, since the terminal is newly added to the terminal, the terminal needs to obtain the service information and terminal capability information of the terminal itself.
步驟 106, 终端发送协同所需信息。  Step 106: The terminal sends the required information for collaboration.
该步驟中, 终端在接收到中心节点的请求后, 发送协同所需的信息。 步驟 107, 中心节点更新可协同终端信息表。  In this step, after receiving the request of the central node, the terminal sends the information required for the collaboration. Step 107: The central node updates the collapsible terminal information table.
该步驟中, 由于中心节点中的可协同终端信息表中之前不存在该终端 的信息, 包括 MAC地址, 终端自身的服务信息和终端能力信息等, 所以需 要对其进行更新, 保证存储的为最新的可协同终端的信息。 步驟 108 , 下发认证证书。 In this step, since the information of the terminal does not exist in the coordinable terminal information table in the central node, including the MAC address, the service information of the terminal itself, and the terminal capability information, it needs to be updated to ensure that the storage is up-to-date. Information that can be coordinated with the terminal. Step 108, issuing an authentication certificate.
在该步驟中, 中心节点讲认证所需的证书下发给终端。  In this step, the central node sends the certificate required for authentication to the terminal.
步驟 109, 终端根据认证证书运算并将运算结果发送给中心节点。  Step 109: The terminal calculates according to the authentication certificate and sends the operation result to the central node.
该步驟中, 终端根据认证证书与自身的 MAC地址、终端自身的服务信 息和终端能力信息进行运算, 并将运算结果发送给中心节点  In this step, the terminal performs calculation according to the authentication certificate and its own MAC address, the terminal's own service information and terminal capability information, and sends the operation result to the central node.
步驟 110, 中心节点将收到的运算结果与本地的运算结果进行比较。 该步驟中, 在终端进行运算的同时, 本地也对存储在可协同终端信息 表中的信息进行运算, 并将接收到的终端运算结果与本地的运算结果比较。  Step 110: The central node compares the received operation result with the local operation result. In this step, while the terminal performs the operation, the information stored in the collisable terminal information table is also locally calculated, and the received terminal operation result is compared with the local operation result.
步驟 111 , 判断结果是否一致, 如果不一致, 则执行步驟 112; 如果一 致, 则执行步驟 113。  Step 111: Determine whether the results are consistent. If they are inconsistent, go to step 112. If they are consistent, go to step 113.
该步驟中, 判断是否终端信息与本地存储信息是否一致, 以便决策是 否允许其加入协同网络。  In this step, it is determined whether the terminal information is consistent with the locally stored information, so as to decide whether to allow the terminal information to join the collaborative network.
步驟 112, 拒绝加入协同网络。  Step 112, refusing to join the collaborative network.
该步驟中, 拒绝与本地的信息不一致的终端加入协同网络, 主要防止 的是身份和信息伪造的终端。  In this step, the terminal that refuses to be inconsistent with the local information is added to the collaborative network, and the terminal and the forged information are mainly prevented.
步驟 113 , 终端加入协同网络。  Step 113: The terminal joins the collaborative network.
该步驟中, 获得认证通过的终端加入协同网络。  In this step, the terminal that has obtained the authentication is added to the collaborative network.
步驟 114, 是否有新终端加入。  Step 114: Is there a new terminal to join?
该步驟中, 判断是否有新的终端加入该协同网络, 即是否存在新的可 协同终端信息, 如果存在, 则执行步驟 115 , 否则, 执行步驟 116。  In this step, it is determined whether a new terminal joins the collaborative network, that is, whether there is new collapsible terminal information. If yes, step 115 is performed; otherwise, step 116 is performed.
步驟 115 , 广播最新的可协同终端信息表。  Step 115: Broadcast the latest collaborative terminal information table.
该步驟中, 将中心节点的最新的可协同终端信息表对协同网络内的终 端进行广播, 以保证所有终端对最新的可协同终端信息表的一致性, 避免 中心节点切换之后的可协同终端信息的再获取。  In this step, the latest cooperable terminal information table of the central node is broadcasted to the terminals in the cooperative network to ensure the consistency of all the terminals to the latest cooperable terminal information table, and avoid the cooperable terminal information after the central node is switched. Re-acquisition.
