WO2016176902A1 - Procédé d'authentification de terminal, terminal de gestion et terminal d'application - Google Patents

Procédé d'authentification de terminal, terminal de gestion et terminal d'application Download PDF

Info

Publication number
WO2016176902A1
WO2016176902A1 PCT/CN2015/082896 CN2015082896W WO2016176902A1 WO 2016176902 A1 WO2016176902 A1 WO 2016176902A1 CN 2015082896 W CN2015082896 W CN 2015082896W WO 2016176902 A1 WO2016176902 A1 WO 2016176902A1
Authority
WO
WIPO (PCT)
Prior art keywords
target value
digital certificate
terminal
encryption result
management terminal
Prior art date
Application number
PCT/CN2015/082896
Other languages
English (en)
Chinese (zh)
Inventor
钟焰涛
傅文治
林荣辉
谭中军
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Publication of WO2016176902A1 publication Critical patent/WO2016176902A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present invention relates to the field of mobile communications technologies, and in particular, to a terminal authentication method, a management terminal, and an application terminal.
  • D2D communication is a new technology that allows terminals to communicate directly by multiplexing cell resources under the control of the system. It can increase the spectrum efficiency of the cellular communication system and reduce the terminal transmission. Power, to a certain extent, solves the problem of lack of spectrum resources in wireless communication systems.
  • D2D communication includes different communication methods such as one-to-one communication and group communication.
  • D2D group communication one user equipment acts as a group manager to establish a group, other user equipments join a group, and end-to-end communication is implemented within the group.
  • the administrator of the group When a user equipment applies to join a communication group, the administrator of the group must authenticate the user equipment.
  • the current authentication method is that the applicant sends his digital certificate to the administrator, and the administrator verifies the digital certificate.
  • the legality of the digital signature if legal, accepts the applicant's application and joins the applicant to the communication group.
  • the digital certificate is easily acquired by other user equipments, once the applicant's digital certificate is stolen by other user equipment and participates in the authentication process, the applicant cannot join the communication group, thereby affecting the security of the authentication process.
  • the embodiment of the invention provides a terminal authentication method, a management terminal and an application terminal, which can improve the security of the authentication process.
  • a first aspect of the embodiments of the present invention provides a terminal authentication method, which may include:
  • the management terminal When the management terminal receives the application that is sent by the application terminal and carries the first digital certificate, joins the group. And the management terminal encrypts the first target value according to the first digital certificate to obtain a first encryption result;
  • the management terminal sends the first encryption result and the second digital certificate of the local end to the application terminal, so that the application terminal decrypts the first encryption result to obtain a second target value, and according to the The second digital certificate encrypts the second target value to obtain a second encryption result;
  • the management terminal acquires the second encryption result sent by the application terminal, and decrypts the second encryption result to obtain a third target value, and the third target value is compared with the first target value. At the same time, the authentication of the application terminal is passed.
  • the second aspect of the embodiment of the present invention provides another terminal authentication method, which may include:
  • the application terminal sends an application for carrying the first digital certificate of the local end to join the group message to the management terminal, so that the management terminal encrypts the first target value according to the first digital certificate to obtain a first encryption result;
  • a third aspect of the embodiments of the present invention provides a management terminal, which may include:
  • An encryption unit configured to: when the management terminal receives the application that is sent by the application terminal and carries the first digital certificate, join the group message, and encrypt the first target value according to the first digital certificate to obtain the first encryption result;
  • a sending unit configured to send the first encryption result and the second digital certificate of the local end to the application terminal, so that the application terminal decrypts the first encryption result to obtain a second target value, and according to the The second digital certificate encrypts the second target value to obtain a second encryption result;
  • a decrypting unit configured to acquire the second encryption result sent by the application terminal, and decrypt the second encryption result to obtain a third target value, and the third target value and the first target value The same is true for the authentication of the application terminal.
  • a fourth aspect of the embodiments of the present invention provides an application terminal, which may include:
  • a message sending unit configured to send an application that joins the first digital certificate of the local end to the management terminal, so that the management terminal encrypts the first target value according to the first digital certificate to obtain a first encryption result
  • a decryption encryption unit configured to receive the first encryption result sent by the management terminal and the second digital certificate of the management terminal, and decrypt the first encryption result to obtain a second target value and according to the first The second digital certificate encrypts the second target value to obtain a second encryption result;
  • a result sending unit configured to send the second encryption result to the management terminal, so that the management terminal decrypts the second encryption result to obtain a third target value, and at the third target value When the first target value is the same, the authentication of the local end is performed.
  • the management terminal when the management terminal receives the application that carries the first digital certificate and sends the group message, the management terminal encrypts the first target value according to the first digital certificate to obtain the first encryption result. And then the management terminal sends the first encryption result and the second digital certificate of the management terminal to the application terminal, and the application terminal decrypts the first encryption result to obtain a second target value, and encrypts the second target value according to the second digital certificate.