步驟 116, 中心节点是否切换。 该步驟中, 判断协同网络中的中心节点是否切换, 如果切换, 则执行 步驟 117, 否则执行步驟 118。 Step 116: Whether the central node switches. In this step, it is determined whether the central node in the collaborative network is switched. If the handover is performed, step 117 is performed, otherwise step 118 is performed.
步驟 117, 新中心节点对现有可协同终端重新组织认证。  Step 117: The new central node reorganizes the authentication for the existing cooperating terminal.
该步驟中, 在协同网络中心节点发生切换时, 需要由新中心节点 (也 可以称为切换后的目标中心节点)对现有可协同终端重新组织认证。 认证 过程如步驟 101~115 , 由于新中心节点具有最新的可协同终端信息表, 所以 重新认证过程不必重新获取终端信息, 而只需鉴别在切换过程中是否存在 身份伪造现象。  In this step, when a handover occurs at the collaborative network central node, the new central node (which may also be referred to as the switched target central node) needs to re-authenticate the existing collaborative terminal. The authentication process is as shown in steps 101-115. Since the new central node has the latest collapsible terminal information table, the re-authentication process does not need to reacquire the terminal information, but only needs to identify whether there is identity forgery during the handover process.
步驟 118, 等待新终端加入。  Step 118, waiting for the new terminal to join.
该步驟中, 等待新的终端加入后, 重复执行步驟 101~118。  In this step, after waiting for the new terminal to join, repeat steps 101~118.
通过本方法实施例, 可以对实现终端加入协同网络及网络中心节点切 换过程中的高效认证, 既对终端的服务信息和能力信息进行了鉴定, 同时 也通过认证证书对终端的身份进行了验证。  Through the method embodiment, the terminal can join the collaborative network and the network center node switching process for efficient authentication, and the terminal service information and capability information are authenticated, and the identity of the terminal is verified by the authentication certificate.
系统实施例: 本实施例为本发明设备中间件的一个完整实施例, 包括 设备中间件内可选的信息收集模块。  System Embodiment: This embodiment is a complete embodiment of the device middleware of the present invention, including an optional information collecting module in the device middleware.
如图 2所示, 本实施例的设备中间件, 构建于应用服务和硬件设备中 间,为终端在协同过程中的认证提供了解决方案。认证设备中间件 10包括: 认证模模块 11、 信息存储模块 12、 信息收集模块 13、 通信驱动模块 14。  As shown in FIG. 2, the device middleware of the embodiment is built between the application service and the hardware device, and provides a solution for the terminal to authenticate in the collaborative process. The authentication device middleware 10 includes: an authentication module 11, an information storage module 12, an information collection module 13, and a communication driver module 14.
认证模块 11 : 配置为提供终端信息, 如终端的 MAC地址的鉴别、 身 份认证等。 在收到来自通信驱动模块 14的加入协同网络请求后, 获得终端 的 MAC地址, 从信息存储模块 12中调取可协同终端信息表进行比对, 看 是否为可协同终端; 在认证过程中, 通过通信驱动模块 14下发认证证书, 并通过通信驱动模块 14获得终端利用证书进行运算的结果, 同时与自身的 运算结果进行比对, 以确定该终端是身份时候真实, 能否加入协同网络。  Authentication module 11: configured to provide terminal information, such as authentication of the MAC address of the terminal, identity authentication, and the like. After receiving the request to join the collaborative network from the communication driver module 14, obtain the MAC address of the terminal, and retrieve the collapsible terminal information table from the information storage module 12 for comparison to see if it is a cooperable terminal; The communication driver module 14 delivers the authentication certificate, and obtains the result of the operation of the terminal using the certificate through the communication driver module 14, and compares with the operation result of the terminal to determine whether the terminal is authentic and can join the collaborative network.