  • the second encryption result is that the application terminal sends the second encryption result to the management terminal, the management terminal decrypts the second encryption result to obtain a third target value, and the third terminal value is the same as the first target value, and the authentication is performed on the application terminal.
  • the management terminal completes the authentication process of the application terminal according to the encryption and decryption result, and improves the security of the authentication process.
  • FIG. 1 is a schematic flowchart of a method for authenticating a terminal according to an embodiment of the present disclosure
  • FIG. 2 is a schematic flowchart of another terminal authentication method according to an embodiment of the present invention.
  • FIG. 3 is a schematic flowchart of still another terminal authentication method according to an embodiment of the present invention.
  • FIG. 4 is a schematic flowchart diagram of still another terminal authentication method according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a management terminal according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic structural diagram of an encryption unit provided by the embodiment shown in FIG. 5;
  • FIG. 7 is a schematic structural diagram of a decryption unit provided by the embodiment shown in FIG. 5;
  • FIG. 8 is a schematic structural diagram of an application terminal according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic structural diagram of a decryption and encryption unit provided by the embodiment shown in FIG. 8.
  • the terminal authentication method, the management terminal, and the application terminal provided by the embodiment of the present invention can be applied to the scenario in which the management terminal authenticates the application terminal in the D2D communication.
  • the management terminal and the application terminal are not in the network coverage, that is, the current network.
  • the signal difference does not support cellular communication between terminals, and D2D communication can be performed between terminals.
  • the application terminal wants to join the D2D communication group where the management terminal is located and communicates with the group members in the group
  • the management terminal needs to apply for the terminal.
  • the authentication of the authentication process can be implemented by using the embodiment of the present invention to implement authentication of the application terminal by the management terminal, preventing the digital certificate of the application terminal from being intercepted and utilized by other terminals.
  • the digital certificate of the application terminal is acquired by other terminals, the other terminal cannot decrypt the result of the management terminal encryption, and prevents the criminals from joining the group where the management terminal is located.
  • the management terminal and the application terminal provided by the embodiments of the present invention may include, but are not limited to, an electronic device such as a mobile phone, a PAD (tablet computer), and a smart wearable device.
  • the management terminal provided by the embodiment of the present invention is a manager who establishes a group in the D2D communication, and is responsible for authenticating other terminals that apply to join the group, and realizing communication between any two terminals in the group, and the terminals pass the wireless channel. The communication is performed. Therefore, the premise of the embodiment of the present invention is that the frequency of the wireless channel used by the application terminal and the management terminal is the same.
  • the terminal authentication method provided by the embodiment of the present invention will be described in detail below with reference to FIG.
  • FIG. 1 is a schematic flowchart of a method for authenticating a terminal according to an embodiment of the present invention.
  • the method may include steps S101 to S103.
  • the management terminal receives the application that is sent by the application terminal and carries the first digital certificate, the application joins. And the management terminal encrypts the first target value according to the first digital certificate to obtain a first encryption result.
  • the management terminal may receive an application joining group message sent by the application terminal, where the application joining group message carries a first digital certificate,
  • the first digital certificate is a digital certificate of the application terminal
  • the digital certificate is a file containing the public key owner information and the public key digitally signed by the certificate authority.
  • the simplest certificate contains a public key, a name, and a digital signature from the certificate authority.
  • the digital certificate adopts a public key system, that is, a pair of mutually matching keys are used for encryption and decryption.
  • the management terminal When the management terminal receives the application joining group message, the management terminal first checks whether the digital signature of the first digital certificate is correct, and when the digital signature of the first digital certificate is correct, the management The terminal acquires the public key of the first digital certificate, and encrypts the first target value by using the public key of the first digital certificate to obtain a first encryption result.
  • the first target value is a value arbitrarily selected by the management terminal.
  • the management terminal sends the first encryption result and the second digital certificate of the local end to the application terminal, so that the application terminal decrypts the first encryption result to obtain a second target value, and according to The second digital certificate encrypts the second target value to obtain a second encryption result.
  • the management terminal reads the second digital certificate of the local end, and sends the first encryption result and the second digital certificate obtained by the step S101 to the application terminal, where the second digital certificate includes The public key of the second digital certificate.
  • the application terminal receives the first encryption result and the second digital certificate sent by the management terminal, the application terminal performs the first encryption result by using a private key of the first digital certificate of the local end. Decrypting to obtain a second target value, and then the application terminal encrypts the second target value by using a public key of the second digital certificate to obtain a second encryption result.
  • the second target value may be the same as the first target value, or may be different.
  • the second target value is the same as the first target value, otherwise the second target value obtained by the application terminal decryption is different from the first target value. Since the first encryption result is obtained by encrypting the public key of the first digital certificate, and the second encryption result is obtained by encrypting the public key of the second digital certificate, the public key is different, so the first The second encryption result is different from the first encryption result, even if the second target value is the same as the first target value, The second encryption result is also different from the first encryption result.
  • the management terminal acquires the second encryption result sent by the application terminal, and decrypts the second encryption result to obtain a third target value, and the third target value and the first target.
  • the authentication of the application terminal is made when the values are the same.
  • the management terminal acquires the second encryption result sent by the application terminal, and reads a private key of the second digital certificate, and then uses the private key of the second digital certificate to the second
  • the encrypted result is decrypted to obtain a third target value.
  • the third target value may be the same as the second target value, and may be different.
  • the application terminal is not attacked by the outside world in sending the second encryption result, the third target value Same as the second target value, otherwise the third target value obtained by the management terminal decryption is not the same as the second target value. Therefore, when the wireless channel between the management terminal and the application terminal does not receive an external attack, the first target value is the same as the third target value.
  • the management terminal adds the application terminal to the group by using the authentication of the application terminal, and notifies the application terminal that the application is successful. It is possible to participate in communication between the groups.
  • the terminal A may not be able to Decrypting the first encryption result with its own private key, or the terminal A may forge the second target value. If the terminal A falsifies the second target value, the second target value is The first target value is different from the first target value, so the management terminal rejects the authentication application for the terminal A, and does not allow the terminal A to join the group, thereby improving the security of the group and the authentication process.
  • the management terminal when the management terminal receives the application that carries the first digital certificate and sends the group message, the management terminal encrypts the first target value according to the first digital certificate to obtain the first encryption result. And then the management terminal sends the first encryption result and the second digital certificate of the management terminal to the application terminal, and the application terminal decrypts the first encryption result to obtain a second target value, and encrypts the second target value according to the second digital certificate.
  • the second encryption result is that the application terminal sends the second encryption result to the management terminal, the management terminal decrypts the second encryption result to obtain a third target value, and the third terminal value is the same as the first target value, and the authentication is performed on the application terminal.
  • the management terminal completes the authentication process of the application terminal according to the encryption and decryption result, and improves the security of the authentication process.
  • FIG. 2 is a schematic flowchart of another method for authenticating a terminal according to an embodiment of the present invention.
  • the method may include steps S201 to S206.
  • the management terminal may receive an application joining group message sent by the application terminal, where the application joining group message carries a first digital certificate,
  • the first digital certificate is a digital certificate of the application terminal
  • the digital certificate is a file containing the public key owner information and the public key digitally signed by the certificate authority.
  • the simplest certificate contains a public key, a name, and a digital signature from the certificate authority.
  • the digital certificate adopts a public key system, that is, a pair of mutually matching keys are used for encryption and decryption.
  • the management terminal When the management terminal receives the application joining group message, the management terminal first checks whether the digital signature of the first digital certificate is correct, and when the digital signature of the first digital certificate is correct, the management The terminal can perform the subsequent authentication process; when the digital signature of the first digital certificate is incorrect, the management terminal rejects the middle calling terminal to join the group.
  • the management terminal acquires the public key of the first digital certificate, and encrypts the first target value by using the public key of the first digital certificate. An encrypted result.
  • the first digital certificate is a legal digital certificate of the application terminal, and therefore the management terminal acquires the publicity of the first digital certificate. Key, and encrypting the first target value by using the public key of the first digital certificate to obtain a first encryption result.
  • the first target value is a value arbitrarily selected by the management terminal. For example, the first target value is r 1 , the public key of the first digital certificate is pk 1 , and the first encryption result obtained by the management terminal is e 1 .
  • the management terminal reads the second digital certificate of the local end, and sends the first encryption result and the second digital certificate to the application terminal, so that the application terminal adopts the first digital certificate.
  • the private key decrypts the first encryption result to obtain a second target value, and encrypts the second target value by using the public key of the second digital certificate to obtain a second encryption result.
  • the management terminal reads the second digital certificate of the local end, and sends the first encryption result and the second digital certificate obtained by the step S202 to the application terminal, where the second digital certificate includes The public key of the second digital certificate.