信息存储模块 12: 配置为存储终端自身的服务信息和终端能力信息, 同时存储可协同终端的信息。 在作为终端申请加入协同网络时, 该模块可 以从信息收集模块 13获取自身的服务信息, 并通过通信驱动模块 14发送 给中心节点, 同时, 还需要接收中心节点广播的最新可协同终端信息, 提 供给认证模模块 11 调用。 在作为中心节点时, 需要通过通信驱动模块 14 获取申请加入的终端自身的服务信息和终端能力信息, 当有新的终端加入 时, 更新可协同终端信息表, 并通过通信驱动模块 14广播给协同网络内的 所有终端。 The information storage module 12 is configured to store the service information and terminal capability information of the terminal itself. At the same time, the information of the cooperating terminal is stored. When applying as a terminal to join the collaborative network, the module may obtain its own service information from the information collecting module 13 and send it to the central node through the communication driving module 14, and also need to receive the latest collaborative terminal information broadcasted by the central node, and provide Called to the authentication module 11 . When the central node is used as the central node, the service information and terminal capability information of the terminal itself to be joined are obtained by the communication driver module 14. When a new terminal joins, the collaborative terminal information table is updated and broadcasted to the collaboration through the communication driver module 14. All terminals within the network.
信息收集模块 13: 配置为收集终端的应用服务层的服务及硬件能力信 息, 并加入到模块 12中, 供协同过程认证使用, 以方便中心节点确认是否 具有加入该协同网络的权限和能力。 这里需要指出的是: 信息收集模块 13 主要应配置为本地终端的内部调用, 而信息存储模块 12主要应配置为终端 间的交互调用。  The information collection module 13 is configured to collect service and hardware capability information of the application service layer of the terminal, and is added to the module 12 for use in collaborative process authentication, so that the central node can confirm whether it has the right and capability to join the collaborative network. It should be noted here that the information collection module 13 should be mainly configured as an internal call of the local terminal, and the information storage module 12 should be mainly configured as an interactive call between the terminals.
通信驱动模块 14: 配置为终端之间协同认证过程的通信承载。 主要负 责收发工作, 包括接收终端的加入协同网络的请求, 并将 MAC地址提供给 认证模块 11 ; 发送认证模块 11获取终端的协同所需信息的请求; 接收来自 终端的协同所需信息; 下发认证模块 11的电子认证证书; 接收来自终端的 证书运算结果; 广播信息存储模块 12中最新的可协同终端信息表。  Communication Driver Module 14: Configured as a communication bearer for the collaborative authentication process between terminals. It is mainly responsible for the sending and receiving work, including receiving the request of the terminal to join the collaborative network, and providing the MAC address to the authentication module 11; sending the authentication module 11 to obtain the request for the cooperation of the terminal; receiving the information required for the collaboration from the terminal; The electronic authentication certificate of the authentication module 11; the certificate operation result received from the terminal; and the latest collaborative terminal information table in the broadcast information storage module 12.
应用实例: 结合图 2所示的认证设备中间件, 对本发明实施例方法实 实例的实现流程如图 3所示, 设备中间件只包括必选的部件(认证模模块、 信息存储模块、 通信驱动模块), 未包含可选的信息收集模块, 该实现流程 主要包括以下步驟:  Application Example: Referring to the authentication device middleware shown in FIG. 2, the implementation process of the real example of the embodiment of the present invention is shown in FIG. 3, and the device middleware only includes the required components (authentication module, information storage module, and communication driver). The module does not include an optional information collection module. The implementation process mainly includes the following steps:
步驟 301 , 终端通过通信驱动模块向中心节点请求加入协同网络。  Step 301: The terminal requests to join the collaborative network to the central node by using the communication driver module.
步驟 302, 中心节点在获取终端信息, 如终端的 MAC地址后搜索信息 存储模块中的可协同终端信息表。 步驟 303 , 如果是新加入的终端, 则认证模块向终端请求终端提供协同 所需信息。 Step 302: The central node searches for a cooperable terminal information table in the information storage module after acquiring terminal information, such as a MAC address of the terminal. Step 303: If it is a newly added terminal, the authentication module requests the terminal to provide the terminal with the required information.
步驟 304, 中心节点根据终端发送的协同所需信息, 更新信息存储模块 中的可协同终端信息表。  Step 304: The central node updates the collisable terminal information table in the information storage module according to the collaboration required information sent by the terminal.