  • the application terminal receives the first encryption result and the second digital certificate sent by the management terminal, the application terminal performs the first encryption result by using a private key of the first digital certificate of the local end. Decrypting to obtain a second target value, and then the application terminal encrypts the second target value by using a public key of the second digital certificate to obtain a second encryption result.
  • the public key of the second digital certificate is pk 2
  • the management terminal sends the first encryption result e 1 and pk 2 to the application terminal
  • the second target obtained by the application terminal decrypts
  • the value is r 2
  • the second encrypted result obtained by encryption is e 2 .
  • the second target value may be the same as the first target value, or may be different.
  • the management terminal sends the first encryption result and the second digital certificate, it is not attacked by the outside world. And the second target value is the same as the first target value, otherwise the second target value obtained by the application terminal decryption is different from the first target value. Since the first encryption result is obtained by encrypting the public key of the first digital certificate, and the second encryption result is obtained by encrypting the public key of the second digital certificate, the public key is different, so the first The second encryption result is different from the first encryption result, and the second encryption result is different from the first encryption result even if the second target value is the same as the first target value.
  • the management terminal acquires a second encryption result sent by the application terminal.
  • the application terminal sends the second encryption result encrypted by using the public key of the second digital certificate to the management terminal, and the management terminal acquires a second encryption result sent by the application terminal.
  • the management terminal reads the private key of the second digital certificate, and decrypts the second encryption result by using a private key of the second digital certificate to obtain a third target value.
  • the result of encrypting with a digital certificate public key can only be decrypted by using the private key of the digital certificate, so the management terminal reads the private key of the second digital certificate, and uses the second number.
  • the private key of the certificate results in the second encryption result to obtain a third target value.
  • the management terminal decrypts the second encryption result e 2 to obtain the third target value r 3 .
  • the third target value may be the same as the second target value, and may be different.
  • the third target value Same as the second target value, otherwise the third target value obtained by the management terminal decrypting The second target value is not the same. Therefore, when the wireless channel between the management terminal and the application terminal does not receive an external attack, the first target value is the same as the third target value.
  • the third target value is the same as the first target value, it may be understood that the wireless channel between the management terminal and the application terminal is not attacked by the outside, and the management terminal passes the The authentication of the application terminal adds the application terminal to the group, and notifies the application terminal that the application is successful, and can participate in communication between the groups.
  • the management terminal when the management terminal receives the application that carries the first digital certificate and sends the group message, the management terminal encrypts the first target value according to the first digital certificate to obtain the first encryption result. And then the management terminal sends the first encryption result and the second digital certificate of the management terminal to the application terminal, and the application terminal decrypts the first encryption result to obtain a second target value, and encrypts the second target value according to the second digital certificate.
  • the second encryption result is that the application terminal sends the second encryption result to the management terminal, the management terminal decrypts the second encryption result to obtain a third target value, and the third terminal value is the same as the first target value, and the authentication is performed on the application terminal.
  • the management terminal completes the authentication process of the application terminal according to the encryption and decryption result, and improves the security of the authentication process.
  • FIG. 3 is a schematic flowchart of still another method for authenticating a terminal according to an embodiment of the present invention.
  • the method may include steps S301 to S303.
  • the application terminal sends an application requesting the first digital certificate of the local end to join the group message to the management terminal, so that the management terminal encrypts the first target value according to the first digital certificate to obtain a first encryption result.
  • the second target value may be the same as the first target value, or may be different.
  • the management terminal sends the first encryption result and the second digital certificate, it is not attacked by the outside world. And the second target value is the same as the first target value, otherwise the second target value obtained by the application terminal decryption is different from the first target value. Since the first encryption result is obtained by encrypting the public key of the first digital certificate, and the second encryption result is obtained by encrypting the public key of the second digital certificate, the public key is different, so the first The second encryption result is different from the first encryption result, and the second encryption result is different from the first encryption result even if the second target value is the same as the first target value.
  • the application terminal sends the second encryption result to the management terminal, so that the management terminal decrypts the second encryption result to obtain a third target value, and the third target value is When the first target value is the same, the authentication of the local end is performed.
  • the application terminal sends the second encryption result to the management terminal, and the management terminal uses the private key pair of the second digital certificate when receiving the second encryption result.
  • the third target value may be the same as the second target value, and may be different.
  • the third target value is the same as the second target value, otherwise the third target value obtained by the management terminal decryption is not the same as the second target value. Therefore, when the wireless channel between the management terminal and the application terminal does not receive an external attack, the first target value is the same as the third target value.