步驟 305 , 中心节点通过认证模块下发认证证书给终端。  Step 305: The central node sends an authentication certificate to the terminal through the authentication module.
步驟 306, 终端发送运算结果, 中心节点将结果与本地运算结果比对, 以确认身份是否属实。  Step 306: The terminal sends the operation result, and the central node compares the result with the local operation result to confirm whether the identity is true.
步驟 307, 终端在通过权限鉴定和身份确认之后加入协同网络。  Step 307: The terminal joins the collaborative network after passing the authorization and identity confirmation.
步驟 308 , 在出现新的终端节点加入的过程中, 由于存储的可协同终 端信息表已经更新, 为了方便所有终端及时了解最新的可协同终端信息, 将最新的可协同终端信息表广播出去。  Step 308: In the process of adding a new terminal node, since the stored collapsible terminal information table has been updated, in order to facilitate all terminals to know the latest collisionable terminal information in time, the latest collaborative terminal information table is broadcasted.
步驟 309, 在中心节点切换时, 由新的中心点对所有申请加入协同网络 的终端重新组织认证, 由于基本信息已经存在, 无需重复获取服务及能力 信息, 只需验证身份是否属实, 提高认证效率。 应用上述认证方法的异构终端组如图 4所示, 包括: 电脑、 手机、 Pad、 相 机等, 需要进行终端协同以完成数据共享及链路聚合等。  Step 309: When the central node switches, the new central point re-organizes all the terminals that apply to join the collaborative network. Since the basic information already exists, it is not necessary to repeatedly obtain the service and capability information, and only needs to verify whether the identity is true, and improve the authentication efficiency. . The heterogeneous terminal group applying the above authentication method is as shown in FIG. 4, and includes: a computer, a mobile phone, a pad, a camera, etc., and terminal cooperation is required to complete data sharing and link aggregation.
若之前通过互发现等机制选出了电脑作为中心节点, 则中心节点上具 有其他可协同终端的信息表, 所以可以进行快速的权限鉴定, 进而进行身 份的认证。 当有新的手机终端加入时, 则需要进行协同权限的鉴定, 包括 协同所需的信息, 如服务类型及硬件设备能力等, 进而对其进行身份认证。 在中心节点转移到 Pad上之后, 由新的中心节点对可协同终端进行快速的 鉴权, 并重新进行身份认证, 形成新的协同网络。  If the computer is selected as the central node through mutual discovery and other mechanisms, the central node has other information tables that can cooperate with the terminal, so that rapid authorization identification can be performed, and then the identity authentication can be performed. When a new mobile terminal is added, it is necessary to identify the collaborative rights, including the information required for the collaboration, such as the service type and hardware device capabilities, and then authenticate the identity. After the central node is transferred to the pad, the new central node performs fast authentication on the cooperating terminal and re-authenticates the identity to form a new collaborative network.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保护 范围。 工业实用性 The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention. Industrial applicability
本发明实施例是中心节点根据申请加入协同网络的终端自身的终端信 息, 查找可协同终端信息表; 若所述可协同终端信息表中有所述终端信息, 则根据所述可协同终端信息表中与所述终端信息对应的协同所需信息直接 进行认证; 否则, 请求所述终端提供协同所需信息进行认证。 由于本发明 实施例能根据与终端信息对应的协同所需信息进行认证, 因此, 采用本发 明实施例能避免对伪造身份的终端误判从而加入协同网络, 影响到协同传 输的安全性。  In the embodiment of the present invention, the central node searches for the collapsible terminal information table according to the terminal information of the terminal itself that is added to the collaborative network; and if the terminal information is included in the collisionable terminal information table, according to the collisable terminal information table The information required for collaboration corresponding to the terminal information is directly authenticated; otherwise, the terminal is requested to provide information required for collaboration for authentication. The embodiment of the present invention can perform authentication according to the information required for the collaboration corresponding to the terminal information. Therefore, the embodiment of the present invention can avoid the misjudgment of the terminal for falsifying the identity and join the collaborative network, thereby affecting the security of the coordinated transmission.

Claims

权利要求书 Claim
1、 一种终端协同的认证方法, 所述方法包括:  A method for authenticating a terminal, the method comprising:
中心节点根据申请加入协同网络的终端自身的终端信息, 查找可协同 终端信息表;  The central node searches for the collapsible terminal information table according to the terminal information of the terminal itself that is applied to join the collaborative network;
若所述可协同终端信息表中有所述终端信息, 则根据所述可协同终端 信息表中与所述终端信息对应的协同所需信息直接进行认证; 否则, 请求 所述终端提供协同所需信息进行认证。  If the terminal information is included in the splicable terminal information table, performing authentication according to the collaboration required information corresponding to the terminal information in the configurable terminal information table; otherwise, requesting the terminal to provide collaboration Information is certified.
2、 根据权利要求 1所述的方法, 其中, 所述进行认证具体包括: 根据所述协同所需信息判断出所述终端具有加入所述协同网络的权限 后, 中心节点下发认证证书给所述终端, 所述终端将所述认证证书与自身 的所述终端信息和所述协同所需信息进行运算后返回运算结果给所述中心 节点;  The method according to claim 1, wherein the performing the authentication comprises: determining, according to the information required by the collaboration, that the terminal has the right to join the collaborative network, and the central node sends the authentication certificate to the The terminal, the terminal performs the operation of the authentication certificate with the terminal information and the cooperation required information, and returns an operation result to the central node;
中心节点将返回的运算结果与本地利用认证证书运算获得的运算结果 进行比较, 若一致, 则认证通过, 允许所述终端加入协同网络; 否则, 拒 绝所述终端加入协同网络。  The central node compares the returned operation result with the operation result obtained by the local operation using the authentication certificate. If they are consistent, the authentication passes, allowing the terminal to join the collaborative network; otherwise, the terminal is denied to join the collaborative network.
3、 根据权利要求 2所述的方法, 其中, 所述本地利用认证证书运算具 体为:  3. The method according to claim 2, wherein the local utilization authentication certificate operation is:
利用认证证书对中心节点存储的所述可协同终端信息表中的终端信息 和协同所需信息进行运算后获得本地运算结果。  The local operation result is obtained by performing operation on the terminal information and the coordination required information stored in the collusable terminal information table stored by the central node by using the authentication certificate.
4、 根据权利要求 1所述的方法, 其中, 请求所述终端提供协同所需信 息后, 该方法还包括:  The method according to claim 1, wherein, after the requesting the terminal to provide the information required for the collaboration, the method further includes:
中心节点根据收到的来自于终端的协同所需信息, 更新本地存储的所 述可协同终端信息表, 将更新后的所述可协同终端信息表在协同网络中广 播, 并发送给协同网络中的所有终端。  The central node updates the locally configurable collapsible terminal information table according to the received information required for cooperation from the terminal, and broadcasts the updated collisable terminal information table in the collaborative network, and sends the information to the collaborative network. All terminals.
5、 根据权利要求 1至 4中任一项所述的方法, 其中, 所述可协同终端信 息表中至少包括: 所述终端信息及对应的协同所需信息; 其中, 所述终端信息具体包括: 终端的 MAC地址; The method according to any one of claims 1 to 4, wherein the cooperative terminal letter The address table includes at least: the terminal information and the corresponding collaboration required information; wherein, the terminal information specifically includes: a MAC address of the terminal;
所述协同所需信息具体包括: 终端自身的服务信息和终端能力信息。 The information required for the collaboration specifically includes: service information and terminal capability information of the terminal itself.