  • the application terminal joins the group message to the management terminal by sending an application for carrying the first digital certificate of the local end, and the management terminal encrypts the first target value according to the first digital certificate to obtain the first encryption result, and applies for the terminal.
  • Receiving a first encryption result sent by the management terminal and a second digital certificate of the management terminal decrypting the first encryption result to obtain a second target value, and encrypting the second target value according to the second digital certificate to obtain a second encryption result
  • the terminal sends the second encryption result to the management terminal, and the management terminal decrypts the second encryption result to obtain a third target value, and implements management by authenticating the application terminal when the third target value is the same as the first target value.
  • the terminal authenticates the application terminal and improves the security of the authentication process.
  • the application terminal receives the first encryption result sent by the management terminal and a second digital certificate of the management terminal.
  • the application terminal reads a private key of the first digital certificate, and decrypts the first encryption result by using a private key of the first digital certificate to obtain the second target value.
  • the application terminal acquires a public key of the second digital certificate, and encrypts the second target value by using a public key of the second digital certificate to obtain a second encryption result. Since the first encryption result is obtained by encrypting the public key of the first digital certificate, and the second encryption result is obtained by encrypting the public key of the second digital certificate, the public key is different, so the first The second encryption result is different from the first encryption result, and the second encryption result is different from the first encryption result even if the second target value is the same as the first target value.
  • the application terminal sends the second encryption result to the management terminal, so that the management terminal decrypts the second encryption result to obtain a third target value, and the third target value is When the first target value is the same, the authentication of the local end is performed.
  • the application terminal joins the group message to the management terminal by sending an application for carrying the first digital certificate of the local end, and the management terminal encrypts the first target value according to the first digital certificate to obtain the first encryption result, and applies for the terminal.
  • the encryption unit 101 may include a verification unit 1011 and a first encryption unit 1012.
  • the checking unit 1011 first checks whether the digital signature of the first digital certificate is correct, when the first number is When the digital signature of the word certificate is correct, the management terminal can perform the subsequent authentication process; when the digital signature of the first digital certificate is incorrect, the management terminal rejects the application terminal to join the group.
  • a first encryption unit 1012 configured to acquire a public key of the first digital certificate when the digital signature of the first digital certificate is correct, and encrypt the first target value by using a public key of the first digital certificate The first encrypted result is obtained.
  • the first digital certificate is a legal digital certificate of the application terminal, and therefore the first encryption unit 1012 obtains the first The public key of the digital certificate, and encrypting the first target value by using the public key of the first digital certificate to obtain a first encryption result.
  • the first target value is a value arbitrarily selected by the management terminal 10. For example, the first target value is r 1 , the public key of the first digital certificate is pk 1 , and the first encryption result obtained by the first encryption unit 1012 is e 1 .
  • the sending unit 102 reads the second digital certificate of the local end, and sends the first encryption result and the second digital certificate encrypted by the first encryption unit 1012 to the application terminal.
  • the second digital certificate includes a public key of the second digital certificate.
  • the application terminal uses the private key of the first digital certificate of the local end to the first encryption result. Decrypting to obtain a second target value, and then the application terminal encrypts the second target value by using a public key of the second digital certificate to obtain a second encryption result.
  • the second target value may be the same as the first target value, or may be different.
  • the sending unit 102 When the attack is performed, the second target value is the same as the first target value, otherwise the second target value obtained by the application terminal decryption is different from the first target value.
  • the first encryption result is obtained by encrypting a public key of the first digital certificate, and the second encryption result is by the The public key of the second digital certificate is encrypted, and the public key is different, so the second encryption result is different from the first encryption result, even if the second target value is the same as the first target value.
  • the second encryption result is also different from the first encryption result.
  • the decrypting unit 103 is configured to acquire the second encryption result sent by the application terminal, and decrypt the second encryption result to obtain a third target value, and the third target value and the first target
  • the authentication of the application terminal is made when the values are the same.
  • the decryption unit 103 acquires the second encryption result sent by the application terminal, and decrypts the second encryption result to obtain a third target value, and the third target value and the The authentication of the application terminal is performed when the first target value is the same.
  • the decryption unit 103 may include an obtaining unit 1031, a first decryption unit 1032, and an authentication unit 1033.
  • the obtaining unit 1031 is configured to obtain a second encryption result sent by the application terminal.
  • the application terminal sends the second encryption result encrypted by using the public key of the second digital certificate to the management terminal, and the obtaining unit 1031 acquires the second encryption sent by the middle requesting terminal. result.
  • the first decryption unit 1032 is configured to read a private key of the second digital certificate, and decrypt the second encryption result by using a private key of the second digital certificate to obtain a third target value.
  • the authentication unit 1033 is configured to authenticate the application terminal when the third target value is the same as the first target value.
  • FIG. 8 and FIG. 9 are used to perform the method of the embodiment shown in FIG. 3 and FIG. 4 of the present invention.
  • FIG. 3 and FIG. 4 of the present invention are shown. In part, specific technical details are not disclosed, please refer to the embodiment shown in FIG. 3 and FIG. 4 of the present invention.
  • FIG. 8 is a schematic structural diagram of an application terminal according to the present invention.
  • the application terminal 20 may include: a message sending unit 201, a decryption and encrypting unit 202, and a result sending unit 203.
  • the decryption encryption unit 202 is configured to receive the first encryption result sent by the management terminal and the second digital certificate of the management terminal, and decrypt the first encryption result to obtain a second target value and according to the The second digital certificate encrypts the second target value to obtain a second encrypted result.
  • the second target value may be the same as the first target value, or may be different.
  • the management terminal 10 sends the first encryption result and the second digital certificate
  • the external terminal is not received by the outside world.
  • the second target value is the same as the first target value, otherwise the decrypted encryption unit 202 decrypts the obtained second target value and the first target value is a different value. Since the first encryption result is obtained by encrypting the public key of the first digital certificate, and the second encryption result is obtained by encrypting the public key of the second digital certificate, the public key is different, so the first The second encryption result is different from the first encryption result, and the second encryption result is different from the first encryption result even if the second target value is the same as the first target value.
  • the receiving unit 2021 is configured to receive the first encryption result sent by the management terminal and the second digital certificate of the management terminal.
  • the second decryption unit 2022 reads the private key of the first digital certificate, and decrypts the first encryption result by using the private key of the first digital certificate to obtain the second target value.
  • the first encryption result is e 1
  • the second target value decrypted by the second decryption unit 2022 is r 2 .
  • a result sending unit 203 configured to send the second encryption result to the management terminal, so that the management terminal decrypts the second encryption result to obtain a third target value, and at the third target value
  • the authentication of the local end is performed when the first target value is the same.
  • the result sending unit 203 sends the second encryption result to the management terminal, and the management terminal 10 adopts the private of the second digital certificate when receiving the second encryption result. Decrypting the second encryption result to obtain a third target value, and determining whether the third target value is the same as the first target value, when the third target value is the same as the first target value By the authentication of the application terminal 20.
  • the third target value may be the same as the second target value, and may be different.
  • the result sending unit 203 is not attacked by the outside world in the process of sending the second encryption result, the third The target value is the same as the second target value, otherwise the third target value obtained by the management terminal 10 is not the same as the second target value. Therefore, when the wireless channel between the management terminal 10 and the application terminal 20 does not receive an external attack, the first target value is the same as the third target value.
  • the application terminal joins the group message to the management terminal by sending an application for carrying the first digital certificate of the local end, and the management terminal encrypts the first target value according to the first digital certificate to obtain the first encryption result, and applies for the terminal.
  • Receiving a first encryption result sent by the management terminal and a second digital certificate of the management terminal decrypting the first encryption result to obtain a second target value, and encrypting the second target value according to the second digital certificate to obtain a second encryption result
  • the application terminal sends the second encryption result to the management terminal, and the management terminal decrypts the second encryption result to obtain a third target value, and implements the management terminal by authenticating the application terminal when the third target value is the same as the first target value. Recognition of the application terminal Certification process and improve the security of the certification process.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Certains modes de réalisation de la présente invention concernent un procédé d'authentification de terminal, un terminal de gestion et un terminal d'application. Le procédé consiste: lors de la réception d'un message d'application de rattachement de groupe contenant un premier certificat numérique et transmis par un terminal d'application, à chiffrer, en fonction du premier certificat numérique, une première valeur pour obtenir un premier résultat de chiffrement; à transmettre le premier résultat de chiffrement et un second certificat numérique d'un terminal local au terminal d'application, de sorte que le terminal d'application déchiffre le premier résultat de chiffrement pour obtenir une deuxième valeur cible, et chiffre, en fonction du second certificat numérique, la deuxième valeur cible pour obtenir un second résultat de chiffrement; et à acquérir le second résultat de chiffrement transmis par le terminal d'application, à déchiffrer le second résultat de chiffrement pour obtenir une troisième valeur cible et, dans la mesure où la troisième valeur cible et la première valeur cible sont identiques, à permettre ensuite au terminal d'application de réussir l'authentification. Les modes de réalisation de la présente invention permettent d'améliorer la sécurité d'un processus d'authentification.
PCT/CN2015/082896 2015-05-06 2015-06-30 Procédé d'authentification de terminal, terminal de gestion et terminal d'application WO2016176902A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510226966.1 2015-05-06
CN201510226966.1A CN105578457B (zh) 2015-05-06 2015-05-06 一种终端认证方法、管理终端及申请终端