6、 根据权利要求 4所述的方法, 其中, 所述方法还包括: 中心节点切 换后, 由切换后的中心节点根据更新后的所述可协同终端信息表对终端重 新组织认证。 The method according to claim 4, wherein the method further comprises: after the central node is switched, the switched central node re-authenticates the terminal according to the updated collisable terminal information table.
7、 一种设备中间件, 所述设备中间件能运行在协同网络中的各个终端 内;  7. A device middleware, wherein the device middleware can run in each terminal in a collaborative network;
所述设备中间件运行在申请加入协同网络的终端的场景下, 包括: 通 信驱动模块、 信息存储模块、 认证模块; 其中,  The device middleware is executed in the scenario of the terminal that is applied to join the collaborative network, and includes: a communication driving module, an information storage module, and an authentication module;
所述通信驱动模块, 配置为所述终端发送申请加入协同网络的请求给 中心节点, 申请加入协同网络的请求中携带终端自身的终端信息; 所述终 端收到来自于中心节点的提供协同所需信息的请求后, 发送协同所需信息; 所述信息存储模块, 配置为存储可协同终端信息表, 所述可协同终端 信息表中至少包括: 所述终端信息及对应的协同所需信息;  The communication driving module is configured to send, by the terminal, a request for joining the collaborative network to the central node, and the request for joining the collaborative network carries the terminal information of the terminal itself; the terminal receives the cooperation required for providing the collaboration from the central node. After the request of the information, the information required for the collaboration is sent; the information storage module is configured to store the collapsible terminal information table, where the collaborative terminal information table includes at least: the terminal information and corresponding coordination required information;
所述认证模块, 配置为在所述可协同终端信息表中存在所述终端信息 时, 根据所述可协同终端信息表中与所述终端信息对应的协同所需信息直 接进行认证; 否则, 调用所述通信驱动模块请求所述终端提供协同所需信 息进行认证。  The authentication module is configured to directly perform authentication according to the collaboration required information corresponding to the terminal information in the cooperateable terminal information table when the terminal information exists in the cooperateable terminal information table; otherwise, the call is performed. The communication driver module requests the terminal to provide information required for collaboration for authentication.
8、 根据权利要求 7所述的设备中间件, 其中, 所述认证模块, 进一步 配置为根据所述协同所需信息判断出所述终端具有加入所述协同网络的权 限后, 调用所述通信驱动模块接收来自于中心节点的认证证书; 将所述认 证证书与自身的所述终端信息和所述协同所需信息进行运算后, 再调用所 述通信驱动模块返回运算结果给中心节点;  The device middleware according to claim 7, wherein the authentication module is further configured to: after determining, according to the information required by the collaboration, that the terminal has the right to join the collaborative network, invoke the communication driver The module receives the authentication certificate from the central node; after the operation of the authentication certificate with the terminal information and the cooperation required information, the communication driver module is called to return the operation result to the central node;
所述通信驱动模块, 进一步配置为接收认证证书, 返回运算结果给中 心节点。 The communication driver module is further configured to receive an authentication certificate and return the operation result to the middle Heart node.
9、 根据权利要求 7或 8所述的设备中间件, 其中, 所述终端信息具体包 括: 终端的 MAC地址;  The device middleware according to claim 7 or 8, wherein the terminal information specifically includes: a MAC address of the terminal;
所述协同所需信息具体包括: 终端自身的服务信息和终端能力信息。 The information required for the collaboration specifically includes: service information and terminal capability information of the terminal itself.
10、 一种设备中间件, 所述设备中间件能运行在协同网络中的各个终 端内; 10. A device middleware, wherein the device middleware can run in each terminal in a collaborative network;
所述设备中间件运行在中心节点的场景下, 包括: 通信驱动模块、 信 息存储模块、 认证模块; 其中,  The device middleware is operated in a scenario of a central node, and includes: a communication driver module, an information storage module, and an authentication module;
所述通信驱动模块, 配置为中心节点获得来自于终端的终端信息, 发 送提供协同所需信息的请求给终端;  The communication driver module is configured to obtain, by the central node, terminal information from the terminal, and send a request for providing the required information to the terminal;
所述信息存储模块, 配置为存储可协同终端信息表, 所述可协同终端 信息表中至少包括: 所述终端信息及对应的协同所需信息;  The information storage module is configured to store a collapsible terminal information table, where the collision terminal information table includes at least: the terminal information and corresponding collaboration required information;
所述认证模块, 配置为在所述可协同终端信息表中存在所述终端信息 时, 根据所述可协同终端信息表中与所述终端信息对应的协同所需信息直 接进行认证; 否则, 调用所述通信驱动模块请求所述终端提供协同所需信 息进行认证。  The authentication module is configured to directly perform authentication according to the collaboration required information corresponding to the terminal information in the cooperateable terminal information table when the terminal information exists in the cooperateable terminal information table; otherwise, the call is performed. The communication driver module requests the terminal to provide information required for collaboration for authentication.
11、 根据权利要求 10所述的设备中间件, 其中, 所述认证模块, 进一 步配置为根据所述协同所需信息判断出所述终端具有加入所述协同网络的 权限后, 调用所述通信驱动模块下发认证证书给终端; 中心节点本地利用 认证证书运算获得的本地运算结果, 与终端返回的运算结果进行比较, 一 致时, 认证通过, 允许所述终端加入协同网络; 否则, 拒绝所述终端加入 协同网络;  The device middleware according to claim 10, wherein the authentication module is further configured to: after determining, according to the information required by the collaboration, that the terminal has the right to join the collaborative network, invoke the communication driver The module sends the authentication certificate to the terminal; the local operation result obtained by the central node using the authentication certificate operation is compared with the operation result returned by the terminal. When the agreement is consistent, the authentication is passed, and the terminal is allowed to join the collaborative network; otherwise, the terminal is rejected. Join the collaborative network;
所述通信驱动模块, 进一步配置为下发认证证书, 接收终端返回的运 算结果。  The communication driver module is further configured to issue an authentication certificate and receive an operation result returned by the terminal.
12、 根据权利要求 10或 11所述的设备中间件, 其中, 所述终端信息具 体包括: 终端的 MAC地址; The device middleware according to claim 10 or 11, wherein the terminal information device The body includes: a MAC address of the terminal;
所述协同所需信息具体包括: 终端自身的服务信息和终端能力信息。  The information required for the collaboration specifically includes: service information and terminal capability information of the terminal itself.
PCT/CN2013/079834 2013-01-21 2013-07-22 Method for authentication of terminal cooperation and equipment middleware thereof WO2013167070A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310021496.6A CN103945378B (en) 2013-01-21 2013-01-21 A kind of authentication method and equipment middleware of terminal collaboration
CN201310021496.6 2013-01-21