Publications (1)

Publication Number Publication Date
WO2016176902A1 true WO2016176902A1 (fr) 2016-11-10

Family

ID=55888014

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/082896 WO2016176902A1 (fr) 2015-05-06 2015-06-30 Procédé d'authentification de terminal, terminal de gestion et terminal d'application

Country Status (2)

Country Link
CN (1) CN105578457B (fr)
WO (1) WO2016176902A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106332000B (zh) * 2016-08-15 2020-01-10 宇龙计算机通信科技(深圳)有限公司 一种终端位置信息获取方法及装置
CN110071911A (zh) * 2019-03-20 2019-07-30 北京龙鼎源科技股份有限公司 信息传输方法及装置、证书更新的方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101090316A (zh) * 2006-06-16 2007-12-19 普天信息技术研究院 离线状态下存储卡与终端设备之间的身份认证方法
CN101571979A (zh) * 2009-06-15 2009-11-04 北京握奇数据系统有限公司 一种智能卡和销售点设备、系统及使用方法
EP2663051A1 (fr) * 2012-05-07 2013-11-13 Industrial Technology Research Institute Sytème d'authentification pour communications de dispositif à dispositif et procédé correspondant
CN103905209A (zh) * 2014-04-30 2014-07-02 殷爱菡 基于NTRUSign无源光网络接入双向认证的方法

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101192927B (zh) * 2006-11-28 2012-07-11 中兴通讯股份有限公司 基于身份保密的授权与多重认证方法
CN101442411A (zh) * 2008-12-23 2009-05-27 中国科学院计算技术研究所 一种p2p网络中对等用户结点间的身份认证方法
CN101562519B (zh) * 2009-05-27 2011-11-30 广州杰赛科技股份有限公司 用户分组通信网络的数字证书管理方法和用于接入用户分组通信网络中的用户终端
CN102036235A (zh) * 2009-09-28 2011-04-27 西门子(中国)有限公司 一种用于身份认证的装置和方法
CN102480713B (zh) * 2010-11-25 2014-05-28 中国移动通信集团河南有限公司 一种汇聚节点与移动通信网络间的通信方法、系统及装置
CN102111411A (zh) * 2011-01-21 2011-06-29 南京信息工程大学 P2p网络中对等用户结点间的加密安全数据交换方法
CN102404347A (zh) * 2011-12-28 2012-04-04 南京邮电大学 一种基于公钥基础设施的移动互联网接入认证方法
CN103354637B (zh) * 2013-07-22 2016-03-02 全渝娟 一种物联网终端m2m通信加密方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101090316A (zh) * 2006-06-16 2007-12-19 普天信息技术研究院 离线状态下存储卡与终端设备之间的身份认证方法
CN101571979A (zh) * 2009-06-15 2009-11-04 北京握奇数据系统有限公司 一种智能卡和销售点设备、系统及使用方法
EP2663051A1 (fr) * 2012-05-07 2013-11-13 Industrial Technology Research Institute Sytème d'authentification pour communications de dispositif à dispositif et procédé correspondant
CN103905209A (zh) * 2014-04-30 2014-07-02 殷爱菡 基于NTRUSign无源光网络接入双向认证的方法

Also Published As

Publication number Publication date
CN105578457B (zh) 2019-04-12
CN105578457A (zh) 2016-05-11

Similar Documents

Publication Publication Date Title
US10812969B2 (en) System and method for configuring a wireless device for wireless network access
US10638321B2 (en) Wireless network connection method and apparatus, and storage medium
US10841784B2 (en) Authentication and key agreement in communication network
US10003966B2 (en) Key configuration method and apparatus
KR101350538B1 (ko) 직접 링크 통신의 향상된 보안
US8831224B2 (en) Method and apparatus for secure pairing of mobile devices with vehicles using telematics system
US10567165B2 (en) Secure key transmission protocol without certificates or pre-shared symmetrical keys
WO2017114123A1 (fr) Procédé de configuration de clé et centre de gestion de clé, et élément de réseau
US9344455B2 (en) Apparatus and method for sharing a hardware security module interface in a collaborative network
WO2019041802A1 (fr) Procédé et appareil de découverte basés sur une architecture orientée service
WO2019034014A1 (fr) Procédé et appareil pour authentification d'accès
KR20140066230A (ko) 공유된 일시적 키 데이터의 세트를 갖는 교환들을 인코딩하기 위한 시스템들 및 방법들
TW201345217A (zh) 具區域功能性身份管理
CN110087240B (zh) 基于wpa2-psk模式的无线网络安全数据传输方法及系统
CN112640385B (zh) 用于在si系统中使用的非si设备和si设备以及相应的方法
CN103795966B (zh) 一种基于数字证书的安全视频通话实现方法及系统
WO2021120924A1 (fr) Procédé et dispositif d'application de certificats
CN113556227A (zh) 网络连接管理方法、装置、计算机可读介质及电子设备
CN108353279A (zh) 一种认证方法和认证系统
WO2016176902A1 (fr) Procédé d'authentification de terminal, terminal de gestion et terminal d'application
CN113543131A (zh) 网络连接管理方法、装置、计算机可读介质及电子设备
TWI641271B (zh) 一種存取認證方法、ue和存取設備
WO2016003310A1 (fr) Amorçage d'un dispositif à un réseau sans fil
KR20130062965A (ko) 무선 네트워크 접속 인증 방법 및 그 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15891154

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 11/04/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 15891154

Country of ref document: EP

Kind code of ref document: A1