Publications (2)

Publication Number Publication Date
WO2013167070A2 true WO2013167070A2 (en) 2013-11-14
WO2013167070A3 WO2013167070A3 (en) 2014-01-03

Family

ID=49551371

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/079834 WO2013167070A2 (en) 2013-01-21 2013-07-22 Method for authentication of terminal cooperation and equipment middleware thereof

Country Status (2)

Country Link
CN (1) CN103945378B (en)
WO (1) WO2013167070A2 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104699499B (en) * 2014-12-31 2017-10-31 青岛同鑫创新实验室科技有限公司 A kind of heterogeneous terminals method for upgrading software
CN107276751A (en) * 2017-06-21 2017-10-20 深圳市盛路物联通讯技术有限公司 A kind of Internet of Things data filter method and system based on filtering gateway
CN113536273A (en) * 2021-08-09 2021-10-22 北京国民安盾科技有限公司 Method and system for recognizing cooperative biological characteristics between devices
CN114158107B (en) * 2021-11-26 2023-08-01 北京邮电大学 Wireless trusted co-processing method and system
CN114448705A (en) * 2022-02-07 2022-05-06 上海富数科技有限公司 Heterogeneous platform node interaction method, system and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1913462A (en) * 2005-08-08 2007-02-14 乐金电子(昆山)电脑有限公司 Network equipment control system and method based on auto-set IP
US20070118829A1 (en) * 2005-11-23 2007-05-24 Inventec Corporation Arc routing system and method
CN101370293A (en) * 2008-10-15 2009-02-18 北京邮电大学 User terminal access control method and system in heterogeneous network
CN102523630A (en) * 2011-11-30 2012-06-27 南京邮电大学 Wireless ubiquitous network system structure

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2472580A (en) * 2009-08-10 2011-02-16 Nec Corp A system to ensure that the input parameter to security and integrity keys is different for successive LTE to UMTS handovers

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1913462A (en) * 2005-08-08 2007-02-14 乐金电子(昆山)电脑有限公司 Network equipment control system and method based on auto-set IP
US20070118829A1 (en) * 2005-11-23 2007-05-24 Inventec Corporation Arc routing system and method
CN101370293A (en) * 2008-10-15 2009-02-18 北京邮电大学 User terminal access control method and system in heterogeneous network
CN102523630A (en) * 2011-11-30 2012-06-27 南京邮电大学 Wireless ubiquitous network system structure

Also Published As

Publication number Publication date
WO2013167070A3 (en) 2014-01-03
CN103945378B (en) 2018-11-30
CN103945378A (en) 2014-07-23

Similar Documents

Publication Publication Date Title
EP2790370B1 (en) Authentication method and system oriented to heterogeneous network
CN101150594B (en) Integrated access method and system for mobile cellular network and WLAN
EP1713289B1 (en) A method for establishing security association between the roaming subscriber and the server of the visited network
EP2534889B1 (en) Method and apparatus for redirecting data traffic
CN113746633B (en) Internet of things equipment binding method, device, system, cloud server and storage medium
CN104145465B (en) The method and apparatus of bootstrapping based on group in machine type communication
WO2014048236A1 (en) Method and apparatus for registering terminal
WO2013167070A2 (en) Method for authentication of terminal cooperation and equipment middleware thereof
JP2005339093A (en) Authentication method, authentication system, authentication proxy server, network access authenticating server, program, and storage medium
WO2014179913A1 (en) Method for wifi device directly connecting to wifi router without configuration
CN111194035B (en) Network connection method, device and storage medium
WO2010003354A1 (en) An authentication server and a control method for the mobile communication terminal accessing the virtual private network
WO2012094879A1 (en) Key sharing method and system for machine type communication (mtc) server
CN109344628A (en) The management method of trusted node, node and storage medium in block chain network
CN103546419A (en) Login method
CN105141639A (en) Cloud-computing-platform-based bluetooth dynamic password security certificate method
CN113873491A (en) Communication apparatus, system, and computer-readable storage medium
CN101959172A (en) Attachment method for separating identity from position in NGN (Next-Generation Network) and system
CN113596141B (en) Method and device for setting device control authority, computer device and storage medium
CN104994158B (en) Method for safely controlling household appliances through centralized gateway
WO2014036902A1 (en) Method and apparatus for gateway management terminal
CN111866993B (en) Wireless local area network connection management method, device, software program and storage medium
CN117615379A (en) Connection establishment method, system, terminal and computer readable storage medium
US20130111047A1 (en) Session transfer
CN103118034A (en) Method for adaptively authenticating heterogenous networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13788293

Country of ref document: EP

Kind code of ref document: A2

122 Ep: pct application non-entry in european phase

Ref document number: 13788293

Country of ref document: EP

Kind code of ref document: A2